Automatic Updates for Joomla

That's something I've always wanted for Joomla.

Being a WordPress user it's nice to upgrade the plugins via the automatic built-in interface.
They've done it using a central repository for the extensions.

That's something interesting that I've always wanted to talk about, as Joomla has tons of extensions but it's a tedious thing to upgrade each extension separately: notice that there's a new version, download, uninstall the old version, reinstall it.. well, we've got so little time



WP notifies plugin upgrades and lets you upgrade them in a click! Fantastic!

I wish that one day this will be a normal task in Joomla, but how to do that?

- create a central repository (joomlacode is just fine)
- adopt a standard way to upgrade the extensions
- enable only the extensions that follow the standard to upgrade themselves automagically
- perform some sort of control over the automatic updates to ensure everything is going the right way and not compromise 1000s of websites in one click because of a sniffed joomlacode password.

If the above mentioned extension works, maybe this this should be integrated in Joomla! Why not?

Finally! Good god I hope the developers look over this and make an Official Component. I think this will keep a lot of users from going to Wordpress. This is one feature that many people ask me about when I tell/teach them about Joomla.

I wish they could do this for Joomla 1.0.x. too.

I really cant say I like this.

1. You dont get to check the code before you install
2. Its not direct from the developer so may have been changed
3. Its not direct from the developer so may have been changed
4. Its not direct from the developer so may have been changed

From a security perspective this is a potential nightmare.
If the intellispire server was hacked (and it does happen) and a file changed then the hacker is able to inject all the users site with his infected code.

Sorry but unless each developer individually pgp signs their extension that you can check on the developers own site this is a big NO NO for me.

Nice idea but not quite there.

Careful with that axe, Eugene.

To me, it sounded good initially, but the more you think about it, the more difficult points arise.

Brian mentions a major security concern that I agree with. Sound security mechanisms are an absolute necessity for this process to work.

My other concern is code quality. I don't know to which extent Intellispire tests new releases before sending them downstream. As nice as a point-and-click update is for many users, you run the risk of having a dead website if a major error is contained in the update.

I'm rather on the conservative side here: Run an update on the local install, test thoroughly, and then do the same process on the production site, that's how I'm doing things.

Kind regards,
Zorro

Mmmmm... I've waited for this for a long time.

When Ubuntu ships an update, do I investigate the code before installing? I don't know anyone who has this kind of time. Same goes for Azrul's code, Ryan Demmer's, Joomla! core, etc. The bottom line: I only run applications (in Joomla! and on my OS) that originates from a provider I trust (as much as possible) and has a history of solid work.

I agree, Steve. This is the future of Joomla (notice I dropped the '!'). I'm not convinced that a 3rd party like Intellispire should be the entity governing updates to all 3rdparty apps, but it sure is easy. And, as we know from watching the way the world works, the world sure loves easy... Not hard to see where this is going.

Guysmiley you make a very valid point

: I only run applications (in Joomla! and on my OS) that originates from a provider I trust (as much as possible) and has a history of solid work

Whilst I trust the developers of JCE explicitly as they have shown over time to be worthy of that trust how do I trust intellispire. Remember that they are not just taking the download from JCE and offering it to you, they have to modify it first to work with their updater

I have used this component and love it... IMO, this is the future of Joomla as it will revolutionize the use of Joomla...While all the comments about security etc are kind of valid, the truth however is that the same comments can be said of "all" open source projects including joomla and its components/plugins etc...whenever, I see a new component I like at Joomla extension, I usually install in a test site first, before live site..Last but not least...for newbies like myself using/learning Joomla...this is a NO BRAINER...

Lots of good discussion. There are two points I'd like to clear up: first, the Updater doesn't change a typical backup, install, test locally; backup, install on production, test cycle.

It just makes it faster and easier.

Remember that they are not just taking the download from JCE and offering it to you....

Actually, that's exactly what we're doing.

As a general rule we do NOT modify extensions (though sometimes the installers have to be modified).
We just package them, using an updated format as documented here:

http://www.intellispire.com/web/developers/jooml-package-manager.html
(a little outdated but basically correct)

I'd like to get to the point we can apply patches as well: simple things to fix like sh404SEF breaking VirtueMart is really annoying and can take ages for the developers to release new fixes.

The goal is to use "virgin sources", just like RedHat does with its RPM packaging system. Joomla makes that difficult for a variety of reasons.

To have technical "trust", joomla is going to need some sort of public key infrastructure - there's no technical way outside of running a diff on the files you can verify what I said is true.

To trust the company, you're just going have to use the software and participate in the process - put in a support ticket, ask people who have used our services, etc.

