getExtractionBaseDir should be deleted before code signature is verified #318

Closed
LukasReschke opened this Issue Apr 13, 2016 · 8 comments

Projects

None yet

3 participants

@LukasReschke
Member

Alternatively it should be extracted to a folder like data/. Otherwise this causes code signing errors.

Ref owncloud/core#23857 (comment)

cc @VicDeo

@VicDeo
Member
VicDeo commented Apr 13, 2016

data can be on a different partition and PHP can not move directories across partitions (a known bug)

@LukasReschke
Member

sigh

Guess then we need "just" make sure that the code integrity is later verified again.

@VicDeo
Member
VicDeo commented Apr 13, 2016

_oc_upgrade is removed in case of successful upgrade.

@LukasReschke
Member

Yes. But I somehow still saw this in the code signing errors.

Is the code signing check performed after or before the folder is removed?

@VicDeo
Member
VicDeo commented Apr 14, 2016 edited

@LukasReschke

Is the code signing check performed after or before the folder is removed?

it is performed with any occ upgrade and occ upgrade is invoked by updater separately for core and every app

@VicDeo
Member
VicDeo commented Apr 14, 2016

@LukasReschke was _oc_upgrade directory removed at the end of update process for the system in question?

@VicDeo VicDeo was assigned by PVince81 Apr 19, 2016
@LukasReschke
Member

The problem seems the following:

  1. Updater creates _oc_upgrade
  2. Updater updates core
  3. Integrity check is performed
  4. Updater updates apps
  5. Updater deletes _oc_upgrade

So the integrity check performed at step 3 will fail. Can we move the extraction dir to the data folder or make sure to rerun the integrity check as last step?

Personally I'd prefer doing the extraction in an extracted dir. Anyways, for 9.0.2 we will probably just whitelist some folders for the sake of having a proper updater experience as discussed with @DeepDiver1975. For 9.1.x I'd appreciate some more thoughts on this.

@LukasReschke
Member

Whitelist and some more exceptions in the code checker code it is sigh 🙈

@LukasReschke LukasReschke added a commit to owncloud/core that referenced this issue Apr 20, 2016
@LukasReschke LukasReschke Add repair step for updater issues
The updater as shipped with ownCloud =< 9.0.1 has several bugs leading to a not properly executed update. For example the third-party changes are not copied.

This pull request:

1. Ships the third-party files changed since ownCloud 9.0.1 in the resources folder. On update the files are replaced. (owncloud/updater#316)
2. Adds updater/* and _oc_upgrade/* as an exemption to the code integrity checker since the updater is updating in the wrong order. (owncloud/updater#318)
2d37341
@PVince81 PVince81 closed this Apr 25, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment