#!/bin/bash

set -eo pipefail

EXPECTED_SIGNATURE="$(wget -q -O- https://composer.github.io/installer.sig)"
wget -q -O composer-setup.php https://getcomposer.org/installer
ACTUAL_SIGNATURE="$(php -r "echo hash_file('SHA384', 'composer-setup.php');")"

if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
    >&2 echo 'ERROR: Invalid installer signature'
    rm composer-setup.php
    exit 1
fi

php composer-setup.php
RESULT=$?
rm composer-setup.php
exit $RESULT