Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
seanr and I were working #2065513: Add Hacked! check and needed a way to get Hacked! to work without altering the site in question - including the database (like installation or caching). This will allow the hacked to be installed across an entire platform.
Drush has its own cache and the existing drush check caches in a separate location, so it made sense to just switch to drush's cache.
Comments
Comment #1
seanrI can verify this works well, but I think we'll want some additional people to test it.
Comment #2
codi CreditAttribution: codi commentedThe patch applied cleanly and i'm able to run "drush hd views" for instance and it comes back perfectly. I'm not able to run hacked-list-projects though.
call_user_func_array() expects parameter 1 to be a valid callback, function 'hacked_build_report_batch' not found or invalid function name batch.inc:149
Any ideas?
Comment #2.0
codi CreditAttribution: codi commentedlink to issue
Comment #3
codi CreditAttribution: codi commentedCleaned up the patch and it's working for me now. Would like some other eyes on if possible.
Comment #4
FluxSauce CreditAttribution: FluxSauce commentedcodi, that patch really didn't work for me at all, and it removed out a lot of logic that was used to get it working in the first place.
What version of drush are you using? I'm currently using Drush 5.9. Did you test that by installing hacked into ~/.drush/commands and not into the target site?
I updated my patch to fix a bug where drush would barf if the Drupal core update module wasn't installed.
Comment #5
FluxSauce CreditAttribution: FluxSauce commentedIs there anything that I can do to help this along? I'd really like to get this integrated with Site Audit!
Comment #6
Steven Jones CreditAttribution: Steven Jones commentedI guess this just need some testing by me to see if it still works!
Comment #7
Steven Jones CreditAttribution: Steven Jones commentedThis doesn't quite work as far as I can see.
When running via drush I get the following:
If I place the hacked module into the Drupal codebase, then it does work, but if the module is installed as a Drush extension, then it doesn't.
Comment #8
FluxSauce CreditAttribution: FluxSauce commentedSteven - which patch # did you use?
Comment #9
Steven Jones CreditAttribution: Steven Jones commentedI was testing https://drupal.org/files/issues/hacked-standalone_drush-2066371-4_0.patch
Comment #10
codi CreditAttribution: codi commentedFluxSauce, are you able to give me some more details on "that patch really didn't work for me at all, and it removed out a lot of logic that was used to get it working in the first place place."?
Did the patch not apply, or did the drush hacked command not work. Did it produce any errors?
Comment #11
codi CreditAttribution: codi commentedOk, maybe I got it. The file argument for the batch operation wasn't working. It was prepending the root of the site you call the command from to the root of the hacked drush commands directory, eg. /var/www/sitename//usr/share/php/drush...). What I've done for now is removed the file argument and made a _drush copy of hacked_build_report_batch and put that directly into the hacked.drush.inc file.Most of the other modifications are from FluxSauce's previous patch, but redone against the latest from hacked's git.
It would be great if someone could test this one out.
Comment #12
Jaesin CreditAttribution: Jaesin commentedStill applies to 7.x-2.x but need to get rid of:
drush_log(print_r($operations), 'warning');
Comment #13
codi CreditAttribution: codi commentedSorry about that. Here's a new patch with the line removed as well as an interdiff.
Comment #14
seanrUnfortunately, if you've got a site that already has hacked in it's module base, you'll get a fatal with this. Anyone have any idea how to get around that?
Comment #15
codi CreditAttribution: codi commentedWould it make sense to just remove it from the site?
Comment #16
FluxSauce CreditAttribution: FluxSauce commentedHey all, sorry for the delay in response. A lot of stuff's been going on with site_audit and other kinds of stuff.
As of site_audit v1.9, there's now a framework for extending it and adding custom reports.
I'm going to take another swing at this using the new mechanism and try to iron out all the little bugs and nuances, including the use case where hacked is installed within drush and within the site.
Comment #17
FluxSauce CreditAttribution: FluxSauce commentedMajor overhaul!
Thanks to all for their feedback, code (especially codi) and review, really appreciated.
Comment #18
FluxSauce CreditAttribution: FluxSauce commentedIf this is included, the commit comment should also mention https://www.drupal.org/u/seanr for his original version of the site_audit integration in #2065513: Add Hacked! check :-)
Comment #19
Jaesin CreditAttribution: Jaesin commentedI'm getting:
"Unable to determine whether core or contrib modules have been modified!"
hacked-list-projects
doesn't have the--include-unchanged=0
argument.If I add
--strict=0
to line #79 of hacked.site_audit.inc I get a list of hacked projects in my report without the unchanged modules listed.Comment #20
FluxSauce CreditAttribution: FluxSauce commentedThanks for the feedback, Jaesin, I've adjusted as recommended. I've also added a security report since the initial patch was written, so I've added Hacked! to the Security report instead of codebase.
