Error after upgrade from 1.6.10 to 2.0.7

Installation Issues
1

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hi. I’ve just upgrade my passbolt from 1.6.10 to 2.0.7. I’m running it on Debian 8, Apache/2.4.10, PHP 7.0.30, MySQL 5.5.60.

The output of healthcheck:

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.0.30-1~dotdeb+8.1.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[FAIL] Debug mode is on.
[HELP] Set debug = false; in config/passbolt.php
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.XXXXXXX
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[WARN] Using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The public key can be used to sign a message.
[PASS] The public key can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.0.7).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

1 error(s) found. Hang in there!

The error that appears is because of Debug enabled.

The login page is OK, but when I try a login with my user, the following error appears: The OpenPGP key for the user could not be imported in GnuPG.

Can you help me with this issue please? I’ve been looking for a solution in this forum but I didn’t see anything that could help me.

Thanks!!
Regads

2

There is an issue importing the user public key in GnuPG keyring. You can try importing it manually and see if it gives you any errors with the key and/or the keyring. Run this as www-data (or nginx) user and using the right keyring location:

sudo su -s /bin/bash -c "gpg --homedir /var/www/.gnupg --import /to/your/user_public_key" www-data

We have seen this issue when the key is created in the future. This can happen if your server date is behind the client.

3

Thanks for your reply. I’ve executed the command and checked the keyring. Private and public keys are imported correctly, but the problem persists.

I’ve change server timezone too, but that didn’t work.

Any other idea? Thanks!

4

If the application tries to import the key it means it is not in the keyring used by the application in the first place. See the code:

        $info = $this->_gpg->keyinfo($keyid);
        if (empty($info)) {
            if (!$this->_gpg->import($this->_user->gpgkey->armored_key)) {
                throw new InternalErrorException(__('The OpenPGP key for the user could not be imported in GnuPG.'));
            }

If you still get the same error after importing the key manually it means that you’re not inserting it in the right keyring or it’s not the right public key.

5

I don’t understand your reply. I’ve checked my healthcheck URL and says the following:

passbolt_gpg
passbolt_gpg.png799×383 13.9 KB

I’m using Apache, so, the gpg keyring must be on /var/www/.gnupg/ and there is it:

root@passbolt-debian:/var/www/.gnupg# pwd
/var/www/.gnupg
root@passbolt-debian:/var/www/.gnupg# ls -l
total 32
-rw------- 1 www-data www-data 9188 Apr 5 09:38 gpg.conf
-rw------- 1 www-data www-data 1217 May 11 08:16 pubring.gpg
-rw------- 1 www-data www-data 1217 May 11 08:16 pubring.gpg~
-rw------- 1 www-data www-data 600 May 11 11:33 random_seed
-rw------- 1 www-data www-data 2519 May 11 08:16 secring.gpg
-rw------- 1 www-data www-data 1360 May 11 08:16 trustdb.gpg
root@passbolt-debian:/var/www/.gnupg#

Thanks in advanced.

6

Did you manage to import the key of the user that cannot log in the keyring? My understanding is that you are importing another key or you are importing it in a different keyring. Can you paste the user public key here?

7

I didn’t imported any user public key into keyring.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v3.0.9
Comment: https://openpgpjs.org

xsBNBFolMyEBCAD11ghX7NUR9bH5Q7V1/xj/hIPZ7Hf6orgiixUbrHqZgFfz
Ga/6L+5A/WWcT/ujDmPKfZsv21YFgJuF06wd3uQmSqCZ3lh6Z3CXLdklyFqT
Vo3eNm2mtYt7+FDtHaNX4/go+uLN9o5R+gpszYbYNx2V2Tr1BfDDLEnOUySP
ajUH+nn2oeZsXNtgR2Z5+nx9CfHufxMjHv74RYvKfwVAvBycrP/pi/PIx3Q6
vZgxOtgzw/Q9rIh7fJDIEPvUbF+CnuzTh5IBtFPs0GjOO9a5tYSQ9i2zj7lI
WjTuiDDKyDyLjPQilwAcPiAlXLWo7oAVW45x8gHlbZcg3IxWNyofcON7ABEB
AAHNKUphdmllciBQw6lyZXogPGphdmllci5wZXJlekBkYXJ3aW5leC5jb20+
wsB1BBABCAApBQJaJTMhBgsJBwgDAgkQQuwPRZ4q8bcEFQgKAgMWAgECGQEC
GwMCHgEAAOYkB/9nx5rFVjCfxr8UxXTshei8vJjrI+alOeDYUWAXv+GIYGWl
bF7h5hqtU/zaNvJMLTAAruPpHdvfsxRwU446M/qSfdnPNI1fHEwk0pkh1VW5
OD+8Fcm680vMlLGWwv1dthyNUii4qZvCG9bgbd5i/TQJa0uVNOCzNHQosso3
PB91LKQuHbAfSBYGz8qzfu2NIP3AXt1wGCFBIO83LeDJkWxhnL4FfldRYd+7
J7Jk+DikP3JTsrVkzZ+U2a0+k8Ej69ThxjNVNFRiKLV56uTKLbTl/ZKGRhSi
gmUkn6Tfdl8NVEIH/tBAuYYI01hEclLMAi9/QowF9wCCde7hJs2TDtoLzsBN
BFolMyEBCAC00KBREI7d8IBxG7/o+BFiPbxtZsSiLTXO/piYZjSNG1k9fi78
tTqSL7tD36VcKtxHJdnQg7VyhD/V5tuqT86v4OzTO8pZhGuZOc+ChDhvG2mT
ESHkvU02BcqEvdQlLxo+1+SbGgJD+a2LJ+Lc/gkqC44jbCDHXZrmG6JbpNHy
MS6ndwQXH7c+fQSQ/vxaE6EFdMuSf9QXgLA0xhPxMLahc6497GmOodyJIb66
Tawp0C5YMM3dqDBInQYUdFVcPg0U9O8z9Q9XJqRmJZ3yt1yvy1gN69Vv8OK7
JAYA89XncNCWn0rXraoPS8Rdy5IFqqtIYveRQ5qqt/Nme0xgYMrVABEBAAHC
wF8EGAEIABMFAlolMyIJEELsD0WeKvG3AhsMAADK1gf/dhxg31WAnUic99Q2
HGUhCamamRBeZnJsqIKtfPYxLAvEgvbbcGUFw2qvWfXP3l1M7gQWG67T0uAw
xDTt+m0owpL0aignRSaNX5cLXr7fe/PHXVJWQ8ZbG+tZ3oe5RWzdVKsYucZf
EAvbyLK7LL/uVtYFsqwPPfb5rD22Mjln3eVaMqkwGJzlZVsTv7/r7K7e262R
pJh5NSmDVOWPvY2GS6noZ3Rj9z9SFbET+/5LJ/xM7gezX46Wd6L/6fDESgmR
MTygjh67js9hviz65m3ZHIYKhJh+Tf4iSLUU1ygAF15+i6wUDBTdYV+PjVmS
LL8JRt7PDZxjtQ4Xx8uf5LDd2Q==
=Q3P1
-----END PGP PUBLIC KEY BLOCK-----

I’ve just imported it into keyring and tried again but now appears another error:

SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘active’ cannot be null

I’ve checked it on MySQL:

mysql> select * from users where active is null;
Empty set (0.00 sec)

8

Any idea about this new error, please?

10

SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘active’ cannot be null

@jpmdwx it’s hard to know without more information. You seem to have too many tables in your database, so it looks like the migration did not run properly. Could you show what your database schema look like?

11

Thanks for reply, my current schema:

mysql> show tables;
±-----------------------------+
| Tables_in_passbolt |
±-----------------------------+
| authentication_tokens |
| burzum_file_storage_phinxlog |
| cake_sessions |
| comments |
| controller_logs |
| email_queue |
| email_queue_phinxlog |
| favorites |
| file_storage |
| gpgkeys |
| groups |
| groups_users |
| permissions |
| permissions_types |
| phinxlog |
| profiles |
| resources |
| roles |
| schema_migrations |
| secrets |
| user_agents |
| users |
| users_resources_permissions |
±-----------------------------+
23 rows in set (0.00 sec)

I’ve obtained tables that contains the column ‘active’:

mysql> select * from information_schema.columns where table_schema = ‘passbolt’ and column_name =‘active’ order by table_name,ordinal_position;
±--------------±-------------±----------------------±------------±-----------------±---------------±------------±----------±-------------------------±-----------------------±------------------±--------------±-------------------±---------------±------------±-----------±------±--------------------------------±---------------+
| TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | COLUMN_NAME | ORDINAL_POSITION | COLUMN_DEFAULT | IS_NULLABLE | DATA_TYPE | CHARACTER_MAXIMUM_LENGTH | CHARACTER_OCTET_LENGTH | NUMERIC_PRECISION | NUMERIC_SCALE | CHARACTER_SET_NAME | COLLATION_NAME | COLUMN_TYPE | COLUMN_KEY | EXTRA | PRIVILEGES | COLUMN_COMMENT |
±--------------±-------------±----------------------±------------±-----------------±---------------±------------±----------±-------------------------±-----------------------±------------------±--------------±-------------------±---------------±------------±-----------±------±--------------------------------±---------------+
| def | passbolt | authentication_tokens | active | 4 | 1 | NO | int | NULL | NULL | 10 | 0 | NULL | NULL | int(1) | | | select,insert,update,references | |
| def | passbolt | permissions_types | active | 5 | 0 | NO | tinyint | NULL | NULL | 3 | 0 | NULL | NULL | tinyint(1) | | | select,insert,update,references | |
| def | passbolt | users | active | 4 | 0 | NO | int | NULL | NULL | 10 | 0 | NULL | NULL | int(1) | | | select,insert,update,references | |
±--------------±-------------±----------------------±------------±-----------------±---------------±------------±----------±-------------------------±-----------------------±------------------±--------------±-------------------±---------------±------------±-----------±------±--------------------------------±---------------+
3 rows in set (0.00 sec)

Thanks!

