Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Copy encryption keys first and then rename the files #40433

Merged
merged 5 commits into from
Nov 2, 2022

Conversation

jvillafanez
Copy link
Member

Description

Instead of renaming the file and then move the keys, we'll copy the keys first so we have a chance of reverting the changes if the file fails to be renamed. We either remove the original keys if rename succeeds or the copied keys if it fails.
Worst case, if exception happens and cleanup can't be performed, the file should still be accessible because there are valid keys still in place

Related Issue

https://github.com/owncloud/enterprise/issues/5344

Motivation and Context

This will harden the code and prevent the file from becoming inaccessible if something goes wrong.

How Has This Been Tested?

Manually tested with the steps provided in the related issue.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@update-docs
Copy link

update-docs bot commented Oct 18, 2022

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@ownclouders
Copy link
Contributor

ownclouders commented Oct 18, 2022

💥 Acceptance tests pipeline webUIRestrictSharing-chrome-mariadb10.2-php7.4 failed. The build has been cancelled.

https://drone.owncloud.com/owncloud/core/37091/132

@jvillafanez
Copy link
Member Author

Copying the keys will change the fileid of the keys in the filecache. This shouldn't be a problem though. It should work regardless of the actual storage. In fact, it's questionable to have the data in the filecache; it's seems a side effect of the tools used, and it seems to work even if the data is removed from the filecache table.

@jvillafanez jvillafanez force-pushed the encryption_copy_keys_first branch from 260a216 to 83f3a3c Compare October 19, 2022 12:30
@pako81
Copy link

pako81 commented Oct 25, 2022

@jvillafanez grab some reviewers?

Copy link
Contributor

@IljaN IljaN left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 @DeepDiver1975 Could you also please have a look as you were recently working with key stuff.

@IljaN
Copy link
Contributor

IljaN commented Oct 25, 2022

Please add changelog

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

87.0% 87.0% Coverage
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants