[encryption] reorganize folder structure (second try to make Jenkins happy) #12382
Conversation
schiessle
changed the title
all keys are now in files_encryption/key/path_to_file/filename/ share keys are named: user.shareKey file key is named: fileKey
schiessle
force-pushed
the
enc_reorganize_folders2
branch
from
ab33b88
to
0ecd072
Compare
|
🚀 Test PASSed. 🚀 |
|
|
||
| // If data is a catfile | ||
| if ( | ||
| Crypt::mode() === 'server' | ||
| && $this->shouldEncrypt($path) |
There was a problem hiding this comment.
Additional bugfix or needed as per this PR's changes ?
There was a problem hiding this comment.
As discussed, obsoletes the need to disable the file proxy
|
Wow, glad to see this removes a lot of code. This will need a full regression test:
|
|
|
|
Code looks good. Needs testing. |
|
|
|
|
|
I'm done testing. Please see the above bugs. |
Unrelated, this also happens on oc7/master. Currently we only recover the files from the user. Recover shared files can only work if the owner has also enabled the recovery key
most likely this also happens on oc7/master, do you remember the issue that not all share keys get cleaned-up in all circumstances? |
known issue, unrelated to this bug: #12221 |
This also happens on master without encryption. Probably a sharing permission issue. Please open a seperate issue for it. |
|
🚀 Test PASSed. 🚀 |
|
|
Apart from the minor issue, I'm ok to have this merged 👍 |
schiessle
force-pushed
the
enc_reorganize_folders2
branch
from
e6f7ace
to
2e78217
Compare
|
Added migration of trash bin, including unit tests. This needs a second reviewer... Maybe @LukasReschke @MorrisJobke @nickvergessen, or anyone else ? Thanks! |
|
The inspection completed: 49 new issues, 67 updated code elements |
|
@owncloud-bot retest this please |
|
💣 Test FAILed. 💣 Build result: FAILURE[...truncated 14 lines...] > git config remote.origin.fetch +refs/heads/:refs/remotes/origin/ # timeout=10 > git config remote.origin.url https://github.com/owncloud/core.git # timeout=10Fetching upstream changes from https://github.com/owncloud/core.gitusing GIT_SSH to set credentials using .gitcredentials to set credentials > git config --local credential.helper store --file=/tmp/git18099305855542784.credentials # timeout=10 > git fetch --tags --progress https://github.com/owncloud/core.git +refs/pull/:refs/remotes/origin/pr/ > git config --local --remove-section credential # timeout=10 > git rev-parse origin/pr/12382/merge^{commit} # timeout=10Checking out Revision 0a63738400011b98682db94503f7373626603a6b (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f 0a63738400011b98682db94503f7373626603a6b > git rev-list e24a11e378c1d0992f1089e32aa3ea3fcb4d6311 # timeout=10 > git remote # timeout=10 > git submodule init # timeout=10 > git submodule sync # timeout=10 > git config --get remote.origin.url # timeout=10 > git submodule update --init --recursiveTriggering pull-request-analyser-ng-simple » vm-slave-02pull-request-analyser-ng-simple » vm-slave-02 completed with result FAILUREStarted calculate disk usage of buildFinished Calculation of disk usage of build in 0 secondsStarted calculate disk usage of workspaceFinished Calculation of disk usage of workspace in 1 second💣 Test FAILed. 💣 |
|
I guess the "new PR to satisfy jenkins" approach has to be applied here :( |
|
Here is a new PR for Jenkins: #12575 |
|
I will review this now. |
|
I tested this:
👍 from me |
|
Jenkins is fine with this (see other PR) |
[encryption] reorganize folder structure (second try to make Jenkins happy)
| @@ -17,7 +19,7 @@ | |||
| * GNU AFFERO GENERAL PUBLIC LICENSE for more details. | |||
| * | |||
| * You should have received a copy of the GNU Affero General Public | |||
| * License along with this library. If not, see <http://www.gnu.org/licenses/>. | |||
| * License alon with this library. If not, see <http://www.gnu.org/licenses/>. | |||
In order to fix #11297 I changed the folder structure for the encryption keys.
We create for every file a corresponding folder in files_encryption/keys. For example for "foo/test.txt" we will create a folder "files_encryption/keys/foo/test.txt/". This folder will contain all share keys, named "userId.shareKey" and the file key named "fileKey". This way we avoid any name collision with file names which are similar to user names, like described in issue #11297.
This makes many file operation easier. If a file gets renamed or moved we just have to rename/move the corresponding folder. This way we can save a lot of overhead to find the correct share-keys and file-keys which should result in some performance improvements and should also make the code more robust.
Additionally this PR changes the naming for public/private keys from "user.public.key" and user.private.key" to "user.publicKey" and user.privateKey" for consistency reasons.
This PR touches all aspects of encryption, so we need to test encryption as complete as possible, including:
Currently the migration script is missing. But everything should work if you start with a fresh installation or a setup without any encrypted files and encryption keys.
Currently missing: