How to install and use Composer on Debian 8
Introduction
Composer is a popular dependency management tool for PHP, built primarily to make it easy to install and update project dependencies. It will check which other packages of a particular project depends on it and install them for you using the appropriate versions as required by the project.
This tutorial will show you how to install and how to get started with composer on a Debian 8 server.
Prerequisites
For this tutorial you will need:
- One Debian 8 server with a non-root sudo user as shown in the initial server setup with Debian 8.
Step 1 – Installing Dependencies
Before downloading and installing Composer, we need to make sure that our server has all the required dependencies installed.
First, you need to update your package manager cache.
sudo apt-get update
Now, let’s install the dependencies. We need curl
in order to download the composer and php5-cli
, a PHP package to install and run. The composer uses git
, source control system to load the project dependencies. You can install all three of these packages right away with this command:
sudo apt-get install curl php5-cli git
Now that the main dependencies are installed, let’s go ahead and install Composer itself.
Step 2 – Downloading and Installing Composer
We will follow the instructions as written in the composer’s official documentation with a slight modification to install Composer globally in /usr/local/bin
… This will allow every user on the server to use Composer.
Download the installer to the directory /tmp
…
php -r "copy('https://getcomposer.org/installer', '/tmp/composer-setup.php');"
Visit the page composer’s pubkeys and copy the SHA-384 line at the top. Then run the following command, replacing the line sha_384_string
…
php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === 'sha_384_string') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('/tmp/composer-setup.php'); } echo PHP_EOL;"
This command checks the hash of the uploaded file with the correct hash from the composer’s site. If it matches, it will write that installer checked… If it doesn’t match, it will print installer corrupted, in this case you should double check that you copied the SHA-384 string correctly.
Next, we’ll install Composer. In order to set it globally within /usr/local/bin
, we will use the flag --install-dir
; --filename
tells the installer the name of the composer executable. Here’s how to do it in one command:
sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
You will see a message like the following:
Output
All settings correct for using Composer Downloading... Composer (version 1.3.2) successfully installed to: /usr/local/bin/composer Use it: php /usr/local/bin/composer
You can verify that Composer was installed correctly by checking its version.
composer --version
You should see the version that was installed. At the time of this writing, the Composer version is as follows:
Composer version 1.3.2 2017-01-27 18:23:41
Finally, you can safely remove the installation script as you no longer need it.
rm /tmp/composer-setup.php
Composer is now up and running, waiting for your project to use it. In the next section, you will generate a file composer.json
which includes the PHP libraries your project depends on.
Step 3 – Generating the composer.json file
In order to use Composer for a project, you need the file composer.json
… File composer.json
tells Composer which dependencies it needs to download for your project, and which versions of each package are allowed to install. This is important to keep your project consistent and to avoid installing unstable versions that could potentially lead to backward compatibility issues.
You don’t need to manually create this file; it’s easy to run into syntax errors if you do. The composer will automatically generate the file composer.json
when adding a dependency to a project using the command require
… Additional dependencies can also be added in the same way, without having to manually edit this file.
The process of using Composer to install a dependent package in a project usually involves the following steps:
- Determine which libraries the application needs
- Checking suitable open source libraries for Packagist.org, the official repository for Composer
- Choosing the package you want to depend on
- Running
composer require,
including dependency in filecomposer.json
and installing the package
We’ll see how this works in practice with a simple demo application.
The purpose of this application is to turn this sentence into a slug, which is a URL-friendly string. This is used to convert page titles to URL paths (as the final URL for this tutorial).
Let’s start by creating a directory for the project. We will call him slugify :
cd ~ mkdir slugify cd slugify
Next, let’s look for the libraries we should be using.
When looking for packages on Packagist
Next, we will search Packagist for a package to help generate the slug. If you are looking for “slug“, you will see a list of packages. On the right side of each package listed, you will see two numbers: the number at the top, how many times the package has been installed, and the number at the bottom shows how many times the package has been starred on GitHub.
Generally speaking, packages with more installations and stars tend to be more stable because many people use them. It is also important to check the package description to ensure that the package is indeed what you are looking for.
What we need is a simple string to slug converter. As an example here, we will use the package cocur/slugify
… Seems to be a good package because it has a reasonable number of installs and stars.
