Support ⇒ Dragonfly CMS v10 ⇒ Package Manager ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexDragonfly CMS v10

Package Manager Reply to topic


Dragonfly CMS v10.0.28 now has a Package Manager.
It is fully working, and it should allow easy installing of: modules, themes, languages, etc.

To create your own package you can use the following script:
<?php
ini_set('display_errors', 1);
$dir = __DIR__ . '/' . $argv[1];
if (Phar::canWrite()) {
	@unlink("{$dir}.tgz");
	$p = new PharData("{$dir}.tar");
	$p = $p->compress(Phar::GZ, '.tgz');
	$p->buildFromDirectory($dir);
	$manifest = "{$dir}/package.xml";
	if (is_file($manifest)) {
		unset($p['package.xml']);
		$p->setMetadata(array('package' => file_get_contents($manifest)));
	}
	echo "Package created\n";
} else {
	echo "Cannot create package\n";
}

When your package is at /path/to/mypackage
save it as: /path/to/create-package.php
Then run it from your command line:
$ php /path/to/create-package.php mypackage

Repositories
You can also add your own repository at: Admin -> Package Manager -> Settings
At writing ours is at "https: //dragonflycms.org/downloads/v10/"
The manager then downloads/uses: /downloads/v10/packages.xml


More info soon!
Attachment: packagemanager-list.png
Description
Filesize 20.42 KiB
Viewed 3 Time(s)
You are not allowed to view/download this attachment
Attachment: packagemanager-settings.png
Description
Filesize 11.91 KiB
Viewed 1 Time(s)
You are not allowed to view/download this attachment

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

Last edited by DJ Maze on Mon Oct 23, 2017 12:38 am; edited 9 times in total


I've added signature security in all files to prevent tampering in the future.

There were 3 options to choose from:
  1. GnuPG extension
  2. OpenSSL extension
  3. Phar::setSignatureAlgorithm(Phar::OPENSSL, $private_key)
After testing them all, #3 has become the solution as it embeds the signature inside the package without writing lots of PHP code ourselves.

This way we can properly secure our packages and prevent tampered/malicious updates,
as they all must match the public key.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

Last edited by DJ Maze on Mon Oct 23, 2017 12:37 am; edited 3 times in total

All times are UTC


Jump to: