[
https://issues.apache.org/jira/browse/SLING-10362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17341995#comment-17341995
]
Konrad Windszus edited comment on SLING-10362 at 5/10/21, 4:30 PM:
-------------------------------------------------------------------
I already opened
https://github.com/apache/sling-org-apache-sling-starter/pull/20 to fix this.
This is no security issue, as this doesn't open other options than already the
ones with Bundles (which are deployed automatically when put below
{{/apps/.../install}}. I will add a hint to
https://sling.apache.org/documentation/bundles/content-package-installer-factory.html#configuration
as well.
Regarding
https://github.com/apache/sling-org-apache-sling-feature-extension-content/blob/master/src/main/java/org/apache/sling/feature/extension/content/ContentHandler.java:
It writes an OSGi configuration for
https://github.com/apache/sling-org-apache-sling-jcr-packageinit/blob/dd2685bfe7d690e6514e9073c00221151ffa3cc7/src/main/java/org/apache/sling/jcr/packageinit/impl/ExecutionPlanRepoInitializer.java#L141
which uses an admin session under the hood and therefore needs no dedicated
configuration.
was (Author: kwin):
I already opened
https://github.com/apache/sling-org-apache-sling-starter/pull/20 to fix this.
This is no security issue, as this doesn't open other options than already the
ones with Bundles (which are deployed automatically when put below
{{/apps/.../install}. I will add a hint to
https://sling.apache.org/documentation/bundles/content-package-installer-factory.html#configuration
as well.
Regarding
https://github.com/apache/sling-org-apache-sling-feature-extension-content/blob/master/src/main/java/org/apache/sling/feature/extension/content/ContentHandler.java:
It writes an OSGi configuration for
https://github.com/apache/sling-org-apache-sling-jcr-packageinit/blob/dd2685bfe7d690e6514e9073c00221151ffa3cc7/src/main/java/org/apache/sling/jcr/packageinit/impl/ExecutionPlanRepoInitializer.java#L141
which uses an admin session under the hood and therefore needs no dedicated
configuration.
> Sling Starter: trouble when installing packages with fileinstall provider
> -------------------------------------------------------------------------
>
> Key: SLING-10362
> URL: https://issues.apache.org/jira/browse/SLING-10362
> Project: Sling
> Issue Type: Improvement
> Components: Starter
> Affects Versions: Starter 12
> Environment: Sling-Starter 12-SNAPSHOT (commit 0e6a8e41) with JDK 11
> on MacOS
> Reporter: Hans-Peter Stoerr
> Assignee: Konrad Windszus
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> I'm trying to install some packages into a snapshot of the Starter 12 using
> the Sling [fileinstaller
> provider|https://sling.apache.org/documentation/bundles/file-installer-provider.html],
> which works somewhat but not properly when the package has a setup hook.
> It seems that the packages are internally transformed by the [Content Package
> Installer
> Factory|https://sling.apache.org/documentation/bundles/content-package-installer-factory.html],
> but too early - the packages are unpacked before the repository was properly
> set up. See the stacktrace below: the package was likely installed when the
> user 'sling-package-install' wasn't properly set up in the repository yet.
> As workaround I currently set the start level of the
> org.apache.sling.installer.factory.packages to 21 - a bit later than all the
> other bundles. That makes the problem disappear. This might be a possibility
> for the Sling Starter 12, too, but I'm not sure whether it is the right
> option. Possibly the fileinstaller provider needs more dependencies from some
> bundles to make sure it's started late enough. Another way would be to give
> the Sling fileinstaller provider some additional options like the
> felix.fileinstall.active.level of [Felix File
> Install|https://felix.apache.org/documentation/subprojects/apache-felix-file-install.html].
> Or the [run mode
> support|https://sling.apache.org/documentation/bundles/file-installer-provider.html#run-mode-support-1]
> of the Sling file installer should be made to work somehow with packages, so
> that the packages are only installed when the run mode specified in the path
> is reached. That would be even better, since for packages you often have to
> specify an order as well, and that would be another option than package
> dependencies.
> To reproduce the bug you can check out Sling Starter 12 and execute the
> following commands:
> {code}
> cd target/
> mkdir fileinstall
> wget
> [https://repo1.maven.org/maven2/com/composum/nodes/composum-nodes-sling-package/2.6.1/composum-nodes-sling-package-2.6.1.zip]
> mv composum-nodes-sling-package-2.6.1.zip fileinstall/
> java -jar dependency/org.apache.sling.feature.launcher.jar -f
> org.apache.sling.starter-12-SNAPSHOT-oak_tar_far.far -D
> felix.startlevel.bundle=30 -D sling.fileinstall.dir=fileinstall/
> {code}
> In the log you get the following stacktrace in the log:
> {code}
> 07.05.2021 16:42:44.945 *INFO* [Apache Sling Repository Startup Thread #1|#1]
> org.apache.sling.installer.provider.jcr.impl.RootFolderListener Watching
> /apps to detect potential changes in
> subfoldersault.packaging.PackageException: Package extraction requires admin
> session as it has a hook (userid 'sling-package-install' not allowed).
> at
> org.apache.jackrabbit.vault.packaging.impl.ZipVaultPackage.checkAllowanceToInstallPackage(ZipVaultPackage.java:226)
> [org.apache.jackrabbit.vault:3.4.10]
> at
> org.apache.jackrabbit.vault.packaging.impl.ZipVaultPackage.prepareExtract(ZipVaultPackage.java:199)
> [org.apache.jackrabbit.vault:3.4.10]
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:389)
> [org.apache.jackrabbit.vault:3.4.10]
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:356)
> [org.apache.jackrabbit.vault:3.4.10]
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:342)
> [org.apache.jackrabbit.vault:3.4.10]
> at
> org.apache.sling.installer.factory.packages.impl.PackageTransformer$InstallPackageTask.doExecute(PackageTransformer.java:337)
> [org.apache.sling.installer.factory.packages:1.0.4]
> at
> org.apache.sling.installer.factory.packages.impl.PackageTransformer$AbstractPackageInstallTask.execute(PackageTransformer.java:269)
> [org.apache.sling.installer.factory.packages:1.0.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.doExecuteTasks(OsgiInstallerImpl.java:918)
> [org.apache.sling.installer.core:3.11.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.executeTasks(OsgiInstallerImpl.java:755)
> [org.apache.sling.installer.core:3.11.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.run(OsgiInstallerImpl.java:304)
> [org.apache.sling.installer.core:3.11.4]
> at java.base/java.lang.Thread.run(Thread.java:834)
> {code}
> In some cases I also got the following stacktrace, which seems to indicate
> that a repository wasn't available or properly initialized:
> {code}
> java.lang.NullPointerException: null
> at
> org.apache.sling.jcr.oak.server.internal.OakSlingRepository$2.run(OakSlingRepository.java:99)
> [org.apache.sling.jcr.oak.server:1.2.10]
> at
> org.apache.sling.jcr.oak.server.internal.OakSlingRepository$2.run(OakSlingRepository.java:96)
> [org.apache.sling.jcr.oak.server:1.2.10]
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
> at
> org.apache.sling.jcr.oak.server.internal.OakSlingRepository.createServiceSession(OakSlingRepository.java:96)
> [org.apache.sling.jcr.oak.server:1.2.10]
> at
> org.apache.sling.jcr.base.AbstractSlingRepository2.createServiceSession(AbstractSlingRepository2.java:166)
> [org.apache.sling.jcr.base:3.1.6]
> at
> org.apache.sling.jcr.base.AbstractSlingRepository2.loginService(AbstractSlingRepository2.java:383)
> [org.apache.sling.jcr.base:3.1.6]
> at
> org.apache.sling.installer.factory.packages.impl.PackageTransformer$AbstractPackageInstallTask.execute(PackageTransformer.java:263)
> [org.apache.sling.installer. factory.packages:1.0.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.doExecuteTasks(OsgiInstallerImpl.java:918)
> [org.apache.sling.installer.core:3.11.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.executeTasks(OsgiInstallerImpl.java:755)
> [org.apache.sling.installer.core:3.11.4]
> at
> org.apache.sling.installer.core.impl.OsgiInstallerImpl.run(OsgiInstallerImpl.java:304)
> [org.apache.sling.installer.core:3.11.4]
> at java.base/java.lang.Thread.run(Thread.java:834)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
