1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
---
title: Packagist with your own Git Server
published: 2018-05-29
modified: 2016-06-02
---
The [Packagist](https://packagist.org/) service is used to make it possible to
install PHP dependencies using the [Composer](https://getcomposer.org/) tool.
It is very much "optimized" for GitHub, but using your own Git server is also
supported, although it has some rough edges:
1. Packagist is not able to connect to web servers using the
[Modern compatibility](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility)
TLS configuration (issue [#918](https://github.com/composer/packagist/issues/918));
2. Packagist's `update-package` hook requires the repository URL to have at
least two path segments (issue [#917](https://github.com/composer/packagist/issues/917));
3. Packgist's Git hook documentation could be more clear.
It is not so difficult to work around these issues though. Hopefully these
workarounds will not be required anymore in the future.
### TLS
You can use the
[Intermediate compatibility](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29)
TLS configuration for your "git" virtual host.
### Path Segments
If you set up your Git server according to my previous blog post
[here](git_server_centos.html), you will have the problem that the
`update-package` Git hook to won't work with Packagist. The repository URL must
contain at least two path segments. So, for example the repository URL
`https://HOST/php-yubitwee` won't work, but
`https://HOST/fkooman/php-yubitwee` will.
In order to work around this, you can modify the `repo.url` and `repo.path`
fields in `/etc/cgitrc`, e.g.:
repo.url=fkooman/php-yubitwee
repo.path=/var/lib/git/fkooman/php-yubitwee.git
Then move the repository directory to `/var/lib/git/fkooman/php-yubitwee.git`
from `/var/lib/git/php-yubitwee.git` as well. That should be sufficient.
Don't forget to clear the cache as documented in the previous blog post.
### Git Hook
The Packagist Git hook configuration is more or less documented
[here](https://packagist.org/about#how-to-update-packages).
What I actually ended up doing is put the following script as `post-receive` in
my Git repository `hooks` directory, e.g.
`/var/lib/git/fkooman/php-yubitwee.git/hooks/post-receive`:
#!/bin/sh
API_TOKEN=12345abcde
/usr/bin/curl \
-s \
-X POST \
-H "Content-Type: application/json" \
"https://packagist.org/api/update-package?username=fkooman&apiToken=${API_TOKEN}" \
-d '{"repository":{"url":"https://HOST/fkooman/php-yubitwee"}}'
Note that the `PACKAGIST_PACKAGE_URL` as mentioned on the Packagist
documentation page is actually *your* Git repository URL.
Make sure the file is executable:
$ chmod 0755 /var/lib/git/fkooman/php-yubitwee.git/hooks/post-receive
You can actually run it directly to test it, otherwise it will be triggered
when you push to your Git server.
**Update (2018-06-02)**: there are a couple of more things to keep in mind. One
is that you need add a `source` key under `support` in `composer.json`,
otherwise the "Source" link on Packagist will keep pointing to GitHub:
"support": {
"email": "fkooman@tuxed.net",
"source": "https://git.tuxed.net/fkooman/php-yubitwee"
},
There is another problem with checking for updated tags. It seems Packagist
won't find the new tags when committing a new tag to the repository. This
could be due to cgit caching... At the moment I have no idea how to properly
investigate this...
In addition, you MUST push a new (tagged) release before Composer will retrieve
the code from your new repository location in case you moved your repository.
The older version(s) will keep being pulled in from the old location, even if
they are no longer available there, thus breaking Composer if it depend on your
code. Not great.
All in all, it may not be the worst idea to not use Packagist at all for your
packages, and instead just specify the repository directly in the
`composer.json` of the projects that depend on your code, for example:
"repositories": [
{
"type": "vcs",
"url": "https://git.tuxed.net/fkooman/php-yubitwee"
}
],
...
"require": {
"fkooman/yubitwee": "^1"
},
...
That would solve all Packagist problems, and in the process reduce another
(direct) proprietary dependency from the list!
|
