Title slide Subtitle Add speaker name here Title slide Drupal - - PowerPoint PPT Presentation

Subtitle

Add speaker name here

Title slide

Subtitle

Add speaker name here

Title slide Peter Wolanin David Strauss Mike Baynton

Drupal Core Auto-Update Architecture

Subtitle

Add speaker name here

Title slide

Background

• Drupal Core has no way to update itself, automatically or with human

attendance. ○ Site operators must decide on an approach using some third-party tool

Subtitle

Add speaker name here

Title slide

Recap: State of the Initiative

Through DrupalCon Nashville

• January 2018: Automatic updates Initiative Roadmap created on drupal.org 1

○ Initially sparse on architectural approaches

• August 2018: Milestone planning at Midwest Drupal Summit
• April 2018: Various architectural proposals at DrupalCon Nashville 2
• April 2019: Initiative BOF at DrupalCon Seattle

1 https://www.drupal.org/project/ideas/issues/2940731 2 https://events.drupal.org/nashville2018/sessions/drupal-core-auto-update-architecture

Subtitle

Add speaker name here

Title slide

In the past year, we've ...

• Met at Midwest Drupal Summit and completed the Initiative Roadmap

○ Three parallel efforts in mid/long-term track ○ Preparatory UI & UX tasks also identified

• Secured funding to accelerate development

○ Sponsored by The European Commission1 ○ Ran RFP and selected Tag1 Consulting ○ Preparatory task development in-progress

1 https://www.drupal.org/european-commission

Subtitle

Add speaker name here

Title slide

In the past year, we've ...

• Developed 7.x module for one-click core updates

○ https://www.drupal.org/project/core_update

• Developed several Proof-of-concepts

○ php-rot: amortizes the work of converging a source tree to a lockfile-defined state, isolates active vs. writable partitions (David Strauss) 1 ○ Request filtering for highly critical security issues (Axel Rutz, Miro Dietiker) 2 ○ Opcache-aware digital signature verification during autoloading3, Composer memory reduction4 (Mike Baynton)

3 https://github.com/curator-wik/composer-signature-verified-autoloader 4 https://github.com/composer/composer/pull/8053 1 https://github.com/php-rot/rot 2 https://www.drupal.org/project/drupal/issues/2999453

Subtitle

Add speaker name here

Title slide

The Roadmap Today

• Many ideas, long.
• High-level overview: two halves

○ Foundational Support in the (relatively) short term ○ Three parallel efforts in a mid/long term track

From the official issue (node/2940731)

Subtitle

Add speaker name here

Title slide

The Roadmap Today

Foundational Support in the (relatively) short term:

• Show Public Service Announcements in Drupal and alert site owners that new

PSAs are available. ○ In progress

• Add a “pre-flight check” to evaluate whether a site can be automatically

updated safely ○ In planning, development starting late April

• In-place, automated core update (with limitations)

○ In planning, development mid June through November

From the official issue (node/2940731)

Subtitle

Add speaker name here

Title slide

Three parallel efforts mid/long term

• 1. Improving the manual update process

by making Update Manager able to update D7 core

• 2. Restructuring Drupal to better support

Composerized management of the codebase.

• 3. Creating an unattended auto-update

installer and a small immutable “bootloader.”

The Roadmap Today

From the official issue (node/2940731)

Subtitle

Add speaker name here

Title slide

• There is a module that does this now
• Drupal 7’s EOL approaches

How about we drop this? The roadmap looks more achievable that way.

The Roadmap Today

From the official issue (node/2940731)

Three parallel efforts mid/long term

• 1. Improving the manual update process

by making Update Manager able to update D7 core

• 2. Restructuring Drupal to better support

Composerized management of the codebase.

• 3. Creating an unattended auto-update

installer and a small immutable “bootloader.”

Subtitle

Add speaker name here

Title slide

• Yes!
• But, it’s not necessarily a hard

dependency to continued progress on automatic updates. How about we refocus our immediate efforts on delivering a minimum viable product.

The Roadmap Today

From the official issue (node/2940731)

Three parallel efforts mid/long term

• 1. Improving the manual update process

by making Update Manager able to update D7 core

• 2. Restructuring Drupal to better

support Composerized management

• f the codebase.
• 3. Creating an unattended auto-update

installer and a small immutable “bootloader.”

Subtitle

Add speaker name here

Title slide

• This gets to the meat of it!
• Bootloader enables active/inactive

codebase & may compensate for decreased security of writable files.

• Much of the work should hold up well

when comprehensive Composer support is added. Recommendation: Reformulate the roadmap and add a deliverable after this stage

The Roadmap Today

From the official issue (node/2940731)

Three parallel efforts mid/long term

• 1. Improving the manual update process

by making Update Manager able to update D7 core

• 2. Creating an unattended auto-update

installer and a small immutable “bootloader.”

