Vincent Petry wrote:
> You might want to wait for 9.0.4 later to redo your test run. Or have a
> try with the daily stable9 build (upcoming 9.0.4):
> https://download.owncloud.org/community/daily/owncloud-daily-stable9.tar.bz2
>
> It was found that for long running processes like cron jobs or OCC
> commands the memory wasn't properly freed between users. Or let's say
> things were cached and not removed from the cache when not needed any
> more, which leads to out of memory errors. These problems were fixed on
> stable9.
>
> Regarding the case about LockedException I'm not sure it's fixed, let us
> know if you see it happening on stable9. If they do, please raise a bug
> report. It is important to find out how the shares were configured for
> the file for which the locked exception is occurring.
>
> And about the master key mode, what Victor said is not 100% correct. In
> regular encryption mode every user have their own private/public key
> pairs, and the private key is protected by the user's password. It is
> more secure. However in "master key mode" there is only on key (or
> keypair) and all files are encrypted using the same keys. The master key
> mode is less secure but allows more flexibility like adding users to
> group for which there is already a group share, which is not possible
> currently in the regular mode.
Thank you Vincent for the tips.
I restarted the encryption test with the suggested 9.0.4 stable9 build.
This time I prepared the Owncloud snapshot from the production Owncloud
instance more carefully:
1. Waited for a time, where no users logged in
2. Checked, that the Owncloud cron job was successful
3. Put Owncloud in single user mode:
./occ maintenance:singleuser --on
4. mysqldump of tables and data
5. Replaced absolute paths in mysqldump
6. Copied data directory from Owncloud production to Owncloud test
7. Created MySQL database from MySQL dumps
8. Setup Owncloud 9.0.4 stable9
9. Copied config/config.php and .htaccess files
10. Upgrade to 9.0.4 with ./occ upgrade
11. Manual checks as admin user and user1 in browser
12. Everything was OK
Now I started the encryption process on the Owncloud test instance.
I found 3 main problems here:
1. Master key creation was delayed until encryption itself was started.
For me it's also unclear why a separate key pair was created for
each user anyway (see logs).
2. The created encryption passwords for each user were not shown. I
think they were shown after the encryption process. But this is too
late in case of errors or interrupts. All users except the admin
user were authenticated with user_external app. Files for users are
probably lost (in this test only fortunately).
3. The encryption process stops after some minutes with locking errors.
Here is my protocol for encryption. I changed some private names
(usernames and filenames) here.
$ ./occ maintenance:repair
ownCloud is in maintenance mode - no app have been loaded
- Repair mime types
- Repair legacy storages
- Clear asset cache after upgrade
- Asset pipeline disabled -> nothing to do
- Generate ETags for file where no ETag is present.
- ETags have been fixed for 0 files/folders.
- Clean tags and favorites
- 0 tags for delete files have been removed.
- 0 tag entries for deleted tags have been removed.
- 0 tags with no entries have been removed.
- Drop old database tables
- Drop old background jobs
- Remove getetag entries in properties table
- Removed 0 unneeded "{DAV:}getetag" entries from properties table.
- Repair outdated OCS IDs
- Repair invalid shares
- Fix permissions so avatars can be stored again
- Manually copies the third-party folder changes since 9.0.0 due to
a bug in the updater.
- Third-party files seem already to have been copied. No repair
necessary.
- Rechecking code integrity not necessary.
$ ./occ encryption:status
- enabled: false
- defaultModule:
$ ./occ app:enable encryption
encryption enabled
$ ./occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
$ ./occ encryption:list-modules
- OC_DEFAULT_MODULE: Default encryption module [default*]
$ ./occ encryption:enable-master-key
Warning: Only available for fresh installations with no existing
encrypted data! There is also no way to disable it again. Do you
want to continue? (y/n) y
Master key successfully enabled.
$ ./occ encryption:enable
Encryption enabled
Default module: OC_DEFAULT_MODULE
$ ./occ encryption:status
- enabled: true
- defaultModule: OC_DEFAULT_MODULE
$ ./occ encryption:enable-master-key
Master key already enabled
$ nice ionice -c idle ./occ encryption:encrypt-all 2>&1 |tee -a
/tmp/owncloud-test-encryptall-daily9.log
You are about to start to encrypt all files stored in your ownCloud.
It will depend on the encryption module you use which files get
encrypted.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!
Do you really want to continue? (y/n) y
Encrypt all files with the Default encryption module
====================================================
Create key-pair for every user
------------------------------
This module will encrypt all files in the users files folder initially.
Already existing versions and files in the trash bin will not be
encrypted.
Create key-pair for admin
Create key-pair for user1
Create key-pair for user10
Start to encrypt users files
----------------------------
encrypt files for user admin (1 of 25):
/admin/files/ownCloudUserManual.pdf
encrypt files for user admin (1 of 25): /admin/files/Photos/Paris.jpg
encrypt files for user admin (1 of 25): /admin/files/Photos/San
Francisco.jpg
encrypt files for user admin (1 of 25): /admin/files/Photos/Squirrel.jpg
encrypt files for user admin (1 of 25):
/admin/files/Documents/Example.odt
encrypt files for user admin (1 of 25):
/admin/files/directory1/atext.txt
[...]
encrypt files for user bv (11 of 25): /user10/files/afile1.docx
encrypt files for user bv (11 of 25):
/user10/files/ownCloudUserManual.pdf
encrypt files for user bv (11 of 25):
/user10/files/20150726_somefile.pptx
[OCP\Lock\LockedException]
"20150726_somefile.pptx.encrypted.1468013830" is locked
[OCP\Lock\LockedException]
"files/2d52352508a914dfa005933d31df1ad1" is locked
Any ideas how I can fix the problems?
Greetings,
Björn
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
