bug: updater does not update the vendor packages

[damnms]

because of some unrelated comments in #8639 i'm going to create this bug report.

steps to reproduce:

1. have an install of 1.5.3 configured with smtp_server
2. download the 1.6-complete tar.gz
3. run the bin/installto script and point it to the 1.5.3 location
4. answer 'y' when it asks if it should migrate the old configs

expected:
the vendor packages should be updated too (e.g. net_smtp from 1.7 to 1.10)

actual behaviour:
it does not update these files

additional information:
i have a quiet restricted system, so maybe its an permission problem, but then i would expect an error that these files could not be overwritten

[alecpl]

I see where the problem might be. The script indeed does not sync the vendor folder if composer.json file exists in the target location. This is because your installation might have other packages (plugins and their dependencies) installed, and we don't want to break that.

One problem is that since 1.4.0 the release packages include composer.json (and composer.lock) files. So, this "update vendor folder if user is not using composer" idea does not work anymore.

I'm not sure there is an easy fix. Maybe we should just require composer to upgrade Roundcube. Then we should probably bump version of our dependencies to the required value in composer.json and run composer update or tell the user to do so.

@thomascube, any ideas?

ps. a workaround for everyone not using composer and want to upgrade, remove composer.json file from your installation before you execute installto.sh script. For those using composer the way is to bump required versions in your composer.json file and run composer update. Required versions can be found in composer.json-dist file.

[damnms]

If roundcube requires any higher version of a vendor package, i would update that in any way - IMO it makes no sense to update roundcube and not the required vendor package - because then it is for sure broken (like it was on my installation).
Maybe it would be a good way to just print out a big warning "Found custom plugins, make sure they work with the latest vendor packages roundcube ships" or so and update the required vendor packages.

[seanm]

We had the same Call to undefined method Net_SMTP::starttls error in bug #8698 (using postfix+dovecot) after updating roundcube 1.5.3 to 1.6.0.

We moved vendor/pear (since a grep for Net_SMTP found stuff in that folder) from the download tarball into our installation and that fixed it. Subsequently we nuked our vendor and replaced it all.

So indeed it seems bin/installto.sh does not do some necessary things. We saw it logged a message:

NOTICE: Update dependencies by running php composer.phar update --no-dev

but since we never used composer to install roundcube (the server doesn't even have it) we've always just ignored that message. But apparently it's quite important!

[ghost]

Same issue here.

On four servers, upgrade from roundcube 1.5.2 to 1.6 failed spectacularly with a very broken vendor. Eventually I had to perform a clean install on all four servers.

I'm waiting for a fix before upgrading more servers... 😋

[thelounge-zz]

that's why package managers where invited, install.sh is so microsoft that it hurts!

[builduser@buildserver:/rpmbuild/SPECS]$ cat roundcubemail.spec
%define roundcubedir %{_datadir}/roundcubemail
%global _logdir %{_var}/log

Name: roundcubemail
Version: 1.4.13
Release: 2%{?dist}
Epoch: 2
Summary: Roundcube is a browser-based multilingual web-mail IMAP client
License: GPLv2
URL: https://roundcube.net/download/
Source0: %{name}-%{version}-complete.tar.gz
Source1: %{name}.logrotate
Patch1: roundcubemail-1.4-confpath.patch
BuildArch: noarch
Requires: php
Requires: php-simplexml
Requires: php-mbstring
Requires: php-pdo
Requires: mailcap

%description
Roundcube is a browser-based multilingual web-mail IMAP client with an
application-like user interface. It provides full functionality you
expect from an e-mail client, including MIME support, address book,
folder manipulation, message searching and spell checking.
RoundCube is written in PHP and requires a MySQL database

%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
find . -type f -print | xargs chmod a-x
find . -name .htaccess -print | xargs rm -f
chmod +x bin/*sh
sed -e '/^#!/s:/usr/bin/env php:/usr/bin/php:' -i bin/sh
sed -i 's/\r//' SQL/mssql.initial.sql
find . -type f -name '.swf' | xargs rm -f

%build

%install
install -d %{buildroot}%{roundcubedir}
cp -pr * %{buildroot}%{roundcubedir}
rm -rf %{buildroot}%{roundcubedir}/installer
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
cp -pr %SOURCE1 %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
mkdir -p %{buildroot}%{_var}/log/%{name}
mv %{buildroot}%{roundcubedir}/config/* %{buildroot}%{_sysconfdir}/%{name}/
rm -rf %{buildroot}%{roundcubedir}/{config,logs,temp}
rm -rf %{buildroot}%{roundcubedir}/{CHANGELOG,INSTALL,LICENSE,README,UPGRADING,SQL}
rm -rf %{buildroot}%{roundcubedir}/bin
rm -rf %{buildroot}%{roundcubedir}/plugins/acl
rm -rf %{buildroot}%{roundcubedir}/plugins/archive
rm -rf %{buildroot}%{roundcubedir}/plugins/enigma
rm -rf %{buildroot}%{roundcubedir}/plugins/help/skins/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/help/skins/larry
rm -rf %{buildroot}%{roundcubedir}/plugins/hide_blockquote/skins/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/hide_blockquote/skins/larry
rm -rf %{buildroot}%{roundcubedir}/plugins/http_authentication
rm -rf %{buildroot}%{roundcubedir}/plugins/jqueryui/themes/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/jqueryui/themes/larry
rm -rf %{buildroot}%{roundcubedir}/plugins/jqueryui/themes/redmond
rm -rf %{buildroot}%{roundcubedir}/plugins/krb_authentication
rm -rf %{buildroot}%{roundcubedir}/plugins/legacy_browser/skins/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/legacy_browser/skins/larry
rm -rf %{buildroot}%{roundcubedir}/plugins/managesieve
rm -rf %{buildroot}%{roundcubedir}/plugins/markasjunk
rm -rf %{buildroot}%{roundcubedir}/plugins/password
rm -rf %{buildroot}%{roundcubedir}/plugins/vcard_attachments/skins/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/vcard_attachments/skins/larry
rm -rf %{buildroot}%{roundcubedir}/plugins/zipdownload/skins/classic
rm -rf %{buildroot}%{roundcubedir}/plugins/zipdownload/skins/larry
rm -rf %{buildroot}%{roundcubedir}/skins/classic
rm -rf %{buildroot}%{roundcubedir}/skins/larry
rm -rf %{buildroot}%{roundcubedir}/vendor/endroid/qr-code/tests
rm -f %{buildroot}%{_sysconfdir}/%{name}/config.inc.php.sample
rm -f %{buildroot}%{_sysconfdir}/%{name}/defaults.inc.php.orig
rm -f %{buildroot}%{roundcubedir}/README.md
rm -f %{buildroot}%{roundcubedir}/plugins/jqueryui/README
rm -f %{buildroot}%{roundcubedir}/plugins/zipdownload/README
rm -f %{buildroot}%{roundcubedir}/program/js/tinymce/langs/readme.md
rm -f %{buildroot}%{roundcubedir}/program/lib/Roundcube/README.md
rm -f %{buildroot}%{roundcubedir}/skins/elastic/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/endroid/qr-code/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/masterminds/html5/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/masterminds/html5/src/HTML5/Parser/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/masterminds/html5/src/HTML5/Serializer/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/pear/auth_sasl/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/pear/console_commandline/README.rst
rm -f %{buildroot}%{roundcubedir}/vendor/pear/console_getopt/README.rst
rm -f %{buildroot}%{roundcubedir}/vendor/pear/crypt_gpg/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/pear/mail_mime/README
rm -f %{buildroot}%{roundcubedir}/vendor/pear/net_idna2/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/pear/pear-core-minimal/README.rst
rm -f %{buildroot}%{roundcubedir}/vendor/roundcube/plugin-installer/README.md
rm -f %{buildroot}%{roundcubedir}/vendor/composer/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/endroid/qr-code/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/kolab/net_ldap3/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/masterminds/html5/LICENSE.txt
rm -f %{buildroot}%{roundcubedir}/vendor/pear/console_getopt/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/pear/crypt_gpg/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/pear/net_ldap2/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/pear/net_smtp/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/pear/pear_exception/LICENSE
rm -f %{buildroot}%{roundcubedir}/vendor/bin/rcubeinitdb.sh
rm -f %{buildroot}%{roundcubedir}/vendor/pear/net_smtp/phpdoc.sh
rm -f %{buildroot}%{roundcubedir}/vendor/roundcube/plugin-installer/src/bin/rcubeinitdb.sh