Comment #21
greggmarshallI just used the patch from #20 against a git clone, aka the dev branch, and installed the resulting patched files into my home/.drush directory, cleared caches, and used that to
a) try the hacked (hd) command and it found the changes I expected (we have a patched version of core to support our proxy for https traffic)
b) use the site audit (aa) command, although while it executed hacked (I presume) I got the result "Unable to determine whether core or contrib modules have been modified!" Not sure why that happened, it appears that #20 incorporates the
--strict=0
from #19, although I found that at line 79 of hacked.site_audit.inc and not hacked.drush.inc, which I assume was a typo in the comment above.So I tried just "drush hacked-list-projects" and got the error message
PHP Fatal error: Cannot redeclare hacked_reports_hacked() (previously declared in /sites/all/modules/_development_d7/hacked/hacked.report.inc:9) in .drush/hacked/hacked.report.inc on line 21
which is documented in #14. I removed the hacked module from the site's module directory and the hacked-list-projects and site-audit commands worked fine. Is there no way to test if a module is installed in drush?Comment #22
FluxSauce CreditAttribution: FluxSauce commentedRe: #21 - I can't replicate the aa failure.
Regarding the concern of redeclaring - the patch fixes it, but the site includes a version of hacked that doesn't check for the existing function, then that will happen and I don't think there's any way around it. What may make sense is to specify a new release if this patch is included, which will encourage people to upgrade and hopefully avoid that problem.
Comment #23
Dimetry CreditAttribution: Dimetry commentedI failed to apply patch to latest dev release:
hacked.info:
Applying patch:
Is patch incompatible with latest dev release?
Comment #24
FluxSauce CreditAttribution: FluxSauce commentedProbably. I'll work on it.
Comment #25
rcross CreditAttribution: rcross at CrossFunctional commentedThis applies cleanly to commit 1fa55b3
The removal of includes/hacked_project.inc in commit 794c51e (and other code rearranging) is what is causing the conflict.
Assuming we can reroll the patch to work, can the maintainer comment about what is holding back this patch from being committed?
Comment #26
FluxSauce CreditAttribution: FluxSauce commentedI've got some time again!
Rerolled and aligned with the latest changes. Let me know if there's anything else I can do to help!
Comment #27
jcnventura CreditAttribution: jcnventura as a volunteer commentedPatch #26 works for me.. Please add this functionality.
Comment #28
rcross CreditAttribution: rcross at CrossFunctional commentedlooks good to me.
Comment #29
colanLooks like this is now breaking when run from the UI, over at admin/reports/hacked:
I'm assuming hacked.drush.inc only gets loaded when run through drush? That's where that function is defined.
Comment #30
colanI thought it would make more sense to get this working in D8 first. The problem, however, is that I'm running into this:
I think the problem is that the Hacked! cache service cache.hacked defined in hacked.services.yml was never set up because the module wasn't installed. Anyone know if there's a way to get to Drush to do so, without installing the module?
Maybe the service can be registered via ServiceProviderBase::register as described in Overriding services in Drupal 8 - advanced cases, but I'm not sure.
Comment #31
colanHere's a D7 version that should be good to go; it works both uninstalled with Drush and installed from the Web UI now. Changes from #26:
Added the following stanza to hacked.report.inc:
...and renamed hacked_load_dependencies() to hacked_load_drush_dependencies().
Leaving status as Needs Work for D8, even though this D7 patch should really be Needs Review.
Comment #32
colanDon't worry about #30. I just realized I was trying to use the Drupal cache instead of Drush's cache. Fixing...
Comment #33
dawehnerWell yeah to be clear about the problem described earlier. Services aren't loaded into the container, unless the module is installed. Maybe drush could provide its own dependency injection container, but I guess this could be tricky.
Comment #34
colanI didn't get a chance to test this with Site Audit (even though the code is there), but I tested the following:
Comment #35
Alan D. CreditAttribution: Alan D. commentedLatest 7.x-2.x-dev (3 Jul 2017) tarball was crashing using drush with the message
[Edit]
The patch from #26 resolved the drush issues, but the Drupal Admin UI functionality was fairly broken.
Comment #37
colan#35: For D7, #31 was the way to go, which I just committed.
Comment #38
colanIn D7, this seems to cause problems when used with #1835444: Support the new dev info strings. See new issue #3019685: Class 'hackedProjectWebDevDownloader' not found in hackedProject->identify_project() for details.
Comment #39
colanWe need to update the README to include the new functionality here, as was done for D7.