How to update cPanel's included Composer version?

[ItsMattSon]

Hi,

In 2018, there was an issue reported on the Composer Github issues tracker with versions prior to 1.7.2 (issue reported here) where a missing case sensitivity conversion in the code broke the "composer self-update" function. The only fix to update a version older than this is to re-install Composer, unfortunately. The self-update function is broken in the cPanel version I'm running, which is the version I assume we may all be running - version 1.3.2 (2017-01-27).

cPanel added Composer in cPanel & WHM version 58.

Can cPanel please provide guidance on how to update the Composer version included in the product, or acknowledge the issue so that it can be resolved in a future release?

Any help would be greatly appreciated.

Thanks in advance.

 

[cPanelLauren]

We're definitely running a newer version for composer:

[[email protected] ~]# rpm -qa |grep composer
cpanel-php-composer-1.8.6-1.cp1186.noarch

Which version of cPanel & WHM are you running?

 

[ItsMattSon]

Hi @cPanelLauren,

According to the top-right of WHM, I'm running v86.0.21

I ran the same command as you and mine says the same:

[[email protected] ~]$ rpm -qa |grep composer
cpanel-php-composer-1.8.6-1.cp1186.noarch

Strange that this command shows different though?

[[email protected] ~]$ composer -V
Composer version 1.3.2 2017-01-27 18:23:41

Looks like there is an alias in /etc/bashrc on Ln99 for composer, not sure if I made this but I don't think I did.

# CUSTOM
export PATH=$PATH:/usr/local/bin
alias composer="/usr/local/bin/php -d memory_limit=1G -d allow_url_fopen=1 -d detect_unicode=0 /opt/cpanel/composer/bin/composer"

Does that alias exist for you as well?
Also, what result do you get if you do composer -V?

I find this odd too... Package unavailable to reinstall?

[[email protected] ~]$ sudo yum reinstall cpanel-php-composer
Loaded plugins: fastestmirror, universal-hooks
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
* EA4: 104.219.172.10
* cpanel-addons-production-feed: 104.219.172.10
* cpanel-plugins: 104.219.172.10
* base: repos-lax.psychz.net
* epel: mirror.arizona.edu
* extras: repos-lax.psychz.net
* updates: mirror.phx1.us.spryservers.net
Installed package cpanel-php-composer-1.8.6-1.cp1186.noarch not available.
Error: Nothing to do

 

[cPanelLauren]

I've got a few differences on my test server:

Though you shouldn't run it as root:

[[email protected] logs]# composer -V
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Composer version 1.8.6 2019-06-11 15:03:05

I get the same output as a user though.

Then nothing in bashrc referencing it:

[[email protected] ~]# grep composer /etc/bashrc
[[email protected] ~]#

What's the output of the following?

which composer

 

[ItsMattSon]

Hi @cPanelLauren,

I removed the alias in /etc/bashrc as I probably did create that in hindsight. Anyway, here's the which

[[email protected] ~]$ which composer
/opt/cpanel/composer/bin/composer

[[email protected] ~]$ composer -V
Composer version 1.3.2 2017-01-27 18:23:41

When did cPanel update Composer to your version? Did it jump from my version to your version?

The reason I ask is because if upcp updates it during cPanel version upgrades but it updates it using "composer self-update" then it won't have worked. Composer devs confirmed in the GitHub issue that to upgrade to the version beyond 1.7 (i think) a full uninstall/reinstall is mandatory.

If your test instance of cPanel was installed using a version of cPanel that has Composer that is > 1.7.2 (at the very least) then you won't be able to replicate this.

The question is, how can I update my cPanel-bundled version of Composer now since I cannot upgrade using "composer self-update"?

Thanks in advance.

 

[cPRex]

Hey there! The last two updates to Composer are in the 76 and 84 change logs. I see this in version 76:

• Fixed case CPANEL-23289: Update cpanel-php-composer to version 1.7.2.

and this in version 84:

• Fixed case CPANEL-28612: Update rpm.versions for cpanel-php-composer 1.8.6-2.cp1184.

It might be best to submit a ticket to our support team so we could try and track down why you're seeing different data than expected as that package should update normally as part of the cPanel updates on the machine.

 

[ItsMattSon]

Hey there! The last two updates to Composer are in the 76 and 84 change logs. I see this in version 76:

• Fixed case CPANEL-23289: Update cpanel-php-composer to version 1.7.2.

and this in version 84:

• Fixed case CPANEL-28612: Update rpm.versions for cpanel-php-composer 1.8.6-2.cp1184.

It might be best to submit a ticket to our support team so we could try and track down why you're seeing different data than expected as that package should update normally as part of the cPanel updates on the machine.

Hi cPRex,

With respect, I'm happy to keep working through this in this thread as I'm curious how to resolve it for my own information. Here's some information that might help explain what has happened?

