[Koha-devel] Major surprise - "automatic" upgrade

[Paul]

At 07:22 AM 5/8/2013 +1200, Chris Cormack wrote:
[snip]
> > No - it gets overwritten (new file dated as per the tarball.)
> >
> > That's exactly the problem ..., but further it would have had to run
> > 'Makefile.PL --prev-install-log /path/to/koha-install-log'
> >
>
>No, as you wrote above, you replaced your 3.8.5 code with 3.8.10.
>
>Then you ran the webinstaller to upgrade the database.

Chris, thanks.  Please bear with me and see if I properly understand:

a) I started with a brand new Ubuntu 12.04 server, put an untarred 
/koha-3.08.05 and ran as a "sudoer" (user=paul) Makefile.PL, make, make 
test and make install.  This installed a fully working Koha 3.8.5 system at 
/usr/share/koha (plus various other bits and pieces.)

b) I deleted /koha-3.08.05. Koha (3.8.5 with our cusomizations at 
/usr/share/koha, etc) continued for all my "playing in the sandbox" 
activities for about six months, including testing everything I ever do on 
the production 3.8.5

c) at some point (late February 2013), I untarred /koha-3.08.10 and 
promptly forgot that I had done this. In any case, I never got around to 
playing with 3.8.10 (I would have noticed the upgrade instantly, as some of 
our "customizations" disappear!)

d) Last week, as user=koha (not a sudoer), I ran from the 3.8.5 
/usr/share/koha:
koha at hardy:/usr/share/koha/bin/cronjobs$ ./cleanup_database.pl --zebraqueue -v
      Zebraqueue purge triggered for 30 days
      131575 records were deleted.
      Done with zebraqueue purge.

and ended up with a 3.8.10 /usr/share/koha system. OPAC reported "closed 
for maintenance" and the browser staff page prompted me (logging in as 
"koha", it refused "paul") for the *db* update:
Web installer › Step 3
Updating database structure
Update report :
     Upgrade to 3.08.06.000 (3.8.6 release) done
     Upgrade to 3.08.07.000 (3.8.7 release) done
     Upgrade to 3.08.08.000 (3.8.8 release) done
     Upgrade to 3.08.09.000 (3.8.9 release) done
     Upgrade to 3.08.10.000 (3.8.9 release) done
Everything went OK, update done.
Continue to log in to Koha

>All of this has absolutely nothing to do with the clean up script, its
>all to do with you replacing the 3.8.5 code with 3.8.10, ie upgrading
>it. The make upgrade would do that copy, but you did it yourself.

So, if I understand correctly, the "Web installer, step 3, Updating 
database structure" somehow has permission to run 
/koha-3.08.10/Makefile.PL, make, 'make upgrade'.

OK, I agree that the 3.8.10 tarball installation code was available to 
"koha", I'm just at a loss to understand how "koha" got around permissions 
(certainly the koha name/password is in plain text in koha-conf.xml, but 
that name/pw is not in the sudoer|admin group.) This *should* have required 
*sudo* permissions -- else, e.g. command line as user=koha, it fails:

koha at hardy:/koha-3.08.10$ perl Makefile.PL --prev-install-log 
/usr/share/koha/misc/koha-install-log
/ ... /
Writing Makefile for koha
Writing MYMETA.yml
Unable to open MYMETA.yml: Permission denied at 
/usr/share/perl/5.14/ExtUtils/MM_Any.pm line 1170.
koha at hardy:/koha-3.08.10$

And also -- the "Web Installer Updating database structure" was so fast, I 
really don't see how it could have copied hundreds of files to 
/usr/share/koha, even if it had prepared for everything in the background 
(the cleanup_database.pl took at least an hour.)  Finally, nothing seems to 
have been recorded in any logs (koha or system.)

I must be missing something major, and truly appreciate your assistance.

Best regards - Paul


> >
> >> This doesn't seem like a thing that anything in Koha would do. In
> >> a quick test, I couldn't make it happen.
> >
> >
> > And I had never seen it before ...
> >
>And you never will again, unless you go around replacing a version of
>the code with a newer version of the code.
>
>Chris