New Plugins Home (where Notepad++ will load from)
-
When plugin authors want to update a plugin they have to change the related entry in the plugin list. Thus they need the ability to test if this entry works correctly.
Since the
nppPluginList.dll
file can not be changed we need another approach. What are your ideas/plans concerning this point? -
@SinghRajenM said:
if plugin present only in global scope (e.g. %allusersprofile%), then don’t actually remove a plugin, rather mark it in ignored list.
I like this idea of yours. It is an efficient way out of the problem where user A doesn’t want particular plugin and by removing it removes it for all other users as well.
But the approach to install and prefer always the user version of a plugin is two-folded. It depends on the way you look at it.
If you look from an administrator’s perspective you might want the users to access specific set of plugins (including specific versions) that are known to be safe and the possibility for a user to overwrite your secure version with his custom one is a nightmare. You can see @Fran-Favorini 's post here. -
What will be the location for nppPluginList.dll?
There is no impact for plugins location or am I missing somethings?
When plugin authors want to update a plugin they have to change the related entry in the plugin list. Thus they need the ability to test if this entry works correctly.
Since the nppPluginList.dll file can not be changed we need another approach. What are your ideas/plans concerning this point?They should always use the tools with the current plugin list. It should be enough for testing, shouldn’t it ?
-
If you look from an administrator’s perspective you might want the users to access specific set of plugins (including specific versions) that are known to be safe and the possibility for a user to overwrite your secure version with his custom one is a nightmare.
Oh, I see. But even this also can be handled using config or registry whether to allow user to load/install/update plugin. This config can be written by providing an another checkbox on installer’s last page (just before finish), or can be pushed as group policy from domain users.
Otherwise, standard user will never be able to use any new plugin because s/he can’t write to %allusersprofile%. This way we are just blocking normal user to use full-fledged plugin managers even administrator does not set any policy explicitly. However, this statement is not validated, but I feel it is true in most of the cases. Correct me, if I am wrong.
-
The current discussion about how and where to install plugins has overlayed the questions in my comment. I wanted to have exact infos about these topics.
@donho said:
@dinkumoil said:
What will be the location for nppPluginList.dll?
There is no impact for plugins location or am I missing somethings?
Maybe this is the wrong topic to ask this question. There was a discussion if the file maybe should be stored under %ProgramData% in order to make it available to all users. I wanted to know the current status of that discussion.
They should always use the tools with the current plugin list. It should be enough for testing, shouldn’t it ?
OK, question answered.
-
@dinkumoil said:
Maybe this is the wrong topic to ask this question. There was a discussion if the file maybe should be stored under %ProgramData% in order to make it available to all users. I wanted to know the current status of that discussion.
What’s your thought about it then?
-
@donho said:
What’s your thought about it then?
I think it would be better to store it under %ProgramData%. A plugin list only available for that user who installed Notepad++ makes no sense, especially as in the future the plugins itself seem to get stored under %ProgramData% as well.
-
@SinghRajenM said:
However, this statement is not validated, but I feel it is true in most of the cases. Correct me, if I am wrong.
I’m not quite familiar with that but your comment sounds perfectly reasonable to me.
-
The idea of plugins loading from both default / user folders is good (I said it and I say it again), but in order to avoid plugins management conflict and simplefy the implementation, I think it’s a nice-to-have but not a must-to-have feature. Therefore it won’t be implemented.
-
@dinkumoil said:
I think it would be better to store it under %ProgramData%. A plugin list only available for that user who installed Notepad++ makes no sense, especially as in the future the plugins itself seem to get stored under %ProgramData% as well.
@dinkumoil & @SinghRajenM :
It’s a good idea to have one list for all users. However, the nppPluginList.dll is supposed to be updated independently. It means Notepad++ which is launched without Admin right cannot modify the data in %Programdata%. So plugin list cannot be in %Programdata% because it cannot be updated by users without admin right.
Or you’ve got a solution for that? -
Notepad++ loads plugins from: <NPP_INST_DIR>\plugins
is strictly needed if you are in an environement where the enterprise sets the MS Windows AppLocker to allow only binaries from a certain position or every binary needing a signature and everything is pre-packaged.in such an environment, users cannot install plugins themselves but every plugin needed by a user needs to be pre-packaged with NPP itself and then distributed to all.
any idea how this can be achieved with 7.6? i am one of the NPP users in this environment and also responsible for the instructions how to package it.
