Oh while we’re talking about licensing and “pseudo-this and that” maybe this can also be the time to address the really messed up signature checks in the Dashboard and GUI that shows completely valid and trusted third-party modules as untrusted but the all the validation checks via the CLI actually pass.
Also, this isn’t the first time people have been able to get updates of commercial modules that had expired support and it had nothing to do with “pseudo-repos”. I’m pretty sure the new changes to how licenses are check in FreePBX v17 was actually an attempt to address those outlier cases.
Either way it looks like in order to protect commercial interests the OSS contributors are getting slapped for it because now their trusted and signed modules show as untrusted in the most visible parts of the GUI.
Previous versions already called out module mismatches in Module Admin, and I agree there have been edge cases around entitlement and module update behavior before. Part of the recent update was about improving visibility so users who may not have even realized there was an issue could more easily identify and address. That said, the work here is really about improving consistency around entitlements, compatibility, and at the end of the day, overall platform security.
RE: the signed OSS module concern, can you share a specific example of a module showing as untrusted in the GUI while still passing via CLI? I haven’t personally run into this yet, but agree 100% that it should not be happening if the module is properly signed and validated.
This topic was specifically split out to address a purported issue with module signature warnings:
@jerryriggin assuming your curiosity is related to the topic at hand, problems like this could potentially arise for a variety of reasons, including but not limited to:
Relevant background information for the curious – including more details on the aforementioned GPG key signing PDF agreement – can be found in our public documentation:
On a FreePBX 17 system, could you install my signed module, smsconnector:
fwconsole ma downloadinstall https://simon.tel/pbx-modules/smsconnector-16latest.tar.gz
What I end up seeing is a security notice on the dashboard. Yet if I examine the module list in Module Admin, it says the module is signed. But the notice is quite obvious and I get complaints from users about my module not being signed.
Try also installing it on FreePBX 16 where it is happily accepted and no warnings are shown.
Yeah, those are the kinds of warnings I get for mine and @billsimon’s module on v17. I clear them and then they are gone for a while and will come back…probably when the caching clears/resets at some interval.
– including more details on the aforementioned GPG key signing PDF agreement – can be found in our public documentation:
