After Upgrade OC7 => OC8.0.3 some encryption keys are broken

[rjaeckel]

Steps to reproduce

1. working oc7.0.4
2. get folder shared by other users, probably shared to many (?)
3. manually upgrade, php occ upgrade

   Expected behaviour

shared files should be accessible

Actual behaviour

Browser returns 500 error; Details on bottom

Server configuration

Operating system: ubuntu 14.04 LTS

Web server: apache 2.4

Database: mysql 5.5

PHP version: 5.5.9 with Zend OPCache v7.0.3

ownCloud version: 7.0.4 => 8.0.3

Updated from an older ownCloud or fresh install: upgraded

List of activated apps:

• activity
• files
• files_encryption
• files_external
• files_pdfviewer
• files_sharing
• files_texteditor
• files_versions
• files_videoviewer
• firstrunwizard
• gallery
• updater
• user_ldap

The content of config/config.php:

$CONFIG = array (
  'trusted_domains' =>
  array (
    0 => 'test.cloud.uni-halle.de',
  ),
  'datadirectory' => '/var/www/owncloud-test/oc-data',
  'skeletondirectory' => '/var/www/owncloud-test/user-template',
  'dbtype' => 'mysql',
  'version' => '8.0.3.4',
  'theme' => '',
  'preview_libreoffice_path' => '/usr/bin/libreoffice',
  'loglevel' => '2',
  'maintenance' => false,
  'appstoreenabled' => false,
  'enable_avatars' => false,
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\Image',
    1 => 'OC\\Preview\\MP3',
    2 => 'OC\\Preview\\TXT',
    3 => 'OC\\Preview\\MarkDown',
    4 => 'OC\\Preview\\Movie',
    5 => 'OC\\Preview\\MSOffice2003',
    6 => 'OC\\Preview\\MSOffice2007',
    7 => 'OC\\Preview\\MSOfficeDoc',
    8 => 'OC\\Preview\\OpenDocument',
    9 => 'OC\\Preview\\PDF',
    10 => 'OC\\Preview\\StarOffice',
    11 => 'OC\\Preview\\SVG',
  ),
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'config_is_read_only' => true,
);

Are you using external storage, if yes which one: nope

Are you using encryption: yes, enabled for all

Are you using an external user-backend, if yes which one: ActiveDirectory

I'm getting several Errors like this one:

Array
(
    [Message] => Encryption key not found for "/abewm/files/Relaunch Web/Projekt Relaunch Website 09-03-2015.pdf" during attempted read via stream
    [Code] => 0
    [Trace] => #0 [internal function]: OCA\Files_Encryption\Stream->stream_read(8192)
#1 /var/www/owncloud-test/owncloud-8/lib/private/files/view.php(283): fread(Resource id #174, 8192)
#2 /var/www/owncloud-test/owncloud-8/lib/private/files/filesystem.php(606): OC\Files\View->readfile('/Relaunch Web/P...')
#3 /var/www/owncloud-test/owncloud-8/lib/private/files.php(155): OC\Files\Filesystem::readfile('/Relaunch Web/P...')
#4 /var/www/owncloud-test/owncloud-8/apps/files/ajax/download.php(37): OC_Files::get('/Relaunch Web', Array, false)
#5 /var/www/owncloud-test/owncloud-8/lib/private/route/route.php(135) : runtime-created function(1): require_once('/var/www/ownclo...')
#6 [internal function]: __lambda_func(Array)
#7 /var/www/owncloud-test/owncloud-8/lib/private/route/router.php(250): call_user_func('?lambda_827', Array)
#8 /var/www/owncloud-test/owncloud-8/lib/base.php(782): OC\Route\Router->match('/apps/files/aja...')
#9 /var/www/owncloud-test/owncloud-8/index.php(36): OC::handleRequest()
#10 {main}
    [File] => /var/www/owncloud-test/owncloud-8/apps/files_encryption/lib/stream.php
    [Line] => 281
)

Before upgrade everything worked fine. The files are shared by another user. Bot not every file shared is affected. I guess resharing would be a solution to this. But I'd rather prefer to get a reason for this.

The Installation was updated manually using php occ upgrade . Is there anyway to get a log about the upgrade process?

[LukasReschke]

Can you please provide the additional information from the issue template? Thanks!

https://github.com/owncloud/core/blob/master/CONTRIBUTING.md

[rjaeckel]

@LukasReschke , updated the post

[LukasReschke]

cc @schiesbn @th3fallen Encryption related.

[rjaeckel]

Some notes about the Share

• the broken files might have been renamed during their life in oc7
• other files in the same share are working properly
• the problem does not seem to be related to the filenames as other files with spaces are working

[ghost]

Have you tried: https://doc.owncloud.org/server/8.0/admin_manual/release_notes.html#manually-migrate-encryption-keys-after-upgrade

[rjaeckel]

As most of the keys are already migrated, this would AFAIK and experienced corrupt the already working ones.

Please correct me, if that's wrong.

[schiessle]

It should be save to try the command line tool. We just move the keys from the old location to the new one. Keys already moved successfully wont be touched again because for the same file there wont be any keys at the old location.

Still as always, it is recommended to make a backup of your current state first.

[oparoz]

Just got the same problem when migrating to 8.0.3. Some files can't be decrypted. The folder is not shared. Manual key migration didn't fix things.

I checked the files_encryption folder and the keys are 0 byte. The date on the file suggests this was done while on oc 7.

EDIT: Checked the backup and those keys were indeed already wiped by oC 7.0.4

[schiessle]

@oparoz This sounds like a different issue. I never saw that keys are 0byte but we are aware of some issues with name conflicts which could overwrite existing keys (this happens really seldom, you need the right combination of folders, user names, filenames and share the file with the right user) all of them should be fixed in oC >= 8.0 but it is possible that user have some broken keys from previous versions.

But I think it is unrelated to the original issue here.

[oparoz]

I agree. Keys were wiped when trying to share files on oC7. I don't think I've encountered the issue on 8.

[DeepDiver1975]

@schiesbn any thing to do here? thx

[rjaeckel]

As oparoz already stated it was the same in our case, the keys for the files are already corrupted in the OC7 version... probalby an issue related to wrong password for the keyfiles

@schiesbn close, plz

Sorry for any trouble a made.

[SergioBertolinSG]

I've tested this, first without active directory there is no problem at all with upgrading from 7 to 8.0.X using encryption.

But in the same situation with an active directory enabled and a folder shared to a active directory group of users I got a mysql exception:

Turned on maintenance mode An exception occurred while executing 'CREATE INDEX 9e69e7zfw5ie1 ON share_5zbksy7wuomzf (item_type, share_type)':

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '9e69e7zfw5ie1 ON share_5zbksy7wuomzf (item_type, share_type)' at line 1 Turned off maintenance mode Update failed

[LukasReschke]

@SergioBertolinSG Test https://github.com/owncloud/core/pull/16815