Composer uses own Symfony path in docker (loading old files)

Question

• I'm using docker.
• Post update command (php class) is running after composer update.
• Was working well till I did Laravel update 5.4->5.5 which downloaded new Symfony packages
• composer clear cache didn't help
• composer self-update didn't help
• composer signatures are equal

[Symfony\Component\Debug\Exception\FatalThrowableError] Call to undefined method Illuminate\Foundation\Console\ClosureCommand::setHidden()

I was serching the files and this method exist in parent class! I put this little thing in constructor what is going on:

use Symfony\Component\Console\Command\Command as SymfonyCommand;

class Command extends SymfonyCommand
{
    public function __construct()
    {
        $r1 = new \ReflectionClass($this);
        $r2 = new \ReflectionClass(SymfonyCommand::class);
        var_dump([$r1->getFileName(), $r2->getFileName()]);
    }
// rest of class
}

Result: composer autoload own, older Command.php instead of this from project.

array(2) {
  [0]=>
  string(91) "/var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Console/ClosureCommand.php"
  [1]=>
  string(67) "phar:///usr/bin/composer/vendor/symfony/console/Command/Command.php"
}

I would like to know why symfony class is not loaded from project but from some magic place and how I can fix that.

---

Additional info:

Dockerfile for php that add composer:

# Composer
ENV PATH "/composer/vendor/bin:$PATH"
ENV COMPOSER_ALLOW_SUPERUSER 1
ENV COMPOSER_HOME /composer
ENV COMPOSER_VERSION 1.4.2

RUN curl -s -f -L -o /tmp/composer-setup.php https://getcomposer.org/installer
RUN curl -s -f -L -o /tmp/composer-setup.sig https://composer.github.io/installer.sig
RUN php -r " \
    \$signature_php = hash('SHA384', file_get_contents('/tmp/composer-setup.php')); \
    \$signature_sig = trim(file_get_contents('/tmp/composer-setup.sig')); \
    echo ' SIGNATURE PHP: [' . \$signature_php . \"]\\n\"; \
    echo ' SIGNATURE SIG: [' . \$signature_sig . \"]\\n\"; \
    if (\$signature_php !== \$signature_sig) { \
        unlink('/tmp/composer-setup.php'); \
        echo 'Integrity check failed, installer is either corrupt or worse.' . PHP_EOL; \
        exit(1); \
    }"
RUN php /tmp/composer-setup.php --no-ansi --install-dir=/usr/bin cd --filename=composer --version=${COMPOSER_VERSION} \
 && rm /tmp/composer-setup.php \
 && composer --ansi --version --no-interaction

Composer part:

"post-update-cmd": [
   "Modules\\Core\\Composer\\ComposerScripts::postUpdate",
   "php artisan vendor:publish --tag=public --force",
   "php artisan optimize"
],

Answer 1

Maybe the signature for obtain composer is not matching, you have to know that signature can change, if you want to obtain the last one use this url https://composer.github.io/installer.sig

Use this snippet for verify signature.

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
            php -r "if (hash_file('SHA384', 'composer-setup.php') === '$(wget -q -O - https://composer.github.io/installer.sig)') { \
                echo 'Installer good'; \
            } else { \
                echo 'Installer corrupt'; die; \
            } echo PHP_EOL;"

Answer 2

I think that running composer self-update command updates the composer's signature as well. Also i would suggest try the following if you have ssh access to the server:

• Remove composer.lock.
• Remove vendor folder.
• Run composer install

This should fix all the issues you mentioned.