To lint SQL files (T132641) the labs/tools/heritage added a composer dependency upon cweiske/php-sqllint. That downloads the package from git://git.cweiske.de/php-sqllint.git which is not a secure protocol. Hence compose bails out:
$ composer require cweiske/php-sqllint ... - Installing cweiske/php-sqllint (v0.1.3) Cloning ad7dac068d29c9bd9b07c4e908914448950aec30 Installation failed, deleting ./composer.json. [Composer\Downloader\TransportException] Your configuration does not allow connections to git://git.cweiske.de/php-s qllint.git. See https://getcomposer.org/doc/06-config.md#secure-http for de tails.
The git.cweiske.de respond to https with a certificate from Let's Encrypt. Unfortunately the name is mail.cweiske.de.
$ openssl s_client -showcerts -servername git.cweiske.de -connect git.cweiske.de:443 Certificate chain 0 s:/CN=mail.cweiske.de i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 Server certificate subject=/CN=mail.cweiske.de issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
We want to reach out to the host to:
- get a valid certificate on git.cweiske.de
- expose the git repositories over https
- update packagist :}
Then we can remove the composer option in https://gerrit.wikimedia.org/r/#/c/315226/2/composer.json