-
If the file nppPluginList.dll gets stored under %ProgramData% I guess the exact path would be
%ProgramData%\Notepad++\plugins\config\nppPluginList.dll
.If plugins get installed under %ProgramData% the exact path would be
%ProgramData%\Notepad++\plugins\<plugin-name>\<plugin-name>.dll
.These would be two different locations. Thus it would be possible to change during installation of Notepad++ the NTFS access rights of the directory
%ProgramData%\Notepad++\plugins\config
to grant access to all users.The nppPluginList.dll doesn’t contain executable code and, I guess, it is loaded with the flags
LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE
, thus access rights for all users should not introduce any risk.BUT what’s about plugin installation? Storing plugins under
%ProgramData%\Notepad++\plugins\<plugin-name>
would also require elevated rights, a thing GUP.exe currently doesn’t do (maybe it is even not able to do).If we want plugins to be installed under %ProgramData% we need a GUP.exe that is able to trigger UAC when copying a files to a certain directory. Thus GUP.exe could be used to download and install nppPluginList.dll and plugins themself.
Because GUP.exe isn’t able to provide user feedback during plugin installation I think it is necessary to extend this program anyway. The current version is too simple - too much KISSes ;-).
Some thoughts from a higher point of view:
As far as I know all these discussions about where and how to store plugins derive from the idea to publish a Windows Store App variant of Notepad++. Because Microsoft issued the policy that an UWP package has to be immutable it is not possible to change the content of an UWP app’s installation directory.
BUT Microsoft has also issued the policy that files with executable code have to be stored under %ProgramFiles% because this location offers some sort of protection against malware attacks. Thus neither %LocalAppData% nor %ProgramData% is the right place for storing plugin DLL files.
It seems like the author of the UWP package spec had not in mind that there could be UWP apps which provide a plugin interface, thus he brought us into a dilemma - it makes no difference where plugin DLL files get stored, as long as the location tries to fit the requirements of an UWP app the location is WRONG, because of the one or the other policy.
How about declining the requests for a Notepad++ UWP app variant because of security concerns and because the whole concept of UWP apps is crap?
There is a certificate protected SciLexer.dll and SHA-256 hashes of plugin ZIP files to prevent malware and man-in-the-middle attacks but DLL files get stored at unsecure locations - it’s a paradoxon.
-
See https://github.com/NightRi-se/notepad-plus-plus/issues/10 and workaround https://github.com/NightRi-se/notepad-plus-plus/issues/19 for UWP. Plugins seems to be a problem in that environment.
-
@dinkumoil
Indeed, it’s just implemented in 61402a354f214fab8d6899ec19e57f657268c0c6 :
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/61402a354f214fab8d6899ec19e57f657268c0c6However, I really don’t think it’s a good idea to put plugin list in
%PROGRAMDATA%
. The reason is the following:
The UAC elevation will be required for updating plugin list - and it’s the case for one part of use case (no idea about the percentage).
Another use case (IMO it’s more common) is without UAC elevation to update plugins list - to make Notepad++ hard to use for just one usage case, that’s what I’m trying to avoid to. -
@donho said:
Indeed, it’s just implemented in 61402a354f214fab8d6899ec19e57f657268c0c6 :
Thumbs up!
However, I really don’t think it’s a good idea to put plugin list in
%PROGRAMDATA%
. The reason is the following:
The UAC elevation will be required for updating plugin list - and it’s the case for one part of use case (no idea about the percentage).
Another use case (IMO it’s more common) is without UAC elevation to update plugins list - to make Notepad++ hard to use for just one usage case, that’s what I’m trying to avoid to.Sorry, but I don’t understand exactly what you are talking about. I can see it was late when you did that posting… ;-)
Is far as I can see you say that UAC elevation would be required when updating the plugin list if it would be stored under %ProgramData%. This is true if the NTFS access rights for the storage location of the plugin list are left at the default setting.
But during Notepad++ installation UAC elevation is required anyway. Thus the installer could create the directory
%ProgramData%\Notepad++\plugins\config
for storing the plugin list and set its NTFS access rights to grant access for all users. Thus when the plugin list gets updated no UAC elevation would be required.Since the plugin DLL files themself would be stored under
%ProgramData%\Notepad++\plugins\<plugin-name>
this location would be still protected against changing/replacing plugin DLL files without UAC elevation. -
@dinkumoil said:
Sorry, but I don’t understand exactly what you are talking about. I can see it was late when you did that posting… ;-)
Sorry for not being clear. What I tried to say is:
- plugin list is in %ProgramData%, then wingup needs UAC elevation - which is annoying
- plugin list is in %AppData%, then wingup DOES NOT needs UAC elevation - which is good
And I’m quite sure 80% of use case is suitable for the 2nd solution. Only 20% of use case need the 1st solution. If we apply the 1st one, we make annoying 80% users.
