A user developing a plugin will not zip it - in which case we don;t do a checksum.
2017-05-16 13646, 2017
adhawkins
Hi Bitmap. Home now, so available to help if you need me to.
2017-05-16 13659, 2017
samj1912
Sophist-UK: but we will still need a manifest anyways
2017-05-16 13606, 2017
samj1912
to display things in picard
2017-05-16 13606, 2017
Sophist-UK
Yes. For the metadata.
2017-05-16 13619, 2017
Freso hasn't done Chrome extension dev either, but has done a lot of Arch packaging, which runs a script to generate the .SRCINFO manifest files.
2017-05-16 13635, 2017
adhawkins
yvanzo: Not to worry, thanks for trying anyway.
2017-05-16 13649, 2017
samj1912
so only check for a checksum when special extension zipped files are loaded
2017-05-16 13608, 2017
samj1912
and allow a loading from folder option to allow developing plugins (like chrome)
2017-05-16 13632, 2017
Sophist-UK
Yes.
2017-05-16 13600, 2017
samj1912
works.
2017-05-16 13605, 2017
zas
+1
2017-05-16 13641, 2017
zas
Another thing, how to handle i18n of plugin titles and descriptions ?
2017-05-16 13650, 2017
Freso
I'm not entirely sure what's going on, but as long as we implement manifest versioning, we can always change it. ;)
2017-05-16 13602, 2017
zas
^^ yes
2017-05-16 13611, 2017
samj1912
Freso: there will definitely be manifest versioning :P
2017-05-16 13633, 2017
samj1912
I will be sticking close to chrome manifest format, its pretty damn thought out, even for future scope :P
2017-05-16 13638, 2017
Freso
So... what are we actually trying to decide right now?
2017-05-16 13650, 2017
samj1912
I was just presenting all my ideas that I had thought about
2017-05-16 13603, 2017
samj1912
and in case anyone had better ideas or opposition to switching to manifests
2017-05-16 13604, 2017
Freso is looking at https://developer.chrome.com/extensions/manifest and it seems a bit over engineered for our current needs :)
2017-05-16 13612, 2017
samj1912
Freso: not all of it :P
2017-05-16 13628, 2017
Freso
I thought we agreed on going down the manifests route last week? Anyway, +1 from me. :)
2017-05-16 13640, 2017
Freso
(Since I've already suggested that a few times already.)
2017-05-16 13644, 2017
Sophist-UK
+1 Lets not reinvent the wheel - using the subset of the chrome manifest that we need sounds like an easy solution.
2017-05-16 13651, 2017
Freso
I'd like to know more about the proposed workflow though.
2017-05-16 13602, 2017
zas
+1 from me
2017-05-16 13603, 2017
samj1912
Freso: proposed workflow for?
2017-05-16 13625, 2017
Freso
At what point in time is the manifest generated, who/what generates it, is it stored in VCS along with the plugin or only generated on demand, etc.
2017-05-16 13654, 2017
samj1912
Manifest is made by the dev. (similar to chrome manifests, we can provide some boilerplates)
2017-05-16 13616, 2017
ruaok
!m Quesito
2017-05-16 13616, 2017
BrainzBot
You're doing good work, Quesito!
2017-05-16 13617, 2017
Freso
Can we make a script to extract info from the plugin itself?
2017-05-16 13631, 2017
ruaok
great work on the "Good cop, bad cop" routine!
2017-05-16 13643, 2017
CatQuest
:diss:
2017-05-16 13646, 2017
CatQuest
hmm
2017-05-16 13647, 2017
samj1912
for extracting the current metadata and porting it to manifest form, yes we will need a script
2017-05-16 13653, 2017
Mineo
there's only one more thing I'd like to mention since Sophist-UK talked about deliberate modification of plugins: embedding a crc32 or md5sum into a zip file will not catch that. if you're able to modify the code inside of the extension as an attacker, chances are very high you can also modify the checksums
2017-05-16 13654, 2017
bochecha has left the channel
2017-05-16 13659, 2017
samj1912
Good news is, we have been doing this for quite some time
2017-05-16 13631, 2017
Freso
Mineo: Hashes/checksums in general are really only good for catching corruption.
2017-05-16 13633, 2017
Quesito
;) ruaok
2017-05-16 13639, 2017
Quesito
Thanks!
2017-05-16 13616, 2017
Mineo
Freso, I know, that's why I wanted to explicitly mention that the deliberate modification case by an attacker is not going to be covered :)
2017-05-16 13617, 2017
Sophist-UK
Well - how about code signing using a private key on the server. Hint: Don't put the Private key in Github. :-)
2017-05-16 13627, 2017
samj1912
Mineo: we can display the checksums on PW, and maybe somewhere in picard UI
2017-05-16 13635, 2017
samj1912
the user can check manually if its all correct
2017-05-16 13637, 2017
Freso
Sophist-UK: Not really a good option either.
