Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Box does not work with Composer 2.2 (allowed-plugins) #580

Open
maks-rafalko opened this issue Dec 22, 2021 · 10 comments · May be fixed by #879
Open

Box does not work with Composer 2.2 (allowed-plugins) #580

maks-rafalko opened this issue Dec 22, 2021 · 10 comments · May be fixed by #879
Labels
bug
Milestone
Box5

Comments

@maks-rafalko
Copy link
Contributor

Bug report

Question Answer
Box version 3.14.0
PHP version 8.0
Github Repo infection/infection#1623

Box fails compiling a prefixed PHAR with the brand new Composer 2.2 is used:

? Dumping the Composer autoloader

In ComposerOrchestrator.php line 92:
                                  
  Could not dump the autoloader.  
                                  

In ComposerOrchestrator.php line 92:
                                                                               
  The command "'/usr/local/bin/composer' 'dump-autoload' '--classmap-authorit  
  ative' '--no-dev'" failed.                                                   
                                                                               
  Exit Code: 1(General error)                                                  
                                                                               
  Working directory: /tmp/box/Box46412                                         
                                                                               
  Output:                                                                      
  ================                                                             
Error: require(/tmp/box/Box46412/vendor/phpstan/phpstan/bootstrap.php):   
  Failed to open stream: No such file or directory                             
                                                                               
                                                                               
  Error Output:                                                                
  ================                                                             
  For additional security you should declare the allow-plugins config with a   
  list of packages names that are allowed to run code. See https://getcompose  
  r.org/allow-plugins                                                          
  You have until July 2022 to add the setting. Composer will then switch the   
  default behavior to disallow all plugins.                                    
                                                                               
                                                                               
                                                                               
    [ErrorException]                                                           
                                                                               
    require(/tmp/box/Box46412/vendor/phpstan/phpstan/bootstrap.php): Failed t  
  o open stream: No such file or directory                                     
                                                                               
                                                                               
                                                                               
  dump-autoload [-o|--optimize] [-a|--classmap-authoritative] [--apcu] [--apc  
  u-prefix APCU-PREFIX] [--dev] [--no-dev] [--ignore-platform-req IGNORE-PLAT  
  FORM-REQ] [--ignore-platform-reqs]                                           
                                                                               

compile [-c|--config CONFIG] [--debug] [--no-parallel] [--no-restart] [--dev] [--no-config] [--with-docker] [-d|--working-dir WORKING-DIR]

make: *** [Makefile:253: build/infection.phar] Error 1

Note: Infection had issues with Composer 2.2 too, fixed by adding allowed-plugins configuration: infection/infection#1624
@maks-rafalko maks-rafalko mentioned this issue Dec 22, 2021
Merged
@ondrejmirtes
Copy link

I've reproduced this problem in a minimal repo: https://github.com/ondrejmirtes/composer-issue/actions/runs/1765720462

I can offer some funds towards fixing this problem, so don't hesitate to reach out. Thanks.

@theofidry
Copy link
Member

Should be fixed with 3.15!

@maks-rafalko
Copy link
Contributor Author

@theofidry

I still reproduce it in Infection repository with 3.16.0 both with make compile (PHP 8.1, Composer 2.2) and with make compile-docker (PHP 7.4)

In ComposerOrchestrator.php line 175:
                                                                                                                                                                                                    
  The command "'/usr/local/bin/composer' 'dump-autoload' '--classmap-authoritative' '--no-dev' '--ansi'" failed.                                                                                    
                                                                                                                                                                                                    
  Exit Code: 1(General error)                                                                                                                                                                       
                                                                                                                                                                                                    
  Working directory: /tmp/box/Box39427                                                                                                                                                              
                                                                                                                                                                                                    
  Output:                                                                                                                                                                                           
  ================                                                                                                                                                                                  
                                                                                                                                                                                                    
                                                                                                                                                                                                    
  Error Output:                                                                                                                                                                                     
  ================                                                                                                                                                                                  
                                                                                                                                                                                                    
                                                                                                                                                                                      
    [ErrorException]                                                                                                                                                                  
    require(/tmp/box/Box39427/vendor/phpstan/phpstan/bootstrap.php): Failed to open stream: No such file or directory                                                                 
                                                                                                                                                                                      
                                                                                                                                                                                                    
  dump-autoload [-o|--optimize] [-a|--classmap-authoritative] [--apcu] [--apcu-prefix APCU-PREFIX] [--dev] [--no-dev] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs]

@ondrejmirtes
Copy link

I agree. This isn't related to allow-plugins. It still doesn't work with latest Box and Composer.

