#!/bin/sh

# This installs when allow_url_fopen is Off (in most cases)
EXPECTED_SIGNATURE=$(wget -q -O - https://composer.github.io/installer.sig)

php -d allow_url_fopen=1 -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")

if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
    >&2 echo 'ERROR: Invalid installer signature'
    rm composer-setup.php
    exit 1
fi

php -d allow_url_fopen=On composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT