Application Vaults of Plesk 7.5.2 include too old version of softwares

[editor]

Application Vaults of Plesk 7.5.2 include too old version of
softwares


Hi all here,

last week, I got the new Plesk 7.5.2 Reloaded for Linux.
Logging into the https://mydomainname.tld:8443/ I could
detect under the

System ---> Server ---> Application Vault

33 different nice application vaults, for example

- gallery, v 1.4.4
- wordpress, v 1.2.1
etc.

These softwares are not up-to-date like also the other
softwares which clients can install via the
application-vault.

The latest version of Gallery is 1.5 and not 1.4.4
cp. http://gallery.menalto.com/
cp. http://sourceforge.net/project/showfiles.php?group_id=7130

The latest version of Wordpress is 1.5 and not 1.2.1
cp. http://wordpress.org/download/

The same problem is also with many other softwares which
were included in the Application Vault of PLESK.

The dangerous one thing is, because clients - which are most
time beginners or a little bit newbies in these technical
things - would be able to install old version of such
softwares. Old version of softwares, which have many bugs.

What I want is, that the client will always get the right
one and latest version of such application vaults - before
the client will begin to install it for his domainname.
Older version should not be offered via this application
vaults, of course.

So, reason enough to find these old version. They should be
anywhere on the harddisk. I become a little gumshoe;-) to
find those onto the server. And I could detect them. You can
find them under

root/PSA_7.5.2/rpm_your_Linux_distribution_name/opt/vault

for example here in my case, it was:

root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault

dir -1

AutoIndex-1.5.1-7502.noarch.rpm
b2evolution-0.9.0.11-7502.noarch.rpm
bbclone-0.46a-7501.noarch.rpm
Coppermine-1.3.2-7502.noarch.rpm
CSLH-2.9.8-7501.noarch.rpm
DocFAQ-1.71-7504.noarch.rpm
gallery-1.4.4-7502_rh.noarch.rpm
gtchat-0.93-7502.noarch.rpm
openbiblio-0.5-7509.noarch.rpm
Owl-0.73-7503.noarch.rpm
phpAds-2.0-7501.noarch.rpm
phpBB-2.0.11-7501.noarch.rpm
phpBook-1.50-7502.noarch.rpm
phpBugTracker-1.19-7501.noarch.rpm
phpDig-1.85-7501.noarch.rpm
phpMoney-1.3-7505.noarch.rpm
phpMyFamily-1.4.0-7501.noarch.rpm
phpsurveyor-0.98-7506.noarch.rpm
phpWiki-1.2-7508.noarch.rpm
pLog-0.3.2-7501.noarch.rpm
PostNuke-0.750-7502.noarch.rpm
Tellme-1.2-7503.noarch.rpm
TUTOS-1.82-7501.noarch.rpm
typo-3.7-7501.noarch.rpm
UebiMiau-2.7-7504.noarch.rpm
WebCalendar-0.9.45-7501.noarch.rpm
WebShopmanager-2.0-7502.noarch.rpm
WordPress-1.2.1-7501.noarch.rpm
xrms-1.18-7501.noarch.rpm
(29 files)

The first seldom thing is, that you will find 33 different
softwares under the application vaults. But having a look
with your root-access, you can only find 29 different
softwares. I miss 4 files as application vaults. There is
something wrong.

The next thing is, these 29 application vaults were from
18th April 2005 and came from

http://autoinstall.plesk.com/versions.inf
http://autoinstall.plesk.com/plesk_7.5.2_fc2.inf