%post

replace default des string in config file for better security

function makedesstr
(
chars=(0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A
B C D E F G H I J K L M N O P Q R S T U V W X Y Z)
max=${#chars[*]}
for i in seq 1 24; do
let rand=${RANDOM}%%${max}
str="${str}${chars[$rand]}"
done
echo $str
)
touch %{_localstatedir}/log/%{name}/errors.log
touch %{_localstatedir}/log/%{name}/sendmail.log
touch %{_localstatedir}/log/%{name}/userlogins.log
chown apache:apache %{_localstatedir}/log/%{name}/errors.log
chown apache:apache %{_localstatedir}/log/%{name}/sendmail.log
chown apache:apache %{_localstatedir}/log/%{name}/userlogins.log
chmod 0660 %{_localstatedir}/log/%{name}/errors.log
chmod 0660 %{_localstatedir}/log/%{name}/sendmail.log
chmod 0660 %{_localstatedir}/log/%{name}/userlogins.log
exit 0

%files
%{roundcubedir}
%dir %{_sysconfdir}/%{name}
%attr(0640,root,apache) %{_sysconfdir}/%{name}/mimetypes.php
%attr(0640,root,apache) %{_sysconfdir}/%{name}/defaults.inc.php
%attr(0750,root,apache) %dir %{_localstatedir}/log/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}

[seanm]

Version: 1.4.13

You know there has been 1.5 and 1.6 since then, right?

[thelounge-zz]

Version: 1.4.13

You know there has been 1.5 and 1.6 since then, right?

irrelevant as it's still supported and you can bet that rpm-spec dating back to 2009 had built lower versions over the years - you just edit the version matching your tarball and enter "rpmbuild -bb roundcubemail.spec" - you response is pretty dumb when my point was using installer scripts on Linux is nonsense

[damnms]

you response is pretty dumb when my point was using installer scripts on Linux is nonsense

as long as one uses a rpm based distro. whats with .deb? whats with .xyz? i see your point, but before i start with a distribution specific package, i would go the most compatible way. and then .sh makes sense.
btw. no one forces you to use that. u can create your own installer for your very own distro.
the only thing i recognize as dumb is insulting. my 2 cent.

[thelounge-zz]

boy with the spec-file i showed how to build a package at your own and didn't ask anybody to do it for me or someone else- the point of a package is that it removes leftovers and keep the system clean, i have mine - if can't package a software proper i don't install it

[damnms]

"boy"? not sure what you want to achieve with that tone, but i am sure you wont get it. if you want to make a PR, do it. otherwise, it would be nice to stop trolling this thread with off-topic stuff. if you have the urge to create a new bug ticket, do it.

[thelounge-zz]

i don't want to achieve ANYTHING - i only pointed out that nobody should use such scripts but package every software he uses and is not packaged in the distribution as i do it since 2008 - personally i couldn't care less and i saw the topic on the mailing-list

[thomascube]

I'm not sure there is an easy fix. Maybe we should just require composer to upgrade Roundcube. Then we should probably > bump version of our dependencies to the required value in composer.json and run composer update or tell the user to do > so.

Applying versions from composer.json-dist to composer.json is what the update.sh script already does or is supposed to do. The notice about running composer update might be overlooked. Maybe the script should search for composer binaries and run them or give hints how to upgrade without composer (i.e. replace the vendor folder)

[ghost]

Please don't make composer a requirement. In many enterprise environments composer is prohibited, as is in my case. I'm using the complete archive of roundcube, so I would prefer to just copy the new vendor directory over the old one.

[thomascube]

@alecpl What about adding a comment to vendor/autoload.php when creating the packages and then checking that line in update.sh? If it's still there, we can assume that composer was not run on this Roundcube installation and we can safely replace the entire vendor folder. If absent, try to run composer or inform the user.

[bigretromike]

1.6.7-complete installto.sh still has this issue.