Proposal: The CUR - Cloudron User Repository
@jimcavoli indeed, that's the way it is internally.
When building an image: the CloudronManifest.json is in a git repo. the built docker image is stored in ~/.cloudron.json. When publishing to the store or installing on Cloudron these two things are merged and it's essentially just the manifest with
Any ideas on how we a developer can create this merged blob so that a user can upload this merged blob? Updating the CloudronManifest.json in-place would make it appear in
git diffall the time which I think is not desirable work flow.
@girish I see what you're saying. Perhaps an ability to log into one's Cloudron.io account and post via a subcommand
cloudron publishwith the CLI tool would be able to send a payload of the current docker repository URL and manifest to an endpoint, which could then be sanity-checked that it doesn't require authentication, and added into the app store updates/listings (optionally with a review step), marked as community-supported. The review step is probably fairly important to see that there's a support email and such listed, but we could get additional forum topics and a process for contributing to the documentation as well set up in time.
Love the idea.
My 2 cents on how this could be implemented the most easily:
- Add another "tag" on the Cloudron app database, besides "unstable". Maybe we could call it "WIP", "community", or "alpha" ?
- Re-allow normal users to
publishwith the Cloudron CLI, but by default (if they are not cloudron staff), their apps are tagged as "community".
- Add a setting in the Cloudron admin interface, that allows showing "community" apps in the app store. Of course, there would be proper warning alerts that tell you this is not supported & such. Maybe it could even be a bit like android developer tools, and need a secret click combination to be displayed or something, to make it clear that it's not for everyone.
I don't think this would be to much work for the staff, and I believe it would cover most, if not all, use-cases.
I would prefer if the apps don't end up in our database at all. This is because the database tracks many things including appstore ids and I don't want to pollute our db without having vetted it. In general, we don't want to take the responsibility of any of the things in the package since we will be "hosting" it - this includes ids, screenshots, description, post install messages etc. FWIW, we already get DMCA take down messages for random screenshots (like in emby package).
Ideally, if we can figure a way by which a user can easily install an app completely outside our supervision, either by pointing to a git(hub/lab) OR maybe the user can upload some "package" file, then it's easier for us to implement this.
Of course, if there is no way out, we have to consider putting in our database...
@girish Sadly it makes sense ...
Could you please list all the stuff your registry provides to the Cloudron server in order to list and install apps? The manifest, the path to the docker image, what else?
@mehdi only the manifest and dockerImage are required and nothing else. The manifest is normalized - the about, description, postInstallMessage etc can be set as
file://in the repo but they are replaced with the file contents. The logo is currently sent separately but we can base64 encoded it or something and put it in manifest as well (we can fix this part). The screenshots are external URLs and just links inside manifest.
So.. if let's say there was a command "cloudron bundle" or something and it outputs a
foo.appwhich is really just a JSON file which is the normalized manifest and the last built dockerImage, would that be good enough ? For the user, a user can just paste a public URL that contains the file and we can install it.
Of course, this doesn't solve the whole "discovery" aspect of these apps. But for the moment, we can just open a forum thread that contains all the apps ( I think @thetomester13 was working on something like this? )
I think the ability to install via uploading a cloudron manifest (which should have an image URL) and via git (github, gitlab, other git solution) would be plenty.
Then all you would need is a "third-party" app store site for users to post on, which I can make if internal workload is too much. (not as an app but something someone can host for users to go to to see third party apps and such.
Portainer has a mechanism that is called "templates". An admin can override the data source these templates are loaded from.
This way the cloudron admin could add another data source to the "App Store" on his Cloudron. Apps from that source could show in a dedicated category, potentially with a disclaimer above.
Plus points if the address would allow password protection (so that one could use an auth enabled surfer instance to host the file).
This is how the portainer template looks like:
@girish what kind of protocol does the communication between the repository and the Cloudron use ? I think the best approach would be to allow the admin to set additional app sources for their server. Then you could let the community self-host their own app stores. So apps installed in this way could still auto-update & stuff
@mehdi it's only http/rest api. but making the appstore selfhostable is just a lot work, so maybe sometime in the far future. appstore.js in box repo had most of the api.
While I am also a fan of AUR, I am very much aware to whom AUR and Archlinux as such is targeted. With this in mind, I want to lower expectations of a great third party app library of unsupported packages, readily discoverable. In fact what AUR is, would already be possible, just write a small script which wraps a list of git repos of app packages. Everything is already in place right now. A way to install without rebuilding the image, is actually something like a ppa in ubuntu or simply alternative package servers in Archlinux (and there are also plenty).
If your intentions are, as @BrutalBirdie initially said, to be able to allow more package testing while those packages are still under development, then I think adding support for what @girish mentioned is great. Not for technical sake, but to actually serve the purpose. It makes no sense to build something like a 1-click install way for people who cannot actually provide app package testing. (Just a slight hint to the discussions Archlinux maintainers had in the past with the AUR wrapper script developers...this was and still isn't a everyone-is-happy situation)
I understand the analogy is not to be taken 1to1 but just wanting to give some input from that perspective as well, since I do think it is a good analogy to what was suggested.
Also to get a bit more focus rather than the big picture, the mentioned examples of Valheim and GTA game servers, may actually be treated differently than more critical apps with personal or business data
Lonk last edited by Lonk
Bookmarking this thread because there are def apps I'm building that feel like that wouldn't belong in the official store (like a Selenium interface that no one should ever attempt to convert to Cloudron's base image btw ), and want to see where this proposal ends up.
robi last edited by
One thing that was a big turnoff from Sandstorm and others is the only availability of severely out of date & unmaintained apps in their app stores.
That is a big plus for Cloudron managed apps and kudos to the @staff team here.
So, thinking a bit more, I like the idea of "downloading" some package file that the user can upload to install an app. I guess this is very similar to android apk files. The main advantage over installing using a git repo link is that the packaging code doesn't need to be open source. App packages listed on the current App Store are all open source but just like app licensing it's not for us to enforce.
robi last edited by
@girish Lol, this bring us to things like App Images.
I'd still like the ability to have a private file repo and http(s) based installs from things like Surfer.
To generate the app from a git repo, there could be a bundling script like you mentioned.
Updates manual, but at some point I see feature requests to be more like package repositories with tools to scan for all available updates.
Hillside502 last edited by
@girish said in Proposal: The CUR - Cloudron User Repository:
App packages listed on the current App Store are all open source
Confluence is not open source.
I should have been clearer... I meant the packaging source code itself is opensource (i.e the docker file and the tests) but not the apps themselves. We actually many apps that are not open source - emby, teamspeak, the minecraft apps, the pre-installed smtp plugin in WP (was not opensource, but i have switched it to an open one now), probably forgetting more.