Menu

Plugin Manager 0.9 Released

2009-07-23
2012-11-14
  • Dave Brotherstone

    Hi all,

    Plugin Manager 0.9 has just been released.  Of course, if you're already using it, you'll probably already know that, and have probably already updated :)

    The main change is support for plugins that are installed multiple times, but there are a number of other improvements.  It's wise to update the Plugin Manager before installing or updating any other plugins, as the XML has changed a bit so some plugins won't install properly with 0.8.  The new version will warn you if you don't update, but unfortunately that wasn't there in 0.8.

    Documentation and more info is on http://www.brotherstone.co.uk/npp/pm/

    Changes:
    - Plugins that are installed multiple times are now supported, and can be updated individually
    - The updater (gpup.exe) now shows a progress bar, useful feedback if you've installed or updated a lot of plugins
    - User will be presented with a warning if there is an update to the plugin manager that they haven't taken - it's always best to update the plugin manager first, then install or update other plugins
    - Rework of the variable handling in the XML - all variables are now processed at install time
    - New variable available, $PLUGINFILENAME$, which is (unsurprisingly) the filename of the installed plugin
    - Copy now supports a "toFile" attribute, which copies to a filename rather than a directory
    - Added facility in XML to set the name of an unknown plugin based on a hash value - so a plugin that returns a dynamic name can still be supported (the dynamic name will still be shown in the list to the user however, but install and update will be possible)
    - The user-agent header for all downloads now contains the version number of the plugin manager
    - Fixed an issue if the user said no to restarting after removing plugins

    Enjoy, and please let me know your feedback. 

    Any issues, please report them here.

    Thanks,
    Dave.

     
    • cchris

      cchris - 2009-07-25

      Somic:
      The problem is not with your plugin I think, but with how Plugin Manager handles its update.
      What happens is that Plugin Manager attempts to authentify the plugin by comparing the md5 of downloaded file with some known md5. I think Dave will contact you directly if there is something you can do to help the process.

      CChris

       
      • Somic

        Somic - 2009-07-25

        looking forward...

        rgds,
        Somic

         
    • Dave Brotherstone

      Sorry, should have said download links are on the documentation / info page too, but they're here if you want to get them directly

      http://www.brotherstone.co.uk/npp/pm/PluginManager_0.9_UNI.zip
      http://www.brotherstone.co.uk/npp/pm/PluginManager_0.9_ANSI.zip

      Cheers,
      Dave.

       
    • esteban aguilera

      thanks for your efforts but not to include this plugin on the homepage of plugins for download, your work will be known by a few.

      i still thinking it is  A MUST BE into notepad++ program.

      keep up the good work !

       
    • esteban aguilera

      the spellchecker, i has 1.2 and trying to update to 1.3 it gives me the next error:

      load library is failed, make runtime library setting of this project as multi threaded may cure this problem.

      this plugin is not compatible with current version of notepadd.

      ..................

      i am using unicode notepad++ and i selected this version of your plugin, i shure the problem comes for this stuff.

      greetings

       
    • cchris

      cchris - 2009-07-24

      I have hit this before. The error message means that a dependency could not be found.

      At least, wha happened to me is that I couldn't install the dependency at office, while I already had it at home, and the error took place on the office machine only.

      CChris

       
    • cchris

      cchris - 2009-07-24

      I eventually downloaded and installed it, even though I tend to distrust auto updates, which I usually find to have undesirable side effects. Great idea. Works for the most part.

      But there are some issues which I consider to be worrisome:

      1/ If gpup.exe could not connect to Internet, no clue is being provided. I think thee should be one.
      2/  When behind a proxy, it is likely that the default browser knows about the right parameters for it. Could you consider adding a button to get these settings from browser (like Firefox does on install)? This would avoid making mistakes on copying them (see 1/)
      3/ On perfectly valid updates, I'm told that there was no way to validate the dll being downloaded. If a plugin is known not to make its md5 availabble, perhaps this info should be on the master XML file so as to avoid the useless warning to user - what am I supposed to do on the warning? I can't validate the download any better.
      3a/ For maximum security, the warning about there being no trusted authentification available would be better appended to the description of the plugin when the former is not "Unknown ...".
      4/ There doesn't seem to be a rollback option. Yet installing a newer plugin version can hurt, on an unlucky day. On an update, you should perhaps back previous dll up, so that Rollback can revert to the earlier version.

      CChris

       
      • Dave Brotherstone

        1.  That's a good point - I'll add that in (actually it only connects to validate the files, more on that in a moment)
        2.  Yes, settings from gup or the default browser would be good. I'll make that an aim for 1.0.
        3.  The validation step is not only to validate the download has happened successfully, but to validate that a *known* file is being copied to your plugins.  All plugins and external libraries have had their MD5s taken, so before they are copied into your plugins directory (or Npp directory etc), the MD5 of the file is checked against the known list.  If it's not there, it produces the warning. This does two things, 1. check that the file downloaded correctly, and 2. check that the file contained within the archive is the same as the file known to be "good".  So, if a malicious developer changed the file to one containing a virus/trojan/backdoor/etc, then the user would be warned that the file could not be verified and hence should not be copied.  Perhaps the message needs to be made clearer - any suggestions?  This method obviously does not rule out a nasty plugin (or other malicious file) being copied, as it's perfectly possible to create a file with the same hash and different contents, but it does make it more tricky.  The aim of this is not to completely eradicate the risk of downloading dll's to run natively, but to mitigate the risk as much as possible.  Any ideas for extensions to this scheme are always welcome.  (Signing at the moment would seem out of the question, as there are several issues with going down that route, but again, ideas are welcome)

        4. Rollback has been mentioned before, and is certainly something i'm looking into.  It may be post 1.0 though, as (personally), i feel it would be good to be able to go back to a previous version of a plugin you've never installed ("ok, so plugin X has been released as 2.0.0, and i really like it, but it keeps crashing, maybe the previous 1.6.4.1 will be more stable").  So, rollback wants to be more than just rollback...

        Thanks for your comments,
        Dave.

         
        • cchris

          cchris - 2009-07-25

          Hi, Dave

          Concerning 3/: I completely agree with the rationale for checking the file. What I agree less with are the false positives. Try upgrading Math Plugin from v0041 to current (v0046).

          We have extensive security at my workplace, for good reasons, and my attempts to find something wrong with that dll have failed. This is the reason of my comment - I assumed the plugin simply couldn't be checked.

          About 4/: well, my vision on this is that a rollback is the cancelling of a transaction. So, installing an earlier version of a plugin isn't quite a rollback. Just thinking to the scenario where a subsequent version of Quicktext has some issue. If PM "rolls back" and installs the Vista version of current stage on a XP system or (pobably worse) vice versa, then letting the user decide looks to me a better way.

          CChrisisn

           
          • Dave Brotherstone

            CChris,
               I'll check the math plugin.  Obviously creating the MD5's has been manual, as has creating the XML, which took a large part of the development time.  It is perfectly possible that an MD5 has been missed in the official list.  If there is no response from the server, then the same message is presented to the user.  Perhaps that should be a different message -"It has not been possible to contact the validation server to validate a file being copied" or something similar. 

            Regarding rollback, perhaps the first stage is to be able to go back to any plugin you've had installed, and installed over the top of.  The second stage would be to be able to install an older version, and I can see a reason for wanting to do both.

            Thanks for putting your distrust of auto-updaters aside for long enough to try this out.  Gauging the importance of features is something I can only do with feedback like this.

            Thanks again,
            Dave.

             
    • cchris

      cchris - 2009-07-24

      I should have thought about it before: the "Get proxy ssettings" buton could simply extract info from gupOptions.xml. Or the plugin could simply use the file, obviating the need for a Settings dialog altogether.

      CChris

       
    • Somic

      Somic - 2009-07-25

      Hi,
      sorry for not showing up before but I've been busy.

      I have not understood the kind of problem with the math plugin.
      If someone is so kind to explain me the problem I can try to help (always interesting to know) or modify to solve the problem

      It is not written in c++ (that I don't know) but in purebasic 4.31, the compiler is specific while the linker is the polink of pellesc language. It does nothing strange (I think...).

      regards,
      Somic

       
    • cchris

      cchris - 2009-07-25

      Dave:
      Now I remember what was the oother plugin that triggered a warning: it was NppAutoIndent 1.2 .

      Since there is a md5 for it to be fetched on SF, the suggestion you made about the actual error being an inability to contact auth server becomes very likely. Remember I'm behind a proxy at work, it could well reject this sort of requests.

      As a result, using a different error message would be a welcome improvement indeed.

      /hint For 2.0, provide an companion authentification plugin that can do its thing alone offline:-)

      CChris