search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.36k stars 2.06k forks source link

Suggestion: Disable (Web-)Updater by default. #41149

Open iasdeoupxe opened 9 months ago

iasdeoupxe commented 9 months ago

It seems the Updater shipped within ownCloud core releases has a long track of being the root cause for update failures (like recently seen in owncloud/updater#729 (#41057), owncloud/updater#726 or #41160 but also in other GitHub / Forum user reports, and also due to the lack of features like owncloud/updater#356 to check for a PHP compatibility before starting the update).

Another issue originating from using the Updater is the following as mentioned in https://github.com/owncloud/updater/issues/713#issuecomment-1867176111:

Installations will get the "release" after they upgrade to a recent release. There is no automated/scripted way to update the updater in a existing older installation. So it can be a bit of a catch-22 if someone needs the updated updater in order to update!

Furthermore even the documentation at Upgrade Options is not recommending the Updater and most importantly also includes the following:

This is not the recommended upgrade procedure, as builtin core upgrade scripts are error prone.

As (quite commonly happening) a user, especially the less technical firm ones usually won't read the documentation and just click on "Update" in the Web GUI which is leading rather sooner then later to a bad update experience (i never had any so far but not using the Updater at all).

In addition the Updater is also not enabled in the Enterprise edition according to Upgrading ownCloud with the Updater App:

The Updater app is not enabled and not supported in ownCloud Enterprise edition.

And finally the same page has also a warning / caution (which is usually also not really read):

Do not use the Updater app in conjunction with Scripts for the Script-Guided Installation. See the link for more details.

With all that in mind wouldn't it make sense to disable the Updater by default in the Community Edition and tell the users that they need to enable and use it on their own risk?

sfadschm commented 9 months ago

Leaving my two cents:

While the updater is being named "App" all over the place, it significantly differs from the "classical" apps in the marketplace which can be installed/uninstalled at will.

It is reasonable to disable the feature in the standard config due to its potential risks. However, a more elegant option might be to extract the functionality into a "real" app. This way, the feature can be disabled by default if the app is just not installed, but everyone could choose to use it if they want to.

This might also tackle the issue of the correlated release with the core as described in the issue, as the updater itself would be updateable.

sfadschm commented 9 months ago

https://doc.owncloud.com/server/10.13/admin_manual/configuration/server/config_sample_php_parameters.html#disable-the-web-based-updater\n'upgrade.disable-web' => true, from e.g. the config.sample.php

Does this config also activate/deactivate calling the updater via the command line or only from the GUI? (Because using it from the command line is just as error prone.)

iasdeoupxe commented 9 months ago

This might also tackle the issue of the correlated release with the core as described in the issue, as the updater itself would be updateable.

Looks like there have been some considerations in the past: owncloud/updater#409

However, a more elegant option might be to extract the functionality into a "real" app.

The same issue from above has also:

The updater must NOT be an ownCloud app.

but without giving much reasons why :frowning_face:

Does this config also activate/deactivate calling the updater via the command line or only from the GUI?

TBH i don't know, i'm not familiar with the innter workings of ownCloud and just using it :frowning_face:

But i think the command line is not that easy to start then a one-click button in the GUI so if only the GUI would be disabled by default it would be a big step forward.

sfadschm commented 9 months ago

I agree with that. Regarding the old discussion most of these people seem to still be in the OC team, so it might be good to get their opinions, but let's wait for this issue to gain traction first.

hannesa2 commented 8 months ago

Suggestion: Make updater work by default

iasdeoupxe commented 8 months ago

As this hasn't happen since many years i wouldn't put high hopes on that :-)