This package provides a CMS scaffold for Laravel. It includes an installer, themes and plugins scaffolding, basic models, migrations and stubs for dashboard features.
Install via composer (local path during development):
composer require buni/cms:dev-main
This package includes a built-in updater service (Buni\\Cms\\Services\\Updater) which can check a remote JSON endpoint (configured via buni.updates.endpoint) that must return at least:
{
"version": "1.2.3",
Post-install behavior
---------------------
When this package is installed via Composer it will run migrations automatically (if possible) and then attempt to detect whether Buni CMS is already initialized.
- If no admin users are present the installer will prompt (interactive) to either open the web installer at `APP_URL/buni/install` or run the CLI installer `php artisan buni:install --yes`.
- If `APP_URL` is not set the installer will print the installer URL and instructions to set `APP_URL`.
For non-interactive environments (CI or --no-interaction) the plugin will not attempt to open a browser or run interactive prompts; it will log instructions to complete installation manually.
If you prefer to run installation yourself after require, visit:
<APP_URL>/buni/install
or run:
```bash
php artisan buni:install --yes
"url": "https://example.com/releases/buni-cms-1.2.3.zip",
"sha256": "<optional sha256 checksum of zip file>"
}
- If `sha256` is present the updater verifies the downloaded ZIP matches the checksum and will abort on mismatch.
- If a release is signed the metadata can include a `signature` (base64 of the signature) or `signature_url` to fetch the signature. The updater uses the configured public key at `buni.updates.public_key` to verify the release using SHA256+RSA (OpenSSL). The updater will abort if signature verification fails.
- The updater extracts the ZIP to a temporary location and performs an atomic swap (rename) of the package directory, keeping a timestamped backup directory for rollback.
- The updater supports `dry` (preview) and `migrate` options when invoked via the `buni:update` command.
Security notes
--------------
- Provide signed releases or at minimum a checksum in the update metadata to detect tampering.
- The current implementation performs a best-effort atomic swap via filesystem renames; on some filesystems (network mounts) atomicity may not be guaranteed.
- Test updates in a safe environment before applying to production. Backups are kept under the package parent directory named `buni_update_backup_<ts>`.
Usage
-----
Via artisan:
php artisan buni:update --yes --migrate
Or call the service from code and provide a Guzzle client for testing:
$updater = new Buni\Cms\Services\Updater(); $updater->run($command, ['migrate' => true]);