New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable10] Prevent cert manager to access FS before an upgrade #28668

Merged
merged 1 commit into from Aug 14, 2017

Conversation

Projects
None yet
3 participants
@PVince81
Member

PVince81 commented Aug 14, 2017

Description

Prevent cert manager to access FS functions before an upgrade as this would cause oc_filecache access and might bump into non-migrated table situations (ex: checksum column not existing with 8.2 DB when upgrading from 8.2 to 10)

Related Issue

Fixes #28667

Motivation and Context

See ticket

How Has This Been Tested?

Manual test with ticket steps

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

TODO:

  • forward port to master!

@DeepDiver1975 @phisch I hope the cert manager doesn't require self signed certs anywhere during the update process...

@PVince81 PVince81 added this to the development milestone Aug 14, 2017

@PVince81 PVince81 self-assigned this Aug 14, 2017

@phisch

This comment has been minimized.

Show comment
Hide comment
@phisch

phisch Aug 14, 2017

Contributor

Also tested this PR, the error is gone!

Contributor

phisch commented Aug 14, 2017

Also tested this PR, the error is gone!

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 14, 2017

Member

forward port: #28672

Member

PVince81 commented Aug 14, 2017

forward port: #28672

@phisch

phisch approved these changes Aug 14, 2017

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 14, 2017

Member

argh, Jenkins got restarted in the final stage:

17:41:12   Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend # /var/lib/jenkins/workspace/owncloud-core_core_PR-28668-ITOYARRIBBVOXC2IPPAS4H4HIF2LACO6HN22GUAJI56MMNRIQ52A/tests/integration/features/webdav-related-new-endpoint.feature:438
Resuming build at Mon Aug 14 17:52:51 CEST 2017 after Jenkins restart
Ready to run at Mon Aug 14 17:52:52 CEST 2017
17:52:52 Timeout set to expire in 1 hr 10 min
[Pipeline] }
[Pipeline] // timeout
[Pipeline] echo
17:52:53 Test execution failed: hudson.AbortException: script returned exit code -1
[Pipeline] step
17:52:53 Recording test results
Member

PVince81 commented Aug 14, 2017

argh, Jenkins got restarted in the final stage:

17:41:12   Scenario: Doing a PROPFIND with a web login should work with CSRF token on the new backend # /var/lib/jenkins/workspace/owncloud-core_core_PR-28668-ITOYARRIBBVOXC2IPPAS4H4HIF2LACO6HN22GUAJI56MMNRIQ52A/tests/integration/features/webdav-related-new-endpoint.feature:438
Resuming build at Mon Aug 14 17:52:51 CEST 2017 after Jenkins restart
Ready to run at Mon Aug 14 17:52:52 CEST 2017
17:52:52 Timeout set to expire in 1 hr 10 min
[Pipeline] }
[Pipeline] // timeout
[Pipeline] echo
17:52:53 Test execution failed: hudson.AbortException: script returned exit code -1
[Pipeline] step
17:52:53 Recording test results

@PVince81 PVince81 merged commit 7bd5dc4 into stable10 Aug 14, 2017

3 checks passed

continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@PVince81 PVince81 deleted the stable10-certman-updatetime branch Aug 14, 2017

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Oct 7, 2017

wen
Update to 10.0.3
Upstream changes:
## [10.0.3] - 2017-09-15
### Added
- It is now possible to upgrade from 8.2.11 directly to 10 - [#28655](owncloud/core#28655) [#28673](owncloud/core#28673)
- Added extra check in case of missing home storage - [#28504](owncloud/core#28504)
- Added Shield and Workflow icons - [#28588](owncloud/core#28588)
- Enable chunking for big files in web UI when logged in - [#28547](owncloud/core#28547)
- Added emitting of hook "post_unshareFromSelf" to Share 2.0 - [#28413](owncloud/core#28413)
- Added occ user:inactive command to list inactive users - [#28294](owncloud/core#28294)
- Added internal setting for the periodic credentials validity check - [#28298](owncloud/core#28298)
- Added jquery events for external storage settings UI when using OAuth - [#28210](owncloud/core#28210)
- Added public IThemeService which allows apps like the template editor to interact with the current theme - [#28647](owncloud/core#28647) [#28926](owncloud/core#28926)
- Added "passwordEnabled" field to hook data of link shares - [#28827](owncloud/core#28827)
- Add new option to disable sharing in every user-mounted external storages - [#28706](owncloud/core#28706)
- Added default user and group share permissions - [#28903](owncloud/core#28903)
- Added occ command to list routes - [#28907](owncloud/core#28907)
- Added mime types for m3u, m3u8, pls mappings to audio streams - [#28885](owncloud/core#28885)

### Changed
- Transfer ownership now works with master key encryption - [#28537](owncloud/core#28537) [#28845](owncloud/core#28845)
- Reenable medial search by default - [#28064](owncloud/core#28064)
- The LoginController now emits "failedLogin" hook signal after a failed login - [#28631](owncloud/core#28631)
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](owncloud/core#28581)
- Added search pattern for the occ app:list command - [#28653](owncloud/core#28653)
- Allow phpredis develop branch - [#28717](owncloud/core#28717)
- Default minimum desktop version in config.php is now 2.2.4 - [#28540](owncloud/core#28540)
- Reallow negative mtimes by default in storage implementations - [#28697](owncloud/core#28697)

### Deprecated
### Removed
- Removed "themes" folder - [#28617](owncloud/core#28617) [#28999](owncloud/core#28999)
- Removed unused Windows checks - [#28612](owncloud/core#28612)
- Removed "appstoreenabled" from config.php - [#28714](owncloud/core#28714)
- Slash in filename when renaming is not allowed any more in the frontend (unintended "feature") - [#28490](owncloud/core#28490)
- Using old chunking protocol on new DAV endpoint is now disallowed - [#28637](owncloud/core#28637)

### Fixed
#### Platform
- Fix issue with folder sizes on 32-bit systems - [#28654](owncloud/core#28654)
- Fix null error in ActivityManager on some setups - [#28420](owncloud/core#28420)
- Load app code before running app specific migrations - [#28391](owncloud/core#28391)
- Prevent certificate manager to access FS too early, fixes 8.2 to 10 migration issue - [#28668](owncloud/core#28668)
- Clustering: Better support of read only config file and apps folder - [#28594](owncloud/core#28594) [#28601](owncloud/core#28601)
- Only use IndexIgnore in htaccess if mod_autoindex.c is enabled/loaded - [#28591](owncloud/core#28591)
- Fix app enable of not existing app - [#28317](owncloud/core#28317)
- Keep redirect information when logging in with wrong password - [#28511](owncloud/core#28511)
- Use SwiftMailer antiflood plugin to reconnect after multiple emails sent - [#28180](owncloud/core#28180)
- Theme is now properly loaded when displaying full page error messages - [#28622](owncloud/core#28622)
- Adjusted warning for PHP 5.5 EOL - [#28765](owncloud/core#28765)
- Don't enable market app on upgrade from OC < 10 if "appstoreenabled" was false in config.php - [#28757](owncloud/core#28757)
- Use different CSS comment style for IE11 support - [#28752](owncloud/core#28752)
- Adjust default slogan - [#28724](owncloud/core#28724)
- Catch filecache inconsistencies instead of logging warnings - [#28710](owncloud/core#28710)
- Check for null when traversing app passwords table rows - [#28894](owncloud/core#28894)
- Improve market upgrade messages + new switch - [#28871](owncloud/core#28871)
- Make occ upgrade verbose by default - [#28876](owncloud/core#28876)
- Add more information to updatechecker config doc - [#28867](owncloud/core#28867)

#### Database
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](owncloud/core#28581)
- Fix length of account search term column which broke installs on some DB setups - [#28576](owncloud/core#28576)
- Fix column lengths on migrations table to fix index - [#28254](owncloud/core#28254)
- Fixed some repeated duplicate key errors relate to oc_preferences table - [#28486](owncloud/core#28486)
- Add migration step to fix birthday calendars - [#28338](owncloud/core#28338)
- Added cache for new card uri-id mapping to fix db cluster execution - [#28308](owncloud/core#28308)

#### Performance
- Optimize upload - don't fetch info of non-existing file - [#28704](owncloud/core#28704)
- Optimize upload - don't check if file exists if already known - [#28704](owncloud/core#28704)
- Optimize upload - do not fetch metadata for part file during checksuming - [#28633](owncloud/core#28633)
- Optimize shares retrieval logic with complex scenarios - [#28524](owncloud/core#28524)
- Optimize query logger - [#28220](owncloud/core#28220)
- Remove initial scanning overhead to speed up federated shares with lots of entries - [#28604](owncloud/core#28604)
- Improve contact search performance - [#28042](owncloud/core#28042)
- Improved search performance for federated instance users - [#28209](owncloud/core#28209)
- Add database index on "oc_share.share_with" column - [#28856](owncloud/core#28856)

#### Filesystem / storage
- Don't trigger hooks for every new dav chunk, only for final file - [#28817](owncloud/core#28817)
- Prevent creating file cache inconsistencies when moving a subtree in or out of a share - [#28219](owncloud/core#28219)
- Add check for empty result in storage memcache - [#28548](owncloud/core#28548)
- Fix error message when accessing of non-existing file on external storage - [#28613](owncloud/core#28613)
- Fixed OAuth frontend logic when connecting to external storage - [#28496](owncloud/core#28496) [#28400](owncloud/core#28400)
- Fix quota handling on new Webdav endpoint (affects desktop client 2.2+) - [#28261](owncloud/core#28261)
- Fix mounting Webdav as drive in Windows 10 - [#28243](owncloud/core#28243)
- Fix rare error that happens when mounting invalid shares - [#28342](owncloud/core#28342)
- Handle BSD case for 32 bit filemtime and install warning - [#28790](owncloud/core#28790)
- Properly check target rename path in new dav endpoint - [#28737](owncloud/core#28737)
- Increment required only when encryption is enabled - [#28880](owncloud/core#28880)

#### Files app
- Make sure passed upload mtime is always an int - [#28186](owncloud/core#28186)
- Fix directory mime type in trashbin list - [#28803](owncloud/core#28803)
- Properly highlight files when opening private link - [#28681](owncloud/core#28681)
- Fix overlapping selectively in default fileslist - [#28906](owncloud/core#28906)
- Better timeout detection in web UI uploads + chunked uploads - [#28896](owncloud/core#28896)
- Fix getting drop target when dragging from file manager  - [#28882](owncloud/core#28882)
- Improve file upload progress bar - [#28861](owncloud/core#28861)

#### Sharing
- Creating link shares now doesn't forget "Allow editing" permission any more - [#28065](owncloud/core#28065)
- Fix "notify user" checkbox in share panel - [#28237](owncloud/core#28237)
- Proper message shown when accessing unreachable private links - [#28600](owncloud/core#28600)
- Fix exact search term match for LDAP in share autocomplete - [#28851](owncloud/core#28851)
- Add tooltip to public shares panel - [#28781](owncloud/core#28781)
- Validate share link password even if unchanged when updating share - [#28713](owncloud/core#28713)
- Fix DiscoveryManager error during upgrade by untangling federated share app dependencies - [#28858](owncloud/core#28858)

#### User management
- Don't set email if invalid in user:add command - [#28577](owncloud/core#28577)
- Group admins can now properly edit members' email addresses - [#28366](owncloud/core#28366)
- Fixed "settings_ajax_changegroupname" typo in route name - [#28746](owncloud/core#28746)
- Use IProvidesEMailBackend to fix syncing with LDAP backend - [#28736](owncloud/core#28736)

