New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The one-click deployment of Odoo Apps should be controllable by sysadmins #15225

Closed
odony opened this Issue Jan 26, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@odony
Contributor

odony commented Jan 26, 2017

Summary

Odoo includes a one-click install feature, for easy deployment of Apps coming from the Odoo Apps Store.
This feature is exposed directly in version 8, and located in dev mode in Odoo 9 and 10.

However at the moment we cannot guarantee that all Apps published on the Odoo Apps Store are safe. And it is a security risk to let end-users deploy Python code on their Odoo servers without requiring any review/deployment by a competent system administrator.

So we plan to disable the feature by default, and instead make it relatively easy to turn on when it is explicitly desired. End-users will receive a message when they attempt to use the feature, and will have to contact the sysadmin to enable it.
This will also allow sysadmins to permanently disable the feature on sensitive environments, even if it was previously enabled by default.

This has been done for all supported stable versions:

Rationale

  1. We cannot guarantee that all Apps published on the Odoo Apps Store are safe. And it is a security risk to let end-users deploy Python code on their Odoo servers without requiring any review/deployment by a competent system administrator.
    We will work on improving the validation process of the Store, but this will require time, and won't probably be a 100% safe process in any case.
  2. The one-click install feature is however really useful to help non-technical users install Apps, as long as the feature has been explicitly allowed by the system administrator. This is a common feature in other software suites as well. So we'd like to keep it as an opt-in feature.
  3. Administrators of multi-tenant servers, cloud hosting services, etc. understandably expect to be able to turn off the feature for security/control reasons.
  4. By turning off the feature by default, but still exposing it in the UI, we keep it discoverable for users. The error message should be helpful to direct users to their sysadmins.
  5. By using the permissions of the download folder as a flag for turning off the feature, we avoid introducing an extra server parameter. The folder is still created (read-only) by default, for the sole purpose of making it easier to locate.

Note: please discuss the patches on the relevant PRs or on separate issues.

@odony odony self-assigned this Jan 26, 2017

@odony odony added the RD label Jan 26, 2017

@odony odony changed the title from One-click install via Odoo Apps Store should be deactivated -> manual install to One-click install via Odoo Apps Store should be temporarily deactivated -> manual install Jan 26, 2017

odony added a commit to odoo-dev/odoo that referenced this issue Jan 27, 2017

[FIX] module: allow disabling 1-click install
As discussed on issue odoo#15225, it should be possible
for system administrators to disable the 1-click
installation system.

By default the feature will now be disabled, and
can be enabled by making the addons download
directory writable for the user with which the
Odoo server is running.

Fixes odoo#15225

@odony odony changed the title from One-click install via Odoo Apps Store should be temporarily deactivated -> manual install to The one-click deployment of Odoo Apps should be controllable by sysadmins Jan 27, 2017

@odoo odoo locked and limited conversation to collaborators Jan 27, 2017

@odony

This comment has been minimized.

Show comment
Hide comment
@odony

odony Jan 27, 2017

Contributor

The relevant pull requests have been merged - installation packages will be updated shortly.

Contributor

odony commented Jan 27, 2017

The relevant pull requests have been merged - installation packages will be updated shortly.

@odony odony closed this Jan 27, 2017

@odony odony removed the RD label Jan 27, 2017

lembregtse pushed a commit to EssentNovaTeam/odoo that referenced this issue Dec 1, 2017

[FIX] module: allow disabling 1-click install
As discussed on issue odoo#15225, it should be possible for system administrators
to disable the 1-click installation system.
The plan is to disable the feature by default, but make it relatively easy
to turn on when it is explicitly desired.

1. At the moment we cannot guarantee that all Apps published on the Odoo Apps
   Store are safe. And it is a security risk to let end-users deploy Python
   code on their Odoo servers without requiring any review/deployment by a
   competent system administrator.
   We will work on improving the validation process of the Store, but this
   will require time, and won't probably be a 100% safe process in any case.
2. The one-click install feature is however really useful to help
   non-technical users install Apps, as long as the feature has been
   explicitly allowed by the system administrator. This is a common feature
   in other software suites as well. So we'd like to keep it as an opt-in
   feature.
3. Administrators of multi-tenant servers, cloud hosting services, etc.
   understandably expect to be able to turn off the feature for
   security/control reasons.
4. By turning off the feature by default, but still exposing it in the UI,
   we keep it *discoverable* for users. The error message should be
   helpful to direct users to their sysadmins.
5. By using the permissions of the download folder as a flag for turning
   off the feature, we avoid introducing an extra server parameter.
   The folder is still created (read-only) by default, for the sole purpose
   of making it easier to locate.

Fixes odoo#15225

metaminux pushed a commit to metaminux/odoo that referenced this issue Dec 19, 2017

[FIX] module: allow disabling 1-click install
As discussed on issue odoo#15225, it should be possible for system administrators
to disable the 1-click installation system.
The plan is to disable the feature by default, but make it relatively easy
to turn on when it is explicitly desired.

1. At the moment we cannot guarantee that all Apps published on the Odoo Apps
   Store are safe. And it is a security risk to let end-users deploy Python
   code on their Odoo servers without requiring any review/deployment by a
   competent system administrator.
   We will work on improving the validation process of the Store, but this
   will require time, and won't probably be a 100% safe process in any case.
2. The one-click install feature is however really useful to help
   non-technical users install Apps, as long as the feature has been
   explicitly allowed by the system administrator. This is a common feature
   in other software suites as well. So we'd like to keep it as an opt-in
   feature.
3. Administrators of multi-tenant servers, cloud hosting services, etc.
   understandably expect to be able to turn off the feature for
   security/control reasons.
4. By turning off the feature by default, but still exposing it in the UI,
   we keep it *discoverable* for users. The error message should be
   helpful to direct users to their sysadmins.
5. By using the permissions of the download folder as a flag for turning
   off the feature, we avoid introducing an extra server parameter.
   The folder is still created (read-only) by default, for the sole purpose
   of making it easier to locate.

Fixes odoo#15225
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.