Permalink
Browse files

Enhanced package manager. Not verified packages can not be installed …

…by default (via GUI + OTRS console).
  • Loading branch information...
Irthen authored and UdoBretz committed Jun 7, 2018
1 parent 027c76d commit f463bf61437ec80e7608430af4bf84422815e4bf
@@ -37,6 +37,10 @@
- 2018-05-08 Fixed bug#[13836](https://bugs.otrs.org/show_bug.cgi?id=13836) - Filter in timeline view not being applied.
- 2018-05-08 Fixed bug#[12994](https://bugs.otrs.org/show_bug.cgi?id=12994) - Merge Tickets with same linked objects causes error.
- 2018-05-07 Fixed bug#[13818](https://bugs.otrs.org/show_bug.cgi?id=13818) - Dynamic field values of tickets are not displayed in customer ticket search result.
- 2018-05-03 Enhanced package manager:
- Not verified packages can't be installed by default (via GUI + OTRS console).
- Added sysconfig setting 'Package::AllowNotVerifiedPackages' to allow installation of not verified packages (disabled by default).
- Display a notification if setting 'Package::AllowNotVerifiedPackages' is active.
- 2018-04-30 Changed default gravatar image for articles to 'mm' (mystery man).
- 2018-04-25 Fixed bug#[13764](https://bugs.otrs.org/show_bug.cgi?id=13764) - Mixed up plain and rich text body in process management when article is created.
- 2018-04-25 Fixed bug#[13815](https://bugs.otrs.org/show_bug.cgi?id=13815) - The little arrow is cut off for articles.
@@ -950,6 +950,15 @@
</Hash>
</Value>
</Setting>
<Setting Name="Frontend::NotifyModule###8000-PackageManager-CheckNotVerifiedPackages" Required="1" Valid="1">
<Description Translatable="1">Defines the module to display a notification in the agent interface, if the installation of not verified packages is activated (only shown to admins).</Description>
<Navigation>Frontend::Agent::FrontendNotification</Navigation>
<Value>
<Hash>
<Item Key="Module">Kernel::Output::HTML::Notification::PackageManagerCheckNotVerifiedPackages</Item>
</Hash>
</Value>
</Setting>
<Setting Name="Frontend::NotifyModule###9000-Generic" Required="0" Valid="0">
<Description Translatable="1">Defines the module that shows a generic notification in the agent interface. Either "Text" - if configured - or the contents of "File" will be displayed. Use "Priority" key to style the notification. If "Link" key is supplied, notification text will be wrapped in an anchor leading to specified address. You can use "Target" key to define a target attribute of the defined link.</Description>
<Navigation>Frontend::Agent::FrontendNotification</Navigation>
@@ -2727,6 +2736,13 @@
<Item ValueType="Checkbox">1</Item>
</Value>
</Setting>
<Setting Name="Package::AllowNotVerifiedPackages" Required="0" Valid="1" ConfigLevel="100">
<Description Translatable="1">If this setting is enabled, it is possible to install packages which are not verified by OTRS Group. These packages could threaten your whole system!</Description>
<Navigation>Core::Package</Navigation>
<Value>
<Item ValueType="Checkbox">0</Item>
</Value>
</Setting>
<Setting Name="Package::EventModulePost###9000-SupportDataSend" Required="0" Valid="1">
<Description Translatable="1">Package event module file a scheduler task for update registration.</Description>
<Navigation>Core::Event::Package</Navigation>
@@ -3600,6 +3600,21 @@ sub Data {
'En este repositorio no se encontraros paquetes para su versión del marco de trabajo, sólo contiene paquetes para otras versiones del marco de trabajo.',
'<br>If you continue to install this package, the following issues may occur!<br><br>&nbsp;-Security problems<br>&nbsp;-Stability problems<br>&nbsp;-Performance problems<br><br>Please note that issues that are caused by working with this package are not covered by OTRS service contracts!<br><br>' =>
'<br>Si continúa e instala este paquete, se podrían producir los siguientes problemas<br><br>&nbsp;-Problemas de seguridad<br>&nbsp;-Problemas de estabilidad<br>&nbsp;-Problemas de rendimiento<br><br>Tenga en cuenta que los problemas causados por usar este paquete no están cubiertos por los contratos de servicio de OTRS.<br><br>',
'File is not installed!' => '¡El archivo no esta instalado!',
'File is different!' => '¡El archivo es diferente!',
'Can\'t read file!' => '¡El archivo no se puede leer!',
'<p>If you continue to install this package, the following issues may occur:</p><ul><li>Security problems</li><li>Stability problems</li><li>Performance problems</li></ul><p>Please note that issues that are caused by working with this package are not covered by OTRS service contracts.</p>' =>
'',
'<p>The installation of packages which are not verified by the OTRS Group is not possible by default.</p>' => '<p>La instalación de paquetes que no han sido verificados por el Grupo OTRS no es posible por defecto.</p>',
'<p>You can activate the installation of not verified packages in the <a href=\'$Self->{CGIHandle}?Action=AdminSystemConfiguration;Subaction=View;Setting=Package%3A%3AAllowNotVerifiedPackages\' target=\'_blank\'>System Configuration</a>.</p>' => '<p>Usted puede activar la instalación de paquetes no verificados en la <a href=\'$Self->{CGIHandle}?Action=AdminSystemConfiguration;Subaction=View;Setting=Package%3A%3AAllowNotVerifiedPackages\' target=\'_blank\'>configuración del sistema</a>.</p>',

