There is a lot of issue with the current automatic updater and the current update process, so here are our proposal:
- Adds new update button in the ACP
- First step: upload a package and check it
- Download the appropriate update package from phpbb.com
- Download a signature from the same website
- Calculate the package checksum
- Decode the expected package checksum from the signature using a public key already available (the public key will be present in the install package and could be updated by any update package. If the key does not work, we will ask the user to download it from phpbb.com but it shouldn't happen a lot of time, the public key shouldn't change unless phpbb.com has been compromised)
- Second step check requirements
- Check PHP version and others PHP requirements (extensions or anything else) using the current files (this way, we can display a nice message and abort even if PHP is not compatible with the new version)
- Check other requirements (write right or DB version per example)
- Calculate and compare the checksum of all files in the update package. Abort with an error message if one of them differ
- Third step: update files (replaces old files by the new ones)
- Fourth step: pre db updates (config.php fixes per example)
- Fifth step: db-update
- Sixth step: cleanup
Note: phpbb.com refer to phpbb.com or any other configured source (for IST per example)
Note: A such automatic updater needs 2 things:
- No more edits to core files at all
- Write right to all phpBB files