Finally, the Updater is in addition to the standard installer, not a complete replacement for it. Since we _do_ test everything that goes through, you won't find all extensions available in it: but the ones you do find will be tested, pretty much stable and actually supported.

We're always looking for suggestions on how to improve the service, I look forward to further conversations.

Nick Temple, Founder
Intellispire

i will try this extension now but a dream for a every joomla web site owner comes to real world

Hi All,

@Nick Temple : good product you are having here. As a side note, if you are aware of any problem in sh404sef that breaks Virtuemart, please contact me with a patch(shumisha at gmail dot com), or at least exact description of the problem. I have spent 2 weeks in July working on this issue, only to find a number of VM bugs (many 1.5 extensions are broken with SEF URL, mostly because they use relative links), which VM team was made aware, and were supposedly included in last release 1.1.2. I have not gotten back yet to testing VM with SEF urls

Cheers

Just wanted to respond to some changes we've made ...

@Brian Teeman: That can happen even if you get it from the developers website - Joomla! packages just aren't as well thought out RPMs. However, to help address this problem - we are starting to include the MD5 signatures of extensions in the manifest, and will shortly start to compare them. I'd love to see people start to use signatures on their packages as well. I realize you won't be an early adopter of this technology, but we *are* listening and responding to concerns.


@Yannick Gaultier: the problem is with VirtueMart, I found your post and applied your patch - eveything works. I'll contact you directly ... but maybe people here can respond: how do we appropriately respond to this? For now,I'll just document it.

Also, as far as legality of distribution: we only distribute GPL compatible code (which is licensed for distribution by definition), or where we have explicit authors permission. Even then, if an author decides to opt out - as the Community Builder has opted out for 1.2 for now.

We listen. This is intended to be a service to the community, and not to force anything on anyone who doesn't want it.

Anyway, I appreciate all the support received so far. Thank you.

Great news from the headquarters http://community.joomla.org/co...nd-16.html

Nick - glad to see that you have taken on board peoples comments.

You're quite correct the history of authentication of joomla extensions has traditionaly been week especialy as there have historicaly been several download sites.

If your initiative goes someway to encouring developers to sign their downloads and provide md5sums then it will be great.

This has been my biggest reason for not using Joomla in place of my various wordpress sites. I saves many many hours every month because Wordpress lets me automatically update the plugins and update the core installation.

I am really happy to see tangible progress finally being made toward this functionality on Joomla. Thanks for bringing it to my attention!!

Regards,
Jonathan Evatt
http://www.jonathanevatt.com

Oh. Bummer.
I take that last comment back. I have now clicked through to the extension you were referring to. I was already familiar with the Intellispire (commercial) solution. I don't think users should have to pay for this sort of feature. It's so fundamental to an efficient CMS system.
So the wait for a free and potentially built-in solution continues...
Also, if I recall correctly, Intellipire's solution only supports extensions they have chosen to include. I guess the lack of a central Joomla extension repository is a major hindrance. Hopefully Joomla.org makes moves toward a central repository. Wordpress have had this for years now.

Cheers all the same...

Jonathan

Hi Jonathan,

Can you expand a little bit on wordpress upgrade system for the core and also for plugins ? I have looked a little bit into it, and can't find anything like what you describe. Even wordpress codex explain how to upgrade wordpress as downloading and unzipping files. I have found a plugin that does automatically upgrade wordpress core, called waup at http://techie-buzz.com/wordpre...ugin.html. Is it obsolete ?
I have not found however any reference to automatic/assisted update while browsing the plugin repository at wordpress.org

Rgds

@Yannick Gaultier: The Wordpress upgrade system is great. When you login to your back-end there is a little speech bubble above the "Plugins" tab that says how many of your plugins (regardless of whether they are activated or not) have updates available. You go to the plugins page and each plugin with an update has an "Upgrade plugin" link. Clicking on that link does the following:

1. Deactivates the plugin
2. Fetches the latest zip from the Wordpress repository
3. Unpacks and installs it
4. Checks it
5. Reactivates the plugin

It really is that simple. I think if Joomla doesn't create a similar system soon, they are going to get left behind and lose a lot of existing and future users.

Regarding upgrading the Joomla core, it is a slightly less elegant solution. There is a notification of an upgrade that displays in the back-end. You then have to download the zip file and install the upgrade yourself *gasp*. For Joomla there is a great upgrader component that you can get from http://extensions.joomla.org/c...Itemid,35/

The best way now is joomla magic updater
http://software.realtyna.com/p...ater.html