php/archived-pie
1
0
Fork 0
mirror of https://github.com/php/pie.git synced 2026-03-23 23:12:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #441 from asgrim/fix-self-verify

Browse Source 
Fix self-verify to use latest attestation library
This commit is contained in:
James Titcumb
2025-11-27 16:24:28 +00:00
committed by GitHub
parent 3a2824243f ae60748b6a
commit 2ebd9dcb45
3 changed files with 131 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
composer.json
View File

@@ -28,7 +28,7 @@
],
"require": {
"php": "8.1.*||8.2.*||8.3.*||8.4.*||8.5.*",
"composer/composer": "^2.9.1",
"composer/composer": "^2.9.2",
"composer/pcre": "^3.3.2",
"composer/semver": "^3.4.4",
"fidry/cpu-core-counter": "^1.3.0",
@@ -37,12 +37,12 @@
"symfony/console": "^6.4.27",
"symfony/event-dispatcher": "^6.4.25",
"symfony/process": "^6.4.26",
"thephpf/attestation": "^0.0.4",
"thephpf/attestation": "^0.0.5",
"webmozart/assert": "^1.12.1"
},
"require-dev": {
"ext-openssl": "*",
"behat/behat": "^3.26.0",
"behat/behat": "^3.27.0",
"bnf/phpstan-psr-container": "^1.1",
"doctrine/coding-standard": "^14.0.0",
"phpstan/phpstan": "^2.1.32",

