Loading...
 

Install optional libraries in Tiki via Composer

A Composer Dependencies Revamp proposal is in discussion for Tiki17.

Why does Tiki use Composer?

To manage nearly 100 dependencies:

How does Tiki use Composer? Look for the string composer in:

https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/setup.sh

See also: Composer

Idea: php console.php that lauches Composer and installs rarely used components, or things that we can't (or prefer not to) bundle in Tiki. This proposal is only about the libraries. Code that uses these libraries continues to be managed in the main Tiki code base, optional as always. This is important to keep things simpler, and avoid http://pluginproblems.com/

Challenges and opportunities

We could eventually turn off mods https://mods.tiki.org/ , which is only used currently for https://doc.tiki.org/PluginR to get around licensing issues (GPL vs LGPL).

Security

  • Permissions of files created by the Apache user
  • Most of our recent security issues involved libraries managed by Composer but not used by everyone. All Tiki files have a feature and permission check which makes them only a risk if active How+to+release#Check_that_all_PHP_files_have_a_feature_check but we don't have this for external libs.

License incompatibilities

  • Sometimes, the best library is of an incompatible license (but still OSI compliant). See License
  • We have spent a lot of time in the past to work with upstream projects to change the license (Bootstrap, Bootstrap Tour, etc.). But sometimes, it's just not possible.

Without shell access

  • What we develop should work for users without shell access or, at least, they should have a documented procedure. For example, download this file abc.zip and unzip in folder /var/www/virtual/example.org/vendor_custom.
    • Mods has such documentation
  • What is installed manually vs. custom libs installed by composer should be stored in a different directory.
    • The vendor/ directory can be deleted and everything is re-generated (great!).
      • We wouldn't want to have to track manual vs. system managed dependencies....

Single composer.json file

  • Modifying the composer.json file, which will get overwritten on upgrades


Jordi suggested: Composer#Split_composer.json_information_into_two_files .

End goal

  1. A checkbox in tiki-admin.php that installs Composer Libraries when the relevant feature is activated.
    • This should run Composer if it can
      • If it can't, but for users with shell access: it should tell the user what shell command to run
      • For those with no shell access, it should tell the user what to install where (like Mods: http://twbasics.tikiforsmarties.com/Installing+Mods+Manually ). This more or less is what people need to do now for ViewerJS and mPDF. Suggested location is a vendor_custom directory.
  2. Tiki code that uses these libs would check for them,
  3. If someone manually added a lib, and it's now out of date, there should be a warning in tiki-admin.php
    • If there is a security vulnerability, an email should be sent out. (This is actually something missing in Tiki in general.)
  4. Tiki code that uses these libs would be maintained in common code base to keep things simpler.
  5. If there are any post-install-cmd , they should be run


Perhaps via Tiki console (and launchable via TRIM) and also doable via tiki-admin.php
Composer#Optional_libraries
Composer#Web-based_management
Composer#Locations_of_optional_libraries

Examples:

Bonus questions

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting 7.x
Administration
Ajax 2.x
Articles & Submissions
Backlinks
Banner
Batch 6.x
BigBlueButton audio/video/chat/screensharing (5.x)
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution 2.x
Cookie
Copyright
Credits 6.x
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs 8.x
DogFood
Draw 7.x
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Group
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping 3.x
Mobile Tiki and Voice Tiki
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Payment 5.x
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Score
Search engine optimization (SEO)
Search
Security
Semantic links 3.x
Share
Shopping Cart 5.x
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags 2.x
Task
Tell a Friend, alert + Social Bookmarking
Terms and Conditions
Theme
TikiTests 2.x
Timesheet
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
WebHelp
Webmail and Groupmail
WebServices 3.x
Wiki 3D
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives 4.x
WYSIWTSN 4.x
WYSIWYCA
WYSIWYG 2.x
XMLRPC




Useful Tools