PHP download

Download the PHP package apex/signer without Composer

On this page you can find all versions of the php package apex/signer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download apex/signer
More information about apex/signer
Files in apex/signer

Vendor apex
Package signer
Short Description Digital signatures and verification for your Composer packages.
License MIT
Homepage https://apexpl.io

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package signer

Apex Signer

Allows authors the ability to easily add digital signatures to releases of their Composer packages, and allows users to easily verify the packages and updates downloaded by Composer to help ensure no unauthorized code has made it into the repositories.

Installation

Install via Composer with:

composer require --dev apex/signer

Verify Downloads

Verify all available packages within the /vendor/ directory by running the command:

./vendor/bin/signer verify

This will go through all installed Composer packages, and look for a signatures.json file in each. When found, the merkle tree of the package will be built from the package contents, and compared to the digital signature found within the signatures.json file for that release. If the author has opted to utilize online signing via the public ledger at https://ledger.apexpl.io/, this will also verify the signing certificate against the ledger.

Generate Signatures

Within the package root directory, initialize the signer with the command:

./vendor/bin/signer init

Once initialized, the last step just before you run git commit, sign the package with the command:

./vendor/bin/signer sign [VERSION] [PASSWORD]

If the version is unspecified, you will be prompted for one, and the version MUST be the same as what the git repository will be tagged with. This will generate a merkle root of all files being tracked by git, sign it using your private key, and add the necessary entry into the signatures.json file.

Once signed, follow the on screen instructions -- add signatures.json to git, commit and push the repository, then tag it with the same version as you created the signature with. Your package will now be included when users verify their packages and yours is within their /vendor/ directory.

Sign and Release Package

Alternatively, you may complete all steps with the one release command:

./vendor/bin/signer release [VERSION] -m "Your commit message"

Or by including a file for the commit message instead:

./vendor/bin/signer release [VERSION] --file commit.txt

This will sign the package same as above, but will also commit and push the repository, then tag and push the tags all in one step. This will check your git settings, and push to the correct remote and branch name. Run this command once all files are staged for commit, and you are ready to make the release public.

Support

If you have any questions, issues or feedback, please feel free to drop a note on the ApexPl Reddit sub for a prompt and helpful response.

Follow Apex

Loads of good things coming in the near future including new quality open source packages, more advanced articles / tutorials that go over down to earth useful topics, et al. Stay informed by joining the mailing list on our web site, or follow along on Twitter at @mdizak1.

All versions of signer with dependencies

PHP Build Version

Package Version

Version 2.0 Release 30. Jan 2022
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of signer from vendor apex

Requires php Version >=8.0
ext-openssl Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package apex/signer contains the following files

Loading the files please wait ....