search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.56k stars 4.08k forks source link

after updating 19.0.5 -> 20.0.2 apps cant be updated #24466

Closed hj-beckers closed 3 years ago

hj-beckers commented 4 years ago

When I try to update/install apps from the appstore, I get the message: "Error: Could not download app XXXX". We use a MITM-proxy and uptonow it was sufficient to append our own certificate to /files_external/rootcerts.crt.

This message comes from lib/private/Installer.php line 379 belonging to public function downLoadApp{$appId, $allowUnstable = false} ? The 2002 versions is different versus the 19.0x version in regard auf this variable $allowUnstable

diff output:

192d191
<    * @param bool [$allowUnstable] Allow unstable releases
195,196c194,195
<   public function updateAppstoreApp($appId, $allowUnstable = false) {
<       if ($this->isUpdateAvailable($appId, $allowUnstable)) {
---
>   public function updateAppstoreApp($appId) {
>       if ($this->isUpdateAvailable($appId)) {
198c197
<               $this->downloadApp($appId, $allowUnstable);
---
>               $this->downloadApp($appId);
216d214
<    * @param bool [$allowUnstable]
220c218
<   public function downloadApp($appId, $allowUnstable = false) {
---
>   public function downloadApp($appId) {
223c221
<       $apps = $this->appFetcher->get($allowUnstable);
---
>       $apps = $this->appFetcher->get();
389d386
<    * @param bool $allowUnstable
392c389
<   public function isUpdateAvailable($appId, $allowUnstable = false) {
---
>   public function isUpdateAvailable($appId) {
411c408
<           $this->apps = $this->appFetcher->get($allowUnstable);
---
>           $this->apps = $this->appFetcher->get();

In the nextcloud log is a curl complaint about a self signed certificate (in former releases this was corrected by the above mentioned certificate copy):