173
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "e727345321bd068d9b5b6250d70defb5",
"content-hash": "ab3e2edb8ee4fdb637409ca1149f7d0a",
"packages": [
{
"name": "composer/ca-bundle",
@@ -80,22 +80,22 @@
},
{
"name": "composer/class-map-generator",
"version": "1.6.2",
"version": "1.7.0",
"source": {
"type": "git",
"url": "https://github.com/composer/class-map-generator.git",
"reference": "ba9f089655d4cdd64e762a6044f411ccdaec0076"
"reference": "2373419b7709815ed323ebf18c3c72d03ff4a8a6"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/class-map-generator/zipball/ba9f089655d4cdd64e762a6044f411ccdaec0076",
"reference": "ba9f089655d4cdd64e762a6044f411ccdaec0076",
"url": "https://api.github.com/repos/composer/class-map-generator/zipball/2373419b7709815ed323ebf18c3c72d03ff4a8a6",
"reference": "2373419b7709815ed323ebf18c3c72d03ff4a8a6",
"shasum": ""
},
"require": {
"composer/pcre": "^2.1 || ^3.1",
"php": "^7.2 || ^8.0",
"symfony/finder": "^4.4 || ^5.3 || ^6 || ^7"
"symfony/finder": "^4.4 || ^5.3 || ^6 || ^7 || ^8"
},
"require-dev": {
"phpstan/phpstan": "^1.12 || ^2",
@@ -103,7 +103,7 @@
"phpstan/phpstan-phpunit": "^1 || ^2",
"phpstan/phpstan-strict-rules": "^1.1 || ^2",
"phpunit/phpunit": "^8",
"symfony/filesystem": "^5.4 || ^6"
"symfony/filesystem": "^5.4 || ^6 || ^7 || ^8"
},
"type": "library",
"extra": {
@@ -133,7 +133,7 @@
],
"support": {
"issues": "https://github.com/composer/class-map-generator/issues",
"source": "https://github.com/composer/class-map-generator/tree/1.6.2"
"source": "https://github.com/composer/class-map-generator/tree/1.7.0"
},
"funding": [
{
@@ -145,20 +145,20 @@
"type": "github"
}
],
"time": "2025-08-20T18:52:43+00:00"
"time": "2025-11-19T10:41:15+00:00"
},
{
"name": "composer/composer",
"version": "2.9.1",
"version": "2.9.2",
"source": {
"type": "git",
"url": "https://github.com/composer/composer.git",
"reference": "35cb6d47d03b0cae52dc12d686f941365b20f08b"
"reference": "8d5358f147c63a3a681b002076deff8c90e0b19d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/composer/zipball/35cb6d47d03b0cae52dc12d686f941365b20f08b",
"reference": "35cb6d47d03b0cae52dc12d686f941365b20f08b",
"url": "https://api.github.com/repos/composer/composer/zipball/8d5358f147c63a3a681b002076deff8c90e0b19d",
"reference": "8d5358f147c63a3a681b002076deff8c90e0b19d",
"shasum": ""
},
"require": {
@@ -183,6 +183,7 @@
"symfony/polyfill-php73": "^1.24",
"symfony/polyfill-php80": "^1.24",
"symfony/polyfill-php81": "^1.24",
"symfony/polyfill-php84": "^1.30",
"symfony/process": "^5.4.47 || ^6.4.25 || ^7.1.10 || ^8.0"
},
"require-dev": {
@@ -245,7 +246,7 @@
"irc": "ircs://irc.libera.chat:6697/composer",
"issues": "https://github.com/composer/composer/issues",
"security": "https://github.com/composer/composer/security/policy",
"source": "https://github.com/composer/composer/tree/2.9.1"
"source": "https://github.com/composer/composer/tree/2.9.2"
},
"funding": [
{
@@ -257,7 +258,7 @@
"type": "github"
}
],
"time": "2025-11-13T15:10:38+00:00"
"time": "2025-11-19T20:57:25+00:00"
},
{
"name": "composer/metadata-minifier",
@@ -2186,6 +2187,86 @@
],
"time": "2024-12-23T08:48:59+00:00"
},
{
"name": "symfony/polyfill-php84",
"version": "v1.33.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-php84.git",
"reference": "d8ced4d875142b6a7426000426b8abc631d6b191"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/d8ced4d875142b6a7426000426b8abc631d6b191",
"reference": "d8ced4d875142b6a7426000426b8abc631d6b191",
"shasum": ""
},
"require": {
"php": ">=7.2"
},
"type": "library",
"extra": {
"thanks": {
"url": "https://github.com/symfony/polyfill",
"name": "symfony/polyfill"
}
},
"autoload": {
"files": [
"bootstrap.php"
],
"psr-4": {
"Symfony\\Polyfill\\Php84\\": ""
},
"classmap": [
"Resources/stubs"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill backporting some PHP 8.4+ features to lower PHP versions",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"polyfill",
"portable",
"shim"
],
"support": {
"source": "https://github.com/symfony/polyfill-php84/tree/v1.33.0"
},
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2025-06-24T13:30:11+00:00"
},
{
"name": "symfony/process",
"version": "v6.4.26",
@@ -2429,16 +2510,16 @@
},
{
"name": "thephpf/attestation",
"version": "0.0.4",
"version": "0.0.5",
"source": {
"type": "git",
"url": "https://github.com/ThePHPF/attestation.git",
"reference": "30b9ce5b8d458d832c04d98ebf7f3b8a986ef000"
"reference": "fa81efb3f6f8147287ebaebd81ff6688e0f2ec9d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ThePHPF/attestation/zipball/30b9ce5b8d458d832c04d98ebf7f3b8a986ef000",
"reference": "30b9ce5b8d458d832c04d98ebf7f3b8a986ef000",
"url": "https://api.github.com/repos/ThePHPF/attestation/zipball/fa81efb3f6f8147287ebaebd81ff6688e0f2ec9d",
"reference": "fa81efb3f6f8147287ebaebd81ff6688e0f2ec9d",
"shasum": ""
},
"require": {
@@ -2475,7 +2556,7 @@
"description": "A PHP library to aid in verifying artifact attestations",
"support": {
"issues": "https://github.com/ThePHPF/attestation/issues",