• 3. Restructuring Drupal to better support

Composerized management of the codebase.

Subtitle

Add speaker name here

Title slide

Sponsored Development

• 2. Creating an unattended auto-update

installer and a small immutable “bootloader.”

• 3. Restructuring Drupal to better support

Composerized management of the codebase.

• 1. In-place, automated core update
• Drupal 7 & 8, but will not be committed

to 7 Core

• Method in planning1

1 https://www.drupal.org/project/automatic_updates/issues/3043235

The Roadmap Today

From the official issue

• 1. Improving the manual update process

by making Update Manager able to update D7 core

Subtitle

Add speaker name here

Title slide

Proposed New Roadmap

Active/Inactive codebase, bootloader Won’t support Composer ➲ Funded effort ➲ Likely last part backported to D7 Evolution of in-place updates ➲ Gently introduce the bootloader model & signing ➲ Basic “smoke test” of new version before going live ➲ Rely on symlinks at this stage to defer complications with serving static files In-place Automatic Updates

Subtitle

Add speaker name here

Title slide

Proposed New Roadmap

Strive to support any code update ➲ Need Composer solver to fit in web contexts ➲ Try to retain Composer plugin support Full Composer support With simple vendored updates ➲ composer.lock updated ➲ Composer used to make new autoloader ➲ Move active asset files into docroot to stop requiring symlinks Partial Composer support

Subtitle

Add speaker name here

Title slide

Active/Inactive Codebase ...without restructuring Drupal?

( )

To run on every web server, yes. To run on most web servers, symlinks can be a stepping stone. Complicating factors:

• How are assets dealt with? (css/js/images)
• Don’t we need to vendorize core first?

Subtitle

Add speaker name here

Title slide

|-- current -> a |-- html | |-- index.php (the bootloader) | |-- autoload.php | |-- core -> ../current/core | |-- sites | |-- modules/custom/ | |-- modules/contrib -> ../current/modules | |-- themes/custom/ | |-- themes/contrib -> ../current/themes |-- a | |-- core | |-- index.php | |-- modules (contrib) | |-- themes (contrib) | |-- vendor | `-- [...] |-- b | |-- (same as a) |-- composer.json |-- composer.lock

• The symlink ./current controls which codebase is

active ○ Used directly for served web assets

• Things in the docroot mostly symlink through

./current ○ Uploaded files remain

• Composer can already be used to manage this

○ https://github.com/mbaynton/drupal-project-ab.git

Active/Inactive Codebase ...without affecting URLs?

( )

Subtitle

Add speaker name here

Title slide

Auto Updater, Part Deux:

Out:

• Composer’s dependency evaluation
• Signature verification of non-core

PHP files

• Support for multi-webserver

deployments In:

• Some updates to vendored packages

○ When backwards-compatible without dependency changes. ○ Directly update code & composer.lock, dump new autoloader with Composer.

• Won’t break Composer CLI
• Validating autoloader “0.5”

○ Part of immutable “bootloader” ○ Drupal Core files protected from tampering by verifying digital signatures.

Things we can do with the symlink layout

Subtitle

Add speaker name here

Title slide

How Can I Get Involved?

Test things out

Kick the tires now on

• Issues in the Automatic Updates

queue 1

• Symlink layout 2
• Drupal 7 manual core update

module 3

We need an Initiative Coordinator Planning assistance

• Pre-flight checks 4

Contributions welcome!

○ d.o/project/ideas/issues/2940731 ○ #autoupdates on Slack, monthly meetings first Thursday at 3PM Central ○ And this week in Seattle!

1 https://www.drupal.org/project/issues/automatic_updates?status=8 2 http://github.com/mbaynton/drupal-project-ab 3 https://www.drupal.org/project/core_update/ 4 https://www.drupal.org/project/automatic_updates/issues/3043521

Subtitle

Add speaker name here

Title slide

Questions?

Subtitle

Add speaker name here

Title slide

http://vuln.rocks/crackdru

Join us for contribution opportunities

Friday, April 12, 2019

9:00-18:00 Room: 602

Mentored Core sprint First time sprinter workshop General sprint

#DrupalContributions

9:00-12:00 Room: 606 9:00-18:00 Room: 6A

Subtitle

Add speaker name here

Title slide

http://vuln.rocks/crackdru

What did you think?

Locate this session at the DrupalCon Seattle website:

https://events.drupal.org/node/22550

Take the Survey! https://www.surveymonkey.com/r/DrupalConSeattle