12

Hello @jpmdwx,

The active column cannot be null, it has a default value (false).

        $this->table('users')
        ->changeColumn('active', 'boolean', [
            'default' => false,
            'limit' => null,
            'null' => false,
        ])
        ->update();

Could you please provide a context of this error, trace, whatever could help us to reproduce it :

SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘active’ cannot be null

I’m wondering if it could be related to the mysql version 5.5.60, we didn’t get any report regarding this for now.

13

Hi @cedric thanks for your reply. This errors appears when I try a login with an active user and the content of error.log is:

2018-05-16 09:05:42 Error: [PDOException] SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘active’ cannot be null
Request URL: /auth/login.json?api-version=v1

If the problem is the MySQL version, I can try an upgrade to 5.7.

Thanks!

14

Looking at your request :

The permissions_types table shouldn’t be here after running the migration script.
Something went wrong while upgrading passbolt, can you run the following command and let us know : su -s /bin/bash -c "./bin/cake migrations.migrations status" www-data

15

I’ve launched the command and this is the output:

root@passbolt-debian:/var/www/passbolt# su -s /bin/bash -c “./bin/cake migrations.migrations status” www-data
using migration paths

  • /var/www/passbolt/config/Migrations
    using seed paths
  • /var/www/passbolt/config/Seeds
    using environment default

Status Migration ID Migration Name

 up  20170830064410  V162InitialMigration               
 up  20170830065037  V200ActiveMustBeBoolean            
 up  20170830065038  V200DropUnusedProfileFields        
 up  20170830065039  V200IncreaseEmailSize              
 up  20170830065040  V200DropUnusedCreatedBy            
 up  20170830065041  V200MigrateUUID                    
 up  20170830065042  V200MigrateKeyField                
 up  20171002061834  V200DropUnusedResourceFields       
 up  20171006141922  V200AddFavoriteModifiedField       
 up  20171009093000  V200DropUnusedPermissionTypesTable 
 up  20171009093001  V200MigrateEmailsTable             
 up  20171009093002  V200MigrateFileStorageTable        
 up  20171025154754  V200AddCommentsUserIdField         
 up  20180102065042  V200MigrateForeignIdField          
 up  20180102180000  V200DropUnusedTables               
 up  20180102221500  V200AddMissingTablesIndexes        
 up  20180413171600  V202ForceColumnsCharset

Thanks @cedric!

16

Just to be sure, when you ran the update script did you encounter any warning/error ?
Is your mysql user allowed to perform all operations on the passbolt db ? drop table / update columns …

At this point I would start the upgrade from scratch (at least for the db) :

  1. load the mysql v1 backup
  2. ensure the mysql user has all the rights
  3. exec the update script
17

There were no errors on output. The user that I’m using is root, so it can perform any operation on the database. I’m going to follow your steps and I reply when finished.

Thanks!

18

The output after restore and launching the migration command. There are 2 Warning, but I don’t understand it. I’ve checked permissions, and www-data user can rwx on than directory.

Thanks!

OUTPUT:

www-data@passbolt-debian:~/passbolt$ ./bin/cake passbolt migrate --backup
Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 397]

Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 397]

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Saving backup file: /var/www/passbolt/tmp/cache/database/backup_1526465576.sql
Success: the database was saved on file!

Running migration scripts.

using migration paths

  • /var/www/passbolt/config/Migrations
    using seed paths
  • /var/www/passbolt/config/Seeds
    using environment default
    using adapter mysql
    using database passbolt

All Done. Took 0.0024s
using migration paths

  • /var/www/passbolt/config/Migrations
    using seed paths

  • /var/www/passbolt/config/Seeds
    Writing dump file /var/www/passbolt/config/Migrations/schema-dump-default.lock
    Dump file /var/www/passbolt/config/Migrations/schema-dump-default.lock was successfully written
    www-data@passbolt-debian:~/passbolt$ ./bin/cake passbolt migrate --backup

    / __ ____ _____ / / ____ / / /
    / /    / / __ `/ / / __ / __ / / _/
    / / // ( |     ) /    / / /    / / / /
    /    / _    ,    /    //.__/__//_/

Open source password manager for teams

Saving backup file: /var/www/passbolt/tmp/cache/database/backup_1526465621.sql
Success: the database was saved on file!

Running migration scripts.

using migration paths

  • /var/www/passbolt/config/Migrations
    using seed paths
  • /var/www/passbolt/config/Seeds
    using environment default
    using adapter mysql
    using database passbolt

All Done. Took 0.0024s
using migration paths

  • /var/www/passbolt/config/Migrations
    using seed paths
  • /var/www/passbolt/config/Seeds
    Writing dump file /var/www/passbolt/config/Migrations/schema-dump-default.lock
    Dump file /var/www/passbolt/config/Migrations/schema-dump-default.lock was successfully written
19

@jpmdwx cedric meant to use the data backup from 1.6.x data not a backup of the non functioning v2.

20

@remy I’ve used the backup I take before trying the upgrade. (v1.6.10)

21

Ha sorry, I thought that’s the backup you used.