? Success

User tests: Successful: Unsuccessful:

avatar roland-d
roland-d
10 Dec 2015

Description

This PR is to make use of the available JHttp transport mechanism. So we only have one codebase for doing the downloads instead of two.

Testing

Please test this PR on a few live hosts as they are more likely to have issues than running this locally.

Test Joomla! Update:
1. Install Joomla 3.4.4 (https://github.com/joomla/joomla-cms/releases/download/3.4.4/Joomla_3.4.4-Stable-Full_Package.zip)
2. Install the patchtester (http://joom.la/patchtester)
3. Apply the patch
4. Go to Components -> Joomla! Updater
5. Check that you get the update 3.4.8 offered
6. Install the 3.4.8 update
7. Check that the update installs fine.

Test Weblinks update:
1. Install the patchtester (http://joom.la/patchtester)
2. Apply the patch
3. Install Weblinks 3.4.0 (https://github.com/joomla-extensions/weblinks/releases/download/3.4.0/pkg_weblinks_3.4.0.zip)
4. Go to Extensions -> Update
5. Scan for updates
6. Install the update Weblinks 3.4.1
7. Check that the update installs fine.

Thanks for @wilsonge for the code review and feedback.

avatar roland-d roland-d - open - 10 Dec 2015
avatar roland-d roland-d - change - 10 Dec 2015
Status New Pending
avatar roland-d roland-d - change - 10 Dec 2015
Milestone Added:
avatar joomla-cms-bot joomla-cms-bot - change - 10 Dec 2015
Labels Added: ?
avatar Bakual
Bakual - comment - 10 Dec 2015

If you merge this while the issue with the AmazonS3 certificate isn't fixed, then Joomla Updates will fail due to invalid root certs on some servers.
One major difference between JHttp and the com_joomlaupdate downloader is that JHttp does peer validation while the latter doesn't do it.

avatar roland-d
roland-d - comment - 10 Dec 2015

@Bakual, I am aware of the peer validation but I had no problem to do a Joomla update or download a language pack from AWS using the staging branch. This is also good to identify where the issues are and we can fix them.

avatar Bakual
Bakual - comment - 10 Dec 2015

Yes, it works on some (most) servers, but it fails on some. It depends on the server setup and it can be easily tested with com_weblinks. Update Weblinks from 3.4.0 to 3.4.1 using the extension updater. If that works, then your server is unaffected. But if that update fails, then the Joomla Update will fail as well with this PR. And this is not something you want to happen.
Thus the AmazonS3 issue needs to be fixed before this PR can be merged.

avatar roland-d
roland-d - comment - 10 Dec 2015

@Bakual I have added the Weblinks test to the test instructions.

[quote]If that works, then your server is unaffected.[/quote]I thought it was based on the cacert.pem Joomla supplies rather than what the server has. It works different?

avatar wilsonge
wilsonge - comment - 10 Dec 2015

Servers also have their own cacert.perm installed often - so I guess it at least partly depends on that.

avatar brianteeman
brianteeman - comment - 10 Dec 2015

The amazons3 issue cannot be fixed while we ship the current cacert.pem
which is not compatible with amazons3 - as explained ad nauseum already

On 10 December 2015 at 22:26, George Wilson notifications@github.com
wrote:

Servers also have their own cacert.perm installed often - so I guess it at
least partly depends on that.


Reply to this email directly or view it on GitHub
#8645 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

avatar Bakual
Bakual - comment - 11 Dec 2015

Brian is right. We either have to change our cacert.pem to include the root cert for AmazonS3 or wait till they fix it themself (which doesn't seem to be anytime soon).
If we change the cacert.pem, we need to have a process how it can be updated in future.
If someone needs a playground to test this issue, just tell me. I have such an affected server.

avatar roland-d
roland-d - comment - 11 Dec 2015

@Bakual I would like to have access. Thanks.

avatar wilsonge
wilsonge - comment - 11 Dec 2015

If your stuff doesn't work Roland the next step is to try with the cacert.perm that comes from centos nic is shipping with FOF (https://github.com/akeeba/fof/blob/development/fof/Download/Adapter/cacert.pem)

avatar Bakual
Bakual - comment - 11 Dec 2015

Sent credentials to Roland.
The cacert.pem from Nic is working. I tried that. But we need to get a way to recreate this periodically if we go this way. The one we use now (curl.haxx.se/ca/cacert.pem) is considered the "official" one and is available for public download. I don't know how the one from Centos can be retrieved.

avatar brianteeman
brianteeman - comment - 11 Dec 2015

Just Google it. It's well documented how to create a valid cacert.pem even
on the haxx web site. It's just a case of compiling with the correcr
options which for some reason haxx decided to override.
On 11 Dec 2015 5:59 pm, "Thomas Hunziker" notifications@github.com wrote:

Sent credentials to Roland.
The cacert.pem from Nic is working. I tried that. But we need to get a way
to recreate this periodically if we go this way. The one we use now (
curl.haxx.se/ca/cacert.pem) is considered the "official" one and is
available for public download. I don't know how the one from Centos can be
retrieved.


Reply to this email directly or view it on GitHub
#8645 (comment).

avatar wilsonge
wilsonge - comment - 11 Dec 2015

They increased the security requirements. Anything that used 1024-bit key's got removed from their lists. (see http://curl.haxx.se/mail/archive-2014-10/0066.html#start)

avatar Bakual
Bakual - comment - 11 Dec 2015

Just Google it. It's well documented how to create a valid cacert.pem even
on the haxx web site.

Yeah, but you will get a different one on every distro / browser. And we certainly don't want another cacert.pem source each time we update it. That's why I ask for a way to get predictable results.
With haxx.se this was very simple as they offer the file for download and they are kind of an official source.
With Centos I'm not aware of such a download location. We would need to recreate it from a Centos (which version?) installation each time. It greatly reduces the number of people who could do that both because of access to Centos and knowhow of creating the file.
Tobias tried to just add the (unsafe) root cert from AmazonS3 to our cacert.pem, but for some reason you can't just add a cert to the file.

avatar brianteeman
brianteeman - comment - 11 Dec 2015

No you do NOT need to get it from centos. As I said the instructions to
create it are easy to find. If I can find it I'm sure you can. (On phone or
would paste the link)
On 11 Dec 2015 6:34 pm, "Thomas Hunziker" notifications@github.com wrote:

Just Google it. It's well documented how to create a valid cacert.pem even
on the haxx web site.

Yeah, but you will get a different one on every distro / browser. And we
certainly don't want another cacert.pem source each time we update it.
That's why I ask for a way to get predictable results.
With haxx.se this was very simple as they offer the file for download and
they are kind of an official source.
With Centos I'm not aware of such a download location. We would need to
recreate it from a Centos (which version?) installation each time. It
greatly reduces the number of people who could do that both because of
access to Centos and knowhow of creating the file.
Tobias tried to just add the (unsafe) root cert from AmazonS3 to our
cacert.pem, but for some reason you can't just add a cert to the file.


Reply to this email directly or view it on GitHub
#8645 (comment).

avatar Bakual
Bakual - comment - 11 Dec 2015

It isn't about creating them. It's indeed possible to do that as long as you have CLI access to a server.
As far as I understand the system, the root CAs "installed" on a system vary by the server enviroment. So if you create a cacert.pem on your server it will most likely not be the same as when I create one on my server.
There is no "official" list of root CAs that have to be installed on each system. Most server OS take the list of root CAs which are bundled by browsers, namely the ones from Mozilla. Which is also the one haxx.se offers for download. And Mozilla (not haxx.se) removed the certs using the unsecure RSA-1024 encryption around a year ago.
So apparently some servers like Centos didn't remove those unsecure root CAs from their distro and that's why they still work. Those bundles installed on the server seem to be checked additionally to the cacert.pem we provide.

avatar Bakual
Bakual - comment - 11 Dec 2015

Just did some tests again on my server and apparently it works now. Also https://www.sslshopper.com/ssl-checker.html#hostname=github-cloud.s3.amazonaws.com shows the cert now as fine.
Thus it looks like AmazonS3 finally solved the issue on their end.

Thus our current cacert.pem will work and this PR should be fine.

Sorry for the confusion then. I wasn't aware they have changed their certs now. Last I checked was about two or three weeks ago.

avatar andrepereiradasilva
andrepereiradasilva - comment - 12 Dec 2015

True, it seems finally Amazon S3 uses a new certificate that uses "DigiCert High Assurance EV Root CA" as root CA (also seems to be cross-signed with "Baltimore Cybertrust Root" CA).

Both root CA ("DigiCert High Assurance EV Root CA" and "Baltimore Cybertrust Root") are in curl.haxx.se root CA certs file: http://curl.haxx.se/ca/cacert.pem

avatar wilsonge
wilsonge - comment - 13 Dec 2015

We still need to test this PR on more shared hosts. Nic's code has a lot more fallbacks than we have currently in JHttp. So we need to be careful we don't break updates on poor quality hosts

avatar roland-d roland-d - change - 7 Jan 2016
The description was changed
avatar roland-d roland-d - change - 7 Jan 2016
The description was changed
avatar joomla-cms-bot joomla-cms-bot - change - 7 Jan 2016
Labels Added: ?
avatar iplocker iplocker - test_item - 7 Jan 2016 - Tested successfully
avatar iplocker
iplocker - comment - 7 Jan 2016

I have tested this item :white_check_mark: successfully on 6324947

I have test the first test with Joomla Update it and it worked.
Thanks


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar joomla-cms-bot
joomla-cms-bot - comment - 18 Jan 2016

This PR has received new commits.

CC: @iplocker


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar joomla-cms-bot
joomla-cms-bot - comment - 18 Jan 2016

This PR has received new commits.

CC: @iplocker


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar efEris
efEris - comment - 18 Jan 2016

Both tests worked for me on a chrooted server (thats fails WP update btw.).

avatar wilsonge wilsonge - change - 18 Jan 2016
Labels Removed: ?
avatar brianteeman brianteeman - test_item - 19 Jan 2016 - Not tested
avatar brianteeman
brianteeman - comment - 19 Jan 2016

I have not tested this item.

Tested ok (not that I ever had a problem before on this server)

However I did get a failure when testing under ftp mode where it said "invalid credentials" but still went ahead and updated (did it fall back to using non-ftp mode) - will try to work out how to replicate that


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar joomla-cms-bot
joomla-cms-bot - comment - 20 Jan 2016

This PR has received new commits.

CC: @brianteeman, @iplocker


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar alikon
alikon - comment - 23 Jan 2016

both updated
works from my side

avatar roland-d
roland-d - comment - 27 Jan 2016

@brianteeman I tested this with the FTP layer enabled but didn't get any error and the update worked as expected. If you are able to replicate it, I would like to hear it.

avatar brianteeman
brianteeman - comment - 27 Jan 2016

Yeah no idea what happened. Tried five times and couldn't replicate it.
On 27 Jan 2016 10:20 am, "RolandD" notifications@github.com wrote:

@brianteeman https://github.com/brianteeman I tested this with the FTP
layer enabled but didn't get any error and the update worked as expected.
If you are able to replicate it, I would like to hear it.


Reply to this email directly or view it on GitHub
#8645 (comment).

avatar waader waader - test_item - 27 Jan 2016 - Tested successfully
avatar waader
waader - comment - 27 Jan 2016

I have tested this item :white_check_mark: successfully on c4f86b5

I have tested - following your instructions - on two live hosts and it worked. Thanks roland-d!


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar uglyeoin
uglyeoin - comment - 27 Jan 2016

I have encouraged a lot of people to test this, making it easier to understand how to test is the main obstacle. I didn't think I would know how to test, these instructions were great.

Obviously I'm a complete noob, but I think it is worth adding the following to the instructions for other noobs.

After install patch tester.

Go to Components > Patch Tester.

Click on Fetch Data

Find the patch. (I tried to search by number but it didn't work so I sorted descending and scrolled through to find it)

Click on the "apply the patch" button.

After you have finished testing go to this link: https://issues.joomla.org/tracker/joomla-cms/8645 and click on the blue "test this" button. Fill in the form.

I tested this successfully.

avatar uglyeoin uglyeoin - test_item - 27 Jan 2016 - Tested successfully
avatar uglyeoin
uglyeoin - comment - 27 Jan 2016

I have tested this item :white_check_mark: successfully on c4f86b5

Tested, Joomla! updated. Weblinks Updated. Siteground server (Go Geek)


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar Bodge-IT Bodge-IT - test_item - 27 Jan 2016 - Tested successfully
avatar Bodge-IT
Bodge-IT - comment - 27 Jan 2016

I have tested this item :white_check_mark: successfully on c4f86b5

Installed on local WAMP isnatllation.

PHP 5.4.3
Apache 2.2.22
MYSQL 5.5.16

No issues encountered.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar Bodge-IT Bodge-IT - test_item - 27 Jan 2016 - Tested successfully
avatar Bodge-IT
Bodge-IT - comment - 27 Jan 2016

I have tested this item :white_check_mark: successfully on c4f86b5

Tested on: Namesco Hosting
MySQL: 5.5.5-10.1.10-MariaDB
PHP: 5.6.17
WebServer: Unkown

No issues.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar Bodge-IT Bodge-IT - test_item - 27 Jan 2016 - Tested unsuccessfully
avatar Bodge-IT
Bodge-IT - comment - 27 Jan 2016

I have tested this item :red_circle: unsuccessfully on c4f86b5

Tested on: UKFast Hosting
PHP: 5.4.45
MySQL: 5.5.37
WebServer: Unkown
Failed to install Patch. Step 3 of testing instructions.
Uninstalled patch tester and reinstalled, same issue.

