Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-36903

Download pre-check for plugin ZIP packages

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.4
    • Component/s: Administration
    • Labels:
    • Testing Instructions:
      Hide

      Testing difficulty: HARD (requires root access to the machine)

      In this test, you are about to simulate a situation of missing certificate for the certification authority (CA) that signed the HTTPS certificate for moodle.org sites. Previously, the absence of the certificate caused ugly error screens at the end of the deployment process. We want to make sure that the 'Install this update' button is not displayed at all.

      1. Please use the test instructions from MDL-35238 and prepare the fake.php script to replace the default one. Make it so that fake.php will report an available update and the download URL of the zip will be at https://moodle.org/plugins/... (the real URL of a ZIP uploaded into the Plugins).
      2. TEST: Check for available updates and make sure the available update for your plugin is reported.
      3. Now we must remove the DigiCert's certificate from your operating system. Please refer to your SSL compile-time configuration to find out the paths where SSL certs are stored. At my machine, certificates are in /etc/ssl/certs/ and the one we want to remove (move it somewhere so you can put it back after testing!) is called DigiCert_High_Assurance_EV_Root_CA.pem. It may have different name at your machine, but it should be the one published at https://www.digicert.com/digicert-root-certificates.htm as the "DigiCert High Assurance EV Root CA".
      4. Once that certificate is missing from your OS, reload the page that informs you about available updates.
      5. TEST: Make sure that no "Install this update" button is displayed. Instead, you should see "Can not download the package" help link (with "More help" link that does not lead to any existing docs page yet). Please note, if you have removed some certificate and the button is still there, the chances are that you removed the wrong certificate. Please double check before you fail this test. Thanks.
      6. Now, download the file https://www.digicert.com/testroot/DigiCertHighAssuranceEVRootCA.crt and put it into moodledata/moodleorgca.crt
      7. Reload the page that informs you about available updates again.
      8. TEST: Make sure the "Install this update" button is displayed again.
      9. TEST: Make sure the plugin can be updated via that button.

      Note: Instead of fake.php, you can use the default provider and some plugin that already has a 2.4 version published in the Plugins directory
      Note: If you have a site with missing DigiCert already, just skip the step with moving it to a temporary place.
      Note: There is moodledata/mdeploy/mdeploy.log file that may contain useful information for you (this info will be added to docs)

      Show
      Testing difficulty: HARD (requires root access to the machine) In this test, you are about to simulate a situation of missing certificate for the certification authority (CA) that signed the HTTPS certificate for moodle.org sites. Previously, the absence of the certificate caused ugly error screens at the end of the deployment process. We want to make sure that the 'Install this update' button is not displayed at all. Please use the test instructions from MDL-35238 and prepare the fake.php script to replace the default one. Make it so that fake.php will report an available update and the download URL of the zip will be at https://moodle.org/plugins/ ... (the real URL of a ZIP uploaded into the Plugins). TEST: Check for available updates and make sure the available update for your plugin is reported. Now we must remove the DigiCert's certificate from your operating system. Please refer to your SSL compile-time configuration to find out the paths where SSL certs are stored. At my machine, certificates are in /etc/ssl/certs/ and the one we want to remove (move it somewhere so you can put it back after testing!) is called DigiCert_High_Assurance_EV_Root_CA.pem. It may have different name at your machine, but it should be the one published at https://www.digicert.com/digicert-root-certificates.htm as the "DigiCert High Assurance EV Root CA". Once that certificate is missing from your OS, reload the page that informs you about available updates. TEST: Make sure that no "Install this update" button is displayed. Instead, you should see "Can not download the package" help link (with "More help" link that does not lead to any existing docs page yet). Please note, if you have removed some certificate and the button is still there, the chances are that you removed the wrong certificate. Please double check before you fail this test. Thanks. Now, download the file https://www.digicert.com/testroot/DigiCertHighAssuranceEVRootCA.crt and put it into moodledata/moodleorgca.crt Reload the page that informs you about available updates again. TEST: Make sure the "Install this update" button is displayed again. TEST: Make sure the plugin can be updated via that button. Note: Instead of fake.php, you can use the default provider and some plugin that already has a 2.4 version published in the Plugins directory Note: If you have a site with missing DigiCert already, just skip the step with moving it to a temporary place. Note: There is moodledata/mdeploy/mdeploy.log file that may contain useful information for you (this info will be added to docs)
    • Affected Branches:
      MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-36903-updates-ssl

      Description

      As experienced by some early testers (see https://moodle.org/mod/forum/discuss.php?d=216584&parent=943531 for example), mdeploy.php can easily run into problems with fetching ZIPs via SSL (typically outdated certificates at the machine, old cURL library installed etc). It would be nice to try and fetch a small file from the repository (or maybe just a HEAD request?) over HTTPS to make sure the download is expected to succeed in mdeploy.php. If such a pre-check fails, a nice message would be displayed instead of the "Install this update" button.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    3/Dec/12