Hi Adi ! Thanks for sharing !
Sebastien Le Mercredi, Mars 20, 2024 14:37 CET, "Adi Kriegisch" (a...@cg.tuwien.ac.at) <users@sogo.nu> a écrit: Thank you very much for reviving the possibility of an update service for the Thunderbird plugin! As a side note, running the service as a php script isn't necessary; this can also be done with some mappings in nginx: * create a map with the updates: | # update service | map $request_uri $update { | default 0; | '~*^/updates/available/?\?v=114.0.0' '{ "version": "115.0.0", "xpi": "https://my-sogo-server/updates/sogo-connector-115.0.0.xpi" }'; | } * use the map in a location: | ## update service | location /updates/available { | access_log /var/log/nginx/sogo-update-access.log; | error_log /var/log/nginx/sogo-update-error.log; | default_type ""; | if ($update) { | add_header Content-Type "application/json; charset=utf-8"; | return 200 $update; | } | if ($update = 0) { | return 204 "No update"; | } | } * and serve the plugin's xpi file as well (I created an empty index.html in that directory as well in order to disable file enumeration): | location /updates { | access_log /var/log/nginx/sogo-update-access.log; | error_log /var/log/nginx/sogo-update-error.log; | alias /var/www/sogo-connector; | } (you could also make sure to log $request_uri so that you are able to see the original request in the log file, just in case you're monitoring the extension versions out there in the wild) * then, of course, you need the corresponding settings in your custom-preferences.js: | // update service | bool_pref("app.update.auto", true); | bool_pref("app.update.enabled", true); | char_pref("sogo-connector.update.url", "https://my-sogo-server/updates/ available"); * in case you do run your internal services with your own certificate authority and experience issues with the certificate issuer not being built-in like this: | addons.xpi WARN Download of https://my-sogo-server/updates/sogo-connector-115.0.0.xpi failed: | [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" You may get rid of that by force-pushing the following settings with the plugin: | force_bool_pref("security.enterprise_roots.enabled", true); | // do not enforce certificates to be built-in for updates | force_bool_pref("extensions.install.requireBuiltInCerts", false); | force_bool_pref("extensions.update.requireBuiltInCerts", false); As you can see from the code above, I built a plugin with version 114.0.0 in manifest.json in order to be able to test the upgrade procedure. For a new version of the connector, adding a line to the map should be sufficient. As there aren't too many releases of connector you'll only collect a few more lines per year. I hope this helps some of you that want to try to avoid running php stuff on their sogo server. all the best, Adi PS: Feedback on this very much welcome.