Can't install apps in OC 8.0.2

[agherzan]

Steps to reproduce

1. apps
2. install contacts

Expected behaviour

Should install app

Actual behaviour

App does not provide an info.xml file

Server configuration

Fedora21

Web server:
apache

Database:
mysql

PHP version:

ownCloud version: (see ownCloud admin page)
8.0.2

Updated from an older ownCloud or fresh install:
7.0.X

List of activated apps:
nothing/defaults

The content of config/config.php:

Insert your config.php content here
(Without the database password, passwordsalt and secret)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this part if not used)

run: sqlite3 data/owncloud.db
then execute:  select * from oc_appconfig where appid='user_ldap';

Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:
chrome

Operating system:
win/fedora21

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

{"reqId":"6904790b403e371bf4085202f73bc485","remoteAddr":"130.226.142.243","app":"PHP","message":"ZipArchive::extractTo(): Invalid or uninitialized Zip object at \/var\/www\/html\/owncloud\/lib\/private\/archive\/zip.php#135","level":3,"time":"2015-03-12T18:15:28+00:00"}
{"reqId":"6904790b403e371bf4085202f73bc485","remoteAddr":"130.226.142.243","app":"core","message":"App does not provide an info.xml file","level":3,"time":"2015-03-12T18:15:28+00:00"}

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

[LukasReschke]

Do you have the PHP cURL extension installed?

[agherzan]

Yes:
; Enable curl extension module
extension=curl.so

[kneiser]

I am having the same issue here is what I have in my owncloud log:
Error core App does not provide an info.xml file 2015-03-12T18:27:14+00:00
Error PHP ZipArchive::extractTo(): Invalid or uninitialized Zip object at /var/www/html/owncloud/lib/private/archive/zip.php#135 2015-03-12T18:27:14+00:00
Error core App does not provide an info.xml file

Any apps in "Recommended that I try to enable display this error. Yes I have curl installed.

[StephanMeijer]

Same issue here, cURL installed as well.

[R1tschY]

Same here. I investigated: In https://github.com/owncloud/core/blob/master/lib/private/installer.php#L247:

\OC_Util::getUrlContent($data['href']) returns:

 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> 

$data['href'] is for example: http://apps.owncloud.com/CONTENT/content-files/168711-documents.zip

Get file with wget from server is working. It redirects to https://apps.owncloud.com/CONTENT/content-files/168711-documents.zip

[DeepDiver1975]

@R1tschY thanks - this is actually pretty helpful. Looks like the http->https redirect is not working on your installation.

[karlitschek]

@R1tschY Can you try again please? I think we just fixed a bug there.

[R1tschY]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me. Setting CURLOPT_CAINFO with downloaded certificates like it is described in http://stackoverflow.com/a/12293898/1188453 did not work.

Also using the alternative in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L126-137 works.

@karlitschek Did you mean 00f5025? cURL module is installed.

[DeepDiver1975]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.

@LukasReschke @karlitschek something wrong again with our ssl cert? 🙊

[LukasReschke]

SSL setup looks good to me. Best bet: @R1tschY is using a distribution that ships an outdated or none certificate bundle at all.

In my opinion it's the administrators' task to ensure that the cURL certificate bundle is properly configured. It's not like you would expect an usual desktop software to come with all certificates on their own.

That said, as there really seem to be a lot of distributions and people doing it wrong a possibility for us would be to make the HTTPHelper use a bundled set of all root certificates. However, this obviously requires us to keep track of the newest bundles 🙈

I can take a look tomorrow…

[karlitschek]

Just to be clear. What I fixed is that the app store returns an https download url now.

[R1tschY]

It is very mysterious. I used following php script on the server:

<?php

$curl = curl_init();

curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_URL, 'https://apps.owncloud.com/CONTENT/content-files/168711-documents.zip');
curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);

curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
curl_exec($curl);
echo curl_getinfo($curl, CURLINFO_HTTP_CODE);

It prints the status code 200 (OK) and not the status code 400 (Bad Request). @LukasReschke local curl installation seems good. What does owncloud different?

Before downloading the app, owncloud for example requests https://api.owncloud.com/v1/content/download/168711/1 with status code 200. Okay, https requests to api.owncloud.com are working.

Sometimes the view with recommended apps is blank: Calls to for example https://api.owncloud.com/v1/content/data/166043 fails with status code 400. Error messages in log: Trying to get property of non-object at /var/www/virtual/captian7/html/o6d/lib/private/ocsclient.php#180 two times and Invalid OCS content returned for app 166043. I don't known for what reason it fails sometimes with status code 400. But https://apps.owncloud.com/CONTENT/content-files/168711-documents.zip always gets status code 400 from within owncloud (besides curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); is used).