2017-05-16 13637, 2017
Sophist-UK
Why display checksum?
2017-05-16 13651, 2017
zas
What's about KISS for now ...
2017-05-16 13652, 2017
Sophist-UK
I accept that the nrisk is low.
2017-05-16 13657, 2017
Freso
zas: +1
2017-05-16 13612, 2017
Freso
I think having hashes in the manifest for the sake of catching corruption is good.
2017-05-16 13626, 2017
samj1912
zas: about i18n, we can simply follow the picard way
2017-05-16 13630, 2017
Freso
But there's no reason to show the hashes in the UI or on the website.
2017-05-16 13640, 2017
samj1912
mark strings, and make a script to extract and submit to transifex
2017-05-16 13651, 2017
Freso
samj1912: In the manifest file?
2017-05-16 13606, 2017
samj1912
Freso: huh?
2017-05-16 13607, 2017
Sophist-UK
samj1912: +1 on i18n
2017-05-16 13612, 2017
CatQuest
hmm translating plugins..
2017-05-16 13617, 2017
Mineo
ok, I'm heading out. have a nice evening :)
2017-05-16 13619, 2017
Freso
samj1912: I18n in the manifests.
2017-05-16 13640, 2017
Freso
How do you cover translated plugin names or descriptions?
2017-05-16 13644, 2017
samj1912
ah
2017-05-16 13602, 2017
Freso
(Plugin i18n is not on today's agenda. ;))
2017-05-16 13603, 2017
CatQuest
\o Mineo
2017-05-16 13609, 2017
samj1912
dont we know all the fields that will need i18n?
2017-05-16 13635, 2017
samj1912
author, name , description etc
2017-05-16 13640, 2017
CatQuest
for each plugin, there shouldn't be that much text....
2017-05-16 13640, 2017
Sophist-UK
I agree - let's discuss i18n another time - its a bigish subject.
2017-05-16 13646, 2017
CatQuest
unless it adds things liek menues, options
2017-05-16 13651, 2017
CatQuest
"add as cluster"
2017-05-16 13656, 2017
CatQuest
+1 to that
2017-05-16 13658, 2017
samj1912
Sophist-UK: not really?
2017-05-16 13603, 2017
Sophist-UK
LastFmPlus
2017-05-16 13621, 2017
samj1912
I am weighing on discontinuing lastfmplus for v2
2017-05-16 13622, 2017
CatQuest
what?
2017-05-16 13631, 2017
Freso
Okay. Let me try to sum up:
2017-05-16 13632, 2017
CatQuest
oh plugin name
2017-05-16 13644, 2017
Freso
1) We definitely want manifests.
2017-05-16 13656, 2017
Freso
2) We'll copy the Way of Chrome as much as possible.
2017-05-16 13603, 2017
samj1912
its unmaintainable in terms of code
2017-05-16 13604, 2017
samj1912
unless someone wants to make its ui file
2017-05-16 13618, 2017
Freso
3) I18n in relation to manifests is still up in the air.
2017-05-16 13632, 2017
bitmap
adhawkins: unfortunately I think MB will have to set a minimum required version of node, since APIs we use have changed
2017-05-16 13650, 2017
samj1912
!next? Freso ? :P
2017-05-16 13600, 2017
Freso
Anything I got wrong? Missed?
2017-05-16 13625, 2017
zas
4) checksums/signing ...
2017-05-16 13625, 2017
samj1912
nope
2017-05-16 13626, 2017
Freso
(Re: 3), if we have versioned manifests, we can think about i18n more and come up with something later.)
2017-05-16 13635, 2017
CatQuest
+1
2017-05-16 13636, 2017
Freso
Right.
2017-05-16 13637, 2017
samj1912
and yup
2017-05-16 13641, 2017
Sophist-UK
Zip file, file extension, checksums, developer option
2017-05-16 13603, 2017
Mineo has quit
2017-05-16 13611, 2017
Sophist-UK
I have captured it on the Decisions page of the working doc if someone wnts to check what I have written.
2017-05-16 13614, 2017
samj1912
pcx or pdx for file extension? :P
2017-05-16 13626, 2017
Freso
4) Have checksums/hashes of files in the manifest for the sake of catching corruption, but don't show them to the user/in UIs.
2017-05-16 13643, 2017
just_me joined the channel
2017-05-16 13651, 2017
Freso
I'm actually leaning towards just using .zip. Maybe .picard.zip.
