[horde] Installing from bundle

Mike barjunk at attglobal.net
Tue Apr 7 20:05:05 UTC 2026 

Sorry for the noise.  I had just upgraded my system which caused some  
issues and a mis-reported error.

I was able to add COMPOSER_IPRESOLVE=4 to my composer command it it  
worked as normal.

thanks.


Quoting Mike <barjunk at attglobal.net>:

> Tried installing from bundle today and got this when executing  
> composer install:
>
> ************
>
> Cloning failed using an ssh key for authentication, enter your  
> GitHub credentials to access private repos
> You need to provide a GitHub access token.
> Tokens will be stored in plain text in  
> "/var/www/.config/composer/auth.json" for future use by Composer.
> Due to the security risk of tokens being exfiltrated, use tokens  
> with short expiration times and only the minimum permissions  
> necessary.
>
> Carefully consider the following options in order:
>
> 1. When you don't use 'vcs'  type 'repositories'  in composer.json  
> and do not need to clone source or download dist files
> from private GitHub repositories over HTTPS, use a fine-grained  
> token with read-only access to public information.
> Use the following URL to create such a token:
> https://github.com/settings/personal-access-tokens/new?name=Composer+on+ubuntu+2026-04-07+1933
>
> 2. When all relevant _private_ GitHub repositories belong to a  
> single user or organisation, use a fine-grained token with
> repository "content" read-only permissions. You can start with the  
> following URL, but you may need to change the resource owner
> to the right user or organisation. Additionally, you can scope  
> permissions down to apply only to selected repositories.
> https://github.com/settings/personal-access-tokens/new?contents=read&name=Composer+on+ubuntu+2026-04-07+1933
>
> 3. A "classic" token grants broad permissions on your behalf to all  
> repositories accessible by you.
> This may include write permissions, even though not needed by  
> Composer. Use it only when you need to access
> private repositories across multiple organisations at the same time  
> and using directory-specific authentication sources
> is not an option. You can generate a classic token here:
> https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+ubuntu+2026-04-07+1933
>
> For additional information, check  
> https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
> Token (hidden):
>
> **************
>
>
> I'm not sure if I did something wrong or if I'm going to need to  
> create a PAT to make this work.
>
> I didn't think any of the packages were private, so I'm a little  
> surprised by the message.
>
> Mike
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list