IPB Auto Update Tool?

[dnevins]

Is there any talk of automating the update process more? It would be nice if your board is out of date and your license is paid up, then you could just push a button in the admin to update your board using the existing tools but where the board could download its own update packages and untar them to get the process rolling.

[Jaggi]

that would be amazing but don't know realistic it would be on a resources point of view and of course would be quite difficult and lead to all types of problems depending on server setup/restrictions etc. Of course causes security concerns too.

[bfarber]

It's not realistic. You'd have to chmod your entire installation 777 (for most servers) which will create security issues unnecessarily.

We already offer to do the upgrade for you for free. How much easier can it really get than that? ;)

[DawPi]

WoltLab have this. :)

[Jaggi]

[quote name='bfarber' date='05 August 2009 - 04:13 PM' timestamp='1249485232' post='1838584']
It's not realistic. You'd have to chmod your entire installation 777 (for most servers) which will create security issues unnecessarily.

We already offer to do the upgrade for you for free. How much easier can it really get than that? ;)


if you did it via ftp then you wouldn't have to chmod everything to 777. Kinda reminds me of how my svn has the deploy feature to send the latest copy to my live server.

[TheSonic]

Woltlab... OMG... Most censored supportforum ever.

Have a look at the code... In most cases you will stay with IPB or VB- :)

[bfarber]

[quote name='Jaggi' date='05 August 2009 - 11:34 AM' timestamp='1249486450' post='1838606']
if you did it via ftp then you wouldn't have to chmod everything to 777. Kinda reminds me of how my svn has the deploy feature to send the latest copy to my live server.


Then you'd have to enter in your FTP credentials in the ACP. Why not just FTP the files to begin with?

Again, you can just submit a ticket and we'll do the whole upgrade for you. Seems about as easy as it gets to me.

[dnevins]

I was thinking of the FTP deploy idea or a shell or cron tool that downloads the files to the right location and runs updates even if the approval is managed by settings in the config. If Cpanel can update itself easily and reliably through its web interface so can a simple forum installation, and yes there are security issues but there are also security issues with an out of date board that gives IPB or any board bad press if there is a vulnerability.

Its not about how "hard it is" to do it the way it is now... its about being an innovator in the industry and making it easier to maintain an up to date board without having to get other tools out or having separate steps. Even opening a ticket to get it updated for free is more trouble than just doing it yourself with FTP as its done now. I just want to stir up some healthy conversation regarding something that WILL happen eventually, just a matter of when.

[Watty]

I haven't played with IPB 3.x yet so I'm really unsure about the file structure with regards to folks ADDING mods, etc... I'm guessing certain files would be overwritten with the "update" files, therefore rendering the mods "broken"... as well as the board itself.

I could be wrong though...

[YounGMessiah]

[quote name='Watty' date='05 August 2009 - 11:13 AM' timestamp='1249492392' post='1838689']
I haven't played with IPB 3.x yet so I'm really unsure about the file structure with regards to folks ADDING mods, etc... I'm guessing certain files would be overwritten with the "update" files, therefore rendering the mods "broken"... as well as the board itself.

I could be wrong though...


You are completely wrong!



Would be nice though, but security is the huge problem.

actually i think thats true to

[bfarber]

[quote name='dnevins' date='05 August 2009 - 12:27 PM' timestamp='1249489666' post='1838654']
I was thinking of the FTP deploy idea or a shell or cron tool that downloads the files to the right location and runs updates even if the approval is managed by settings in the config. If Cpanel can update itself easily and reliably through its web interface so can a simple forum installation, and yes there are security issues but there are also security issues with an out of date board that gives IPB or any board bad press if there is a vulnerability.

Its not about how "hard it is" to do it the way it is now... its about being an innovator in the industry and making it easier to maintain an up to date board without having to get other tools out or having separate steps. Even opening a ticket to get it updated for free is more trouble than just doing it yourself with FTP as its done now. I just want to stir up some healthy conversation regarding something that WILL happen eventually, just a matter of when.


Cpanel isn't a PHP based script, however, and generally runs with much elevated permissions over a standard PHP installation. If you have cron and shell and so forth, yes it would be possible to create such a tool. I'd guesstimate that 80% or more of our customers use shared hosting, however.

[Jaggi]

[quote name='bfarber' date='05 August 2009 - 05:17 PM' timestamp='1249489044' post='1838644']
Then you'd have to enter in your FTP credentials in the ACP. Why not just FTP the files to begin with?

Again, you can just submit a ticket and we'll do the whole upgrade for you. Seems about as easy as it gets to me.


you wouldn't put the ftp details in the acp you'd do it in the client area, then ips would connect and do it, but read my second post i've already said it wouldn't be worth it!