@theofidry theofidry reopened this Apr 20, 2022
@theofidry theofidry added the bug label Apr 20, 2022
@theofidry theofidry added this to the Box4.3 milestone Feb 3, 2023
@theofidry
Copy link
Member

Ok finally found the issue.

The problem is that dump-autoload does not really care about the --dev|--no-dev flag. It looks like it only cares about it for the actual dumped autoload, but before that, i.e. when autoloading the code, it does not and instead just loads everything that is registered in installed.json|installed.php.

The way Box works is:

  • copy the source code
  • remove dev deps
  • dump the autoload

This means that if you have a dev plugin, e.g. phpstan/extension-installer, when dumping the autoload, the plugin will be attempted to be loaded. This of course cannot work since it's a dev dep and Box removed it.

I think this could be solved in Composer, but I also cannot just wait for a fix there so I'll likely need to temper the content of installed.json & installed.php

This was referenced Feb 13, 2023
Open
Closed
@danepowell danepowell mentioned this issue Feb 16, 2023
Merged
@jaapio
Copy link

jaapio commented May 7, 2023

What if you add --no-plugins to the autoload command?

@theofidry
Copy link
Member

@jaapio in which case this would break the bundling of any Symfony app which uses Flex. I'm not familiar enough with other frameworks, but this makes me believe there could be other affected too so it's not really the solution.

@lkrms
Copy link

lkrms commented Aug 7, 2023

Have just run into this here as well.

I've worked around it by:

  1. creating a clean copy of the package (I'm using git clone, but any method where the package is duplicated without its vendor directory should work)
  2. running composer install --no-dev in the clean copy
  3. running box compile in the clean copy

Composer's behaviour here isn't unreasonable, though. I wouldn't expect a package manager to remain operational if critical files were deleted, and from the discussion here and a quick read of the documentation, it seems reasonable for composer commands to fail if an enabled plugin is removed from the filesystem.

Would it be feasible to use composer --no-dev install to create the initial state of a package instead of removing dev dependencies at the filesystem level?

@lkrms lkrms mentioned this issue Aug 8, 2023
Closed
@theofidry
Copy link
Member

Would it be feasible to use composer --no-dev install to create the initial state of a package instead of removing dev dependencies at the filesystem level?

Yes and no.

Currently the whole process is:

  • load the Box config a first time
  • copy the whole project; excluding the unnecessary files, the copied files are processed by the compactors
  • dump the autoloader
  • ship the files to the PHAR

What the above entails would mean:

  • load the Box config a first time
  • copy the whole project
  • install the no-dev deps
  • reload the Box config and apply the compactors (which can include the scoping) and remove the unnecessary files
  • ship the files to the PHAR

So it's really not a trival amount of changes and probably a big performance hit too.

@theofidry theofidry mentioned this issue Oct 13, 2023
Closed
@theofidry theofidry modified the milestones: Box4.3, Box5 Oct 14, 2023
@theofidry theofidry mentioned this issue Nov 12, 2023
Merged
@llaville
Copy link
Contributor

llaville commented Sep 3, 2024

@theofidry While working on final version of BOX Manifest v4.0, I've encounter this problem too when I tried to use the -d|--working-dir option of BOX 4.6.2

I recommend to add a note on documentation like it was done for metadata setting (see https://box-project.github.io/box/configuration/#metadata-metadata), to alert users that they should disable the dump-autoload setting (as a workaround).

At least for me it worked !

BTW, I've also noticed that the BOX output did not display that we have effectivly changed directory. It may be cool to have such info.