Is far as I can see you say that UAC elevation would be required when updating the plugin list if it would be stored under %ProgramData%. This is true if the NTFS access rights for the storage location of the plugin list are left at the default setting.
But during Notepad++ installation UAC elevation is required anyway. Thus the installer could create the directory
%ProgramData%\Notepad++\plugins\config
for storing the plugin list and set its NTFS access rights to grant access for all users. Thus when the plugin list gets updated no UAC elevation would be required.Then that’s a good news - any link about that?
Edit: Just find this one and will try it:
https://stackoverflow.com/questions/116876/how-do-you-set-directory-permissions-in-nsisIt could be the solution, however I’m not sure such solution is suitable for the companes’ administrators, since they don’t want plugin List generally.
@Fran-Favorini & @Zanzaraaa What do you think about such behaviour?
-
@donho said:
Then that’s a good news - any link about that?
No, I don’t have a link to prove that, it’s based on my experience. In my company I’m among writing code for our main product resposible for writing the installer of the software using InnoSetup. The settings file of the software is stored in a subfolder of %ProgramData% since we want to achieve that all users of the computer share the same settings. Our users mostly work under a restricted Windows user account, thus in the beginning we had the issue that they were not able to save their custom settings. I solved that by granting full access for all users to the files in the settings file’s directory during installation of the program.
EDIT (response to your Edit): Well, users can see plugins, but they can not install them.
-
@dinkumoil said:
EDIT (response to your Edit): Well, users can see plugins, but they can not install them.
User can “install” a plugin list by copying a signed plugin list manually. But it’s true that users cannot install plugins if they don’t have Admin right. I think it’s OK to store nppPluginList.dll in
%ProgramData%\Notepad++\Config\
. -
In the last days I’ve noticed many support requests here in the forum that followed a common pattern:
After installing Notepad++ v7.6 users can only see Plugin Admin and plugin menu entries if they start Notepad++ under an administrative account. The solution of this issue was that these users normally work under a restricted Windows account, thus they had to provide credentials of an administrative account to install Notepad++. As a consequence the standard plugins, plugin config files and even Notepad++ config files get installed to the user profile of this administrative account used during installation.
In the past it was a common case to install plugins for all users, thus users are not used to have user specific plugins. Furthermore, I think that most users are not aware of the implications of installing programs under another (administrative) Windows account than their own (that’s the reason for the support requests I mentioned above).
I would like to suggest that installing plugins for all users, i.e. installing them to %ProgramData%, should be the standard case in future Notepad++ versions. This would prevent a lot of similar support requests.
Sure, users who already migrated to v7.6 and moved their plugins to %LocalAppData% will run once again into the issue that they have to move the plugins. But this is only one time more and it takes not so much effort since the new directory structure of the plugins directory already exists under %LocalAppData%, it only has to be moved as a whole to %ProgramData%.
-
currently we have to answer these following 2 scenarios again and again:
- users installed to C:\Program Files ((x86)) with the option “Don’t use %APPDATA%” selected
in this case neither plugins nor plugins admin is visible after the installation
possible solutions:
a - more complicated:
grey out “Don’t use %APPDATA%” if the selected path matches %PROGRAMFILES% or %PROGRAMFILES(X86)%b - quick and dirty:
remove “Don’t use %APPDATA%” completely from the installer.
so from now on it has to be done manually creating a DoLocalConf.xml and copying all files to the np++ directory- the installer was invoked by users without admin rights, so all plugin and plugins admin will reside inside the %LOCALAPPDATA% and %APPDATA% of the Administrator account they have entered but not within the invokers %LOCALAPPDATA% and %APPDATA%
(as @dinkumoil has posted above)
possible solutions:
a - more complicated:
find a way to get the invokers environment instead of %LOCALAPPDATA% and %APPDATA%
it “could” be done a bit complicated by making a 2 stage installer, first has as invoker rights in it’s manifest and writes the invokers environment paths to a common temp location, then the first stage calls the elevated real installer which reads the invokers path from there instead of the installers environmentb - quick(er):
always install to a common environment path like %PROGRAMDATA% as default
and additionally make an installer option to use %LOCALAPPDATA%/%APPDATA% instead for people who might want it or if they want keep it as it is nowwhat are your thoughts and ideas about this ?
- users installed to C:\Program Files ((x86)) with the option “Don’t use %APPDATA%” selected