Dolibarr the PHP beast - Problems with module installation

Reply to Dolibarr the PHP beast - Problems with module installation on Tue, 01 Feb 2022 19:27:06 GMT

girish — Tue, 01 Feb 2022 19:27:06 GMT

Started a new thread here - https://forum.cloudron.io/topic/6424/deploying-apps-that-treat-code-as-data

Reply to Dolibarr the PHP beast - Problems with module installation on Tue, 01 Feb 2022 19:19:00 GMT

girish — Tue, 01 Feb 2022 19:19:00 GMT

Yeah, these apps can be quite complicated to maintain. I have put a note for ourselves to see how we can solve deployments of such apps in the next release.

I will create a separate thread and see if we can come up with ideas.

Reply to Dolibarr the PHP beast - Problems with module installation on Mon, 31 Jan 2022 14:20:44 GMT

Inli — Mon, 31 Jan 2022 14:20:44 GMT

@luckow that is a "good" point of view but in that precise case, the problem is on the plugin who "hack" main dolibarr core files, that's not a cloudron problem i mean

and what about dolibarr core upgrades, it will break oAuth functionnalities ? really that is a special case for ONE plugin who don't care about main dolibarr files ...

Hmmmm just to be clear, i'm sorry, for THAT module in that case it's not a patch, it does not modify a file in dolibarr core, it ADD a file in OAuth to enhance dolibarr oAuth support and add Wordpress as a OAuth source

So that's a surprise for me and i don't know what to think about that ...

Reply to Dolibarr the PHP beast - Problems with module installation on Mon, 31 Jan 2022 11:24:55 GMT

luckow — Mon, 31 Jan 2022 11:24:55 GMT

@inli Dolibarr is not the only FOSS with this kind of extensible functionality. In an ideal FOSS world, abstraction layers for modules/extensions/plugins exists and Cloudron apps are "easy" to package and update. 100+ apps in the store shows us, that this is possible.

My question is: should we invest time in applications like Dolibarr, where installing modules puts us in this situation? Do we have a generic solution for "hacking core"?

My position for a scalable video conferencing solution on Cloudron is clear: no Install a greenlight (Frontend for BigBlueButton) and use a separate cluster to scale. Perhaps we should define the same position for FOSS with "scary development" or find the holy grail to fix all possible side effects.

An alternative way could be: use Dolibarr without modules. If it works for you, fine. If you need modules (and there are problems), install it on a separate instance.

Reply to Dolibarr the PHP beast - Problems with module installation on Mon, 31 Jan 2022 10:30:51 GMT

Inli — Mon, 31 Jan 2022 10:30:51 GMT

@luckow the main problem is : a plugin tries to patch a dolibarr core file ... that could be a very bad idea (security point of view) and then what about dolibarr upgrades ?

For example:

i install dolibarr 14.0.1
then i install that plugin wich update a core file (includes/OAuth/OAuth2/Service/WordPress.php)
some time after i will update dolibarr to 14.0.2 -> for sure includes/OAuth/OAuth2/Service/WordPress.php could be override by dolibarr update

what about the consequences ?