For example with dump-autoload disabled, current dir is /shared/backups/bartlett/box-manifest (my clone copy of https://github.com/llaville/box-manifest/tree/4.x)

vendor/bin/box compile -c box.json.dist -vvv -d tests/fixtures/phario-manifest-2.0.x-dev/

Prints following output

[debug] Current memory limit: "512MB"
[debug] Checking BOX_ALLOW_XDEBUG
[debug] phar.readonly is enabled
[debug] The Xdebug extension is loaded (3.3.2) xdebug.mode=debug,develop
[debug] Configured `phar.readonly=0`
[debug] Process restarting (BOX_ALLOW_XDEBUG=internal|3.3.2|1|*|*)
[debug] Running: [/usr/local/bin/php, vendor/bin/box, compile, -c, box.json.dist, -vvv, -d, tests/fixtures/phario-manifest-2.0.x-dev/]
[debug] Current memory limit: "512MB"
[debug] Checking BOX_ALLOW_XDEBUG
[debug] Restarted (88 ms). The Xdebug extension is not loaded


 [INFO] Changed working directory to "tests/fixtures/phario-manifest-2.0.x-dev/"



    ____
   / __ )____  _  __
  / __  / __ \| |/_/
 / /_/ / /_/ />  <
/_____/\____/_/|_|


Box version 4.6.2@29c3585
 // Loading the configuration file "box.json.dist".

🔨  Building the PHAR "/shared/backups/bartlett/box-manifest/tests/fixtures/phario-manifest-2.0.x-dev/test.phar"

? Removing the existing PHAR "/shared/backups/bartlett/box-manifest/tests/fixtures/phario-manifest-2.0.x-dev/test.phar"
[debug] Increased the maximum number of open file descriptors from ("1024", "524288") to ("2176", "unlimited")
? Skipping the Composer compatibility check: the autoloader is not dumped
? No compactor to register
? Mapping paths
  - console-table.txt > .box.manifests/console-table.txt
  - plain.txt > .box.manifests/plain.txt
  - manifest.txt > .box.manifests/manifest.txt
  - sbom.json > .box.manifests/sbom.json
  - sbom.cdx.json > .box.manifests/sbom.cdx.json
  - sbom.xml > .box.manifests/sbom.xml
  - sbom.cdx.xml > .box.manifests/sbom.cdx.xml
  - console-style.txt > .box.manifests/console-style.txt
? No main script path configured
? Adding requirements checker
? Adding binary files
    > 9 file(s)
? Auto-discover files? Yes
? Exclude dev files? No
? Adding files
    > 27 file(s)
? Using stub file: /shared/backups/bartlett/box-manifest/tests/fixtures/phario-manifest-2.0.x-dev/stub.php
? Skipping dumping the Composer autoloader
? Removing the Composer dump artefacts
? No compression
[debug] Restored the maximum number of open file descriptors
? Setting file permissions to 0755
* Done.

No recommendation found.
No warning found.

 // PHAR: 68 files (178.01KB)
 // You can inspect the generated PHAR with the "info" command.

 // Memory usage: 12.81MB (peak: 12.90MB), time: <1sec

[debug] Restarted process exited 0

Note

Line [INFO] Changed working directory to "tests/fixtures/phario-manifest-2.0.x-dev/" in output is not official.
I've put code
$io->info(\sprintf('Changed working directory to "%s"', $workingDir));
at end of \KevinGH\Box\Console\Command\ChangeWorkingDirOption::changeWorkingDirectory for demo/test purpose only

llaville added a commit to llaville/box-manifest that referenced this issue Sep 4, 2024
@llaville
upgrade BOX final config file (with pretty print, and disable dump-au…
6d23668 
…toload setting : see issue box-project/box#580)
llaville added a commit to llaville/box-manifest that referenced this issue Sep 4, 2024
@llaville
add warning about BOX issue box-project/box#580
2156c67
@llaville llaville mentioned this issue Sep 7, 2024
Open
@llaville llaville mentioned this issue Oct 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Box5
Development

Successfully merging a pull request may close this issue.

fix: Fix compilation of projects using dev composer plugins theofidry/box
6 participants
@ondrejmirtes @llaville @jaapio @lkrms @maks-rafalko @theofidry