nextcloud
Add an occ command to scan files for legacy file key in use and get rid of those
- Resolves: #37918
Summary
Add an occ command to scan files for legacy key format, and migrate those to the new format. Only works if master key is enabled.
Checklist
- Code is properly formatted
- Sign-off message is added to all commits
- [ ] Tests (unit, integration, api and/or acceptance) are included
- [x] Screenshots before/after for front-end changes
- [ ] Documentation (manuals or wiki) has been updated or is not required
- [x] Backports requested where applicable (ex: critical bugfixes)
@icewind1991
So, this is currently broken, because opening with mode r+ does not touch the header. See https://github.com/nextcloud/server/blob/master/lib/private/Files/Stream/Encryption.php#L287-L292
Same problem in https://github.com/nextcloud/server/blob/master/apps/encryption/lib/Crypto/Encryption.php#L221-L225
Is r+ mode supported at all by server side encryption?
So, I was not able to do this in a smart way, in the end the whole file has to be written again anyway since the header at the beginning needs to change. So I went for the same implementation as the DecryptAll class, I copy to a temporary name and move over the existing file.
But it works, after running the fileKeys are gone and the encrypted files can still be opened.
Ready for review.
Ok this is now working and not losing fileid anymore. It will be slow sadly but I do not see how to avoid that.
Ready for review.
Is there any plans to update the documentation on server side encryption or write some documentation on the migration process using this new occ command ?
If a follow up PR on the documentation of the migration process exists, could it be please linked here ? I could also open such a PR but I'm afraid I'm not enough knowledgeable in Nextcloud and don't have at the moment a dev environment to test NC27 Beta 2.
@AkechiShiro Still needs someone to pick it up, but tracking doc addition in nextcloud/documentation#11539. Thanks for the reminder!
