2

I want to use the simplesamlphp package for my SSO implementation. However, I cannot install the package via composer, because one of the dependencies no longer exists.

"simplesamlphp/simplesamlphp": "dev-master"

Output after running composer update -o:

  Problem 1
    - simplesamlphp/saml2 v0.4.1 requires robrichards/xmlseclibs 1.3.* -> no matching package found.
    - simplesamlphp/saml2 v0.4.0 requires robrichards/xmlseclibs 1.3.* -> no matching package found.
    - simplesamlphp/saml2 v0.3.0 requires robrichards/xmlseclibs 1.3.* -> no matching package found.

I know that simplesamlphp has a package simplesamlphp/xmlseclibs. Is there a way to load that package instead of the non-existing robrichards package?

I have searched for answers in the Composer documentation, but an alias is only used for local repositories it seems.

winkbrace
  • 2,682
  • 26
  • 19

2 Answers2

1

The forthcoming version of the package has an updated composer.json, fixing the issue with the deleted dependency by using the read-only mirror the package maintainer has created.

In the mean time, this doesn't help anyone using the package, especially not if you need a stable version.

The package maintainer should issue a point release, correcting only the dependency, to point their most recent stable version at the relocated dependency.

There doesn't seem to be a way around this short of manually installing the package and its dependency.

bcmcfc
  • 25,966
  • 29
  • 109
  • 181
  • Thanks for the response. Unfortunately simplesamlphp/simplesamlphp requires simplesamlphp/saml2 ~0.3. dev-master does not comply to this dependency. Any ideas what to do then? – winkbrace May 21 '14 at 14:20
  • 1
    Hm, so it does. That's quite unfortunate. The package maintainer needs to correct this, perhaps with a patch for each package that points composer.json to the right place. – bcmcfc May 21 '14 at 14:22
  • Thanks. I raised an issue on their google code page. I guess I'll just have to hope someone will pick it up soon. – winkbrace May 21 '14 at 14:26
  • The composer message you got was odd though. It had 0.3 in the requires but then suggested it tried to load 0.4.1, 0.4.0 *and* 0.3.0 in turn. – bcmcfc May 21 '14 at 14:28
  • 1
    it has a wrinkly ~ in front of it, which means all versions up from this untill the next major version change. Similar to >= 0.3 – winkbrace May 21 '14 at 14:29
  • Ah I see. So it tried 0.4.1 but wasn't able to try dev-master. So if they release a 0.4.2 with the composer.json change it should pick up the new dependency, with no other changes required? – bcmcfc May 21 '14 at 14:31
  • Exactly. Only from v1.0.* would it require a change. – winkbrace May 21 '14 at 14:34
1

I managed a solution. In their github source, they have the non-existing package defined as a repository. So I added that repository to my own composer.json, and now it finally works! :D

snippet of my composer.json for reference:

{
    "require": {
        "simplesamlphp/simplesamlphp": "dev-master"
    },
    "repositories": [
        {
            "type": "package",
            "package": {
                "name": "robrichards/xmlseclibs",
                "version": "1.3.1",
                "source": {
                    "type": "svn",
                    "url": "http://xmlseclibs.googlecode.com/svn",
                    "reference": "trunk@50"
                },
                "autoload": {
                    "files": ["xmlseclibs.php"]
                }
            }
        }
    ],
    "minimum-stability": "dev",
    "prefer-stable": true
}
winkbrace
  • 2,682
  • 26
  • 19