-
Notifications
You must be signed in to change notification settings - Fork 751
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Upgrade Process to remove Telerik (WIP) #5099
Conversation
This looks great. It looks like it's a standalone module. Is there a plan for integrating this into the upgrade process? Thanks! |
Also, ideally we'd rebase these changes and #5093 on |
Yes, that was my intention, but I don't really know how to do that. |
If you add an Alternatively, take the uninstall logic, move it into the installer, and run it directly as an install step, instead of inside of a separate module. |
Thanks @bdukes, I wasn't aware of the |
Yeah, I was thinking |
a7fcd32
to
5da6eab
Compare
5da6eab
to
f966def
Compare
Yeah, it was put |
@david-poindexter: My opinion is that DNNPlatfporm should take care of its own problems and not do anything with code of others. So: if the Telerik DLL is the DNNPlatform version, than DNNPlatform should do what is must do. If the Telerik DLL is NOT the DNNPlatform version: create a warning but don't mess with the installation, that is not the responsibility of the platform. Compare this with other types of extensions. If other (none platform) extensions have potential security issues because of the use of custom code or external (none platform) libraries, DNNPlatform is not responsible. It would be wrong if the platform starts messing with other peoples code. |
@EPTamminga there is unfortunately no solid programmatic way to differentiate the two. Comparing versions, as @mitchelsellers mentioned, has significant ramifications. |
@david-poindexter The message that Mitch proposed, would be a workable solution, although the second part of the message (the warning) can be applied to any kind of none-Platform extension. |
The reason for the additional note @EPTamminga is that if you leave DNN stuff that is dependent upon Telerik (Digital Asset Management), RAD Editor Provider, the wrapping components, etc. you are leaving issues on the table that aren't just fixed by having a new Telerik version. At the end of the day, due to how Telerik was initially included & supported, the usage of Telerik in DNN is riddled with some real negative connotations that are hard to workaround. Simply doing nothing, MAY be ok, but it might not be, and I don't know that we can properly outline exactly all of those situations. So, the more I think about this, I think we might need to get a bit more verbose and implement the following. If Nothing is found to use Telerik: Do as we are now, suggest the removal If Telerik is found, regardless of version Check to see if the "Digital Asset Management" is installed, of so, show the following message
If "Digital Asset Management" is not found
I don't necessarily like this, but its about the safest way we can provide true guidance? @dnnsoftware/approvers any thoughts? |
@mitchelsellers Well said. This gives a proper explanation. |
@daguiler What is the message if you have a up to date Telerik.dll? |
We cannot differentiate between “up to date” and not. |
@mitchelsellers I meant: a Telerik DLL that was NOT provided by DNNPlatform and has a version that is LATER/HIGHER than a version that was provided in the platform. |
From my understanding the check is twofold: (1) just on dll name and (2) dependencies of other DLLs. So this will NOT pick up on "up to date" Telerik dlls if they have the same name. However ... if any component depends on that new Telerik, then it would be pciked up by the second step. |
Do we need to adjust the Security Check? Notice the |
@daguiler The check is totally fine! Do we have an idea of next-steps here for this one. Some initial testing was done and we did not see Telerik actually get removed in a few initial tests off of this branch. |
@daguiler Will you be able to finish this one up at all in the near future? Anything we can help with? |
Hi @mitchelsellers The uninstall process is designed to work like this:
|
@daguiler Thanks for the update. @dnnsoftware/approvers we might want to call a meeting to review next-steps to help get this one over the finish line |
Best wishes in your new job @daguiler |
Just dropping in to say an engineer from Ignite has picked this up and is doing a deep dive into the PR. |
This is replaced by #5166 |
Closes #4888
Summary
This PR adds a new module to uninstall the Telerik components.
This module can operate unattended, as part of the upgrade process if the user chooses to remove Telerik in the Security tab of the Upgrade Wizard, but it can also run interactively, if dropped on a page.
The module is installed during upgrade even if the user chooses not to remove Telerik. In this case, the user can drop the module on a page later on, and run it interactively.
The module removes Telerik by executing the steps documented in the removal process.
I'll paste some screenshots below in the comments.