You will notice that packages on Packagist have a vendor name and a package name. Each package has a unique identifier (namespaces) in the same format GitHub uses for its repositories: vendor/package
… The library we want to install uses the namespace cocur/slugify
… The namespace is what we need in order to require a package in our project.
Now that we have defined the library we want to add it to the file composer.json
…
Package requirement
We can run composer require,
to include the library as a dependency and also generate the file composer.json
for the project:
composer require cocur/slugify
Output
Using version ^2.3 for cocur/slugify ./composer.json has been created Loading composer repositories with package information Updating dependencies (including require-dev) Package operations: 1 install, 0 updates, 0 removals - Installing cocur/slugify (v2.3) Downloading: 100% Writing lock file Generating autoload files
As you can see from the output, the composer has automatically decided which version of the package should be used. If you look at your project directory now, it will contain two new files: composer.json
and composer.lock
, and the directory /vendor
:
ls -l
Output
total 12 -rw-r--r-- 1 sammy sammy 59 Feb 1 13:43 composer.json -rw-r--r-- 1 sammy sammy 2896 Feb 1 13:43 composer.lock drwxr-xr-x 4 sammy sammy 4096 Feb 1 13:43 vendor
Файл composer.lock
is used to keep track of which versions of each package are installed, and will make sure the same versions are used if someone clones your project and installs its dependencies. Catalog /vendor
where the project dependencies are located. Catalog /vendor
should not be committed in a version control system; you only need to include files composer.json
and composer.lock
…
Note: When installing a project that already contains a composer.json file, you need to run the composer installation to download the project dependencies.
You may notice that the file composer.lock
contains specific information about the PHP version dependency of our project libraries. Composer uses a special syntax to restrict libraries to specific versions. Let’s see how it works.
Understanding version restrictions
If you check the contents of your file composer.json
then you will see something like this:
cat composer.json
Output
{ "require": { "cocur/slugify": "^2.3" } }
There is an insert character, ^
before the version number. Composer supports several different constraints and formats for specifying the required version of a package, in order to provide flexibility while keeping the project stable. The carriage operator is used in an auto-generated file composer.json и
is the recommended operator for maximum compatibility, after semantic versioning. In this case, it determines 1.3 as the minimum compatible version and also allows upgrades to any future version below 2.0 … You can read more details on major versions at Composer version documentation…
So far we have seen how to add and restrict PHP libraries in our project needs Composer using the file composer.json
… The next step is to use these libraries inside our application. For this purpose, composer gives the file autoload.php
which facilitates the process of loading external libraries.
Step 4 – Enabling the autoload script
Composer provides an autoload script that you can include in your project to get it bootstrapped for free. This makes it much easier to work with dependencies and define your own namespaces. The only thing you need to do is include the file vendor/autoload.php
in your scripts before any instance class.
Let’s go back to the slugify example application. Use nano
or your favorite text editor to create a script test.php
where we will use the library cocur/slugify
…
nano test.php
test.php
<?php require __DIR__ . '/vendor/autoload.php'; use CocurSlugifySlugify; $slugify = new Slugify(); echo $slugify->slugify('Hello World, this is a long sentence and I need to make a slug from it!');
You can run the script on the command line with:
php test.php
This should produce an output:
Output
hello-world-this-is-a-long-sentence-and-i-need-to-make-a-slug-from-it
You will completely customize composer, but read on to find out how to save preferences.
Step 5 – Updating Composer and Project Dependencies (Optional)
To update Composer you can use the built-in command self-update
… Since composer is installed globally, you need to run the command with superuser privileges.
sudo -H composer self-update
You can update one or more specific libraries by listing them specifically in composer update
…
composer update namespace/package
If you want to update all your project dependencies, run the command update
…
composer update
This will check for new versions of the libraries you need in your project. If a new version is found and it will be compatible with the version of the restriction defined in the file composer.json
, it will replace the previous version installed. File composer.lock
will be updated to reflect these changes.
Output
Composer is a powerful tool, every PHP developer should have the necessary programs in their bundle. In addition to providing an easy and reliable way to manage project dependencies, it also sets a new de facto standard for sharing and discovering community generated PHP packages.
In this tutorial, we briefly covered the basics of Composer: how to install it, how to create a project and find packages for it, and how to save it. To find out more, you can explore official Composer documentation…