{"reqId":"7FQsZA0ZMTornK9QXbY6","level":2,"time":"2020-11-25T11:03:44+01:00","remoteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message":{"Exception":"GuzzleHttp\\Exception\\RequestException","Message":"cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)","Code":200,"Trace":[{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":155,"function":"createRejection","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"sink":{"__class__":"GuzzleHttp\\Psr7\\Stream"},"headers":[],"response":{"__class__":"GuzzleHttp\\Psr7\\Response"},"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/srv/www/htdocs/nextcloud/resources/config/ca-bundle.crt","timeout":60,"proxy":{"http":"10.47.7.42:3128","https":"10.47.7.42:3128"},"synchronous":true,"handler":{"__class__":"GuzzleHttp\\HandlerStack"},"allow_redirects":{"max":5,"protocols":["http","https"],"strict":false,"referer":false,"track_redirects":false},"http_errors":true,"decode_content":true,"cookies":false,"idn_conversion":true},"errno":60,"onHeadersException":null,"__class__":"GuzzleHttp\\Handler\\EasyHandle"},{"errno":60,"error":"SSL certificate problem: self signed certificate in certificate chain","appconnect_time":0,"url":"https://apps.nextcloud.com/api/v1/apps.json","content_type":null,"http_code":0,"header_size":39,"request_size":103,"filetime":-1,"ssl_verify_result":19,"redirect_count":0,"total_time":0.060743,"namelookup_time":5.5e-5,"connect_time":0.00057,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"10.47.7.42","certinfo":[],"primary_port":3128,"local_ip":"10.47.8.71","local_port":39862,"http_version":0,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":0,"connect_time_us":570,"namelookup_time_us":55,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":60743,"curl_version":"7.66.0"}]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":105,"function":"finishError","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"__class__":"GuzzleHttp\\Handler\\CurlHandler"},{"sink":{"__class__":"GuzzleHttp\\Psr7\\Stream"},"headers":[],"response":{"__class__":"GuzzleHttp\\Psr7\\Response"},"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/srv/www/htdocs/nextcloud/resources/config/ca-bundle.crt","timeout":60,"proxy":{"http":"10.47.7.42:3128","https":"10.47.7.42:3128"},"synchronous":true,"handler":{"__class__":"GuzzleHttp\\HandlerStack"},"allow_redirects":{"max":5,"protocols":["http","https"],"strict":false,"referer":false,"track_redirects":false},"http_errors":true,"decode_content":true,"cookies":false,"idn_conversion":true},"errno":60,"onHeadersException":null,"__class__":"GuzzleHttp\\Handler\\EasyHandle"},{"__class__":"GuzzleHttp\\Handler\\CurlFactory"}]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php","line":43,"function":"finish","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"__class__":"GuzzleHttp\\Handler\\CurlHandler"},{"sink":{"__class__":"GuzzleHttp\\Psr7\\Stream"},"headers":[],"response":{"__class__":"GuzzleHttp\\Psr7\\Response"},"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/srv/www/htdocs/nextcloud/resources/config/ca-bundle.crt","timeout":60,"proxy":{"http":"10.47.7.42:3128","https":"10.47.7.42:3128"},"synchronous":true,"handler":{"__class__":"GuzzleHttp\\HandlerStack"},"allow_redirects":{"max":5,"protocols":["http","https"],"strict":false,"referer":false,"track_redirects":false},"http_errors":true,"decode_content":true,"cookies":false,"idn_conversion":true},"errno":60,"onHeadersException":null,"__class__":"GuzzleHttp\\Handler\\EasyHandle"},{"__class__":"GuzzleHttp\\Handler\\CurlFactory"}]},{"file":"/
srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/Proxy.php","line":28,"function":"__invoke","class":"GuzzleHttp\\Handler\\CurlHandler","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/Proxy.php","line":51,"function":"GuzzleHttp\\Handler\\{closure}","class":"GuzzleHttp\\Handler\\Proxy","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php","line":37,"function":"GuzzleHttp\\Handler\\{closure}","class":"GuzzleHttp\\Handler\\Proxy","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":29,"function":"__invoke","class":"GuzzleHttp\\PrepareBodyMiddleware","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":70,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":59,"function":"__invoke","class":"GuzzleHttp\\RedirectMiddleware","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php","line":71,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":361,"function":"__invoke","class":"GuzzleHttp\\HandlerStack","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":163,"function":"transfer","class":"GuzzleHttp\\Client","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":183,"function":"requestAsync","class":"GuzzleHttp\\Client","type":"->","args":["get",{"__class__":"GuzzleHttp\\Psr7\\Uri"},{"verify":"/srv/www/htdocs/nextcloud/resources/config/ca-bundle.crt","timeout":60,"proxy":{"http":"10.47.7.42:3128","https":"10.47.7.42:3128"},"synchronous":true,"handler":{"__class__":"GuzzleHttp\\HandlerStack"},"allow_redirects":{"max":5,"protocols":["http","https"],"strict":false,"referer":false,"track_redirects":false},"http_errors":true,"decode_content":true,"cookies":false,"idn_conversion":true,"_conditional":{"User-Agent":"GuzzleHttp/6.5.1 curl/7.66.0 PHP/7.4.6"}}]},{"file":"/srv/www/htdocs/nextcloud/lib/private/Http/Client/Client.php","line":233,"function":"request","class":"GuzzleHttp\\Client","type":"->","args":["get","https://apps.nextcloud.com/api/v1/apps.json",{"verify":"/srv/www/htdocs/nextcloud/resources/config/ca-bundle.crt","timeout":60,"proxy":{"http":"10.47.7.42:3128","https":"10.47.7.42:3128"},"headers":{"User-Agent":"Nextcloud Server Crawler","Accept-Encoding":"gzip"},"synchronous":true}]},{"file":"/srv/www/htdocs/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php","line":115,"function":"get","class":"OC\\Http\\Client\\Client","type":"->","args":["https://apps.nextcloud.com/api/v1/apps.json",{"timeout":60}]},{"file":"/srv/www/htdocs/nextcloud/lib/private/App/AppStore/Fetcher/AppFetcher.php","line":88,"function":"fetch","class":"OC\\App\\AppStore\\Fetcher\\Fetcher","type":"->","args":["",""]},{"file":"/srv/www/htdocs/nextcloud/lib/private/App/AppStore/Fetcher/Fetcher.php","line":187,"function":"fetch","class":"OC\\App\\AppStore\\Fetcher\\AppFetcher","type":"->","args":["","",false]},{"file":"/srv/www/htdocs/nextcloud/lib/private/Installer.php","line":223,"function":"get","class":"OC\\App\\AppStore\\Fetcher\\Fetcher","type":"->","args":[false]},{"
file":"/srv/www/htdocs/nextcloud/core/Command/App/Install.php","line":67,"function":"downloadApp","class":"OC\\Installer","type":"->","args":["calendar"]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/symfony/console/Command/Command.php","line":255,"function":"execute","class":"OC\\Core\\Command\\App\\Install","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/symfony/console/Application.php","line":1000,"function":"run","class":"Symfony\\Component\\Console\\Command\\Command","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/symfony/console/Application.php","line":271,"function":"doRunCommand","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"OC\\Core\\Command\\App\\Install"},{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/srv/www/htdocs/nextcloud/3rdparty/symfony/console/Application.php","line":147,"function":"doRun","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/srv/www/htdocs/nextcloud/lib/private/Console/Application.php","line":215,"function":"run","class":"Symfony\\Component\\Console\\Application","type":"->","args":[{"__class__":"Symfony\\Component\\Console\\Input\\ArgvInput"},{"__class__":"Symfony\\Component\\Console\\Output\\ConsoleOutput"}]},{"file":"/srv/www/htdocs/nextcloud/console.php","line":100,"function":"run","class":"OC\\Console\\Application","type":"->","args":[]},{"file":"/srv/www/htdocs/nextcloud/occ","line":11,"args":["/srv/www/htdocs/nextcloud/console.php"],"function":"require_once"}],"File":"/srv/www/htdocs/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":201,"CustomMessage":"--"},"userAgent":"--","version":"20.0.2.2"}

Versions: openSUSE 15.2, nextcloud 20.0.2, php 7.4.6, mariadb. 10.4.14. In a installation with opensuse 15.1, nc 19.0.5, php 7.2.5 and the same certificate appended to rootcerts.crt there are no problems. Any hints?

MorrisJobke commented 3 years ago

@hj-beckers Do you mind to import your custom certificates into Nextcloud via occ security:certificates:import? it might be that there is a problem with https://github.com/nextcloud/server/pull/21090 (see comment https://github.com/nextcloud/server/pull/21090#issuecomment-726997785)

If this is the case try to revert the change in #21090.

MorrisJobke commented 3 years ago

Fixed by imported certificates and https://github.com/nextcloud/server/pull/24556

hj-beckers commented 3 years ago

@hj-beckers Do you mind to import your custom certificates into Nextcloud via occ security:certificates:import? it might be that there is a problem with #21090 (see comment #21090 (comment))

Makes no difference. If this is the case try to revert the change in #21090. How would i do that? Doesn't that need an installed git?

hj-beckers commented 3 years ago

Updating to 20.0.3 solved the problem.