[Guest]

[quote name='bfarber' date='05 August 2009 - 04:13 PM' timestamp='1249485232' post='1838584']We already offer to do the upgrade for you for free. How much easier can it really get than that? ;)

Well, it would be undeniably easier if you could run it automatically from your ACP. ;) Wordpress does it pretty successfully, I believe they have two alternative methods - either download and unzip, or prompt for FTP details and have it uploaded to your server directly from the Wordpress.org server.

It's the whole process that is simpler when automated. Sure, you could just open an FTP client and set it uploading, but why should you? And, if you do that, you have to put up with the board being wonky until the upload completes, and wait around until it's done to run the upgrade tool.

I think this is a great idea personally. :)

[Luke]

Using FTP is just a way to use the hosting accounts user group whereas PHP itself would use the nobody group. Any files created by the FTP user cannot be edited/deleted by PHP, and vise versa, unless the files are CHMOD'd to allow "Everyone" to edit/delete.

PHP does have FTP functions that would allow it to do this. Essentially it would download the zip file, uncompress it to a temporary location, and upload it to local host using the ftp function. You would, however, have to put your ftp details into the ACP. That can be a security risk though if someone hacks into IPB. Normally if someone got into IPB they could only effect files that PHP can write to... but if you have FTP credentials stored in IPB, you've given them a backdoor to all your files. The other issue is having the extension installed in PHP to have the ftp functions in the first place. Also on most cpanel installations, the primary FTP account credentials are also your cpanel credentials. For someone to get ahold of this is disaterous.

The *best* solution would be to change the way IPB is installed. When you unzip IPB you have an expander and another archive. This expander would unzip the archive in the directory and all the files would belong to the "nobody" group. This way PHP has the ability to edit these files without chmoding them. It presents the same security risks as the ftp method because an attacker could change/delete any files, but at the very least they would not be able to touch your cpanel. Besides secruity, the only issue would be: does PHP have the extensions to extract the files?

Either way you'd need to put your client center details into ACP. Someone could get ahold of this, and that may not be a good idea either.

All around, the way it is works just fine. It's a bit tedius, but at least you're not comprimising your security.

[Alex K.]

If IPB prompted for FTP login credentials but didn't store them, this would make it much easier for the average user in my opinion. I'm sure many people would appreciate it.

[Ali Majrashi]

ipb need to learn alot from wordprees:thumbsup:

because from the ACP you can update your wordprees script to latest version

by one click

http://codex.wordpress.org/Upgrading_WordPress

also you can install mods and skins and update them from the ACP without any file edit

http://codex.wordpress.org/Managing_Plugins

all i hope in the future that ip developer implement such important Features

this will make website admin live even easier

[Jaggi]

[quote name='Luke' date='06 August 2009 - 08:53 PM' timestamp='1249588439' post='1839445']
Using FTP is just a way to use the hosting accounts user group whereas PHP itself would use the nobody group. Any files created by the FTP user cannot be edited/deleted by PHP, and vise versa, unless the files are CHMOD'd to allow "Everyone" to edit/delete.

PHP does have FTP functions that would allow it to do this. Essentially it would download the zip file, uncompress it to a temporary location, and upload it to local host using the ftp function. You would, however, have to put your ftp details into the ACP. That can be a security risk though if someone hacks into IPB. Normally if someone got into IPB they could only effect files that PHP can write to... but if you have FTP credentials stored in IPB, you've given them a backdoor to all your files. The other issue is having the extension installed in PHP to have the ftp functions in the first place. Also on most cpanel installations, the primary FTP account credentials are also your cpanel credentials. For someone to get ahold of this is disaterous.

The *best* solution would be to change the way IPB is installed. When you unzip IPB you have an expander and another archive. This expander would unzip the archive in the directory and all the files would belong to the "nobody" group. This way PHP has the ability to edit these files without chmoding them. It presents the same security risks as the ftp method because an attacker could change/delete any files, but at the very least they would not be able to touch your cpanel. Besides secruity, the only issue would be: does PHP have the extensions to extract the files?

Either way you'd need to put your client center details into ACP. Someone could get ahold of this, and that may not be a good idea either.

All around, the way it is works just fine. It's a bit tedius, but at least you're not comprimising your security.


you wouldn't put the details in your acp you'd put them in the client area!

[mrkredo]

SMF has this auto update function and its working great.

[bfarber]

[quote name='Jaggi' date='07 August 2009 - 12:04 PM' timestamp='1249661048' post='1839977']
you wouldn't put the details in your acp you'd put them in the client area!


Why would you put them in your client area? We would never openly FTP a new release to (thousands of) servers to auto-install. I can only imagine how many sites that would break and the drama that would ensue...


If something like this were ever built, you'd have to do it from your ACP I'm sure.

[Guest]

You'd enter it in your ACP, and your server would send it to the IPS server to make the FTP connection. That's how i'd do it, anyway.