core
core copied to clipboard
owncloud
Update to invalid app tarball fails with wrong error message
Steps
- Install an app, for example activity-2.4.1 from tarball:
occ market:install -l activity-2.4.1.tar.gz - Go to Github releases and download the wrong tarball, not the release one but the github sources: https://github.com/owncloud/activity/archive/v2.4.2.tar.gz
occ market:upgrade -l activity-2.4.2.tar.gz<= the wrong tarball
Expected result
Upgrade fails with proper error message.
Actual result
Original app is deleted but the new app isn't there. This basically deletes the app...
Version
stable10 / 10.1.0
Note: the "wrong" tarball doesn't have "activity" as root path but "activity-2.4.2". We should extend the update code to verify that the tarball contains an "activity" folder just like the install process does.
Ref: the update happens here: https://github.com/owncloud/core/blob/v10.1.0/lib/private/Installer.php#L222
The folder gets extracted properly but later on it doesn't get copied over since it has the wrong name.
But at this point the old version was already detected through rmdirr.
GitMate.io thinks possibly related issues are https://github.com/owncloud/core/issues/21366 (Update), https://github.com/owncloud/core/issues/20661 (Update), https://github.com/owncloud/core/issues/18826 (update fail), https://github.com/owncloud/core/issues/20593 (Update failed), and https://github.com/owncloud/core/issues/11017 (Update fails).
also, when using a normal occ wapper:
- when using an occ wapper, a relative path to the tar ball may or may not work.
- the path to the tar ball must be fully readable by the www-data user. Tar ball in root's home does not work, even when running as root.
