uriyakongsangtong
commented
2 days ago Our usual upgrade routine failed, to reproduce:
$ rm -rf /tmp/composer-2.7.7/ $ mkdir /tmp/composer-2.7.7 $ for url in https://getcomposer.org/download/2.7.7/composer.phar{,.sha256sum,.asc}; do curl -sSLo /tmp/composer-2.7.7/"$(basename "$url")" "$url"; done $ sha256sum /tmp/composer-2.7.7/* 06e4c4bc6d32b8975174f4f4a0a93476d8907da92a1484c5a8ef138897a760e1 /tmp/composer-2.7.7/composer.phar 955e9dd06d8cbb28fa9b5ae9154a05ee90e664226024cbb5d4ec6511c6837c00 /tmp/composer-2.7.7/composer.phar.asc 9541cc89bc58bd20998f7da7afddc5f0d9f8e8b852f241574037dd4b38845300 /tmp/composer-2.7.7/composer.phar.sha256sum $ pushd /tmp/composer-2.7.7/ ; sha256sum -c /tmp/composer-2.7.7/composer.phar.sha256sum; popd /tmp/composer-2.7.7 ~ composer.phar: OK ~ $ gpg --verify /tmp/composer-2.7.7/composer.phar.asc gpg: assuming signed data in '/tmp/composer-2.7.7/composer.phar' gpg: Signature made Mon 10 Jun 2024 10:15:35 PM CEST gpg: using RSA key 161DFBE342889F01DDAC4E61CBB3D576F2A0946F gpg: issuer "contact@packagist.com" gpg: BAD signature from "Packagist Conductors <contact@packagist.com>" [unknown]Originally posted by @Mortiemi in https://github.com/composer/composer/issues/12009#issuecomment-2263732272
Originally posted by @Mortiemi in https://github.com/composer/composer/issues/12009#issuecomment-2263732272