Disable verification

MISP · Jul 17, 2024 · 6716919 · 6716919
1 parent d376f43
commit 6716919
Showing 1 changed file with 19 additions and 9 deletions.
diff --git a/core/Dockerfile b/core/Dockerfile
@@ -30,6 +30,7 @@ FROM php-base as composer-build
     ENV COMPOSER_IPRESOLVE 4
     ARG CORE_TAG
     ARG CORE_COMMIT
+    ARG TARGETPLATFORM
 
     RUN apt-get update; apt-get install -y --no-install-recommends \
         ca-certificates \
@@ -50,17 +51,26 @@ FROM php-base as composer-build
 
     WORKDIR /tmp
     ADD https://raw.githubusercontent.com/MISP/MISP/${CORE_COMMIT:-${CORE_TAG}}/app/composer.json /tmp
-    COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+    COPY --from=composer:2.7.7 /usr/bin/composer /usr/bin/composer
 
-    RUN cp /usr/bin/composer /composer.phar
-    RUN mkdir /out/
-    RUN php -r '$phar = new Phar("/composer.phar"); $phar->extractTo("/out/");'
+    # See: https://github.com/curl/curl/issues/14154
+    RUN <<-EOF
+        if [ "$TARGETPLATFORM" = "linux/arm64" ]; then
+            cp /usr/bin/composer /composer.phar
+            mkdir /out/
+            php -r '$phar = new Phar("/composer.phar"); $phar->extractTo("/out/");'
+            sed -i "/'verify_peer_name'.*/a 'verify_peer_status' => CURLOPT_SSL_VERIFYSTATUS," /out/src/Composer/Util/Http/CurlDownloader.php
+            sed -i "/\$options = StreamContextFactory.*/a \$options['ssl']['verify_peer'] = false;" /out/src/Composer/Util/Http/CurlDownloader.php
+            sed -i "/\$options = StreamContextFactory.*/a \$options['ssl']['verify_peer_name'] = false;" /out/src/Composer/Util/Http/CurlDownloader.php
+            sed -i "/\$options = StreamContextFactory.*/a \$options['ssl']['verify_peer_status'] = false;" /out/src/Composer/Util/Http/CurlDownloader.php
+            rm /usr/bin/composer
+            ln -s /out/bin/composer /usr/bin/composer
+        fi
+EOF
 
-    COPY files/CurlDownloader.php /out/src/Composer/Util/Http/CurlDownloader.php
-    RUN php /out/bin/composer config --no-interaction allow-plugins.composer/installers true
-    RUN php /out/bin/composer config --no-interaction secure-http false
-    RUN php /out/bin/composer install
-    RUN php /out/bin/composer require --with-all-dependencies --no-interaction \
+    RUN php /usr/bin/composer config --no-interaction allow-plugins.composer/installers true
+    RUN php /usr/bin/composer install
+    RUN php /usr/bin/composer require --with-all-dependencies --no-interaction \
         supervisorphp/supervisor:^4.0 \
         guzzlehttp/guzzle \
         lstrojny/fxmlrpc \