2017-05-16 13658, 2017
CatQuest
+10!
2017-05-16 13626, 2017
zas
yes ;)
2017-05-16 13627, 2017
Sophist-UK
IF checksums don't match do we simply redownload from website or warn the user or both (warn if new download doesn't checksum)?
2017-05-16 13639, 2017
Freso
Sophist-UK: I'm not sure what you mean by "developer option". This seems to be under "copy the Way of Chrome"?
2017-05-16 13640, 2017
Sophist-UK
.picard?
2017-05-16 13645, 2017
CatQuest
sounds logical
2017-05-16 13609, 2017
Sophist-UK
I am not bothered about the developer option - let's just check for file-based plugins.
2017-05-16 13612, 2017
Sophist-UK
Like we do now.
2017-05-16 13632, 2017
Sophist-UK
Picard is not going to face the same scale of hackers as Chrome.
2017-05-16 13657, 2017
Sophist-UK
And we control the Plugins download site like Chrome does.
2017-05-16 13603, 2017
samj1912
okay, anything else to discuss?
2017-05-16 13618, 2017
Freso
I don't think we have agreement on the file extension. :)
2017-05-16 13634, 2017
samj1912
.picard.zip works
2017-05-16 13641, 2017
Freso
🙌
2017-05-16 13643, 2017
Sophist-UK
I'm ok with that.
2017-05-16 13647, 2017
zas
ok for me
2017-05-16 13600, 2017
Freso
Alright, sounds like a go then.
2017-05-16 13602, 2017
Sophist-UK
Avoids any difficulties having a zip format file that isnt .zip.
2017-05-16 13603, 2017
CatQuest
. files are invisible no default osx isn't it...
2017-05-16 13606, 2017
Freso
I think we've covered this topic now.
2017-05-16 13610, 2017
CatQuest
thats a good thing really
2017-05-16 13629, 2017
Freso
CatQuest: E.g., the "Add cluster as release" plugin would be "add_release.picard.zip".
2017-05-16 13600, 2017
CatQuest
ahhhh
2017-05-16 13615, 2017
Freso
Alright/.
2017-05-16 13617, 2017
Freso
!next
2017-05-16 13624, 2017
Freso
Sophist-UK: ... Modularisation, I think?
2017-05-16 13625, 2017
CatQuest
well, anyway if I am not really contribute to the next topic, I'm going out to fetch packages from mail
2017-05-16 13632, 2017
samj1912 is super super sleepy :P
2017-05-16 13638, 2017
CatQuest
staakars sam
2017-05-16 13650, 2017
Freso
samj1912: It's only, waht, 7 minutes past midnight? Psh. ;)
2017-05-16 13657, 2017
CatQuest
😪 sam
2017-05-16 13600, 2017
Sophist-UK
There are two aspects to modularisation: 1. general spaghetti code, and 2. mbxml speifically.
2017-05-16 13615, 2017
Sophist-UK
*specifically
2017-05-16 13617, 2017
CatQuest
nom spagehtti
2017-05-16 13624, 2017
CatQuest
spaghttpi?
2017-05-16 13625, 2017
Freso
samj1912: Can you hang in for another 22 minutes? :)
2017-05-16 13632, 2017
samj1912
ill try :P
2017-05-16 13645, 2017
Sophist-UK sends samj1912 a double espresso with added caffeine shot.
2017-05-16 13654, 2017
CatQuest
spagettpsi
2017-05-16 13602, 2017
CatQuest
nei! he has to sleep after this
2017-05-16 13622, 2017
Sophist-UK
My mbxml idea:
2017-05-16 13600, 2017
Sophist-UK
1. Its a bit of a pain to add support for new metadata at the moment - changes to tags,y, mbxml.py, id3.py, mp4.py etc.
2017-05-16 13617, 2017
adhawkins
bitmap: That's fine. What version should I go for?
2017-05-16 13627, 2017
adhawkins
Shall I just get latest, or do you want me to see if 6 works?
2017-05-16 13628, 2017
Sophist-UK
2. And mbxml is a bit spaghetti like and recursive.
2017-05-16 13654, 2017
bitmap
adhawkins: I'd recommend at least v6, which is the active LTS release
2017-05-16 13607, 2017
bitmap
I'm running v7 locally without issues
2017-05-16 13644, 2017
Sophist-UK
So, let's break mbxml up into pieces that match the objects on MB and internal objects - release, release group, track, work etc. and make them work like plugins.
2017-05-16 13647, 2017
bitmap
looking further into these api breakages though, it might be not as bad as I though
