Update 2017-03-02: If your using Nextcloud they now have their own in browser updater this script still works though.
One of the most important things in security is patching. For the last several years two out of the ASD's top four mitigations have been patching (patching applications and patching the Operating System).
To me I think how your going to get new version of your application out to your end users should be a decision made very early in the design phase. About the time your thinking whats the most appropriate programing language to tackle a problem you should also be thinking how will I deploy this code once it's written and how will we update deployments.
Sometimes this decision will be made for you by the platform you are targeting such as Android or IOS. Sometimes it's not your problem when you expect downstream distributions to deal with packaging and updates1. And sometimes you need to build your own update mechanism. I quite like the way LibreNMS updates, which basically boils down to a cron job doing a
git pull every day.
I've used ownCloud for a while but one thing that's always annoyed me is they don't have an easy way to upgrades. I'd like to just tick a box that says 'Keep me on the latest stable version' or at the very least 'download security fixes automatically'.
For now I've made do with this script and just manually downloading the latest version of ownCloud each time there is a patch.
I've created a directory called
/opt/owncloud-install/ and in there I've got a subdirectory called
old-installs. When a new ownCloud version comes out I cd into
/opt/owncloud-install/ wget the latest version and run
#!/bin/bash # Stop Apache2 (not necessary, but it's a good idea) systemctl stop apache2.service # Backup config.php and data mv /var/www/owncloud/config/config.php /opt/owncloud-install/config.php mv /var/www/owncloud/data /opt/owncloud-install/ # Delete everything else rm -rf /var/www/owncloud/ # Extract a fresh copy (the tar ball doesn't include a data and config.php) tar -xf owncloud-*.tar.bz2 -C /var/www/ # Replace the backed up files mv /opt/owncloud-install/config.php /var/www/owncloud/config/ mv /opt/owncloud-install/data/ /var/www/owncloud/ # Set ownership (the files in the tar ball are owned by nobody) chown -R www-data:www-data /var/www/owncloud/ # Start Apache2 back up. systemctl start apache2.service # Achive install file mv owncloud-*.tar.bz2 old-installs/
After that you still need to visit your ownCloud home page and click through the database upgrades.
It's not the most robust script but it works well enough for me. I've been looking at NextCloud, I haven't made the switch yet but if they introduce an automatic update mechanism that would be a big enough draw card for me to change.
Although even then you need some way to mark a new version and security fixes so the downstream can package them. ↩