diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 94530e57ea3d0b792adf84352e73f1b66143540a..f76eb5f730ce764501eb70211a82193ce0208387 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,6 +54,8 @@ variables:
# Always test against the previous minor version of core.
OPT_IN_TEST_PREVIOUS_MINOR: '1'
# SKIP_ESLINT: '1'
+ # @todo Remove this line when https://drupal.org/i/3414093 is fixed.
+ CI_DEBUG_SERVICES: "true"
###################################################################################
diff --git a/package_manager/package_manager.services.yml b/package_manager/package_manager.services.yml
index d68e2cffb0abf81411a7732478c9f65709f9aadc..5a7bad7b78b15a51478c041a622a20cdf4ec1aba 100644
--- a/package_manager/package_manager.services.yml
+++ b/package_manager/package_manager.services.yml
@@ -167,7 +167,9 @@ services:
- { name: event_subscriber }
# @todo Tag this service as an event subscriber in https://drupal.org/i/3358504,
# once packages.drupal.org supports TUF.
- Drupal\package_manager\Validator\PhpTufValidator: {}
+ Drupal\package_manager\Validator\PhpTufValidator:
+ arguments:
+ $baseUrl: 'https://packages.drupal.org'
Drupal\package_manager\PackageManagerUpdateProcessor:
arguments:
# @todo Autowire $update_fetcher when https://drupal.org/i/3325557 lands.
diff --git a/package_manager/src/Validator/PhpTufValidator.php b/package_manager/src/Validator/PhpTufValidator.php
index a12d8dcc3964d5e722d82d33424a1ff079788f72..1222474017dd5ac701c4c120accf99acf9454832 100644
--- a/package_manager/src/Validator/PhpTufValidator.php
+++ b/package_manager/src/Validator/PhpTufValidator.php
@@ -59,11 +59,15 @@ final class PhpTufValidator implements EventSubscriberInterface {
* The Composer inspector service.
* @param \Drupal\Core\Extension\ModuleHandlerInterface $moduleHandler
* The module handler service.
+ * @param string $baseUrl
+ * The base URL of the repository, or repositories, defined in
+ * `composer.json`that must be protected by TUF.
*/
public function __construct(
private readonly PathLocator $pathLocator,
private readonly ComposerInspector $composerInspector,
- private readonly ModuleHandlerInterface $moduleHandler
+ private readonly ModuleHandlerInterface $moduleHandler,
+ private readonly string $baseUrl,
) {}
/**
@@ -147,13 +151,12 @@ final class PhpTufValidator implements EventSubscriberInterface {
$messages[] = $message;
}
- // Get the defined repositories that use packages.drupal.org.
+ // Get the defined repositories that live at the base URL, and confirm that
+ // they have all opted into TUF protection.
$repositories = array_filter(
Json::decode($this->composerInspector->getConfig('repositories', $dir)),
- fn (array $r): bool => str_starts_with($r['url'], 'https://packages.drupal.org')
+ fn (array $r): bool => str_starts_with($r['url'], $this->baseUrl)
);
-
- // All packages.drupal.org repositories must have TUF protection.
foreach ($repositories as $repository) {
if (empty($repository['tuf'])) {
$messages[] = $this->t('TUF is not enabled for the @url repository.', [
@@ -162,10 +165,11 @@ final class PhpTufValidator implements EventSubscriberInterface {
}
}
- // There must be at least one repository using packages.drupal.org, since
- // that's the only repository which supports TUF right now.
+ // There must be at least one repository using the base URL.
if (empty($repositories)) {
- $message = $this->t('The <code>https://packages.drupal.org</code> Composer repository must be defined in <code>composer.json</code>.');
+ $message = $this->t('The <code>@url</code> Composer repository must be defined in <code>composer.json</code>.', [
+ '@url' => $this->baseUrl,
+ ]);
if (isset($help_url)) {
$message = $this->t('@message See <a href=":url">the help page</a> for more information on how to set up this repository.', [
'@message' => $message,