[wpkg-users] Replace xmlhttp download with curl/wget

Rainer Meier r.meier at wpkg.org
Fri Jul 15 14:46:35 CEST 2011


Hi Marco,

On 15.07.2011 11:32, Marco Gaiarin wrote:
> + WSH, as stated in this list, have poor performance and limited
>   features when downloading

This is absolutely clear. That's also a reason why I do not really support the 
<download /> tag in particular. I think it's just a legacy feature for very 
basic download functionality. From my point of view most people would be better 
off by using wget and similar tools.


> + WSH, as stated again here, have no hash function, any hash algorithm
>   have to be implemented in pure WSH or relay on an external script

Sure, that's why I don't think using the an md5 attribute in <download /> makes 
much sense. As this would be either ignored in default case (pure WPKG 
deployment without wget/md5sum). Up to now all the features of WPKG are 
available by the default wpkg.js without the strict requirement for external tools.


> So seems reasonable to, optionally, relay on an external script; seems
> reasonable, because we can relay on an external script, to add the
> 'md5' field to<download />  tag, that the internal WSH downloaded
> ignore but can be passed, optionally, to the external script.

As said above some features discussed in this thread would then require 
additional tools (these tools would then not be optional again). So use of any 
of these flags would break the package if the tools it relies on are not available.
Moreover such a hardcoded implementation would add a dependency to SPECIFIC 
download/md5 tools like wget and md5sum. Alternative tools cannot be easily used 
as the interface might be different. For example one might like to use sha1 
checksumming or prefers an md5 sum tool which is faster but prints the output in 
slightly different format etc.


> You are right, we can just use existing<install />  and<update />
> tags to do so, but the<download />  tag just exist, and i think is
> more cleaner to use it.

Yes it might be more "clean" but using commands is much more flexible and allows 
you to use any tool which best fits your environment (and not just one which is 
chosen by WPKG team and enforces you to use this one).

So for me there would be only one compromise we could potentially think about:
Ship WPKG with a download-helper script.
E.g. ./tools/download/wpgk-downloader.cmd
This script accepts a clearly defined list of parameters like:
- Download source URL
- Download target folder
- MD5 sum in pre-defined encoding (optional)
- SH1 sum in pre-defined encoding (optional)

The script could then decide on some internal logic what to download and whether 
the download was successful or not and then return with pre-defined exit status.
E.g.
0  all success, download finished, checksum OK.
1  download failed
2  any checksum failed (md5 or sha1)

However I still think it might be easier to provide such an optional script to 
be used in commands rather than called from download nodes in package.xml. The 
reason is simply that I see that commands would already support any number of 
parameters, using environment variables etc. while using a strict download tag 
structure always limits to certain features. So if later sha2 support or any 
other special solution is required, then it would requiring to adapt wpkg.js 
code. Using commands will work no matter which parameters might be added later.

> [ Indeed, this have nothing to do with my ''server side download'' script,
>    using the global /noDownlaod switch on wpkg.js.
>    Clearly, also my script can be easily extended to use md5 hashes... ]

Sure, and even when using commands to download files it could be globally 
disabled by simply supporting an environment variable NO_DOWNLOAD which makes 
the script to skip its task and exit with code 0 instead (or alternatively still 
verifying the checksums).

br,
Rainer



More information about the wpkg-users mailing list