-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--trust-gpg-keys
option for update
#296
Comments
That is correct. Given that to
That should certainly not be the case: If you have an installed version in the phive.xml, that very version is (or should at least) be reinstalled. That's the exact and sole reason to have that information tracked. On update it should update to whatever is latest that still falls into the range defined by the constraint.
Looks like we're indeed lacking documentation for that. We very much do support that: |
We're storing the So the 'user' running the update won't usually be the same as the one initially installing. Also, as this is an automated process, there is no-one to press Y; we are using (We need to be able to run different versions of PHPUnit depending on the PHP version, because there isn't a version compatible with both PHP 7.2 and PHP 8.)
Starting with the following entry in <phar name="phpunit" version="^7.5.20" installed="7.5.20" location="./tools/phpunit.phar" copy="true"/> I run phive install phpunit The <phar name="phpunit" version="^9.4.3" installed="9.4.3" location="./tools/phpunit" copy="false"/> The version in `tools' is not updated but a batch file (this is on Windows) is created linking to version 9.4.3 installed for the current user. Not sure if that's what's supposed to happen. However, if I were to instead run |
Interesting use case. Let me think about it. I'm still not convinced, as I don't see this as preferable or even viable process:
As your main problem is that your CI run doesn't have the required public key in its key ring because the original install occurred on a different system, you could simply fix that by having the key imported directly using
The above command tells For now: If you merely want to re-create the state configured in
I see why that is happening and I agree that is probably at least surprising if not wrong: It previously was installed using
Yes. The later indeed seems correct. |
I'm not sure how much of an edge case that is. The recommendation (on phar.io) is to set a key up to be valid for a year, so basically the key for most projects will change on average once a year, which to me makes this sound like a very valid request. |
Thanks for adding your opinion. I'm not strictly against adding this option to
We do not have a problem with changing keys. Phive actually detects that a key has changed and requests a confirmation whether or not this is intended. The If you have the tools committed along, there's no need to run phive at CI at all. If you only committed the The only - and to me that is an edge case - scenario I can see where running I'm also not convinced that a change of keys should/can be treated the same as a previously unknown key. But that's a different story. |
@theseer Thanks for your response.
Ah, that's interesting. In that case, I agree shouldn't be needed. But that makes the issue I reported in #427 all the more weird (though I am still presuming I'm doing something wrong there). Sorry for the noise. I came across this issue while looking to see if what I was seeing in #427 had been reported before. |
Your comments are - as far as my experience goes - never noise. And this issue is still open for the very reason I want to get more input before making a change. I currently have hardly any time to work on open source, so I'm even more reluctant to implement things I do not understand the use case for :) |
We switched to not having the PHARs under version control (as you may see from the cross-referenced PRs/commits). This seems to work better in general for multiple development environments across various platforms, and we've not IIRC had any issues since. Possibly we may have misunderstood the best practices at the time of setting up, though that was before GitHub Actions, when we were using Travis, so I can't be sure. I think it should be stated clearly in the docs that it is not recommended to put the PHARs under version control. (Though there may be use-cases where you want that, for some specific reason.) |
It seems this option is only available for
install
and not forupdate
.But
install
will install the latest version and ignore version constraints set inphive.xml
, and there doesn't seem to be a way of specifying version constraints on the command line (at least I can't see anything listed when runningphive
without parameters to get the built-in help).The text was updated successfully, but these errors were encountered: