* * *

Author Topic: Online Package Manager  (Read 116662 times)

GetMem

  • Hero Member
  • *****
  • Posts: 2251
Re: Online Package Manager
« Reply #15 on: October 05, 2016, 09:19:56 pm »
@rvk
You're the first one who actually tested the pacakge, thank you for this!
Quote
TJSONStringType is an UTF8String in trunk.
Fixed! I should have typed "AJSON: TJSONStringType" instead of "AJSON: Ansistring"
Quote
Suggestion #1: Making the packages-list more compact. Only expanding when choosing the +
Done. I updated the link.
Quote
Suggestion #2: Putting the "Online Package Manager" above the "Install/Uninstall packages". I'm very used to be "Install" being the last in that menu :) Although, if this becomes the standard the position at the bottom might be preferred.
I will leave it where it is for now, since we are only testing. It can be changed later if necessary.
Quote
Question: What packages will be provided in the end.
Every package will be accepted in the official repository with one condition, it must be checked first. I will do the work if necessary.
Quote
Will the lazarus-ccr packages/components be added?
Yes.


@Phil, @lainz, @molly, @Graeme
Quote
I would assume this would be the case. That way, a package author only needs to publicize the URL of the package zip. The user types/pastes this URL into the package manager, which does the rest.I would use a separate .zip for each package. And each .zip would contain its own JSON file for the package. Put a master list of packages elsewhere.
I plan to add support for external zip files/repositories, but this is a dangerous game(my only problem with delphinus + the fact, that it force you to use github). The package manager will automatically download/extract the zip, then install it into the IDE. It's a great way to inject a malware into someone's computer. This is why I insist to have an official repository, where the packages can be checked(malware wise + legally as @Phil mentioned). On the other hand, forcing the developers to use only the packages from the official repository it's also wrong, but they must use it at their own risk.


@howardpc
I was hopping that the official repository can be hosted in one of the freepascal.org directory(see fppkg). For now @Leledumbo was kind enough to host the repository on his personal server.

PS: Thank you all for the feedback.
« Last Edit: October 05, 2016, 09:35:51 pm by GetMem »

Phil

  • Hero Member
  • *****
  • Posts: 2280
Re: Online Package Manager
« Reply #16 on: October 06, 2016, 03:32:09 am »
Every package will be accepted in the official repository with one condition, it must be checked first. I will do the work if necessary.

That sounds reasonable.

Quote
I was hopping that the official repository can be hosted in one of the freepascal.org directory(see fppkg). For now @Leledumbo was kind enough to host the repository on his personal server.

It might actually be healthy to be independent of freepascal.org.

In any case, since you guys are doing the work, it's up to you to decide where to host it. Leledumbo's server sounds fine to me.

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3086
  • I like bugs.
Re: Online Package Manager
« Reply #17 on: October 06, 2016, 12:52:52 pm »
Sorry I haven't tested the package manager yet. I try to do it soon, today or tomorrow.
Earlier discussions have recommended fppkg.
 http://free-pascal-lazarus.989080.n3.nabble.com/Lazarus-An-online-package-manager-tt4043469.html#none
I discussed with GetMem earlier and he says fppkg is not very well suited here. I must take his word on this issue because he is the only person so far to make a functional online package manager.
"Lazarus packagemanager" from Darius Blaszyk uses fppkg but does not work.
The "Aarre" initiative from Mattias and myself has no functional code either.
Several people (including myself) had plans to write such a package manager ... but nobody did until now.

My goal is to include this GetMem's work in Lazarus sources, either as a package or directly in the packages/ source directory.
It also means commit access for him.
It does not need to be perfect initially. As always a piece of code improves by iterations. People can then provide patches to improve it.
Using / not using fppkg is a big design decision but even that can be changed if need be. But again, it needs code from somebody. Simply expressing one's opinion on the issue is not enough.

The management of online packages and the packages included with Lazarus must be integrated seamlessly. Dependencies between all them must be handled automatically.
However this is not required in the initial version either.

The best approach seems to be whan  Delphinus does on Github. Everything is hosted there.  Delphinus use the Github API to detect new packages and automatically present those in the IDE.

Ok, I was planning to ask how it scans all the projects to find Delphi packages. I guess it searches a specific file name using the Github API.
Yes, that is cool and tempting but it must not be the only interface for our package manager. We must support other sources, too. Some packages (Lazarus CCR) are in SourceForge and there are various other options.
So, support for Github API and other APIs should be added later but not initially.

I will answer the Lazarus mailing list post after I have tested the package manager. Please follow it, too.
Talking about mailing list, does it work now for everybody? The known problems were solved by Marc.
« Last Edit: October 06, 2016, 12:57:55 pm by JuhaManninen »

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3086
  • I like bugs.
Re: Online Package Manager
« Reply #18 on: October 06, 2016, 01:22:13 pm »
I plan to add support for external zip files/repositories, but this is a dangerous game(my only problem with delphinus + the fact, that it force you to use github). The package manager will automatically download/extract the zip, then install it into the IDE. It's a great way to inject a malware into someone's computer. This is why I insist to have an official repository, where the packages can be checked(malware wise + legally as @Phil mentioned). On the other hand, forcing the developers to use only the packages from the official repository it's also wrong, but they must use it at their own risk.

A user must not need to learn other alternative URLs for packages, nor copy/paste them. The user must be able to simply search for packages by name + other criteria and get a list of all worthy packages.
It means your JSON config must support an external URL. It should be a trivial change (ok, I write this without testing your code yet).
It means a package author can make the required ZIP file in his repository and ask you to add it to the list. Files don't need to be copied anywhere.
Do SourceForge etc. allow direct download links for files? I think they do. I remember you claimed the opposite. I must study the issue.
Testing your code is now nro 2. in my ToDo list. Wait ...

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3086
  • I like bugs.
Re: Online Package Manager
« Reply #19 on: October 06, 2016, 01:36:01 pm »
(1) Package must have a proper license. If it's the same as LCL or FPC RTL, just state so or point to the FPC modified LGPL doc files. If it's something else, anything, just have a link to it (Eclipse, BSD, etc.). The only thing unacceptable might be if nothing is specified in the JSON file. By clearly stating what license is used, the user of the package manager can decide beforehand whether that's even a package they're interested in.

An "official" server with a managed configuration file solves the issue. Only legal packages are accepted.
Otherwise the license does not matter, any free package is OK. The license can be commercial, for example if a company wants to deliver a demo of their product, fine. It is not a package manager's task to decide.
The license should be shown in the GUI, yes.

Quote
(2) If the package depends on LCL (ie, has LCL under RequiredPgks in .lpk file), then it must specify what LCL interfaces it has been tested against. I typically test against Carbon, Win32, GTK2 at a minimum so that I can legitimately say that the package is cross-platform.

Yes, that information must be shown, too. There are packages which cannot be cross-platform by definition, for example by using MS Office tools by OLE automation.

GetMem

  • Hero Member
  • *****
  • Posts: 2251
Re: Online Package Manager
« Reply #20 on: October 06, 2016, 01:46:17 pm »
Quote
@Juha
It means your JSON config must support an external URL. It should be a trivial change (ok, I write this without testing your code yet).
Yes, it is a trivial change.

Quote
It means a package author can make the required ZIP file in his repository and ask you to add it to the list. Files don't need to be copied anywhere.
Ok, and what if another user decide to download and install the the package form the list? The package manager will do it automatically,  without any sanity check. This might lead to problems.

minesadorada

  • Hero Member
  • *****
  • Posts: 552
  • Retired
Re: Online Package Manager
« Reply #21 on: October 06, 2016, 01:46:42 pm »
...
Do SourceForge etc. allow direct download links for files? I think they do. I remember you claimed the opposite. I must study the issue.
Yes, LazAutoUpdate uses direct downloads from Sourceforge.
GPL Apps: Health MonitorRetro Ski Run
OnlinePackageManager Components: LazAutoUpdate, LongTimer, PoweredBy, ScrollText, PlaySound, CryptINI

GetMem

  • Hero Member
  • *****
  • Posts: 2251
Re: Online Package Manager
« Reply #22 on: October 06, 2016, 01:55:17 pm »
Quote
@minesadorada
Yes, LazAutoUpdate uses direct downloads from Sourceforge.
I'm almost certain it's not a direct download. You have to follow a few redirects. Personally I don't like that, though it's easily doable with TFPHTTPClient.

GetMem

  • Hero Member
  • *****
  • Posts: 2251
Re: Online Package Manager
« Reply #23 on: October 06, 2016, 01:59:21 pm »
@Juha

As an initial step we should make an official repository. I can include a few hundred packages from different location(lazarus ccr, etc...). I think it's more then enough for a start. After that we can add other dependencies/install method and whatnot. We should keep it simple.

JuhaManninen

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3086
  • I like bugs.
Re: Online Package Manager
« Reply #24 on: October 06, 2016, 02:38:58 pm »
Ok, and what if another user decide to download and install the the package form the list? The package manager will do it automatically,  without any sanity check. This might lead to problems.
A sanity check is done by you (or other admin) when adding a URL to the JSON configuration file. You must add trusted URLs only.
A centralized and managed configuration has an advantage compared to getting all available packages from GitHub and other services automatically.

As an initial step we should make an official repository. I can include a few hundred packages from different location(lazarus ccr, etc...). I think it's more then enough for a start. After that we can add other dependencies/install method and whatnot. We should keep it simple.
Yes, that is fine initially.
« Last Edit: October 19, 2016, 11:24:29 am by JuhaManninen »

lainz

  • Hero Member
  • *****
  • Posts: 1991
Re: Online Package Manager
« Reply #25 on: October 06, 2016, 04:00:26 pm »
Hi GetMem, I'm testing it and works nicely.

You can add BGRA-Controls package?

Name: BGRA Controls
Version: 4.1.0.0
Description: BGRA Controls is a set of graphical UI elements that you can use with Lazarus LCL applications.
Author: Dibo, Circular, Lainz and others.
Compatible with: Lazarus: 1.6
Package type and Dependencies: You get them automatically right?
License: LGPL Modified LGPL

You can download it here:
https://github.com/bgrabitmap/bgracontrols/releases


And a suggestion, it should be downloaded himself to get updates of this package manager, not sure if possible but it's something that will be nice.

And show the version number of the package manager somewhere in the window.
« Last Edit: October 06, 2016, 04:26:53 pm by lainz »

Phil

  • Hero Member
  • *****
  • Posts: 2280
Re: Online Package Manager
« Reply #26 on: October 06, 2016, 04:08:43 pm »
License: LGPL

I read that to mean that it does not include the linking exception that LCL and FPC RTL have. If it does, it needs to include that here.


lainz

  • Hero Member
  • *****
  • Posts: 1991
Re: Online Package Manager
« Reply #27 on: October 06, 2016, 04:09:52 pm »
License: LGPL

I read that to mean that it does not include the linking exception that LCL and FPC RTL have. If it does, it needs to include that here.

So

License: LGPL with linking exception Modified LGPL

that's the right one.
« Last Edit: October 06, 2016, 04:26:37 pm by lainz »

Groffy

  • Full Member
  • ***
  • Posts: 179
Re: Online Package Manager
« Reply #28 on: October 06, 2016, 04:34:24 pm »
And a suggestion, it should be downloaded himself to get updates of this package manager, not sure if possible but it's something that will be nice.

And show the version number of the package manager somewhere in the window.

Nice idea.

Just installed the package manager, and its working great!

As soon there will be more registered packages, it might be helpfull to introduce categories(?)


Best regards
Linux Mint 18 - KDE / Windows7 / Lazarus 1.6.4 / trunk -qt

GetMem

  • Hero Member
  • *****
  • Posts: 2251
Re: Online Package Manager
« Reply #29 on: October 06, 2016, 06:14:01 pm »
Quote
Hi GetMem, I'm testing it and works nicely.
Thanks for testing, I'm glad it's working.

Quote
You can add BGRA-Controls package?
Yes, but you have to wait a few days, because:
1. The package manager is only completed about 30-40%
2. We didn't decide yet all the details
3. I don't want to bug @Leledumbo each day with a new package.

Quote
Package type and Dependencies: You get them automatically right?
Not yet, I added manually to the JSON. I hope an automated tool will be ready in week or so. However once the dependencies are loaded from the json it will automatically search and resolve each package dependency. For example VirtualStringTree depends on LCLextension. If you try to check VirtualTreeView and LCLExtension is not checked or installed the package manager will warn you. Please try it!

Quote
And a suggestion, it should be downloaded himself to get updates of this package manager, not sure if possible but it's something that will be nice
This is an excellent idea. Since package manager is a package,  will work 100%.

Quote
@Groffy
As soon there will be more registered packages, it might be helpfull to introduce categories(?)
Yes I will add it, but it's not very high on the priority list. For example I just realized that a zip file can contain multiple .lpk files. The package manager can handle it for now. I have to redesign it.

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus