[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16512109#comment-16512109
]
Timothee Maret commented on SLING-7714:
---
Thanks [~mpetria]!
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Fix For: Content Distribution Core 0.3.0
>
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances, it has been observed that the
> user synchronization is broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511370#comment-16511370
]
Marius Petria commented on SLING-7714:
--
I applied the first patch to SCD and filled JCRVLT-305 to track the filter.xml
problem.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances, it has been observed that the
> user synchronization is broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511275#comment-16511275
]
Timothee Maret commented on SLING-7714:
---
In SCD, we currently allow to build any combinations of deep/shallow packages
with/without property filter. FileVault can support those combinations, I have
built test cases for FileVault to cover each combination, see
https://issues.apache.org/jira/browse/JCRVLT-304.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances, it has been observed that the
> user synchronization is broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16511074#comment-16511074
]
Ankit Aggarwal commented on SLING-7714:
---
[~mpetria], [~marett]
I had shared the buddy build from [^CQ-4245994_3.patch] and it is working fine
on their test environment as of now.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510711#comment-16510711
]
Ankit Aggarwal commented on SLING-7714:
---
[~marett]
Initially the nodeFilterSet was used to create filter.xml but now
propertiesFilterSet is used to create the same.
{{DefaultWorkspaceFilter#add(PathFilterSet, PathFilterSet)}} does not keep the
last filter entry but while generating the filter it iterates over
propertiesFilterSet [2] . Here [0] we are creating a PropertyFilter at root
path "/" which is causing this problem.
I have set the root path to the node path.
Is there any specific reason of setting propertyFilterSet root to "/" here [1].
I think this should have been set to same path as that of the node filter.
[0]
[https://github.com/apache/sling-org-apache-sling-distribution-core/blob/16a4ed809aaf935c29c2b19237e5c54c5d0c9384/src/main/java/org/apache/sling/distribution/serialization/impl/vlt/VltUtils.java#L97]
[1]
[https://github.com/apache/sling-org-apache-sling-distribution-core/blob/16a4ed809aaf935c29c2b19237e5c54c5d0c9384/src/main/java/org/apache/sling/distribution/serialization/impl/vlt/VltUtils.java#L97]
[2]
[https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/config/DefaultWorkspaceFilter.java#L429]
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510708#comment-16510708
]
Ankit Aggarwal commented on SLING-7714:
---
[~mpetria]
In [^CQ-4245994_3.patch], I have provided the default value to the property
filters in addition to the fix in [^CQ-4245994.patch]
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510700#comment-16510700
]
Marius Petria commented on SLING-7714:
--
[~marett] I think we have 2 things to solve:
1. make it work without property filters (these were added recently and they
are not used a lot)
2. make it work with property filters
I am trying to split this in two because maybe we can solve 1 without fixing
filevault. I think for that
[CQ-4245994.patch|https://issues.apache.org/jira/secure/attachment/12926890/CQ-4245994.patch]
looks to be the best. Even if the resulting filter.xml looks like a "deep
filter" (with not include pattern) only the distributed node is packaged.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16509718#comment-16509718
]
Timothee Maret commented on SLING-7714:
---
In JCRVLT-197, FileVault deprecated the ability to define multiple filter
roots, we reuse the path as root.
The signature {{DefaultWorkspaceFilter#addPropertyFilterSet}} has been
deprecated in favor of {{DefaultWorkspaceFilter#add(PathFilterSet,
PathFilterSet)}}.
https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/config/DefaultWorkspaceFilter.java#L121
In SLING-7238, the SCD code has been adapted to use the new signature
https://github.com/apache/sling-org-apache-sling-distribution-core/commit/16a4ed809aaf935c29c2b19237e5c54c5d0c9384
The new signature {{DefaultWorkspaceFilter#add(PathFilterSet, PathFilterSet)}}
is not semantically equivalent to the previous combination of
{{DefaultWorkspaceFilter#add}} and
{{DefaultWorkspaceFilter#addPropertyFilterSet}}. The new signature produces a
single workspace filter entry instead of the two. It turns out it keeps the
last filter entry which is the one with the root path.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single
[jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
[
https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16508061#comment-16508061
]
Timothee Maret commented on SLING-7714:
---
This issue relates to JCRVLT-278, JCRVLT-227. The root cause of this issue, is
a property filter set to the root path independently of a property filter being
configured or not. The workaround for this issue, is to set the
{{MERGE_PRESERVE}} ACL handling in the
{{o.a.s.d.s.i.v.VaultDistributionPackageBuilderFactory}} configuration. I'll
review the fix.
> SCD FileVault packages created with root filter which removes ACEs
> --
>
> Key: SLING-7714
> URL: https://issues.apache.org/jira/browse/SLING-7714
> Project: Sling
> Issue Type: Bug
> Components: Content Distribution
>Affects Versions: Content Distribution Core 0.2.10
>Reporter: Ankit Aggarwal
>Assignee: Timothee Maret
>Priority: Major
> Attachments: CQ-4245994.patch, CQ-4245994_2.patch,
> CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip, pkg-4503-additionnal.zip,
> pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has
> been observed that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but
> possible the whole instance, as many "rep:policy" nodes have been removed.
>
> h4. Steps to reproduce
> # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
> # enable the user synchronization following the documentation
> # upgrade publishers to SP2, then author
> # create a new user on pub1
>
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes
> are removed (maybe non exhaustive list):
> * /rep:policy
> * /home/rep:policy
> * /home/users/rep:policy
>
> I reproduce this issue and tested again the procedure, but I disabled the
> sync agent on Author, so that I could retrieve the package being replicated
> on the other publisher (pub2) to inspect its definition.
>
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> is a raw package containing the "/var/sling/distribution" and
> "/var/eventing/jobs/unassigned" of pub1 where I created the new user post-SP2
> install, if you require more details.
>
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip]
> and
> [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip]
> are the actual packages that will be distributed by SCD, and installed on
> pub2. I extracted them from
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip]
> from the following path
> "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
> and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are
> the "bin" file renamed).
>
> Checking their _META-INF\vault\filter.xml,_ I think that the filter
> definition is incorrect:
> {code:java}
>
>
>
>
>
>
>
>
> {code}
>
> *The last entry with filter on "/" looks suspicious.*
>
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
>
>
>
>
>
>
>
> {code}
>
> I assume that the ACL are merged and as the filter is pointing to "/" and the
> package doesn't have any rep:policy for any nodes in the hierarchy, it is
> removing the existing ones.
>
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one
> single publisher, enable usersync, and create a new user. This should trigger
> the package creation containing the invalid filter definition.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
