ctrueden
commented
5 years ago I was wondering that, too!
@frauzufall Do you know why it isn't already up-to-date?
Closed haesleinhuepf closed 4 years ago
ctrueden
commented
5 years ago I was wondering that, too!
@frauzufall Do you know why it isn't already up-to-date?
frauzufall
commented
5 years ago I tried a couple of times to figure it out, I looked at the code here and the build script and asked gitter and @turekg, but without success. Thanks for creating the issue, @haesleinhuepf , I should have done right away. I pan to spend some time with the updater next week, will also look at this again. Any hints appreciated!
frauzufall
commented
5 years ago I had another look with @turekg and the source for this issue is probably in the bootstap.js file (this line). I ignored this file so far, but the build script is calling it, I'll adjust it.
ctrueden
commented
4 years ago Ah, good catch, @frauzufall!
If we could improve the scijava-maven-plugin to build a fully functional Fiji.app from scratch, we would no longer need bootstrap.js for that purpose. (It is still conceivably useful for transforming an ImageJ1 installation into ImageJ2, but in practice no one uses this and it hasn't been tested in years.) We'd need to solve at least scijava/scijava-maven-plugin#17 and scijava/scijava-maven-plugin#19, and also do something to enable copying of the native launcher(s) into the application root directory. This has been a goal for a long time but I have no time to work on it. Would you and/or @turekg have bandwidth?
turekg
commented
4 years ago Wouldn't mind looking into it, I will put it in my TODO list....
frauzufall
commented
4 years ago So it's not just this one line, that's only the Fiji URL, the main URL seems to come from these outdated JARs which are used to run an updater command line instance. Looking at the rest of the code, I am not sure what will happen if we update these JAR versions as well. At the end of the script, the updater is updated - it might be easier to add another line at the end to update the URLs via command line updater until we get rid of the script.
turekg
commented
4 years ago Happy to dig into this a bit deeper, but for expedience sake Debo's fix could be a first step
ctrueden
commented
4 years ago In the past, Johannes would occasionally update the versions in bootstrap.js. He only did it when he was confident the new combination of JARs was working well, though, because non-working combinations there break the remote updater. It's probably safe for us to update them to a newer version. Although we need to be careful: is there still bootstrap.js vs. bootstrapJ8.js? And will it break Java 6 installations of Fiji if we change it? And do we care?
imagesc-bot
commented
4 years ago This issue has been mentioned on Image.sc Forum. There might be relevant details there:
https://forum.image.sc/t/https-to-make-imagej-fiji-more-secure/398/29
ctrueden
commented
4 years ago The fiji-builds job now no longer uses the JavaScript bootstrap script. Instead, it:
mvn scijava:populate-app (against the fiji/fiji master branch, which as of this writing is pom-scijava 29.0.0-beta-3 artifact versions, plus an updated imagej-updater 0.10.5 to work around critical updater bug #88);fiji.packager.Packager (but see fiji/fiji-builds#4).As of this writing, the db.xml.gz of the available bundles now says:
<update-site name="ImageJ" url="https://update.imagej.net/" official="true" timestamp="20190325155938"/>
<update-site name="Fiji" url="https://update.fiji.sc/" official="false" timestamp="20200225164457"/>
<update-site name="Java-8" url="https://sites.imagej.net/Java-8/" official="false" timestamp="20200705214732"/>@frauzufall @haesleinhuepf So, can this issue be closed now? I.e., when you download a fresh Fiji and run it for the first time and try to update it, does it still prompt to update HTTP to HTTPS? Or not?
haesleinhuepf
commented
4 years ago Hey @ctrueden ,
I just downloaded a fresh Fiji (Windows version) and tried. The message is gone. Thanks a lot for your work on this!
Happily closing the issue right now.
Cheers, Robert
Hey all, hey @frauzufall and @ctrueden ,
while visiting a collaborator, we just realized: When downloading a new Fiji and updating it, it asks to upgrade all update sites to HTTPS. This message is a bit annoying and deterrent for new users. Is there a way that freshly downloaded Fijis come with HTTPS update sites pre-configured?
Thanks!
Cheers, Robert