3

Does anyone know of a framework (written in PHP) to update PHP-based software ?

I'm thinking of a library that assists in checking for updates online and that provides methods for generating, downloading, verifying and installing update packages, maybe even with encryption and public-key signatures.

Ideally with a non-copyleft open source license (e.g. BSD or MIT License, no GPL).

While source control tools are nice in theory, they can complicate (initial) deployment of PHP applications as they are not PHP-based (limits portability) and are often quite large.

Arc
  • 11,143
  • 4
  • 52
  • 75

2 Answers2

3

I've developed my own solution now which provides functions for generating, verifying and installing update packages.

Basically, it uses PHP's OpenSSL functions for public-key encryption (RSA) of the key for symmetric encryption, mcrypt for symmetric encryption (AES) and ZIP as the container format. These building blocks are used to create compact update packages and ensure data integrity and authenticity.

One could also use openssl_pkcs7_sign() and openssl_pkcs7_encrypt() and their counterparts for MIME-compliant encryption, however these functions seem to use 7-bit encoding and therefore make archives rather large.

The web application must have all its files and system-independent data in a single application directory that can be replaced to upgrade the application.

Updating is performed as follows:

Extracting the ZIP archive contents to a temporary location

  • Execute a pre-update script
  • Move the new application directory to the proper place using a temporary name
  • Move the old application directory to another place or rename it
  • Rename the new application directory to its expected name
  • Run a post-update script
  • If anything goes wrong, try to roll back -

Version / source control systems such as git are nice when you are the one in control of all target systems but otherwise I think you should not require the customer to install and operate third-party software for which you would have to provide support as well but rather provide a user interface for software updates that integrates well with the rest of your software.

Arc
  • 11,143
  • 4
  • 52
  • 75
  • Any plans to open source this? I'm looking for the same thing for a library I plan on releasing. – philoye Apr 01 '11 at 05:59
  • No, I regret, I'm coding for a company that does not want to put this in the open. Therefore, I'm sketching some of the interesting details here so someone else may take it up and implement their own version. – Arc Apr 01 '11 at 09:36
1

What about a software that uses the source control tool, like git to check for new updates and loads the newest commit?

Julius F
  • 3,434
  • 4
  • 29
  • 44
  • That is only a partial solution. Database must be updated in case there's a schema change, files must be updated if internal formats change, and so forth. – jmz Sep 10 '10 at 10:49
  • Yeah, source control tools would be near perfect, however I'd prefer a compact pure PHP solution for portability reasons. Database schema updates are probably not part of an auto-update framework unless it is a universal PHP framework with a database abstraction layer (but it may be doable for PDO though). – Arc Sep 10 '10 at 11:23
  • @Archimedix, you won't come around creating something like a source control software, because this is what you are partially looking for. – Julius F Sep 10 '10 at 11:38
  • Include git hooks / php console to manage git from a php script maybe via cgi to prevent php timeouts. – Julius F Sep 10 '10 at 11:39