# Perl Module: Kernel/System/ProcessManagement/DB/Process.pm
'The process "%s" and all of its data has been imported successfully.' =>
'',

# Perl Module: Kernel/System/ProcessManagement/DB/Process/State.pm
'Inactive' => 'Inactivo',
'FadeAway' => 'Agotado',

# Perl Module: Kernel/System/Registration.pm
'Can\'t contact registration server. Please try again later.' => 'No es posible contactar con el servidor de registro. Por favor, inténtelo de nuevo más tarde.',
@@ -3596,6 +3596,8 @@ sub Data {
'Não existem pacotes para a versão do software que possui, apenas existem pacotes para outra versões.',
'<br>If you continue to install this package, the following issues may occur!<br><br>&nbsp;-Security problems<br>&nbsp;-Stability problems<br>&nbsp;-Performance problems<br><br>Please note that issues that are caused by working with this package are not covered by OTRS service contracts!<br><br>' =>
'',
'<p>The installation of packages which are not verified by the OTRS Group is not possible by default.</p>' => '<p>A instalação de pacotes que não são verificados pelo OTRS Group não é possível por omissão.</p>',
'<p>You can activate the installation of not verified packages in the <a href=\'$Self->{CGIHandle}?Action=AdminSystemConfiguration;Subaction=View;Setting=Package%3A%3AAllowNotVerifiedPackages\' target=\'_blank\'>System Configuration</a>.</p>' => '<p>Pode activar a instalação de pacotes não verificados na <a href=\'$Self->{CGIHandle}?Action=AdminSystemConfiguration;Subaction=View;Setting=Package%3A%3AAllowNotVerifiedPackages\' target=\'_blank\'>Configuração de Sistema</a>.</p>',

# Perl Module: Kernel/System/Registration.pm
'Can\'t contact registration server. Please try again later.' => 'Não é possivel contatar o servidor de registo. Por favor tente novamente mais tarde.',
@@ -951,6 +951,19 @@ sub Run {
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => $Self->{Subaction},
Type => 'IntroReinstallPre',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
@@ -1036,6 +1049,19 @@ sub Run {
Version => $Version,
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => '',
Type => 'IntroReinstallPost',
Name => $Name,
Version => $Version,
},
);

my $Output = $LayoutObject->Header();
$Output .= $LayoutObject->NavigationBar();
$Output .= $LayoutObject->Output(
@@ -1099,6 +1125,19 @@ sub Run {
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => $Self->{Subaction},
Type => 'IntroUninstallPre',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
@@ -1186,6 +1225,19 @@ sub Run {
Version => $Version,
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => '',
Type => 'IntroUninstallPost',
Name => $Name,
Version => $Version,
},
);

my $Output = $LayoutObject->Header();
$Output .= $LayoutObject->NavigationBar();
$Output .= $LayoutObject->Output(
@@ -2059,9 +2111,24 @@ sub _InstallHandling {
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
if ( $VerifyInfo{PackageInstallPossible} ) {

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%VerifyInfo,
Subaction => $Self->{Subaction},
Type => 'IntroInstallVendor',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
}

my $Output = $LayoutObject->Header();
$Output .= $LayoutObject->NavigationBar();
@@ -2146,6 +2213,18 @@ sub _InstallHandling {
);
}

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => $Self->{Subaction},
Type => 'IntroInstallPre',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
@@ -2189,6 +2268,18 @@ sub _InstallHandling {
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => 'Install',
Type => 'IntroInstallPost',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

if ( $Verified eq 'verified' ) {
$LayoutObject->Block(
Name => 'OTRSVerifyLogo',
@@ -2290,6 +2381,19 @@ sub _UpgradeHandling {
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => $Self->{Subaction},
Type => 'IntroUpgradePre',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroCancel',
);
@@ -2326,6 +2430,19 @@ sub _UpgradeHandling {
Version => $Structure{Version}->{Content},
},
);