#### API related
- Make Backbone PROPPATCH work with options.wait mode - [#28791](owncloud/core#28791) [#28837](owncloud/core#28837)
- Detect PROPPATCH failure by parsing multistatus in Backbone Webdav adapter - [#28628](owncloud/core#28628)
- Error messages from the server on upload are now displayed in the web UI instead of generic messages - [#28635](owncloud/core#28635)
- Properly set the status text in OCS API v2 calls - [#28595](owncloud/core#28595)
- Data was not properly set in case of OCS Result object - [#28198](owncloud/core#28198)

#### Other
- Only reload file list when switching navigation sections - [#28843](owncloud/core#28843)
- Make new text file tooltip messages update properly - [#28151](owncloud/core#28151)
- Fix trashbin preview icons - [#28158](owncloud/core#28158)
- Allow user "0" as in comments - [#28422](owncloud/core#28422)
- Better description for occ files:scan command - [#28839](owncloud/core#28839)
- Better description for occ files:cleanup command - [#28841](owncloud/core#28841)
- Reworded upgrade message for admin with big instance - [#28828](owncloud/core#28828)
- Make lost password errors distinguishable - [#28756](owncloud/core#28756)
- Add height to menutoggler - [#28723](owncloud/core#28723)
- Remove apostrophe from full page file read error text - [#28702](owncloud/core#28702)
- Added missing "fatal" log level to occ log:manage level command - [#28683](owncloud/core#28683)

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Oct 22, 2017

wen
Update to 10.0.3
Upstream changes:
## [10.0.3] - 2017-09-15
### Added
- It is now possible to upgrade from 8.2.11 directly to 10 - [#28655](owncloud/core#28655) [#28673](owncloud/core#28673)
- Added extra check in case of missing home storage - [#28504](owncloud/core#28504)
- Added Shield and Workflow icons - [#28588](owncloud/core#28588)
- Enable chunking for big files in web UI when logged in - [#28547](owncloud/core#28547)
- Added emitting of hook "post_unshareFromSelf" to Share 2.0 - [#28413](owncloud/core#28413)
- Added occ user:inactive command to list inactive users - [#28294](owncloud/core#28294)
- Added internal setting for the periodic credentials validity check - [#28298](owncloud/core#28298)
- Added jquery events for external storage settings UI when using OAuth - [#28210](owncloud/core#28210)
- Added public IThemeService which allows apps like the template editor to interact with the current theme - [#28647](owncloud/core#28647) [#28926](owncloud/core#28926)
- Added "passwordEnabled" field to hook data of link shares - [#28827](owncloud/core#28827)
- Add new option to disable sharing in every user-mounted external storages - [#28706](owncloud/core#28706)
- Added default user and group share permissions - [#28903](owncloud/core#28903)
- Added occ command to list routes - [#28907](owncloud/core#28907)
- Added mime types for m3u, m3u8, pls mappings to audio streams - [#28885](owncloud/core#28885)

### Changed
- Transfer ownership now works with master key encryption - [#28537](owncloud/core#28537) [#28845](owncloud/core#28845)
- Reenable medial search by default - [#28064](owncloud/core#28064)
- The LoginController now emits "failedLogin" hook signal after a failed login - [#28631](owncloud/core#28631)
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](owncloud/core#28581)
- Added search pattern for the occ app:list command - [#28653](owncloud/core#28653)
- Allow phpredis develop branch - [#28717](owncloud/core#28717)
- Default minimum desktop version in config.php is now 2.2.4 - [#28540](owncloud/core#28540)
- Reallow negative mtimes by default in storage implementations - [#28697](owncloud/core#28697)

### Deprecated
### Removed
- Removed "themes" folder - [#28617](owncloud/core#28617) [#28999](owncloud/core#28999)
- Removed unused Windows checks - [#28612](owncloud/core#28612)
- Removed "appstoreenabled" from config.php - [#28714](owncloud/core#28714)
- Slash in filename when renaming is not allowed any more in the frontend (unintended "feature") - [#28490](owncloud/core#28490)
- Using old chunking protocol on new DAV endpoint is now disallowed - [#28637](owncloud/core#28637)

### Fixed
#### Platform
- Fix issue with folder sizes on 32-bit systems - [#28654](owncloud/core#28654)
- Fix null error in ActivityManager on some setups - [#28420](owncloud/core#28420)
- Load app code before running app specific migrations - [#28391](owncloud/core#28391)
- Prevent certificate manager to access FS too early, fixes 8.2 to 10 migration issue - [#28668](owncloud/core#28668)
- Clustering: Better support of read only config file and apps folder - [#28594](owncloud/core#28594) [#28601](owncloud/core#28601)
- Only use IndexIgnore in htaccess if mod_autoindex.c is enabled/loaded - [#28591](owncloud/core#28591)
- Fix app enable of not existing app - [#28317](owncloud/core#28317)
- Keep redirect information when logging in with wrong password - [#28511](owncloud/core#28511)
- Use SwiftMailer antiflood plugin to reconnect after multiple emails sent - [#28180](owncloud/core#28180)
- Theme is now properly loaded when displaying full page error messages - [#28622](owncloud/core#28622)
- Adjusted warning for PHP 5.5 EOL - [#28765](owncloud/core#28765)
- Don't enable market app on upgrade from OC < 10 if "appstoreenabled" was false in config.php - [#28757](owncloud/core#28757)
- Use different CSS comment style for IE11 support - [#28752](owncloud/core#28752)
- Adjust default slogan - [#28724](owncloud/core#28724)
- Catch filecache inconsistencies instead of logging warnings - [#28710](owncloud/core#28710)
- Check for null when traversing app passwords table rows - [#28894](owncloud/core#28894)
- Improve market upgrade messages + new switch - [#28871](owncloud/core#28871)
- Make occ upgrade verbose by default - [#28876](owncloud/core#28876)
- Add more information to updatechecker config doc - [#28867](owncloud/core#28867)

#### Database
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](owncloud/core#28581)
- Fix length of account search term column which broke installs on some DB setups - [#28576](owncloud/core#28576)
- Fix column lengths on migrations table to fix index - [#28254](owncloud/core#28254)
- Fixed some repeated duplicate key errors relate to oc_preferences table - [#28486](owncloud/core#28486)
- Add migration step to fix birthday calendars - [#28338](owncloud/core#28338)
- Added cache for new card uri-id mapping to fix db cluster execution - [#28308](owncloud/core#28308)

#### Performance
- Optimize upload - don't fetch info of non-existing file - [#28704](owncloud/core#28704)
- Optimize upload - don't check if file exists if already known - [#28704](owncloud/core#28704)
- Optimize upload - do not fetch metadata for part file during checksuming - [#28633](owncloud/core#28633)
- Optimize shares retrieval logic with complex scenarios - [#28524](owncloud/core#28524)
- Optimize query logger - [#28220](owncloud/core#28220)
- Remove initial scanning overhead to speed up federated shares with lots of entries - [#28604](owncloud/core#28604)
- Improve contact search performance - [#28042](owncloud/core#28042)
- Improved search performance for federated instance users - [#28209](owncloud/core#28209)
- Add database index on "oc_share.share_with" column - [#28856](owncloud/core#28856)

#### Filesystem / storage
- Don't trigger hooks for every new dav chunk, only for final file - [#28817](owncloud/core#28817)
- Prevent creating file cache inconsistencies when moving a subtree in or out of a share - [#28219](owncloud/core#28219)
- Add check for empty result in storage memcache - [#28548](owncloud/core#28548)
- Fix error message when accessing of non-existing file on external storage - [#28613](owncloud/core#28613)
- Fixed OAuth frontend logic when connecting to external storage - [#28496](owncloud/core#28496) [#28400](owncloud/core#28400)
- Fix quota handling on new Webdav endpoint (affects desktop client 2.2+) - [#28261](owncloud/core#28261)
- Fix mounting Webdav as drive in Windows 10 - [#28243](owncloud/core#28243)
- Fix rare error that happens when mounting invalid shares - [#28342](owncloud/core#28342)
- Handle BSD case for 32 bit filemtime and install warning - [#28790](owncloud/core#28790)
- Properly check target rename path in new dav endpoint - [#28737](owncloud/core#28737)
- Increment required only when encryption is enabled - [#28880](owncloud/core#28880)

#### Files app
- Make sure passed upload mtime is always an int - [#28186](owncloud/core#28186)
- Fix directory mime type in trashbin list - [#28803](owncloud/core#28803)
- Properly highlight files when opening private link - [#28681](owncloud/core#28681)
- Fix overlapping selectively in default fileslist - [#28906](owncloud/core#28906)
- Better timeout detection in web UI uploads + chunked uploads - [#28896](owncloud/core#28896)
- Fix getting drop target when dragging from file manager  - [#28882](owncloud/core#28882)
- Improve file upload progress bar - [#28861](owncloud/core#28861)

#### Sharing
- Creating link shares now doesn't forget "Allow editing" permission any more - [#28065](owncloud/core#28065)
- Fix "notify user" checkbox in share panel - [#28237](owncloud/core#28237)
- Proper message shown when accessing unreachable private links - [#28600](owncloud/core#28600)
- Fix exact search term match for LDAP in share autocomplete - [#28851](owncloud/core#28851)
- Add tooltip to public shares panel - [#28781](owncloud/core#28781)
- Validate share link password even if unchanged when updating share - [#28713](owncloud/core#28713)
- Fix DiscoveryManager error during upgrade by untangling federated share app dependencies - [#28858](owncloud/core#28858)

#### User management
- Don't set email if invalid in user:add command - [#28577](owncloud/core#28577)
- Group admins can now properly edit members' email addresses - [#28366](owncloud/core#28366)
- Fixed "settings_ajax_changegroupname" typo in route name - [#28746](owncloud/core#28746)
- Use IProvidesEMailBackend to fix syncing with LDAP backend - [#28736](owncloud/core#28736)

#### API related
- Make Backbone PROPPATCH work with options.wait mode - [#28791](owncloud/core#28791) [#28837](owncloud/core#28837)
- Detect PROPPATCH failure by parsing multistatus in Backbone Webdav adapter - [#28628](owncloud/core#28628)
- Error messages from the server on upload are now displayed in the web UI instead of generic messages - [#28635](owncloud/core#28635)
- Properly set the status text in OCS API v2 calls - [#28595](owncloud/core#28595)
- Data was not properly set in case of OCS Result object - [#28198](owncloud/core#28198)

#### Other
- Only reload file list when switching navigation sections - [#28843](owncloud/core#28843)
- Make new text file tooltip messages update properly - [#28151](owncloud/core#28151)
- Fix trashbin preview icons - [#28158](owncloud/core#28158)
- Allow user "0" as in comments - [#28422](owncloud/core#28422)
- Better description for occ files:scan command - [#28839](owncloud/core#28839)
- Better description for occ files:cleanup command - [#28841](owncloud/core#28841)
- Reworded upgrade message for admin with big instance - [#28828](owncloud/core#28828)
- Make lost password errors distinguishable - [#28756](owncloud/core#28756)
- Add height to menutoggler - [#28723](owncloud/core#28723)
- Remove apostrophe from full page file read error text - [#28702](owncloud/core#28702)
- Added missing "fatal" log level to occ log:manage level command - [#28683](owncloud/core#28683)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment