Using web updater to update from 10.14 to 10.15 breaks the integrity check

[janmz]

After doing an automatic update through the admin panel in owncloud the integrity check fails on the updater folder (see below). Please fix the reason and provide a new update of owncloud with the corrected updater. Thanx in advance.

Technical information

The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results

• core
  • INVALID_HASH
    • updater/CHANGELOG.md
    • updater/app/config/container.php
    • updater/src/Command/BackupDataCommand.php
    • updater/src/Command/BackupDbCommand.php
    • updater/src/Command/CleanCacheCommand.php
    • updater/src/Command/PostUpgradeRepairCommand.php
    • updater/src/Command/PreUpgradeRepairCommand.php
    • updater/src/Command/RestartWebServerCommand.php
    • updater/src/Command/UpdateConfigCommand.php
    • updater/vendor/autoload.php
    • updater/vendor/composer/autoload_real.php
    • updater/vendor/composer/autoload_static.php
    • updater/vendor/composer/installed.json
    • updater/vendor/composer/installed.php
    • updater/vendor/guzzlehttp/guzzle/CHANGELOG.md
    • updater/vendor/guzzlehttp/guzzle/README.md
    • updater/vendor/guzzlehttp/guzzle/UPGRADING.md
    • updater/vendor/guzzlehttp/guzzle/composer.json
    • updater/vendor/guzzlehttp/guzzle/src/Client.php
    • updater/vendor/guzzlehttp/guzzle/src/ClientInterface.php
    • updater/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php
    • updater/vendor/guzzlehttp/guzzle/src/Cookie/CookieJarInterface.php
    • updater/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php
    • updater/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php
    • updater/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php
    • updater/vendor/guzzlehttp/guzzle/src/HandlerStack.php
    • updater/vendor/guzzlehttp/guzzle/src/MessageFormatter.php
    • updater/vendor/guzzlehttp/guzzle/src/MessageFormatterInterface.php
    • updater/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php
    • updater/vendor/guzzlehttp/guzzle/src/RequestOptions.php
    • updater/vendor/guzzlehttp/guzzle/src/TransferStats.php
    • updater/vendor/guzzlehttp/guzzle/src/Utils.php
    • updater/vendor/guzzlehttp/promises/CHANGELOG.md
    • updater/vendor/guzzlehttp/promises/README.md
    • updater/vendor/guzzlehttp/promises/composer.json
    • updater/vendor/guzzlehttp/promises/src/Each.php
    • updater/vendor/guzzlehttp/promises/src/EachPromise.php
    • updater/vendor/guzzlehttp/promises/src/RejectionException.php
    • updater/vendor/guzzlehttp/psr7/CHANGELOG.md
    • updater/vendor/guzzlehttp/psr7/README.md
    • updater/vendor/guzzlehttp/psr7/composer.json
    • updater/vendor/guzzlehttp/psr7/src/AppendStream.php
    • updater/vendor/guzzlehttp/psr7/src/BufferStream.php
    • updater/vendor/guzzlehttp/psr7/src/FnStream.php
    • updater/vendor/guzzlehttp/psr7/src/Header.php
    • updater/vendor/guzzlehttp/psr7/src/HttpFactory.php
    • updater/vendor/guzzlehttp/psr7/src/InflateStream.php
    • updater/vendor/guzzlehttp/psr7/src/Message.php
    • updater/vendor/guzzlehttp/psr7/src/MessageTrait.php
    • updater/vendor/guzzlehttp/psr7/src/MimeType.php
    • updater/vendor/guzzlehttp/psr7/src/MultipartStream.php
    • updater/vendor/guzzlehttp/psr7/src/PumpStream.php
    • updater/vendor/guzzlehttp/psr7/src/Query.php
    • updater/vendor/guzzlehttp/psr7/src/Request.php
    • updater/vendor/guzzlehttp/psr7/src/Response.php
    • updater/vendor/guzzlehttp/psr7/src/Rfc7230.php
    • updater/vendor/guzzlehttp/psr7/src/ServerRequest.php
    • updater/vendor/guzzlehttp/psr7/src/Stream.php
    • updater/vendor/guzzlehttp/psr7/src/StreamDecoratorTrait.php
    • updater/vendor/guzzlehttp/psr7/src/StreamWrapper.php
    • updater/vendor/guzzlehttp/psr7/src/UploadedFile.php
    • updater/vendor/guzzlehttp/psr7/src/Uri.php
    • updater/vendor/guzzlehttp/psr7/src/UriNormalizer.php
    • updater/vendor/guzzlehttp/psr7/src/UriResolver.php
    • updater/vendor/guzzlehttp/psr7/src/Utils.php
    • updater/vendor/psr/http-client/CHANGELOG.md
    • updater/vendor/psr/http-client/composer.json
  • EXTRA_FILE
    • updater/vendor/guzzlehttp/promises/vendor-bin/php-cs-fixer/composer.json
    • updater/vendor/guzzlehttp/promises/vendor-bin/phpstan/composer.json
    • updater/vendor/guzzlehttp/promises/vendor-bin/psalm/composer.json

Raw output

Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[updater/CHANGELOG.md] => Array
(
[expected] => 8c02ccafe8a447d606d0afc665fa44afe4714eb1e55e213c94732a501fdb4daf8625756cd2707064151df7dd29e99a52c6284377be21cf88b879dc6a6f830e4a
[current] => ec6bc1fbea93c62366109c056cce06bb4755e886a215cd1ad3acafbc0024b3d96a3820bf1f355ff28c9f12a18978e751b727c8bedaaa0f1164bdcbbb9d9b1c12

[phil-davis]

@jnweiger is there something about the way the latest updater app was included in the 10.15 release that would cause this?

[jnweiger]

@janmz thanks for opening this issue. I wasn't aware that this could happen.

It is atually a problem with the web udater. It can update core, and then looks into all apps, and checks for updates.
The updater itself is also an app, but it is special. It does not have an appinfo/info.xml so it does not show up when listing apps. The web updater cannot update the updater app!

ec6bc1fbea93c62366109c056cce06bb4755e886a215cd1ad3acafbc0024b3d96a3820bf1f355ff28c9f12a18978e751b727c8bedaaa0f1164bdcbbb9d9b1c12 is the correct checksum of the updater/CHANGELOG.md as bundled with 10.14.0

8c02ccafe8a447d606d0afc665fa44afe4714eb1e55e213c94732a501fdb4daf8625756cd2707064151df7dd29e99a52c6284377be21cf88b879dc6a6f830e4a is the correct checksum of the updater/CHANGELOG.md as bundled with 10.15.0

The situation you have, is that the update via web updater went fine as far as core itself (and most apps) is concerned, but the updater app remained as is. Now occ integrity:check-core also covers the updater app (maybe it should not...? ) and complains.

You can fix the situation in multiple ways. E.g. by manually updating the updater app, e.g. like this:

cd /var/www/owncloud
rm -rf updater
curl -L https://github.com/owncloud/updater/releases/download/v1.1.1/updater-v1.1.1.tar.gz | tar zxvf -
chown -R www-data. updater
occ integrity:check-core

Documentation at e.g. https://doc.owncloud.com/server/10.14/admin_manual/maintenance/upgrading/upgrade.html#upgrade-options
explains that the web updater button in the admin UI only works for simple cases.

[jnweiger]

All of

• https://download.owncloud.com/server/stable/owncloud-10.15.0.zip and
• https://download.owncloud.com/server/stable/owncloud-complete-20240724.zip
• https://download.owncloud.com/server/stable/owncloud-10.15.0.tar.bz2 and
• https://download.owncloud.com/server/stable/owncloud-complete-20240724.tar.bz2
  correctly contain the new version of the updater app.

curl -L 'http://updates.owncloud.com/server/?version=10x10x1x0x5x6xstablexxd' returns the first one of the above.
The zip gets downloaded and unpacked in
https://github.com/owncloud/updater/blob/master/src/Command/ExecuteCoreUpgradeScriptsCommand.php#137

			foreach ($rootDirContent as $dir) {
				if ($dir === 'updater') {
					continue;
				}
				/* @phan-suppress-next-line PhanUndeclaredMethod */
				$this->getApplication()->getLogger()->debug('Replacing ' . $dir);
				$fsHelper->tripleMove($oldSourcesDir, $newSourcesDir, $tmpDir, $dir);
			}

Which obviously excludes the updater itself.
This may help to not disturb the running updater code, but then, there is nothing that would "later" update the updater, or ask the user to manually update the updater.

I'd assume we just never implemented that case.

[janmz]

Thank You for the quick identification of the problem and the proposed workaround. But it would be great, if the web updater would be able to update itself or at give an indication, that a manual update step has to be taken...

[DefCon-CC]

Workaround from @jnweiger did the Job for me.