From cf9e77ef8e6c7b903c7dd5b37d3753c65b3c6a13 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Tue, 13 Feb 2024 15:33:27 +0100
Subject: phpPackages.composer: 2.6.6 -> 2.7.1

Diff: https://github.com/composer/composer/compare/2.6.6..2.7.1
Changelog: https://github.com/composer/composer/releases/tag/2.7.1
Fix CVE: CVE-2024-24821
---
 .../php/hooks/composer-install-hook.sh             | 26 +---------------------
 .../php/hooks/composer-repository-hook.sh          |  2 +-
 2 files changed, 2 insertions(+), 26 deletions(-)

(limited to 'pkgs/build-support')

diff --git a/pkgs/build-support/php/hooks/composer-install-hook.sh b/pkgs/build-support/php/hooks/composer-install-hook.sh
index a84a9e3aa862..f5c93a6e3d34 100644
--- a/pkgs/build-support/php/hooks/composer-install-hook.sh
+++ b/pkgs/build-support/php/hooks/composer-install-hook.sh
@@ -83,28 +83,7 @@ composerInstallBuildHook() {
 
     # Since this file cannot be generated in the composer-repository-hook.sh
     # because the file contains hardcoded nix store paths, we generate it here.
-    composer-local-repo-plugin --no-ansi build-local-repo -m "${composerRepository}" .
-
-    # Remove all the repositories of type "composer" and "vcs"
-    # from the composer.json file.
-    jq -r -c 'del(try .repositories[] | select(.type == "composer" or .type == "vcs"))' composer.json | sponge composer.json
-
-    # Configure composer to disable packagist and avoid using the network.
-    composer config repo.packagist false
-    # Configure composer to use the local repository.
-    composer config repo.composer composer file://"$PWD"/packages.json
-
-    # Since the composer.json file has been modified in the previous step, the
-    # composer.lock file needs to be updated.
-    composer \
-      --lock \
-      --no-ansi \
-      --no-install \
-      --no-interaction \
-      ${composerNoDev:+--no-dev} \
-      ${composerNoPlugins:+--no-plugins} \
-      ${composerNoScripts:+--no-scripts} \
-      update
+    composer-local-repo-plugin --no-ansi build-local-repo-lock -m "${composerRepository}" .
 
     echo "Finished composerInstallBuildHook"
 }
@@ -151,9 +130,6 @@ composerInstallInstallHook() {
       ${composerNoScripts:+--no-scripts} \
       install
 
-    # Remove packages.json, we don't need it in the store.
-    rm packages.json
-
     # Copy the relevant files only in the store.
     mkdir -p "$out"/share/php/"${pname}"
     cp -r . "$out"/share/php/"${pname}"/
diff --git a/pkgs/build-support/php/hooks/composer-repository-hook.sh b/pkgs/build-support/php/hooks/composer-repository-hook.sh
index bb3017bd98c9..ffec58e55293 100644
--- a/pkgs/build-support/php/hooks/composer-repository-hook.sh
+++ b/pkgs/build-support/php/hooks/composer-repository-hook.sh
@@ -63,7 +63,7 @@ composerRepositoryBuildHook() {
     # Build the local composer repository
     # The command 'build-local-repo' is provided by the Composer plugin
     # nix-community/composer-local-repo-plugin.
-    composer-local-repo-plugin --no-ansi build-local-repo ${composerNoDev:+--no-dev} -r repository
+    composer-local-repo-plugin --no-ansi build-local-repo-lock ${composerNoDev:+--no-dev} -r repository
 
     echo "Finished composerRepositoryBuildHook"
 }
-- 
cgit 1.4.1