[LukasReschke]

@R1tschY If you add curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); does it work then with your test script? – Also what setup is that? Which distribution / PHP version? Would be probably easier if I fire up a VM with the same settings.

[R1tschY]

If you add curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); does it work then with your test script?

Yes.

Server: CentOS release 6.6
PHP: 5.6.2

[LukasReschke]

How did you install PHP 5.6.2 on your CentOS? – Which repos? :)

[R1tschY]

I do not own the server. Switching to the newest PHP version 5.6.6 does not change anything.

[StephanMeijer]

I'm running 5.4.16, same problem.

[skromberg]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in > https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.

for me too. thx @R1tschY

[StephanMeijer]

Trying that fix tomorrow.

[trumpetsven]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in > https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.

[karlitschek]

@LukasReschke Any idea why the cert is considered invalid?

[VicDeo]

@karlitschek hosts set up too long ago may have no GoDaddy root cert

[karlitschek]

@VicDeo What do you mean? The used OS might not have the godaddy root cert? This must be very very old
@LukasReschke What do you think?

[R1tschY]

I used CURLOPT_MUTE=false, CURLOPT_VERBOSE and CURLOPT_STDERR to debug further. URL line is added before every request. Following listing is generated when activating Documents app.

URL: https://api.owncloud.com/v1/content/data/168711
* About to connect() to api.owncloud.com port 443 (#0)
*   Trying 188.138.118.86... * connected
* Connected to api.owncloud.com (188.138.118.86) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*   subject: CN=*.owncloud.com,OU=Domain Control Validated
*   start date: Feb 09 23:48:38 2015 GMT
*   expire date: Nov 27 02:40:44 2015 GMT
*   common name: *.owncloud.com
*   issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET /v1/content/data/168711 HTTP/1.1
User-Agent: ownCloud Server Crawler
Host: api.owncloud.com
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 16 Mar 2015 10:21:58 GMT
< Server: Apache
< X-Powered-By: PHP/5.3.8
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: PHPSESSID=292e59fb8ec63fbbd1bd1a9eede8f057; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Content-Length: 2710
< Connection: close
< Content-Type: application/xml
< 
* Closing connection #0

URL: https://api.owncloud.com/v1/content/data/168711
* About to connect() to api.owncloud.com port 443 (#0)
*   Trying 188.138.118.86... * connected
* Connected to api.owncloud.com (188.138.118.86) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*   subject: CN=*.owncloud.com,OU=Domain Control Validated
*   start date: Feb 09 23:48:38 2015 GMT
*   expire date: Nov 27 02:40:44 2015 GMT
*   common name: *.owncloud.com
*   issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET /v1/content/data/168711 HTTP/1.1
User-Agent: ownCloud Server Crawler
Host: api.owncloud.com
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 16 Mar 2015 10:21:58 GMT
< Server: Apache
< X-Powered-By: PHP/5.3.8
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: PHPSESSID=50f5d8f00ced0ad1a02b0841c0d20b18; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Content-Length: 2710
< Connection: close
< Content-Type: application/xml
< 
* Closing connection #0

URL: https://api.owncloud.com/v1/content/download/168711/1
* About to connect() to api.owncloud.com port 443 (#0)
*   Trying 188.138.118.86... * connected
* Connected to api.owncloud.com (188.138.118.86) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*   subject: CN=*.owncloud.com,OU=Domain Control Validated
*   start date: Feb 09 23:48:38 2015 GMT
*   expire date: Nov 27 02:40:44 2015 GMT
*   common name: *.owncloud.com
*   issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET /v1/content/download/168711/1 HTTP/1.1
User-Agent: ownCloud Server Crawler
Host: api.owncloud.com
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 16 Mar 2015 10:21:58 GMT
< Server: Apache
< X-Powered-By: PHP/5.3.8
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: PHPSESSID=9aade0350906cf6d9491c6f5ad3a252b; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Content-Length: 459
< Connection: close
< Content-Type: application/xml
< 
* Closing connection #0