$LayoutObject->Block(
Name => 'IntroForm',
Data => {
%Param,
%Data,
Subaction => '',
Type => 'IntroUpgradePost',
Name => $Structure{Name}->{Content},
Version => $Structure{Version}->{Content},
},
);

my $Output = $LayoutObject->Header();
$Output .= $LayoutObject->NavigationBar();
$Output .= $LayoutObject->Output(
@@ -0,0 +1,53 @@
# --
# Copyright (C) 2001-2018 OTRS AG, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --

package Kernel::Output::HTML::Notification::PackageManagerCheckNotVerifiedPackages;

use parent 'Kernel::Output::HTML::Base';

use strict;
use warnings;

our @ObjectDependencies = (
'Kernel::Config',
'Kernel::Output::HTML::Layout',
'Kernel::System::Group',
'Kernel::System::SysConfig',
);

sub Run {
my ( $Self, %Param ) = @_;

# Check if setting is activated.
my $PackageAllowNotVerifiedPackages = $Kernel::OM->Get('Kernel::Config')->Get('Package::AllowNotVerifiedPackages');
return '' if !$PackageAllowNotVerifiedPackages;

# Check permissions.
my $Group = $Param{Config}->{Group} || 'admin';
my $HasPermission = $Kernel::OM->Get('Kernel::System::Group')->PermissionCheck(
UserID => $Self->{UserID},
GroupName => $Group,
Type => 'rw',
);

return '' if !$HasPermission;

my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');

return $LayoutObject->Notify(
Priority => 'Error',
Data => $LayoutObject->{LanguageObject}->Translate(
'The installation of packages which are not verified by the OTRS Group is activated. These packages could threaten your whole system! It is recommended not to use unverified packages.'
),
Link =>
$LayoutObject->{Baselink}
. 'Action=AdminSystemConfiguration;Subaction=View;Setting=Package%3A%3AAllowNotVerifiedPackages;',
);
}

1;
@@ -281,10 +281,11 @@
[% RenderBlockStart("OTRSVerifyLogo") %]
<img src="[% Config("Frontend::ImagePath") %]/otrs-verify.png" class="OTRSVerifyLogoBig" />
[% RenderBlockEnd("OTRSVerifyLogo") %]
<div class="IntroInstall">
<div class="IntroInstall [% Data.VerifyCSSClass | html %]">
<h3>[% Data.Name | html %] [% Data.Version | html %]</h3>
[% Data.Description %]
</div>
[% RenderBlockStart("IntroForm") %]
<form action="[% Env("CGIHandle") %]" method="post" enctype="multipart/form-data" class="Validate PreventMultipleSubmits">
<input type="hidden" name="Action" value="[% Env("Action") %]"/>
<input type="hidden" name="Subaction" value="[% Data.Subaction | html %]"/>
@@ -300,6 +301,7 @@
<a href="[% Env("Baselink") %]Action=[% Env("Action") %]"><span>[% Translate("Cancel") | html %]</span></a>
[% RenderBlockEnd("IntroCancel") %]
</form>
[% RenderBlockEnd("IntroForm") %]
</div>
</div>
</div>
@@ -14,6 +14,7 @@ use warnings;
use parent qw(Kernel::System::Console::BaseCommand Kernel::System::Console::Command::Admin::Package::List);

our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Package',
);

@@ -46,11 +47,39 @@ sub Run {
my $FileString = $Self->_PackageContentGet( Location => $Self->GetArgument('location') );
return $Self->ExitCodeError() if !$FileString;

# parse package
my %Structure = $Kernel::OM->Get('Kernel::System::Package')->PackageParse(
my $PackageObject = $Kernel::OM->Get('Kernel::System::Package');

# Parse package.
my %Structure = $PackageObject->PackageParse(
String => $FileString,
);

my $Verified = $PackageObject->PackageVerify(
Package => $FileString,
Structure => \%Structure,
) || 'verified';
my %VerifyInfo = $PackageObject->PackageVerifyInfo();

# Check if installation of packages, which are not verified by us, is possible.
my $PackageAllowNotVerifiedPackages = $Kernel::OM->Get('Kernel::Config')->Get('Package::AllowNotVerifiedPackages');

if ( $Verified ne 'verified' ) {

if ( !$PackageAllowNotVerifiedPackages ) {

$Self->PrintError(
"$Structure{Name}->{Content}-$Structure{Version}->{Content} is not verified by the OTRS Group!\n\nThe installation of packages which are not verified by the OTRS Group is not possible by default."
);
return $Self->ExitCodeError();
}
else {

$Self->Print(
"<yellow>Package $Structure{Name}->{Content}-$Structure{Version}->{Content} not verified by the OTRS Group! It is recommended not to use this package.</yellow>\n"
);
}
}

# intro screen
if ( $Structure{IntroInstall} ) {
my %Data = $Self->_PackageMetadataGet(
@@ -68,7 +97,7 @@ sub Run {
}

# install
my $Success = $Kernel::OM->Get('Kernel::System::Package')->PackageInstall(
my $Success = $PackageObject->PackageInstall(
String => $FileString,
Force => $Self->GetOption('force'),
);
Oops, something went wrong.

0 comments on commit f463bf6

Please sign in to comment.