v1.29.0

CHANGELOG.md

@@ -1,3 +1,327 @@
+Changelog for reva 1.29.0 (2025-01-07)
+=======================================
+
+The following sections list the changes in reva 1.29.0 relevant to
+reva users. The changes are ordered by importance.
+
+Summary
+-------
+
+ * Fix #4898: Make ACL operations work over gRPC
+ * Fix #4667: Fixed permission mapping to EOS ACLs
+ * Fix #4520: Do not use version folders for xattrs in EOS
+ * Fix #4599: Auth: increase verbosity of oidc parsing errors
+ * Fix #5006: Blocking reva on listSharedWithMe
+ * Fix #4557: Fix ceph build
+ * Fix #5017: No empty favs attr
+ * Fix #4620: Fix ulimits for EOS container deployment
+ * Fix #5015: Fixed error reporting in the EOS gRPC client
+ * Fix #4931: Fixed tree metadata following fix in EOS
+ * Fix #4930: Make removal of favourites work
+ * Fix #4574: Fix notifications
+ * Fix #4790: Ocm: fixed domain not having a protocol scheme
+ * Fix #4849: Drop assumptions about user types when dealing with shares
+ * Fix #4894: No certs in EOS HTTP client
+ * Fix #4810: Simplified error handling
+ * Fix #4973: Handle parsing of favs over gRPC
+ * Fix #4901: Broken PROPFIND perms on gRPC
+ * Fix #4907: Public links: return error when owner could not be resolved
+ * Fix #4591: Eos: fixed error reporting for too large recycle bin listing
+ * Fix #4896: Fix nilpointer error in RollbackToVersion
+ * Fix #4905: PurgeDate in ListDeletedEntries was ignored
+ * Fix #4939: Revert 'make home layout configurable'
+ * Enh #5028: Handle empty EOS traces
+ * Enh #4911: Cephfs refactoring + make home layout configurable
+ * Enh #4937: @labkode steps down as project owner
+ * Enh #4579: Remove domain-specific code to other repos
+ * Enh #4824: Refactor Ceph code
+ * Enh #4797: Refactor CI jobs and bump to latest deps
+ * Enh #4934: Access to EOS via tokens over gRPC
+ * Enh #4870: Only load X509 on https
+ * Enh #5014: Log app when creating EOS gRPC requests
+ * Enh #4892: Do not read eos user ACLs any longer
+ * Enh #4720: Differentiate quota for user types in EOS
+ * Enh #4863: Favourites for eos/grpc
+ * Enh #5013: Updated dependencies + moved to go 1.22
+ * Enh #4514: Pass lock holder metadata on uploads
+ * Enh #4970: Improved logging on createHome
+ * Enh #4984: Drop shadow namespaces
+ * Enh #4670: Ocm: support bearer token access
+ * Enh #4977: Do not use root on EOS
+
+Details
+-------
+
+ * Bugfix #4898: Make ACL operations work over gRPC
+
+   This change solves two issues: * AddACL would fail, because the current implementation of
+   AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS
+   side, because it will try running a recursive find on a file, which fails. * RemoveACL would
+   fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes
+   this approach to use an approach similar to what is used in the binary client: just set the rule
+   that you want to have deleted with no permissions.
+
+   https://github.com/cs3org/reva/pull/4898
+
+ * Bugfix #4667: Fixed permission mapping to EOS ACLs
+
+   This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing).
+
+   https://github.com/cs3org/reva/pull/4667
+
+ * Bugfix #4520: Do not use version folders for xattrs in EOS
+
+   This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are
+   stored on the files.
+
+   https://github.com/cs3org/reva/pull/4520
+
+ * Bugfix #4599: Auth: increase verbosity of oidc parsing errors
+
+   This is to help further debugging of auth issues. An unrelated error reporting was also fixed.
+
+   https://github.com/cs3org/reva/pull/4599
+
+ * Bugfix #5006: Blocking reva on listSharedWithMe
+
+   `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable.
