Cockpit: nethserver-squidguard-save fired twice when editing a custom filter profile

[federicoballarini]

Steps to reproduce

• Create an extra profile into Nethserver Squid filter page and save it
• Check all is working fine
• Edit the profile (e.g. add a new block category inside the filter or change the name)
• Continue the wizard and save

Expected behavior

• Event nethserver-squidguard-save is fired one time and ufdbguard daemon keep working

Actual behavior

• Event nethserver-squidguard-save is fired twice and ufdbguard sometimes doesn't block sites

Components

nethserver-squid

---

In /var/log/messages you can find something like this:

Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: DELETE blue_profile=profile|Description|Blocco per rete blue|Filter|filter;blue_profilefilter|FilterElse||Removable|yes|Src|role;blue|Time|
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: DELETE blue_profilefilter=filter|BlackList|enabled|BlockAll|disabled|BlockFileTypes|enabled|BlockIpAccess|enabled|Categories|adult,agressif,bitcoin,chat,cryptojacking,dangerous_material,dating,ddos,dialer,drogue,gambling,games,hacking,lingerie,malware,manga,marketingware,mixed_adult,phishing,publicite,reaffected,redirector,sect,shopping,social_networks,stalkerware,strict_redirector,strong_redirector,tricheur,vpn,warez,remote-control,gambleit|Description|Filtro per rete blue|WhiteList|enabled
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8553]: /var/lib/nethserver/db/contentfilter: DELETE blue_profile=
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: OLD blue_profilefilter=(undefined)
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: NEW blue_profilefilter=filter|BlackList|enabled|BlockAll|disabled|BlockFileTypes|enabled|BlockIpAccess|enabled|Categories|adult,agressif,bitcoin,chat,cryptojacking,dangerous_material,dating,ddos,dialer,drogue,gambling,games,hacking,lingerie,malware,manga,marketingware,mixed_adult,phishing,publicite,reaffected,redirector,sect,shopping,social_networks,stalkerware,strict_redirector,strong_redirector,tricheur,vpn,warez,remote-control,gambleit,downloadcenter|Description|Filtro per rete blue|WhiteList|enabled
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: OLD blue_profile=(undefined)
Mar 21 15:57:57 fw /usr/libexec/nethserver/api/nethserver-squid/filter/update[8554]: /var/lib/nethserver/db/contentfilter: NEW blue_profile=profile|Description|Blocco per rete blue|Filter|filter;blue_profilefilter|FilterElse||Removable|yes|Src|role;blue|Time|
Mar 21 15:57:57 fw esmith::event[8557]: Event: nethserver-squidguard-save
Mar 21 15:57:57 fw esmith::event[8558]: Event: nethserver-squidguard-save
Mar 21 15:57:57 fw esmith::event[8558]: cannot remove directory for /var/squidGuard/blacklists/custom/downloadcenter: No such file or directory at /etc/e-smith/events/nethserver-squidguard-save/S2nethserver-squidguard-update-custom-list line 29.
Mar 21 15:57:57 fw esmith::event[8558]: cannot remove directory for /var/squidGuard/blacklists/custom/noweb_whitelist: No such file or directory at /etc/e-smith/events/nethserver-squidguard-save/S2nethserver-squidguard-update-custom-list line 29.
Mar 21 15:57:57 fw esmith::event[8557]: cannot remove directory for /var/squidGuard/blacklists/custom/whitelist: No such file or directory at /etc/e-smith/events/nethserver-squidguard-save/S2nethserver-squidguard-update-custom-list line 29.
Mar 21 15:57:57 fw esmith::event[8557]: Action: /etc/e-smith/events/nethserver-squidguard-save/S2nethserver-squidguard-update-custom-list SUCCESS [0.524691]
Mar 21 15:57:57 fw esmith::event[8558]: Action: /etc/e-smith/events/nethserver-squidguard-save/S2nethserver-squidguard-update-custom-list SUCCESS [0.525282]
Mar 21 15:58:01 fw esmith::event[8558]: Event: nethserver-squidguard-save SUCCESS
Mar 21 15:58:01 fw esmith::event[8557]: Event: nethserver-squidguard-save SUCCESS

In /var/log/ufdbguard/ufdbguardd.log you can find some errors:

2023-03-21 18:47:01 [14650]       FATAL ERROR: sgDbInit: cannot read from "/var/squidGuard/blacklists/custom/whitelist/domains.ufdb" (read-only): No such file or directory  *****
2023-03-21 18:47:01 [14650] ERROR: URL database table "/var/squidGuard/blacklists/custom/whitelist/domains" is empty and is ignored   *****
2023-03-21 18:47:01 [14650] ERROR: A FATAL ERROR OCCURRED: ALL REQUESTS ARE ANSWERED WITH "OK" (see previous lines with "FATAL ERROR" for more information)  *****

[nethbot]

in 7.9.2009/testing:

• nethserver-squid-1.14.1-1.2.ga45e300.ns7.noarch.rpm x86_64 armhfp aarch64

[edospadoni]

@federicoballarini the PR is merged, you can write test cases then someone will test it.

[federicoballarini]

Test cases:

• Check if, while editing a custom profile, the event nethserver-squidguard-save it's fired only one time. (Inspect /var/log/messages)
• Check if no errors are reported in /var/log/ufdbguard/ufdbguardd.log
• Check if ufdbguard daemon is blocking sites properly (e.g. facebook.com if you enable social networks block)
• Check you can save default profile and create custom profiles without regressions

[francio87]

Confirm, fixed :

[root@ns79-test ~]# rpm -q nethserver-squid
nethserver-squid-1.14.1-1.2.ga45e300.ns7.noarch

Editing custom profile:

Mar 31 12:49:45 ns79-test /usr/libexec/nethserver/api/nethserver-squid/filter/update[5668]: /var/lib/nethserver/db/contentfilter: NEW profilo1=profile|Description|descrizione1|Filter|filter;profilo1filter|FilterElse||Removable|yes|Src|host;host_proxy|Time|
Mar 31 12:49:45 ns79-test esmith::event[5669]: Event: nethserver-squidguard-save
Mar 31 12:49:46 ns79-test esmith::event[5669]: expanding /etc/squidclamav.conf
...
...
Mar 31 12:49:49 ns79-test esmith::event[5669]: [INFO] service c-icap is disabled: skipped
Mar 31 12:49:49 ns79-test esmith::event[5669]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [2.702291]
Mar 31 12:49:49 ns79-test esmith::event[5669]: Event: nethserver-squidguard-save SUCCESS

Edit default profile :

ar 31 12:51:10 ns79-test /usr/libexec/nethserver/api/nethserver-squid/filter/update[8164]: /var/lib/nethserver/db/contentfilter: NEW default=filter|BlackList|disabled|BlockAll|disabled|BlockFileTypes|enabled|BlockIpAccess|enabled|Categories|agressif,bitcoin|Description|Default filter|Removable|no|WhiteList|enabled
Mar 31 12:51:10 ns79-test esmith::event[8165]: Event: nethserver-squidguard-save
Mar 31 12:51:10 ns79-test esmith::event[8165]: expanding /etc/squidclamav.conf
Mar 31 12:51:10 ns79-test esmith::event[8165]: expanding /etc/squid/squid.conf
Mar 31 12:51:11 ns79-test esmith::event[8165]: expanding /etc/ufdbguard/ufdbGuard.conf
...
...
Mar 31 12:51:14 ns79-test esmith::event[8165]: [INFO] service c-icap is disabled: skipped
Mar 31 12:51:14 ns79-test esmith::event[8165]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [2.7021]
Mar 31 12:51:14 ns79-test esmith::event[8165]: Event: nethserver-squidguard-save SUCCESS

Create & delete additional profile works as expected:

Mar 31 13:01:47 ns79-test /usr/libexec/nethserver/api/nethserver-squid/filter/create[18268]: /var/lib/nethserver/db/contentfilter: NEW profilo2=profile|Description||Filter|filter;profilo2filter|FilterElse||Removable|yes|Src|host;test_host|Time|
Mar 31 13:01:47 ns79-test esmith::event[18269]: Event: nethserver-squidguard-save
Mar 31 13:01:47 ns79-test esmith::event[18269]: expanding /etc/squidclamav.conf
...
...
Mar 31 13:01:51 ns79-test esmith::event[18269]: [INFO] service c-icap is disabled: skipped
Mar 31 13:01:51 ns79-test esmith::event[18269]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [2.975449]
Mar 31 13:01:51 ns79-test esmith::event[18269]: Event: nethserver-squidguard-save SUCCESS

Mar 31 13:02:34 ns79-test /usr/libexec/nethserver/api/nethserver-squid/filter/delete[21358]: /var/lib/nethserver/db/contentfilter: DELETE profilo1filter=filter|BlackList|enabled|BlockAll|disabled|BlockFileTypes|disabled|BlockIpAccess|disabled|Categories|adult,agressif,arjel,associations_religieuses,astrology,audio-video,bank,bitcoin,blog,celebrity,chat,child,cleaning,cooking,cryptojacking,dangerous_material,dating,ddos,dialer,doh,download,drogue,examen_pix,filehosting,financial,forums,gambling,games,hacking,jobsearch,lingerie,liste_bu,malware,manga,marketingware,mixed_adult,mobile-phone,phishing,press,publicite,radio,reaffected,redirector,remote-control,sect,sexual_education,shopping,shortener,social_networks,sports,stalkerware,strict_redirector,strong_redirector,translation,tricheur,update,vpn,warez|Description|descrizione|WhiteList|enabled
Mar 31 13:02:34 ns79-test esmith::event[21359]: Event: nethserver-squidguard-save
Mar 31 13:02:34 ns79-test esmith::event[21359]: expanding /etc/squidclamav.conf
Mar 31 13:02:34 ns79-test esmith::event[21359]: expanding /etc/squid/squid.conf
Mar 31 13:02:34 ns79-test esmith::event[21359]: expanding /etc/ufdbguard/ufdbGuard.conf
...
...
Mar 31 13:02:37 ns79-test esmith::event[21359]: [INFO] service c-icap is disabled: skipped
Mar 31 13:02:37 ns79-test esmith::event[21359]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [2.54731]
Mar 31 13:02:37 ns79-test esmith::event[21359]: Event: nethserver-squidguard-save SUCCESS

There are no errors on ufdbguardd.log and the blocking is working as expected:

2023-03-31 12:56:50 [13521] ufdbguardd 1.35.3 started with 65 URL verification threads and 32 TLS/SSL verification threads
2023-03-31 12:57:20 [13521] BLOCK u1               10.0.30.66      default    social_networks https://instagram.com -  username
2023-03-31 12:57:57 [13521] BLOCK u1               10.0.30.66      default    social_networks https://facebook.com -  username

[nethbot]

in 7.9.2009/updates:

• nethserver-squid-1.14.2-1.ns7.noarch.rpm x86_64 armhfp aarch64