The principle of package updates?

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
tsunyan
Messages: 3
Registration: July 18, 2018 - 1:13 PM

July 18, 2018 - 2:19 PM

Good morning,

I've recently started using WAPT Community version 1.5.1.26 and I have a question that's been bothering me. I don't quite understand how the software package updates work.

When I import a package from the WAPT store https://store.wapt.fr/ Using the "Import from Internet" button, I receive this package in my private repository. So far, so good. But if there's a new version of the software on their official website, the package won't update automatically.

Will importing the package from the WAPT store update the packages in my private repository? If so, are we dependent on the person who manages the package on the store? If not, do we have to wait for a new version on the store before re-importing it to our private repository?

Another question related to package updates

I noticed that the OwnCloud version on the store is outdated. So I created the package and added an `update_package()` function that will update the source code if it's not already up-to-date within the package. For those using ownCloud, here's the function that retrieves the latest version of the software from the official website https://owncloud.org/download/ :

Code: Select all

from setuphelpers import *
import glob
import re

def update_package():
    htmlSource = wgets("https://owncloud.org/download/").splitlines()
    filename = ''
    realVersion = ''

    for line in htmlSource:

        match = re.search("https://download.owncloud.com/desktop/stable/ownCloud-.*-setup\.exe", line)
        if match:
            realVersion = line[line.find("ownCloud-")+9:line.find("-setup.exe")]
            print("Last version : ", realVersion)
            filename = 'ownCloud-%s-setup.exe' % realVersion
            print("File name : ", filename)

    exe = glob.glob('*.exe')
    for fn in exe:
        if fn != filename :
            print 'remove' + fn
            remove_file(fn)

    if not isfile(filename):
        print('Download' + filename)
        wget('https://download.owncloud.com/desktop/stable/ownCloud-%s-setup.exe' % (realVersion), filename)

    print ('Write ' + realVersion + '-0 in WAPT\\control')
    from waptpackage import PackageEntry
    pe = PackageEntry()
    pe.load_control_from_wapt(os.getcwd())
    pe.version = realVersion +'-0'
    pe.save_control_to_wapt(os.getcwd())

    print('The update is complete, you can now test and then launch a build upload.')
    
if __name__ == '__main__':
    update_package()
This works fine in PyScripter. Right-clicking on `update-package-source` and selecting "Run" updates the software in the folder and the version in the `control` file. Then you just need to run `build-upload`, and that's it. The problem is that you can't do this directly from the console. Perhaps I haven't figured out how; correct me if I'm wrong.

For a somewhat "ugly" alternative, I could include the package update at the beginning of the install() function after checking if the version on the internet is higher than that of my package; I haven't tried it yet, but it doesn't seem very suitable.

Thank you for your feedback
Last edited by tsunyan on Jul 19, 2018 - 4:58 PM, edited 1 time.
High
User avatar
kguerineau
Messages: 26
Registration: March 6, 2018 - 4:28 PM

July 18, 2018 - 9:58 PM

Good evening,
When I import a package from the WAPT store (https://store.wapt.fr/) using the "Import from Internet" button, I receive that package in my private repository. So far, so good. But if there's a new version of the software on their official website, the package won't update automatically.

Will importing the package from the WAPT store update the packages in my private repository? If so, are we dependent on the person managing the package on the store? If not, do we have to wait for a new version on the store before re-importing it to our private repository?
When we update software, you do indeed need to import it onto your WAPT server. You can create a script that will check that your packages are up to date by comparing the two repositories. This is what we do for our managed services clients.


Another question related to package updates:

I've noticed that the OwnCloud version on the store isn't up to date. So I created the package and added an `update_package()` function that updates the source code if it's not already updated within the package. For those using ownCloud, here's the function that retrieves the latest version of the software from the official website: https://owncloud.org/download/ :
[...]

This works well in PyScripter. By right-clicking on `update-package-source` and selecting "Run," it correctly updates the software in the folder as well as the version in the `control` file. Then you just need to run `build-upload`, and that's it. The problem is that you can't do this directly from the console. Perhaps I haven't figured out how; correct me if I'm wrong.
Indeed, the console is not updating the packages.

For a somewhat "ugly" alternative, I could include the package update at the beginning of the install() function after checking if the version on the internet is higher than that of my package; I haven't tried it yet, but it doesn't seem very suitable.
This is above all an alternative that is not recommended at all and goes against the way WAPT works.
Indeed, if you deploy the package using the "update-package" function in the installer, it means that each machine will download the executable from the internet. This presents two problems:
  • 1. The bandwidth that will be heavily used
  • 2. Lack of control over what is installed on the computer. Imagine a problem with the integrity of the downloaded file (corrupted or virus).
Furthermore, in this case, between the time you import the package into your private repository and the time the executable is downloaded, there may be a version difference... The package inventory reporting will then be inaccurate!

The 'update-package' function saves time when you update the package.

Good evening
High
tsunyan
Messages: 3
Registration: July 18, 2018 - 1:13 PM

July 19, 2018 - 4:48 PM

When we update software, you do indeed need to import it onto your WAPT server. You can create a script that will check that your packages are up to date by comparing the two repositories. This is what we do for our managed services clients.
Yes, I see, to know if we need to update ourselves with regard to the public deposit.

Indeed, the console is not updating the packages.
Is this a feature that will be implemented in the future?

This is primarily an alternative that is strongly discouraged and goes against the way WAPT works.
Indeed, if you deploy the package with the "update-package" function in the installer, it means that each machine will download the executable from the internet. This presents two problems:
1. The bandwidth will be heavily used.
2. There is no control over what is installed on the machine. Imagine a problem with the integrity of the downloaded file (corruption or a virus).
Furthermore, in this case, there may be a version difference between the time you import the package into your private repository and the time the executable is downloaded... The package inventory will then be inaccurate!

The "update-package" function saves time when you update the package.
That's what I thought, it wasn't a good idea. I suppose I can then automate the update-package for all packages with a batch script or PowerShell.

Thank you for these explanations.
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

July 19, 2018 - 9:59 PM

tsunyan wrote: Jul 19, 2018 - 4:48 PMIs this a feature that will be implemented in the future?
Such a feature is highly undesirable because the park administrator is responsible for what they retrieve from the internet and what they deploy on their park.

He must verify that what he deploys is safe.

I'll let you draw your own parallel with this article describing a recent tragedy:

http://www.lefigaro.fr/international/20 ... parfum.php

Sincerely.

Vincent
Vincent CARDON
Tranquil IT
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

July 19, 2018 - 10:35 PM

tsunyan wrote: Jul 19, 2018 - 4:48 PM That's what I thought, it wasn't a good idea. I suppose I can then automate the update-package for all packages with a batch script or PowerShell.
Why not run an update package every night? But as Vincent points out, this isn't recommended for obvious security reasons. The software must be verified by a human before being installed across an entire network.

Indeed, a publisher can be compromised, for example:

CCleaner: https://www.generation-nt.com/ccleaner-...51839.html

Or, for example, recently in the case of PDF Creator: https://landingpage.pdfforge.org/domain/en

In this kind of situation, you automatically plant an entire park... :roll: Damage ...

A good solution would be, at worst, to run an update package every night but push the new package into a maturity: VALIDATION-WAIT

All that's left for you to do is test the software
High
tsunyan
Messages: 3
Registration: July 18, 2018 - 1:13 PM

July 20, 2018 - 1:10 PM

Thank you for these recommendations and quick responses @vcardon @sfonteneau.
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT