composer: json do not match its signature issue
With the following composer.json: (none)
{
...
}
When I run this command:
composer command -vvv (please include -vvv!)
I get this output:
[Composer\Repository\RepositorySecurityException]
The contents of http://packagist.org/p/provider-2014%24778fe81238370a6a10514fa2191d8c49e3b0df47ad7c25361bda5e7c0f48797c.json do not match its signature. This should indicate a man-in-the-middle attack. Try running composer again and report this if you think it is a mistake.
And I expected this to happen: install cakephp package.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 64 (7 by maintainers)
Commits related to this issue
- Reword exception text to evoke somewhat less panic Refs https://github.com/composer/composer/issues/5196#issuecomment-346754244 Signature mismatch could indicate MitM, or just a CDN issue which is... — committed to curry684/composer by curry684 7 years ago
- Reword exception text to evoke somewhat less panic Refs https://github.com/composer/composer/issues/5196#issuecomment-346754244 Signature mismatch could indicate MitM, or just a CDN issue which is... — committed to composer/composer by curry684 7 years ago
add this to your composer
@furious-snail Looks like packagist.org is down right now.
I think this is related to the recent service interruption of packagist.
More infos on : https://twitter.com/packagist
composer updateis working again!Same problem here. Adding
"repositories": { "packagist": { "url": "https://packagist.org", "type": "composer" } }does not help.For Mac User: sudo killall -HUP mDNSResponder nslookup packagist.org Name: packagist.org Address: 144.217.203.53 Worked for me
not working.
@snightingale @kiaplayer Switching to Google DNS solves it. And using the following to clear any leftover dns:
“repositories”: { “packagist”: { “url”: “https://packagist.org”, “type”: “composer” } } This code above fix the signature issue.
[Composer\Repository\RepositorySecurityException] The contents of http://packagist.org/p/provider-2014%24778fe81238370a6a10514fa2191d8c49e3b0df47ad7c25361bda5e7c0f48797c.json do not match its sign ature. This should indicate a man-in-the-middle attack. Try running composer again and report this if you think it is a mistake.
For everyone who is using Windows, just flush your DNS with
ipconfig /flushdnsin your CMD.This worked for me
The ‘should’ wording was also rather unfortunate, hence why I had it changed. It now correctly says “This could indicate a man-in-the-middle attack” as it’s simply impossible to determine the true cause from the program’s end other than that something is wrong with upstream communication.
Thats because 2 machines n their trying to hide plenty machines behind one mostly the victims on one and the crimunals on one as theres plenty violations on the other one…
@Reserford1991 Worked for me:
systemctl restart systemd-resolved.service@Keirul I’m affraid that will be it. Thank you!
I get a similar error when running composer require symfony/security-checker:
[Composer\Repository\RepositorySecurityException] The contents of https://packagist.org/p/providerlatest%240cbfb40ab72a881d21b70f78286d39cd72e3b0eb8704c13e79dc49624e549973.json do not match its signature. This could indicate a man-in-the-middle attack. Try running composer again and report this if you think it is a mistake.Adding"repositories": { "packagist": { "url": "https://packagist.org", "type": "composer" } }doesn’t help. Any suggestions are welcome. Thank you.That should actually say “could” hehe.
Are you behind a proxy or using any kind of firewall software?
If the error consistently occurs, one of the above is probably mangling your connections.
When I try to install by the command “php composer.phar create-project --prefer-dist laravel/laravel public” i get the attached error message.
I wonder if the problem is with the CRT on my computer or on the servers?
Please edit the template a bit more to supply an actual problem case.