-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
json do not match its signature issue #5196
Comments
Please edit the template a bit more to supply an actual problem case. |
When I try to install by the command "php composer.phar create-project --prefer-dist laravel/laravel public" i get the attached error message. I wonder if the problem is with the CRT on my computer or on the servers? |
Are you behind a proxy or using any kind of firewall software? If the error consistently occurs, one of the above is probably mangling your connections. |
Hey, no use of proxy, i changed machine and i still get the same error. [Composer\Repository\RepositorySecurityException] |
Different machine, but same network? |
Yes, its virtual machines on my computer (Debian). |
Sorry, not really sure what could be wrong here. But it is definitely a networking issue, nothing we can solve for you. |
add this to your composer
|
"repositories": { [Composer\Repository\RepositorySecurityException] |
I have had this problem in the morning yesterday and today, and on various days in the past. In my timezone that is early AM hours UTC. Then the problem goes away in the afternoon evening. So I am suspicious that there are daily updates to the package list, and the signature file also gets updated, but somewhere "in the big bad internet" they are cached differently. And so for some hours I receive a new file+old signature or old file+new signature. It is rather annoying!
I will try regularly now to see if there is a real time pattern to this. |
That should actually say "could" hehe. |
Refs composer#5196 (comment) Signature mismatch could indicate MitM, or just a CDN issue which is rather more likely.
Refs #5196 (comment) Signature mismatch could indicate MitM, or just a CDN issue which is rather more likely.
I get a similar error when running composer require symfony/security-checker: |
@Furious-Snail Looks like packagist.org is down right now. |
It seems to be working again! |
I tried a couple of times. When accessing the https://packagist.org it is working. |
Same problem here. Adding |
Same problem here, adding packagist url explicitly didn't work |
I can access the website https://packagist.org, but I still get the following when I
|
Same here |
Similarly.. |
Yeah, seems like packagist is down, or at least the service does not work as expected. |
Same here :/ |
Just wait |
I think this is related to the recent service interruption of packagist. |
same here |
Thanks for the update @Okipa, FYI DNS related issue at Packagist. |
Solved here as well, I'm on Linux so I switched to Google DNS -> https://developers.google.com/speed/public-dns/ |
For macOs users, flush your DNS : |
Odd, flushing the DNS still hasnt worked. Still getting
Im on Linux and used Maybe adding a Google dns.. |
Same here. Google DNS didn't help (Ubuntu 16.04 in VirtualBox for Windows 10). |
@snightingale @kiaplayer
|
I'm on Mac Flushing DNS doesn't work Changing DNS to google DNS Worked |
already using google dns, so there's no resolution there. |
Google DNS also solved for me (CentOS) |
Does anyone know a solution for a shared hosting? Where I can't run scripts, change settings.. |
not working. |
@notflip You could locally do a composer install and manually move the packages yourself. I don't see another solution for you. |
@Keirul I'm affraid that will be it. Thank you! |
Flushing DNS works for me. |
@denisov1985 Not really. It would be the same thing as planning to use an alternative for when Google is down. What you could do is create a private repository and host the packages you personally use for that project. So if you use those dependencies elsewhere you can retrieve them yourself. But update-wise you can't change a thing. |
Hello everyone. Does somebody know how to flush DNS on Ubuntu desktop 16.04? |
@Reserford1991 Worked for me: |
@Reserford1991 Indeed, @akadko was faster then me, I have already posted that before :) |
For everyone who is using Windows, just flush your DNS with This worked for me |
Update on situation |
|
Our team was monitoring this issue for the past hour, and now it works again. Looks like something was misbehaving on the composer/packagist side. |
@WallTearer these |
Running |
Thats because 2 machines n their trying to hide plenty machines behind one mostly the victims on one and the crimunals on one as theres plenty violations on the other one... |
@adette You commented on an old issue which was resolved since packagist.org had dns issues. This line of text implies it, I agree. But that wasn't the issue. |
The 'should' wording was also rather unfortunate, hence why I had it changed. It now correctly says "This could indicate a man-in-the-middle attack" as it's simply impossible to determine the true cause from the program's end other than that something is wrong with upstream communication. |
With the following composer.json:
(none)
{ ... }
When I run this command:
I get this output:
And I expected this to happen:
install cakephp package.
The text was updated successfully, but these errors were encountered: