It is strongly recommended to test it out at a VirtualBox, before you messed up with your OS. Check out docker, vagrantboxes, kalabox, lando, alike, which you can destroy without breaking your system.

The latest release of OpenSSL breaks Composer self-update. After a successful update of OpenSSL, updating Composer to the latest release gave me a SHA384 error:

$ composer self-update
Updating to version 1.8.0 (stable channel).
Downloading (100%)        
SHA384 is not supported by your openssl extension, could not verify the phar file integrity                                                            

Checking the OpenSSL MD methods after the OpenSSL update gave me the following:

$ php -r 'print_r(openssl_get_md_methods());'
    [0] => blake2b512
    [1] => blake2s256
    [2] => md4
    [3] => md5
    [4] => md5-sha1
    [5] => ripemd160
    [6] => sha1
    [7] => sha224
    [8] => sha256
    [9] => sha3-224
    [10] => sha3-256
    [11] => sha3-384
    [12] => sha3-512
    [13] => sha384
    [14] => sha512
    [15] => sha512-224
    [16] => sha512-256
    [17] => shake128
    [18] => shake256
    [19] => sm3
    [20] => whirlpool

So the issue is the latest OpenSSL doesn't not provide the expected uppercase SHA384, it just provides a lowercase sha384. Hence Composer 1.8.0 stucks:

SHA384 is not supported by your openssl extension, could not verify the phar file integrity                                                            

I couldn't find a way to re-install Composer from Composer site. The thread gave me no solutions to update, of course, as gihub projects are not for support requests anyway. The closest found is:…

Re-installing Composer

The following is taken from various sources, and helped me got the latest Composer up and running.

First we need to know the Composer location, use which or whereis to locate it.

$ which composer

Given the directory where Composer resides, I removed the old Composer, willy-nilly:

$ sudo rm -rf /usr/local/bin/composer
$ rm -rf ~/.composer/cache/

I also removed the Composer cache in my home directory as suggested by some.

Then I re-installed Composer. I already had curl, and php-cli in place, so no need to re-install them.

$ sudo apt-get update
$ curl -sS | sudo php -- --install-dir=/usr/local/bin --filename=composer

If all is good, checking Composer version should give you the latest, which is the a-week-ago release as of this writing.

$ composer -v
  / ____/___  ____ ___  ____  ____  ________  _____
/ /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
Composer version 1.8.0 2018-12-03 10:31:16

I now have the latest Composer which is cool!

Next time I need to update Composer, hopefully this will be a simple one-liner step again:

composer self-update

But who knows, that's why I need to document it here for my future me ;)

Updating OpenSSL

Running regular command $ sudo apt-get install openssl doesn't update OpenSSL to the latest openssl-1.1.1a, as of this writing. You may want to verify/ re-check the latest OpenSSL release here.

This is how I updated and compiled OpenSSL for my local Ubuntu. Use sudo as needed.

$ cd /usr/src

$ wget -O openssl-1.1.1a.tar.gz

$ tar -zxf openssl-1.1.1a.tar.gz

$ cd openssl-1.1.1a

$ ./config

$ make

$ make test

$ make install

$ openssl version

OpenSSL 1.1.1a  20 Nov 2018 (Library: OpenSSL 1.1.1  11 Sep 2018)

If it shows the old version, do the steps below.
I didn't have to run the following as the OpenSSL version is already as expected, the latest.

$ mv /usr/bin/openssl /root/
$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

If you have a more efficient way to update Composer when composer self-update failed, feel free to shed some light in the comments. Thanks!

I had to stop my Drupal web development for a quite while since I broke my work laptop some time ago. I was a Mac user from G3 to Tiger, and a Windows user in-between. Now I am officially a Linux user, and back to my drawing room with a fairly old Linux box, ready to play around with the awesome ContentaCMS, static sites generators and Drupal again.

Resources and Credits

Virtual box