Think this issues for this particular hosting has already been raised by JoomlaLondon.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar wilsonge
wilsonge - comment - 27 Jan 2016

If patchtester isn't working you can try manually applying it to the files

avatar andrepereiradasilva
andrepereiradasilva - comment - 27 Jan 2016

@Bodge-IT check if you are having have the issue described in this PR #8676

avatar Bodge-IT Bodge-IT - test_item - 28 Jan 2016 - Tested successfully
avatar Bodge-IT
Bodge-IT - comment - 28 Jan 2016

I have tested this item :white_check_mark: successfully on c4f86b5

Tested on Siteground Hosting
PHP: 5.3.29
MYSQL: 5.5.44-37.3-log
Apache: Unknown

No Issues.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar wilsonge wilsonge - change - 15 Feb 2016
Milestone Added:
avatar wilsonge wilsonge - change - 15 Feb 2016
Milestone Removed:
avatar brianteeman brianteeman - change - 14 Mar 2016
Category Libraries
avatar zero-24
zero-24 - comment - 20 Mar 2016

After much testing i guess we can move here to RTC? Or do we need more tests here?

avatar wilsonge
wilsonge - comment - 20 Mar 2016

RTC

avatar brianteeman brianteeman - change - 22 Mar 2016
Milestone Removed:
avatar brianteeman brianteeman - change - 22 Mar 2016
Milestone Added:
avatar brianteeman brianteeman - change - 22 Mar 2016
Milestone Added:
avatar brianteeman brianteeman - change - 22 Mar 2016
Milestone Removed:
avatar wilsonge wilsonge - change - 12 Apr 2016
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - change - 12 Apr 2016
Labels Removed: ?
avatar wilsonge
wilsonge - comment - 12 Apr 2016

RTC Jissues bot. Listen to me!

avatar wilsonge wilsonge - change - 12 Apr 2016
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - change - 12 Apr 2016
Labels Removed: ?
avatar wilsonge wilsonge - change - 12 Apr 2016
Status Pending Ready to Commit
avatar wilsonge wilsonge - change - 12 Apr 2016
Labels Added: ?
avatar wilsonge
wilsonge - comment - 12 Apr 2016

OK Plan is to merge this in combination with the com_joomlaupdate changes in @zero-24 's PR

avatar rdeutz
rdeutz - comment - 13 Apr 2016

@roland-d could you have a look at the merge conflicts, thanks

avatar rdeutz
rdeutz - comment - 13 Apr 2016

@wilsonge you mean #9612 with the in combination statement?

avatar joomla-cms-bot
joomla-cms-bot - comment - 13 Apr 2016

This PR has received new commits.

CC: @Bodge-IT, @brianteeman, @iplocker, @uglyeoin, @waader


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8645.

avatar roland-d
roland-d - comment - 13 Apr 2016

@rdeutz Merge conflicts fixed.

avatar wilsonge
wilsonge - comment - 13 Apr 2016

@rdeutz yes I mean #9612 :)

avatar rdeutz rdeutz - change - 13 Apr 2016
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2016-04-13 08:32:00
Closed_By rdeutz
avatar rdeutz rdeutz - close - 13 Apr 2016
avatar rdeutz rdeutz - merge - 13 Apr 2016
avatar joomla-cms-bot joomla-cms-bot - close - 13 Apr 2016
avatar rdeutz rdeutz - reference | 0c8afc0 - 13 Apr 16
avatar rdeutz rdeutz - merge - 13 Apr 2016
avatar rdeutz rdeutz - close - 13 Apr 2016
avatar joomla-cms-bot joomla-cms-bot - change - 13 Apr 2016
Labels Removed: ?
avatar rdeutz
rdeutz - comment - 13 Apr 2016

ok merged in combination :-)

avatar rdeutz rdeutz - change - 1 May 2016
Milestone Removed:
avatar rdeutz rdeutz - change - 1 May 2016
Milestone Added:
avatar rdeutz rdeutz - change - 1 May 2016
Milestone Added:
avatar rdeutz rdeutz - change - 1 May 2016
Milestone Removed:

Add a Comment

Login with GitHub to post a comment