"source": "https://github.com/ThePHPF/attestation/tree/0.0.4"
"source": "https://github.com/ThePHPF/attestation/tree/0.0.5"
},
"funding": [
{
@@ -2487,7 +2568,7 @@
"type": "open_collective"
}
],
"time": "2025-11-18T14:20:12+00:00"
"time": "2025-11-27T15:31:24+00:00"
},
{
"name": "webmozart/assert",
@@ -2551,16 +2632,16 @@
"packages-dev": [
{
"name": "behat/behat",
"version": "v3.26.0",
"version": "v3.27.0",
"source": {
"type": "git",
"url": "https://github.com/Behat/Behat.git",
"reference": "1b6b08efa995fe4135901b862d112adc7e95ecbb"
"reference": "3282ad774358e4eaf533855e9a1f48559894d1b5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Behat/Behat/zipball/1b6b08efa995fe4135901b862d112adc7e95ecbb",
"reference": "1b6b08efa995fe4135901b862d112adc7e95ecbb",
"url": "https://api.github.com/repos/Behat/Behat/zipball/3282ad774358e4eaf533855e9a1f48559894d1b5",
"reference": "3282ad774358e4eaf533855e9a1f48559894d1b5",
"shasum": ""
},
"require": {
@@ -2569,7 +2650,7 @@
"composer/xdebug-handler": "^1.4 || ^2.0 || ^3.0",
"ext-mbstring": "*",
"nikic/php-parser": "^4.19.2 || ^5.2",
"php": ">=8.1 <8.5",
"php": ">=8.1 <8.6",
"psr/container": "^1.0 || ^2.0",
"symfony/config": "^5.4 || ^6.4 || ^7.0",
"symfony/console": "^5.4 || ^6.4 || ^7.0",
@@ -2640,9 +2721,9 @@
],
"support": {
"issues": "https://github.com/Behat/Behat/issues",
"source": "https://github.com/Behat/Behat/tree/v3.26.0"
"source": "https://github.com/Behat/Behat/tree/v3.27.0"
},
"time": "2025-10-29T09:46:14+00:00"
"time": "2025-11-23T12:12:41+00:00"
},
{
"name": "behat/gherkin",
@@ -4694,32 +4775,32 @@
},
{
"name": "slevomat/coding-standard",
"version": "8.24.0",
"version": "8.25.1",
"source": {
"type": "git",
"url": "https://github.com/slevomat/coding-standard.git",
"reference": "08e7989c0351f3f38b82172838195c35d9819efa"
"reference": "4caa5ec5a30b84b2305e80159c710d437f40cc40"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/slevomat/coding-standard/zipball/08e7989c0351f3f38b82172838195c35d9819efa",
"reference": "08e7989c0351f3f38b82172838195c35d9819efa",
"url": "https://api.github.com/repos/slevomat/coding-standard/zipball/4caa5ec5a30b84b2305e80159c710d437f40cc40",
"reference": "4caa5ec5a30b84b2305e80159c710d437f40cc40",
"shasum": ""
},
"require": {
"dealerdirect/phpcodesniffer-composer-installer": "^0.6.2 || ^0.7 || ^1.1.2",
"dealerdirect/phpcodesniffer-composer-installer": "^0.6.2 || ^0.7 || ^1.2.0",
"php": "^7.4 || ^8.0",
"phpstan/phpdoc-parser": "^2.3.0",
"squizlabs/php_codesniffer": "^4.0.0"
"squizlabs/php_codesniffer": "^4.0.1"
},
"require-dev": {
"phing/phing": "3.0.1|3.1.0",
"php-parallel-lint/php-parallel-lint": "1.4.0",
"phpstan/phpstan": "2.1.29",
"phpstan/phpstan": "2.1.32",
"phpstan/phpstan-deprecation-rules": "2.0.3",
"phpstan/phpstan-phpunit": "2.0.7",
"phpstan/phpstan-strict-rules": "2.0.6",
"phpunit/phpunit": "9.6.8|10.5.48|11.4.4|11.5.36|12.3.14"
"phpstan/phpstan-phpunit": "2.0.8",
"phpstan/phpstan-strict-rules": "2.0.7",
"phpunit/phpunit": "9.6.8|10.5.48|11.4.4|11.5.36|12.4.4"
},
"type": "phpcodesniffer-standard",
"extra": {
@@ -4743,7 +4824,7 @@
],
"support": {
"issues": "https://github.com/slevomat/coding-standard/issues",
"source": "https://github.com/slevomat/coding-standard/tree/8.24.0"
"source": "https://github.com/slevomat/coding-standard/tree/8.25.1"
},
"funding": [
{
@@ -4755,7 +4836,7 @@
"type": "tidelift"
}
],
"time": "2025-09-25T21:37:40+00:00"
"time": "2025-11-25T18:01:43+00:00"
},
{
"name": "squizlabs/php_codesniffer",
@@ -5340,16 +5421,16 @@
},
{
"name": "theseer/tokenizer",
"version": "1.2.3",
"version": "1.3.1",
"source": {
"type": "git",
"url": "https://github.com/theseer/tokenizer.git",
"reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2"
"reference": "b7489ce515e168639d17feec34b8847c326b0b3c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
"reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
"url": "https://api.github.com/repos/theseer/tokenizer/zipball/b7489ce515e168639d17feec34b8847c326b0b3c",
"reference": "b7489ce515e168639d17feec34b8847c326b0b3c",
"shasum": ""
},
"require": {
@@ -5378,7 +5459,7 @@
"description": "A small library for converting tokenized PHP source code into XML and potentially other formats",
"support": {
"issues": "https://github.com/theseer/tokenizer/issues",
"source": "https://github.com/theseer/tokenizer/tree/1.2.3"
"source": "https://github.com/theseer/tokenizer/tree/1.3.1"
},
"funding": [
{
@@ -5386,7 +5467,7 @@
"type": "github"
}
],
"time": "2024-03-03T12:36:25+00:00"
"time": "2025-11-17T20:03:58+00:00"
}
],
"aliases": [],

2
test/unit/SelfManage/Verify/FallbackVerificationUsingOpenSslTest.php
View File

@@ -135,7 +135,7 @@ EOF);
private function mockAttestationResponse(string $digestInUrl, string $dsseEnvelopePayload, string $signature, string $pemCertificate): void
{
$url = self::TEST_GITHUB_URL . '/orgs/php/attestations/sha256:' . $digestInUrl;
$url = self::TEST_GITHUB_URL . '/orgs/php/attestations/sha256:' . $digestInUrl . '?predicate_type=provenance';
$this->httpDownloader->expects(self::once())
->method('get')
->with(