From a0b0e58cb3cc1c7e7ce15cd722e7fa4654bf4ed4 Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Wed, 25 Sep 2019 11:55:40 +0900
Subject: [PATCH] Improve composer installer on darwin

- Check to signature.
- Add error handling.
---
 src/darwin.sh | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/darwin.sh b/src/darwin.sh
index 345009e1..513d5a6f 100644
--- a/src/darwin.sh
+++ b/src/darwin.sh
@@ -6,9 +6,23 @@ ini_file=$(php --ini | grep "Loaded Configuration" | sed -e "s|.*:s*||" | sed "s
 ext_dir=$(/usr/bin/php -i | grep "extension_dir => /usr" | sed -e "s|.*=> s*||")
 sudo chmod 777 "$ini_file"
 mkdir -p "$(pecl config-get ext_dir)"
-curl -sS https://getcomposer.org/installer | php
-chmod +x composer.phar
-mv composer.phar /usr/local/bin/composer
+if [ ! -e "/usr/bin/composer" ]; then
+	EXPECTED_SIGNATURE="$(curl -s https://composer.github.io/installer.sig)"
+	curl -s -L https://getcomposer.org/installer > composer-setup.php
+	ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+
+	if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then
+		>&2 echo 'ERROR: Invalid installer signature'
+		rm composer-setup.php
+		exit 1
+	fi
+
+	COMPOSER_ALLOW_SUPERUSER=1
+	sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+	RESULT=$?
+	rm composer-setup.php
+	exit $RESULT
+fi
 composer global require hirak/prestissimo
 php -v
-composer -V
\ No newline at end of file
+composer -V