Original Author
ShaneH
Please comment on the ProductInstallationSystemFeedback page.
Problem
It is not as easy as it could be to manage Zope products. An installation
system could go a long way toward making Zope friendlier for new users
and making it easier to stay up to date on products from varied sources.
New user difficulties
It is initially nonintuitive to decompress an archive right on top of
the Zope installation.
Many Windows decompressors do not support the .tar.gz format.
Products often have unspecified dependencies on other products.
The error message generated by this condition is not very helpful
for new users.
There is no documented procedure for uninstalling products. In fact,
it has to be done in two places (on the filesystem and in the ZODB).
Users of a product are never alerted when a new version of the
product is available.
Business value
Businesses are emerging that are built around adding value to
Zope. To keep up a professional image, they need to be able to make
their products as easy to install as Zope itself.
This is something Digital Creations has experienced firsthand. It is
often necessary to distribute changes to products to customers.
Each update requires that the customer manually download the new set
of archives, unpack each one, and restart Zope. If there are a lot
of updates, this process can be tedious.
Inexperienced users are able to download a simple Zope binary, run it,
and get Zope installed with little effort. To increase the perceived
market value of Zope, product installation should be almost as easy.
Proposed Solutions
There are several ways to solve this problem.
Create a "Product Installation" object connected to the Control_Panel.
It would maintain a list of product sources. The first source would
be www.zope.org. When the user asks what products are available or
updated, the Zope server would fetch an XML document from each
source. The user would select which products to install. The
Zope server would fetch the distribution archive for each selected
product.
To actually install the products, the user would be required to
run a special script or batch file before starting Zope again.
This requirement exists so that the products can be installed
with privileged permissions, rather than the restricted permissions
that are in effect during normal operation. Also, if Zope security is
compromised, at least the intruder still can't get Zope to execute
arbitrary code.
Create a repackaging script and make it available to product authors.
The repackager would take the archive and make a set of compressed
archives that are easily installed on their intended platforms.
This would include Windows .EXE files, Linux .rpm and .deb files,
Mac .sit.hqx files, and others.
This sounds easy until you realize how many platforms this would
have to work with, and how many variations there would be. For
example, RedHatx Linux and Linux-Mandrake, while very similar,
might require different RPM's because Zope products should be
installed in different locations or have a different set of
permissions.
This solution also does not meet some of the goals listed above.
Write an installation program, complete with a GUI, in Python.
It would run outside Zope with privileged permissions and do
the same thing as outlined in solution #1.
It would have the advantage that there would be no need to run
a special script after selecting which products to install.
However, it would not be as easy to operate remotely.
Risk Factors
Security must remain a primary goal. It should not be possible for
even a superuser or manager to install a product without some extra
step executed outside the Web interface.
Users should be warned before they install a new version over
a product they have modified.
There needs to be protection against conflicting product versions.
A product can depend on a specific range of versions of another
product.
Scope
Currently, this proposal deals only with the selection of a strategy
for installing Zope add-on modules. It might be decided that the
current strategy is sufficient after all.
Deliverables
Please comment on the ProductInstallationSystemFeedback page.
|