URL: https://apps.owncloud.com/CONTENT/content-files/168711-documents.zip
* About to connect() to apps.owncloud.com port 443 (#0)
*   Trying 188.138.118.86... * connected
* Connected to apps.owncloud.com (188.138.118.86) port 443 (#0)
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*   subject: CN=*.owncloud.com,OU=Domain Control Validated
*   start date: Feb 09 23:48:38 2015 GMT
*   expire date: Nov 27 02:40:44 2015 GMT
*   common name: *.owncloud.com
*   issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET /CONTENT/content-files/168711-documents.zip HTTP/1.1
User-Agent: ownCloud Server Crawler
Host: apps.owncloud.com
Accept: */*

< HTTP/1.1 400 Bad Request
< Date: Mon, 16 Mar 2015 10:21:58 GMT
< Server: Apache
< Content-Length: 226
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
* Closing connection #0

cURL prints no error about the certificate and connects to apps.owncloud.com.

[R1tschY]

Maybe it is an error in curl: I installed the current version 7.41.0 of curl (with toast) and the problem does not occur any more for me. Error appeared with curl version 7.19.7.

[StephanMeijer]

I'm running cURL 7.29.

[flotho]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in > https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 also solved it for me.

[MorrisJobke]

Fixed with #15195

[MorrisJobke]

Oh ... no ... this is for 8.0.3.

@LukasReschke Ideas how to fix this in 8.0.3?

[liquidat]

@R1tschY 's patch with adding curl_setopt does also fix my problems in #15184 .

[DeepDiver1975]

Oh ... no ... this is for 8.0.3.

in this case we cannot - in case the issue is still popping up for our users running 8.0 - customer patching is required - #14840 (comment)

closing therefore

[davidtacheny]

Yup this worked for me: New Install, CentOS 7, with https redirect:
Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.

[nhymxu]

Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.
Thanks

[tomck]

Just wanted to confirm that the solution @nhymxu posted above worked for me, and I'm using CentOS 6.6 with the php54w item from the webtatic repo. File is /var/www/html/owncloud/lib/private/httphelper.php for those who arrive via Google.

[nexflo]

@DeepDiver1975
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
also fixed it for me on CentOS 6.6

[UplandsDynamic]

Ditto; adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false) to /[installation_root]/lib/private/httphelper.php is a workaround on
ownCloud 8.0.3 (stable), CentOS 7.1.1503, PHP 5.4.16, curl 7.29.0, Nginx 1.8.0

[ghost]

Yep, that solved it for me, too. Seems to be an Issue with CentOS and 8.0.*.
In my case it was the 8.0.3 (stable).

I got it even on a fresh installation as mentioned.

davidtacheny commented on 31 Mar

Yup this worked for me: New Install, CentOS 7, with https redirect:
Adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); in https://github.com/owncloud/core/blob/master/lib/private/httphelper.php#L73 solved it for me.

EDIT: It works after upgrading to 8.0.4.

[jolorant]

Turning off certificate validation will break the code validity chain. That's not a solution and people should not insert the line into the code running on their servers.

[jolorant]

owncloud should also switch from returning a non-verifiable HTTP URL to the apps repository to an HTTPS URL that can be verified without redirection. That would solve this problem correctly.

[ghost]

@jolorant Its not about a "non-verifiable HTTP URL". See the description here why this is happening and why turning off certificate validation is solving this:

#14840 (comment)

[jbnance]

There is something more going on here. I'm also using CentOS 7 with the stock PHP 5.4.16. I have installed the GoDaddy root certificates and validated that they are being used, but the same errors are being spit out:

Error core App does not provide an info.xml
Error PHP ZipArchive::extractTo(): Invalid or uninitialized Zip object at /var/www/html/owncloud/lib/private/archive/zip.php#135
Error core App does not provide an info.xml file

Disabling certificate validation is not the way. You've made a great product, but do you really want people to think that you solve issues by making your product less secure? If you feel the issue is that CentOS / RHEL isn't shipping a recent enough set of CA provide the steps for for augmenting those. But I'm here to tell you that isn't the problem.

BTW, here's the way to add the GoDaddy certificates to EL7:

From https://certs.godaddy.com/repository, download:

gdig2.crt
gdroot-g2.crt

Place those files in:

/etc/pki/ca-trust/source/anchors/

Execute the following:

# update-ca-trust extract

Restart Apache:

# systemctl restart httpd

As I said, however, this doesn't solve the problem. I'm more than happy to help debug this further but need your instructions.

[ghost]

Hi,

if the certs are the problem then i think there is no need to debug this further. oC 8.1 will ship a workaround for environments like yours.

If the certs are not the problem / oC 8.1 is not fixing it its probably better to create a new issue.