nextcloud 12.x incompatibility

[dvzrv]

IMPORTANT

Read and tick the following checkbox after you have created the issue or place an x inside the brackets ;)

• I have read the CONTRIBUTING.md and followed the provided tips

Explain the Problem

News is not compatible with nextcloud server 12.x, although nextcloud server 13 has not yet been released.
What kind of stunt is this? Are you not following the server's release cycle anymore? 13 is still beta!
Is it not enough, that the server breaks with php 7.2?
I don't understand this.

Steps to Reproduce

Explain what you did to encounter the issue

1. Have someone in the AUR update the package for nextcloud-app-news
2. Upgrade.
3. Have fun downgrading.

System Information

• News app version: 12.0.0
• Nextcloud version: 12.0.4
• PHP version: 7.1.12
• Database and version: -
• Browser and version: -
• Distribution and version: -

[BernhardPosselt]

I'm using Arch Linux as well: do not use AUR packages for Nextcloud apps unless you want to run into these issues.

Use packages from the app store which actually check if the app can be installed at all. The Nextcloud App Store never would have offered you this upgrade in the first place. This version was released because many users already run 13 beta due to 12 not being compatible with PHP 7.2 ;)

[BernhardPosselt]

BTW: PHP 7.2 looks like a minor feature upgrade but PHP guys manage to break APIs even on patch level releases ;)

[BernhardPosselt]

Another thing: I just got started with Docker and you should probably take a look at it. You don't have to worry about all these PHP issues any more and you still get updates by simply updating the container.

[dvzrv]

I'm not sure, this really qualifies as an aswer to my question... but hey, I guess you decide.
I just find it very awkward releasing a breaking change in an app, before the server is actually released as stable.
Just because "the others break things" doesn't mean that you should do it, too.

I'm well aware of docker and the app store and actively chose not to use either of them for security reasons.

[BernhardPosselt]

Releasing new versions should not be an issue at all. The issue here is that the PKGBUILD points to a version of the app that is not compatible with the one in community. The changelog also mentions this new requirement as well as the major version bump. Ideally both would line up.

security reasons

Can you elaborate?

[BernhardPosselt]

I don't maintain the PKGBUILD in AUR btw

[dvzrv]

Releasing new versions should not be an issue at all. The issue here is that the PKGBUILD points to a version of the app that is not compatible with the one in community. The changelog also mentions this new requirement as well as the major version bump. Ideally both would line up.

While I agree on the latter, it still is very unfortunate and could have been timed better.

Can you elaborate?

I don't like a hypervisor running as root, from which it is easy to escape from and potentially execute code on the host as root.
Also, I don't believe in fixing integrational and project management problems with an additional layer of virtualization, that makes the system less secure.
While it might be "easy to use", I don't see as many benefits (yet).
I guess this is all besides the point of the issue at hand though.

I don't maintain the PKGBUILD in AUR btw

I know.

[BernhardPosselt]

I see, what I meant is: everything installed from the store must be signed with the devs certificate which in turn must be signed/authorized by Nextcloud. So even if everything will be taken over you still can't push a malicious archives to endusers. As for installing the app: there is a console command now that installs an app from the store afaik.