Should Civi core provide a secure, standardized approach if extensions want to provide automatic self-updating? (Such as what CiviMobileAPI does)
CiviMobileAPI provides functionality for automatic self-updating (e.g. https://lab.civicrm.org/extensions/civimobileapi/-/blob/master/CRM/CiviMobileAPI/Utils/Extension.php). Some of it is using core API, but some of it is doing its own thing with hardcoded values:
/**
* Get latest version of extension download link
*/
public static function getLatestVersionDownloadLink() {
$version = CRM_CiviMobileAPI_Utils_VersionController::getInstance();
$downloadUrl = 'https://lab.civicrm.org/extensions/civimobileapi/-/archive/';
$downloadUrl .= $version->getLatestFullVersion() . '/civimobileapi-' . $version->getLatestFullVersion() . '.zip';
return $downloadUrl;
}As far as I know Civi doesn't do any package signing to make this process more secure. At the very least, I think Civi should centralize this process to make this more secure.
Some things that would make this more secure:
- package signing
- put the toggle for automatic updates on the main extensions page. Perhaps a toggle for each extension.
- provide core API for the whole process so extensions don't need to roll their own approach.
- ensure that an extension is using an official path.
To upload designs, you'll need to enable LFS. More information