[TYPO3-v4] Add version number to extension name in ext-folder and create a link to currently used version

[Michael Stucki]

Hi Christian,

> another goody I'd like to hear your opinion about.
> 
> If downloading an extension from TER, it would be great to store the
> extension with the version number pending, and set a link
> "extensionname" to the new version.
> 
> Example:
> typo3conf/ext/phpmyadmin-4.8.1 as d/l from TER
> typo3conf/ext/phpmyadmin link to typo3conf/ext/phpmyadmin-4.8.1

I'm sorry but that's a no-go because it's a security problem:
Someone may guess the version of an extension with simple requests to
typo3conf/ext/$EXTKEY-$VERSION. If he doesn't get a 404 then the
extension is installed.

Additionally, I don't like the fact that old extensions may remain in
typo3conf/ext which would grow more and more then. And last but not
least, Windows servers don't support it.

> Why?:
> For us, typo3conf/ext is a SVN checkout (at least for project bigger
> than "trivial"). If we update extensions through em, svn is confused
> because of the missing .svn subdirectory, because em deletes the folder
> and writes the new version.

That's true and that's the real issue we should think about. I don't
like that fact either.

> So, our current workflow if updating from TER is:
> - Unload extension and hope BE does not fatal after that
> - svn rm old extension
> - Import new version from TER
> - svn add new vanilla version

Up to this point, this could be solved if the EM would not just delete
the whole extension directory but rather delete all files inside
(excluding ".svn") and then import the extension from TER.

> This process gets more complicated if we must handle local extension
> "hacks", then we need to diff out the hacks from svn, store them
> somewhere, import new version and re-apply the hacks.

True and this can't be solved automatically in either way. For this to
work the EM would need to update through SVN, so TER would not be used
for the download.

Alternatively, you may hook into the EM, create "svn diff" before the
download, and try to reapply the patch after the update. It may work
well if there's no conflict, and if not it would still leave you the
backup which you seem to be looking for... (So then it could be done
manually after the update.)

> *if* every new TER extension version gets a new directory within
> typo3conf/ext, the old one is not deleted, and we just link to the new
> version, all this would be much more simple: We can easily "svn merge"
> hacks from older versions, the import is easy, import doesn't destroy
> the .svn directories, and it's all transparent for svn. Even the
> link-change is under svn control.

How should this work? How does your SVN client know which changes need
to be merged and which not? Did you already checkout the extension
through SVN maybe?

> Question is: Do you think something like that would be useful to be
> handled by core?
> If yes, we'll think about a core solution (no promisses).
> If not, we *will* hack up XCLASSES or an own em-fork to do that (plus
> additional implementation for automatic svn check-in and cleanup, and
> maybe handling of svn-external extensions).

I agree to the problem but the solution isn't that beautiful ;-) I think
the core should receive a fix so that extensions are not deleted
entirely during an update. All ".svn" directories should be left untouched.

The rest of the functionality (automatic merge of patches) is nice as
well, but I think this should be moved into an extension since it's too
specific for most users...

- michael