Directory: /opt/cpanel/composer/bin

[[email protected] bin]# stat *
  File: `composer'
  Size: 1816271       Blocks: 3552       IO Block: 4096   regular file
Device: 55d0b6f1h/1439741681d    Inode: 2623242     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-05-21 12:01:04.235048449 +0800
Modify: 2017-02-21 11:45:22.156929129 +0800
Change: 2017-02-21 11:45:22.167929360 +0800
  File: `composer.rpmnew'
  Size: 1915161       Blocks: 3744       IO Block: 4096   regular file
Device: 55d0b6f1h/1439741681d    Inode: 2621621     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    1/     bin)   Gid: (    1/     bin)
Access: 2020-05-21 12:31:34.932577961 +0800
Modify: 2019-08-28 03:18:01.000000000 +0800
Change: 2019-11-12 04:01:18.893332759 +0800

It looks like the composer.rpmnew is the correct version as I performed -V on it and it came up correct to the 86 version. However it must've failed to replace the original composer which is the 1.3.2 version.

The user:group "bin" is interesting. What would cause this binary from being moved over the top of composer and the user:group being left as bin and not root? Would love to know also how to "force" a reinstall of that rpm if you pretty please could advise.

I'm slightly concerned that other bundled 3rd-party software isn't being updated either now unfortunately. What's another piece of software that changed version in v86 (please provide version for comparison) that I can check my version of?

Thanks so much!

 

[ItsMattSon]

Hi @cPanelLauren and @cPRex,

Unsure how come my old composer never got updated and the one I was supposed to have was appended .rpmnew but I've managed to resolve this (hopefully the correct way).

I learned of a cPanel-provided script that would check the health of the RPMs, here: /scripts/check_cpanel_rpms

[[email protected] ~]$ sudo /scripts/check_cpanel_rpms
[2020-05-22 15:05:01 +0800]   
[2020-05-22 15:05:01 +0800]   Problems were detected with cPanel-provided files which are RPM controlled.
[2020-05-22 15:05:01 +0800]   If you did not make these changes intentionally, you can correct them by running:
[2020-05-22 15:05:01 +0800]   
[2020-05-22 15:05:01 +0800]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2020-05-22 15:05:01 +0800]   
[2020-05-22 15:05:01 +0800]   The following files were found to be altered from their original RPM:
[2020-05-22 15:05:01 +0800]   cpanel-php-composer,1.8.6,1.cp1186
[2020-05-22 15:05:01 +0800]   
Do you want to repair these RPMs?(y/n):
y
[2020-05-22 15:05:34 +0800]   Removing 1 broken rpms: cpanel-php-composer-1.8.6-1.cp1186.noarch
[2020-05-22 15:05:34 +0800]   Maximum sync children set to 16 based on 5541M available memory.
[2020-05-22 15:05:35 +0800]   Downloading http://httpupdate.cpanel.net/RPM/11.86/centos/6/x86_64/rpm.sha512

[2020-05-22 15:05:35 +0800]   Successfully verified signature for cpanel (key types: release).
[2020-05-22 15:05:35 +0800]   Maximum sync children set to 16 based on 5535M available memory.
[2020-05-22 15:05:35 +0800]   Downloading http://httpupdate.cpanel.net/RPM/11.86/centos/6/x86_64/cpanel-php-composer-1.8.6-1.cp1186.noarch.rpm
[2020-05-22 15:05:35 +0800]   Disabling service monitoring.
[2020-05-22 15:05:35 +0800]   Hooks system enabled.
[2020-05-22 15:05:35 +0800]   Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
[2020-05-22 15:05:35 +0800]   All required 'pre' hooks have been run
[2020-05-22 15:05:35 +0800]   No RPMS need to be uninstalled
[2020-05-22 15:05:35 +0800]   Installing new rpms: cpanel-php-composer-1.8.6-1.cp1186.noarch.rpm
[2020-05-22 15:05:35 +0800]   Preparing packages for installation...
[2020-05-22 15:05:35 +0800]   cpanel-php-composer-1.8.6-1.cp1186
[2020-05-22 15:05:35 +0800]   Releasing lock for Cpanel::RPM::Versions::File
[2020-05-22 15:05:35 +0800]   Hooks system enabled.
[2020-05-22 15:05:35 +0800]   Checking for and running RPM::Versions 'post' hooks for any RPMs about to be installed
[2020-05-22 15:05:35 +0800]   All required 'post' hooks have been run
[2020-05-22 15:05:35 +0800]   Restoring service monitoring.

I then went back to /opt/cpanel/composer/bin directory to check if the composer version was now correct.

[[email protected] bin]$ composer -V
Composer version 1.8.6 2019-06-11 15:03:05

The above version, date and time matches Lauren's output exactly so I think we are sorted

Thanks for your input and guidance.

 

[cPanelLauren]

I'm so glad that the script picked up that it needed an update. I think your suspicion is correct that whenever it attempted to update composer the update failed and you were left with the old version. I'm glad you were able to get this resolved and thanks to @cPRex for jumping in while I was away!