Proposal 2023: Automatic Updates

Created on 31 January 2023, almost 2 years ago
Updated 12 February 2024, 10 months ago

Project Mentor

hestenet / heshanlk

Project Difficulty

INTERMEDIATE/DIFFICULT

Project Skills/Prerequisite

Interest in encryption & security, PHP, Gitlab, Composer

Project Description

The goal is to implement a secure system for automatically installing updates in Drupal, lowering the total cost of ownership of maintaining a Drupal site, improving the security of Drupal sites in the wild, and lowering the barrier to entry to using Drupal. More info can be found at https://www.drupal.org/project/ideas/issues/2940731 🌱 Automatic Updates Initiative overview and roadmap Active

The project has 4 main stages of helping out

The 8.x-2.x branch of the Automatic Updates Contrib project. This work will be ported to Drupal core directly. Issues to be worked on can be found in the issue queue for 8.x-2.x

The Github PHP-TUF library: this will ensure updates are correctly signed

A Composer plugin to integrate PHP-TUF signing with Composer. This depends on drupal.org's packaging pipeline and Composer facade supporting PHP-TUF signing, which is being built under the supervision of the DA.

The Github Composer Stager library: this library will enable Drupal core to stage updates before they are applied

Expected Size of project: 350 hours

Project Goal

This project is about helping move 1 of these stages further and accelerating this initiative. The final deliverable is a proof of concept automated update using end-to-end libraries as described above while updating these libraries to work with the latest standards. Another final deliverable is documenting this journey and making sure it is clear for other contributors how they can help.

🌱 Plan
Status

Fixed

Component

Organization

Created by

🇧🇪Belgium nick_vh Ghent

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @nick_vh
  • 🇨🇦Canada AlanWang

    Hi
    My name is Alan Wang and I am current Master student in ECE at University of Toronto, Canada. I have work experience as full time Drupal Web Developer for a year. I am really interested in this project. Can I have some more information about what to do and the expected result?

    Best Regards

    Alan Wang

  • 🇮🇳India royalpinto007

    Hello @Nick_vh,

    My name is Royal, and I am currently a sophomore student at the National Institute of Technology Karnataka, Surathkal. I am very interested in the project to implement a secure system for automatically installing updates in Drupal. I believe this project can significantly improve the security of Drupal sites and lower the total cost of ownership for maintaining a Drupal site, making it more accessible for users.

    As a beginner, I understand that this project may require some guidance, but I am willing to put in the time and effort to learn and contribute to the project. I have experience with Git and some knowledge of Drupal and Composer, which I believe will be helpful in completing this project. I have also contributed to some of the novice issues in Drupal, which has made me more comfortable in working with Drupal.

    In case you need more information from me, I will definitely provide it. I am excited about the opportunity to work on this project and contribute to the Drupal community. I believe that the final deliverables, a proof of concept automated update system and clear documentation for other contributors, will be valuable assets to the Drupal community.

  • 🇺🇸United States hestenet Portland, OR 🇺🇸

    Hello @AlanWang and @royalpinto007

    Are either of you familiar with the existing work on the Drupal Automatic Update initiative?

    https://www.drupal.org/project/ideas/issues/2940731 🌱 Automatic Updates Initiative overview and roadmap Active
    https://www.drupal.org/project/automatic_updates

    If not - would you please read up on the above materials?

    Having done so - please let me know if there is a particular aspect of the work on this initiative that you are interested in participating in, or let me know if your interest is more open-ended and you would like to be given direction.

  • 🇹🇳Tunisia Ahmed Aziz ABBASSI

    Hello @hestenet
    I've read the materials in the attached links above. I've got more familiar with the project's road map. The main architecture of automatic updates is more clear now. But, I've lost with links. I need to be guided. I hope you get my wanted-contribution as serious as you could. Thanks in advance.

  • 🇹🇳Tunisia Ahmed Aziz ABBASSI

    Hi Tim, could I have interest in a postponed issues or should I limit myself for active issues?

  • 🇺🇸United States hestenet Portland, OR 🇺🇸

    Thanks for reviewing the materials @Ahmed Aziz ABBASSI

    It is absolutely valid to take a look at a Postponed issue, or an Active issue that is labeled as 'Minor' - these issues tend to be enhancements that are outside of the immediate critical path of the feature, which in this case is probably a good thing because there are already engineers with a heavy focus on some of the most critical items.

    Are there any of the postponed or 'minor' issues that caught your eye?

  • 🇹🇳Tunisia Ahmed Aziz ABBASSI

    Yes, this postponed issue caught my eye and I was extremely interested in solving it: https://www.drupal.org/project/automatic_updates/issues/3343721#comment-14975655 🐛 rsync compatibility with version 2.x Closed: outdated .

    When I was trying to solve it, I was completely lost.

  • 🇹🇳Tunisia Ahmed Aziz ABBASSI

    This issue attracts me the most: https://www.drupal.org/project/automatic_updates/issues/3159920#comment-14990083 Add a PHP Memory Readiness checker Needs work

    I would like to work mainly on it.
    I would start integrating it in my proposal.

  • 🇮🇳India Shriaas Pune

    Marking this issue as fixed, here is the submission link: https://gist.github.com/aziz-712/f6a2dffa3bdfa773b914ef0f9c2f9f2c

  • Status changed to Fixed 10 months ago
Production build 0.71.5 2024