> | -rw-r--r-- 1 root root 163415 Apr 18 03:51 AutoIndex-1.5.1-7502.noarch.rpm
> | -rw-r--r-- 1 root root 1820187 Apr 18 03:51 b2evolution-0.9.0.11-7502.noarch.rpm
> | -rw-r--r-- 1 root root 707362 Apr 18 03:51 bbclone-0.46a-7501.noarch.rpm
> | -rw-r--r-- 1 root root 2455130 Apr 18 03:51 Coppermine-1.3.2-7502.noarch.rpm
> | -rw-r--r-- 1 root root 1340739 Apr 18 03:51 CSLH-2.9.8-7501.noarch.rpm
> | -rw-r--r-- 1 root root 231397 Apr 18 03:51 DocFAQ-1.71-7504.noarch.rpm
> | -rw-r--r-- 1 root root 1864311 Apr 18 03:52 gallery-1.4.4-7502_rh.noarch.rpm
> | -rw-r--r-- 1 root root 501351 Apr 18 03:52 gtchat-0.93-7502.noarch.rpm
> | -rw-r--r-- 1 root root 549374 Apr 18 03:52 openbiblio-0.5-7509.noarch.rpm
> | -rw-r--r-- 1 root root 3531716 Apr 18 03:51 Owl-0.73-7503.noarch.rpm
> | -rw-r--r-- 1 root root 2530829 Apr 18 03:52 phpAds-2.0-7501.noarch.rpm
> | -rw-r--r-- 1 root root 657704 Apr 18 03:52 phpBB-2.0.11-7501.noarch.rpm
> | -rw-r--r-- 1 root root 251934 Apr 18 03:52 phpBook-1.50-7502.noarch.rpm
> | -rw-r--r-- 1 root root 449342 Apr 18 03:52 phpBugTracker-1.19-7501.noarch.rpm
> | -rw-r--r-- 1 root root 340003 Apr 18 03:52 phpDig-1.85-7501.noarch.rpm
> | -rw-r--r-- 1 root root 837049 Apr 18 03:52 phpMoney-1.3-7505.noarch.rpm
> | -rw-r--r-- 1 root root 256165 Apr 18 03:52 phpMyFamily-1.4.0-7501.noarch.rpm
> | -rw-r--r-- 1 root root 643858 Apr 18 03:52 phpsurveyor-0.98-7506.noarch.rpm
> | -rw-r--r-- 1 root root 361157 Apr 18 03:52 phpWiki-1.2-7508.noarch.rpm
> | -rw-r--r-- 1 root root 1434996 Apr 18 03:52 pLog-0.3.2-7501.noarch.rpm
> | -rw-r--r-- 1 root root 2613574 Apr 18 03:51 PostNuke-0.750-7502.noarch.rpm
> | -rw-r--r-- 1 root root 106079 Apr 18 03:51 Tellme-1.2-7503.noarch.rpm
> | -rw-r--r-- 1 root root 1083121 Apr 18 03:51 TUTOS-1.82-7501.noarch.rpm
> | -rw-r--r-- 1 root root 15818074 Apr 18 03:52 typo-3.7-7501.noarch.rpm
> | -rw-r--r-- 1 root root 283714 Apr 18 03:51 UebiMiau-2.7-7504.noarch.rpm
> | -rw-r--r-- 1 root root 713217 Apr 18 03:51 WebCalendar-0.9.45-7501.noarch.rpm
> | -rw-r--r-- 1 root root 114359 Apr 18 03:51 WebShopmanager-2.0-7502.noarch.rpm
> | -rw-r--r-- 1 root root 336275 Apr 18 03:51 WordPress-1.2.1-7501.noarch.rpm
> | -rw-r--r-- 1 root root 2644159 Apr 18 03:52 xrms-1.18-7501.noarch.rpm

What is to do? These application vaults must be updated onto
the server. At the same time, the offers for such
application vaults should only offer the latest version via
the PLESK-site for clients. Old versions have to disappear
for the client under the application vault.

It is also recommended, that the
http://autoinstall.plesk.com/versions.inf and
http://autoinstall.plesk.com/plesk_7.5.2_fc2.inf will not
offer such old softwares anymore. We all know, that PLESK is
a great software. But we also know, that we all pay a high
price for the licences. This is why, we can also await, that
PLESK will also invest in taking care for actual and latest
software-version for the chapter "Application Vaults". PLESK
and PLESK-resellers make Million of Dollars profit. And
there is no personal here who will take care, that
http://autoinstall.plesk.com/ ff. will also deliver the
correct and latest version of softwares for application
vaults.

Now we must solve this problem by ourselves by a manual way,
I think so. Let's make an example with

- gallery-1.4.4-7502_rh.noarch.rpm and
- WordPress-1.2.1-7501.noarch.rpm

My idea was following: With the root-access, I will delete
these old files under

root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault

After it, I will stay within this directory
root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault and I will open
FTP with my SecureCRT.

root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault ftp
ftp> open [domainname]

I am then able to download the latest RPM direct into this
root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault

But then there is the next problem. PLESK doesn't seem to
know, that there are newer version of the application vault
"galery 1.5" and "wordpress 1.5". There must be a way
anywhere to let it know to the PLESK-software. No chance but
you will start to manipulate the SQL of PLESK.

The sector server --> application vault via the
PLESK-website allows an admin only to add a new application
vault. But there is no chance to delete one. And so, we have
a registry problem within the PLESK-Software.

The next problem is, that neither Gallery nor Wordpress
offers a RPM for downloading. So, it would not work so or so
and you are anyhow blind alley.

My opinion is: It is not a technical bug within the
PLESK-software itself. It is a human failure by the
computer-scientists of PLESK-Reloaded. Licensees are anyhow
in a strait-jacket which blocks making business with the
clients. Or licensees have to hazard the consequences for
the risks, that a client will install buggy softwares via
the application vaults, because there are too many softwares
too old and there is nobody here of PLESK who will take care
for the right one versions.

Any ideas? Maybe you know a trick how to fix this problem
of updating? Of course, I will write a workshop with screenshoots
also about this special theme.

editor

 

[jshanley]

I skipped the application vault because properly upgrading installed applications seems to be nearly impossible.

What I mean is, if your client installs one of the applications, say version 1.0, upgrading it through the control panel / application vault was not possible. So when version 1.2 came out, your only choice was to manually upgrade the installed application for all clients that had it installed.

I do not know if it is still the case with the current version of application vault, but I believe it is. So I avoided purchasing it until they get it working correctly.

 

[Raymond]

Not in webroot dir.

I stopped using it for the same reasons.
And another major thing is that you can't install them in the webroot (httpdocs) dir.

From own experience imho what we need is a script with 3 options:

1. Install no questions asked for noobies.
2. Install with configuration options
3. Installing an upgrade

Take Care and Enjoy

 

[jamesyeeoc]

What is really sad is that even if you purchase the 4PSA 'Integrator' module, it also does not allow you to specify the doc root, nor upgrade a package, etc.

One explanation I got was that they didn't want to allow installs to docroot since there would be liability if a sysadmin screwed up and overwrote it by accident. So give them a big warning screen and have them verify it twice!! I want the choice. Life is all about choices.... especially when I'm paying for it!

Oh, and you didn't mention that many packages (such as autoindex) even after the 'easy install', won't run until you make additional mods, why can't they ask for the required items and then auto-change the configs?? Gee, that would take way too much time to add that code...lol

$$ on top of $$ ....but I guess it all works out in the end.

In some cases, I have seen that the older versions were free, but newer versions are try and buy.

 

[editor]

Hi Jshanley,

Originally posted by jshanley
I skipped the application vault because properly upgrading installed applications seems to be nearly impossible.

Well, there are two things which you must see.

(1)

The one thing is the new software, which is saved onto the
harddisk. Those RPM-files, see my list before. They do
nothing. It is only for storage. A RPM-file waits only until
anyone will call this software for making an installation.
And this will be done via PLESK by the client over his
client's section of "application vault". Every client can
then start an installation by a very comfortable way. The
RPM-files are already here, need not to be searched and
downloaded. And the installation can be started at once. A
client need not to make any cuddle-muddle by FTP and
sausages his config-things.

The question is, how these RPM-files came onto the server.
It was delivered by PLESK. More exact: These both URLs

http://autoinstall.plesk.com/versions.inf and
http://autoinstall.plesk.com/plesk_7.5.2_fc2.inf

are "guilty" for it, that the PLESK-licensees will get _old_
version of RPM-files. And this is a thing, what I do not
understand. Million of US-Dollars are paid by the licensees
to PLESK. And they deliver us such old softwares without
asking us. In the law-science, you might also argue with
words like "It is pure intention to deliver buggy
softwares". Or "better to deliver no old RPM files instead
of spamming the admin full with old RPM-files".

The admin of a PLESK-server - people like you and me - have
then the work to fix the sleepyheads over
http://autoinstall.plesk.com/versions.inf and
http://autoinstall.plesk.com/plesk_7.5.2_fc2.inf

It is known, that such application-vaults are "only"
3rd-party-softwares. But then please PLESK.COM should not
spam our PLESK-server full with total old RPM-files. The
normal admin has no chance to fix these problems. Many
things must be done manual by hand. You have to delete the
old RPM-files, see the posting before and have a look at
root/PSA_7.5.2/rpm_FedoraCore_2/opt/vault

You have also to edit the entries within the SQL-database
under the database "psa" and its table "SiteAppPackages".

SELECT *
FROM `SiteAppPackages`
LIMIT 0 , 40

For example to delete all these table-rows listing old
softwares. Do not delete the table "SiteAppPackages" itself.
I speak only about the infos there, for example:

id name version release description access_level integrated
47 xrms 1.18 1 XRMS is a web-based application for managing busi... 0 false
46 UebiMiau 2.7 4 UebiMiau is a web-interface to your mail. 0 false
45 phpWiki 1.2 8 A WikiWikiWeb is a site where everyone can collab... 0 false
...
..

Then it will disappear hopefully onto your website of your
PLESK-serveradmin without having any other new holes. And
for your clients who will not see any application vaults?
Easy to solve it. Offer them your own download-area with the
latest software, f.e. with your anonymous FTP-Server.



(2)

The other one thing is to update a 3rd-party-software which
is already installed. This has then nothing to do with PLESK
and the application-vault anymore. The storage of RPM-file
was already copied for an installation for a domainname.
Nothing more. The client itself must then have a look for an
update. It is the job of the client himself, that he will
update his installed gallery 1.4.2 to 1.5 or wordpress 1.2.1
to 1.5. Same also with other 3rd-party-softwares.

 

[editor]

Originally posted by jshanley
What I mean is, if your client installs one of the applications, say version 1.0, upgrading it through the control panel / application vault was not possible. So when version 1.2 came out, your only choice was to manually upgrade the installed application for all clients that had it installed.

Yes, you are right. I think, there is a little bit
missunderstanding by you, because the application vault is
only an online-tool to show you which kind of 3rd-party-softwares
are saved as storage-files onto your harddisk. Instead of
downloading, these RPM-files are already onto your PLESK-
server. Nothing more.

Or with other words: It shows you the waste of webspace,
because nobody need such much webspace only to save old
RPM-files.

 

[jshanley]

I see. Well, I guess I don't really see the point of the Application Vault unless it provides new versions and upgrades, and provides an interface to configure the items. Otherwise, the clients can just download the applications they want to run... or request that I download & install them for a fee.

Application vault is a good idea.. it just needs more features to make it useful & worth the money.

Then again, I feel the same way about Dr Web. $400 for an antivirus solution that breaks my install half the time? No thanks.. a nice antivirus solution with full web interface can be had for less than 1/3 of that. bleh.

-J

 

[jamesyeeoc]

Their concept or reason for the AppVault, was to provide less knowledgeable admins an 'easy' way to install/uninstall various apps to their domains without having to have CLI access.

Great in theory, just not so great in implementation.

Another reason was competition, like 4psa products, unfortunately both implementations are of a limited nature...

 

[hardweb]

The feature to install the in domains root will be available in the next version of Integrator, it's one week away. To upgrade existing applications it's impossible because most projects do not respect a development plan and the upgrade procedure changes from version to version. In most cases even their official upgrade procedure does nto work.
If the applications would have been written by us, the upgrade would have been a joy.

 

[jamesyeeoc]

Hey hardweb, that's great news about doc root installs.

I entirely agree with you about no development plans and how difficult many packages are to upgrade.

And it is definitely much easier and smoother if a single company develops all the parts which make the whole.

What I really hate are the packages which clearly state 'you must uninstall previous version *before* installing this version'. To me that is just a sign of laziness. Any company which makes one version, should be able to handle either upgrading existing or at least automatically uninstalling the old version as the first part of the new version installer.

Even with not being able to use several features of the 4psa products, I still happily pay for the Extreme bundle (or did I upgrade to Ultra? can't remember). There are still the majority of your add-on/enhancement modules which make admin tasks easier.

My statement " Great in theory, just not so great in implementation. " did not mean it was a terrible implementation, it was good, just not great...

Thanks for your good work and efforts.

 

[editor]

Originally posted by hardweb The feature to install the in domains root will be available in the next version of Integrator, it's one week away. To upgrade existing applications it's impossible because most projects do not respect a development plan and the upgrade procedure changes from version to version. In most cases even their official upgrade procedure does nto work.
If the applications would have been written by us, the upgrade would have been a joy.

I think, it has nothing to do with the 3rd-party-software
itself.

Fact is following:

The http://autoinstall.plesk.com/versions.inf and
http://autoinstall.plesk.com/plesk_7.5.2_fc2.inf
SPAMs my PLESK-server full with these old **** of
total old application-vault-softwares.

And now the admin has to clean his PLESK-server. The case is
easy: autoinstall.plesk.com has to pay the costs for the
admin's job to kill this software-spaming by them.

