Update on community packages

@murgero
Are you talking about the CUR?
Very happy to see this comming to Cloudron!

@girish I absolutely love this idea but is there a way to maybe host a community store? Like Arch's AUR for example that way it can be searchable too - you can allow "verified devs" for an extra layer of security or something

@LoudLemur thank you

• the tokens : this kinda reflects the "journey" that CCAI went on. Initially it was browser-only ... and not user's site. I acknowledge users' cautions about this. Hence recommending a short-lived token disposable for use in CCAI open browser

Then we had CCAI-P deployed on your own cloudron, and interacting with your own Cloudron. In this case a multi-use long-life token was OK and so recommended. I think the quote you included in your question is from CCAI-P.

Then CustomAppGateway got rid of browsers completely for initial install and you enter a token into the binary on your local device. So not needed to use single-use short-term token. But hey everyone's paranoid these days so no harm in doing so.

I don't recognise the need for a 3rd token, but it might an academic question, as Cloudron 9.1 will make all this redundant. A much smoother and less problematic security approach, because it's all "on platform"

• RO vs RW : it needs to make changes to your Cloudron, so RW.

• pretty icons : that all comes down to the app being deployed. CCAI-P uses a similar but deliberately different logo to Cloudron.
  Let me know which apps are not rendering a nice icon, and I can look at it.

Cloudron :

CCAI / CCAI-P :

Funkwhale now on CustomAppGateway, alongside Indiekit

Funkwhale and Indict on CustomAppGateway

@timconsidine said in Update on community packages:

So, making sure I understand it correctly, for a CustomApp, the packager really just needs to add CloudronVersions.json to their repo (in addition to CloudronManifest.json, Dockerfile etc.) ? Neat !

Yes, correct. cloudron versions add simply creates CloudronVersions.json with the current manifest and current build information. Hopefully, it's all as obvious as I am making it sound

From the installation point of view, the repo can be closed, docker image can be private. Only the CloudronVersions.json has to be public.

I have added two new fields on the manifest - packagerName and packagerUrl.

Going forward, the icon in manifest will be deprecated. We will use iconUrl instead.

You said in a separate post you would defer the question of a catalogue of custom apps : is that still the thinking ?

Yes, let's think about how people discover these versions files once we have released this.

Fixed - https://git.cloudron.io/platform/box/-/commit/1ce5fcafd908c8362f57a7f6c1955591542bd895

Well, I should have tried it before replying. I can reproduce the problem The problem is the dialog just stays open and does nothing.

The text is just a label. It is not required to be unique. I guess once you detect it is conflicting, you have to rename the label to something else. Probably using creation date to differentiate.

@girish awesome, thank you so much.
Very smooth and integrated in UI

So, making sure I understand it correctly, for a CustomApp, the packager really just needs to add CloudronVersions.json to their repo (in addition to CloudronManifest.json, Dockerfile etc.) ? Neat !

You said in a separate post you would defer the question of a catalogue of custom apps : is that still the thinking ?

TBH, with your neat approach, I am questioning whether a catalogue is needed. Every custom app (well, 99.999%) has a topic in the forum's AppWishlist category, and the packager can just post a message there with the repo details, including the relevant CloudronVersions.json file.