I do not know any other solutions.

In the meanwhile, I could detect another bad thing. Theme
"How PLESK-resellers abuse the PLESK-licence". But more
about this in a new thread.

 

[editor]

btw hardweb and your 4psa.com: I like the idea and philosophy and your theory, but:

"Compatible with: Plesk 7.5 Reloaded, Plesk 7.1 Reloaded, Plesk 7 and Plesk 6 for Linux/Unix"

I have Plesk 7.5.2 Reloaded, so I think, your 4psa might then not be compatible with the latest 7.5.2.

BTW 4psa: If I add a new domainname to PLESK 7.5.2., then the client will get an information. But in this moment, when domainname is added, the client should also get the invoice and the payments should be done to PayPal. Is there a chance to realize this?

 

[jamesyeeoc]

The 4psa products are compatible with Plesk 7.5.2, I know, I have them running without a single problem in their code.

Neither the Plesk software nor the 4psa software has built-in capabilities for billing or invoicing.

The client gets a 'Notification' email (both Plesk and 4psa Notifications have this feature) depending on how you have set up the notify email options. It was not intended or designed to handle invoicing and payments.

 

[nibb@]

What about this issue i detected with AV

On Plesk now we have to the option to disable or able a certaing client to have Mambo CMS, if enabled the Mambo Button Appears on the page, if disabled the button is off.
This is real dumm since on the aplication vaults there is also Mambo CMS
Im sure its the same version and software, so if you disable the Mambo Option on the client permissions he can still install it via the applications Vault, so you should put on the application vault Mambo as Paid License to have it disable. Isnt that dumm? Or a bug?
Why the option to able or disable Mambo when you click on the Global Operations on a Client ?
Also i dont get the system of the Application Vaults, if you have all scripts on, all clients can install everything, i dont want that, i did not find any option to disable applications vault for clients. What i can do is put on the Server applications vault mark all scripts as paid license so nobody will see anything, but that will disable all scripts for all clients, what happens to clients that i wich to have some scripts?
Or to enable some scripts to someone but disable for others ?
On resume what i mean is this, you cant allow some script for some users, or they have it all or they dont have nothing. And if you do leave the option on so they have all applications its stupid to disable for example on the client permission the Mambo becasue if the application vault is on for that client he still has access toit.
As for this post, yes the scripts are out of date and Plesk should update this things, Plesk is not open source guys, i paid an expensive license and i dont get support with that cost for the control panel, at least i would like security holes patches.

 

[editor]

In the meanwhile, I did following: I created my own
Anonymous FTP. And there are all the same files which
you can find in the Appl.Vaults over Plesk. But the files
onto my FTP-Server are real up-to-date.

Tommorrow, I will try to link the Plesk-System with my
Anonymous-FTP. The "psa" has only an URL of plesk
itself which I am able to exchange with my FTP-Server.

Clients or me (or of course you, because my FTP is
public for everyone) are then always able to get the
latest version of div. Appl.Vaults. The next step will then
be, that if someone detect a newer version of any
3rd-party-softwares, you can then also upload it into
the "incoming"-folder of the FTP-server.

 

[editor]

I think, the best would be, Plesk or SW-Soft would also
setup an own FTP-Server. Look there, nothing works there:

ftp://ftp.plesk.com/pub/
ftp://sw-soft.com/pub/

 

[editor]

Calling SW-Soft, they said to me, that I can buy the latest
Application Pack over their website:

Application Pack
The Plesk Application Pack is a customizable repository of
more than 30 Site Applications giving Admins the ability to add,
deploy, configure, and remove applications for any domain on
the system. $199.00
http://www.sw-soft.com/en/buyonline/plesk75reloaded/

It is the same App.Pack which is already running on the
Plesk-Server with all the total out-to-date App.Pack. So,
I have to understand this so, that they cash $199.00 for
old softwares.

 

[Cranky]

Originally posted by editor
I think, the best would be, Plesk or SW-Soft would also
setup an own FTP-Server. Look there, nothing works there:

ftp://ftp.plesk.com/pub/
ftp://sw-soft.com/pub/

I think you want ftp://download1.sw-soft.com/

 

[editor]

Originally posted by Cranky
I think you want ftp://download1.sw-soft.com/

Oh, wonderful. Thank you very much.

 

[nibb@]

I actually use now the PHPAds
i installed it with the Plesk Vault
Just a question, i want to upgrade the soft, will plesk panel le me?