+   This has now been fixed
+
+   https://github.com/cs3org/reva/pull/5006
+
+ * Bugfix #4557: Fix ceph build
+
+   https://github.com/cs3org/reva/pull/4557
+
+ * Bugfix #5017: No empty favs attr
+
+   See issue #5016: we now unset the favs attr if no more favs are set
+
+   https://github.com/cs3org/reva/pull/5017
+
+ * Bugfix #4620: Fix ulimits for EOS container deployment
+
+   https://github.com/cs3org/reva/pull/4620
+
+ * Bugfix #5015: Fixed error reporting in the EOS gRPC client
+
+   This in particular fixes the lock-related errors
+
+   https://github.com/cs3org/reva/pull/5015
+
+ * Bugfix #4931: Fixed tree metadata following fix in EOS
+
+   The treecount is now populated from the EOS response.
+
+   https://github.com/cs3org/reva/pull/4931
+
+ * Bugfix #4930: Make removal of favourites work
+
+   Currently, removing a folder from your favourites is broken, because the handleFavAttr
+   method is only called in SetAttr, not in UnsetAttr. This change fixes this.
+
+   https://github.com/cs3org/reva/pull/4930
+
+ * Bugfix #4574: Fix notifications
+
+   https://github.com/cs3org/reva/pull/4574
+
+ * Bugfix #4790: Ocm: fixed domain not having a protocol scheme
+
+   This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the
+   remote server due to the domain having an unsupported protocol scheme. in this case domain
+   doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe.
+
+   https://github.com/cs3org/reva/pull/4790
+
+ * Bugfix #4849: Drop assumptions about user types when dealing with shares
+
+   We may have external accounts with regular usernames (and with null uid), therefore the
+   current logic to heuristically infer the user type from a grantee's username is broken. This PR
+   removes those heuristics and requires the upper level to resolve the user type.
+
+   https://github.com/cs3org/reva/pull/4849
+
+ * Bugfix #4894: No certs in EOS HTTP client
+
+   Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When
+   EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found
+   there, the whole authn flow is aborted and the user is mapped to nobody.
+
+   https://github.com/cs3org/reva/pull/4894
+
+ * Bugfix #4810: Simplified error handling
+
+   Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91
+
+   https://github.com/cs3org/reva/pull/4810
+
+ * Bugfix #4973: Handle parsing of favs over gRPC
+
+   To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of
+   users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen
+   in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the
+   higher-level call in eosfs.
+
+   https://github.com/cs3org/reva/pull/4973
+
+ * Bugfix #4901: Broken PROPFIND perms on gRPC
+
+   When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were
+   erroneous because ACL permissions were being ignored. This stems from a bug in
+   grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being
+   populated.
+
+   https://github.com/cs3org/reva/pull/4901
+   see:
+
+ * Bugfix #4907: Public links: return error when owner could not be resolved
+
+   https://github.com/cs3org/reva/pull/4907
+
+ * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing
+
+   EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly
+   handled in this case.
+
+   https://github.com/cs3org/reva/pull/4591
+
+ * Bugfix #4896: Fix nilpointer error in RollbackToVersion
+
+   https://github.com/cs3org/reva/pull/4896
+
+ * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored
+
+   The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in
+   reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST
+   requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the
+   loop that is used to iterate over all days in the date range.
+
+   https://github.com/cs3org/reva/pull/4905
+
+ * Bugfix #4939: Revert 'make home layout configurable'
+
+   Partial revert of #4911, to be re-added after more testing and configuration validation. The
+   eoshome vs eos storage drivers are to be adapted.
+
+   https://github.com/cs3org/reva/pull/4939
+
+ * Enhancement #5028: Handle empty EOS traces
+
+   https://github.com/cs3org/reva/pull/5028
+
+ * Enhancement #4911: Cephfs refactoring + make home layout configurable
+
+   https://github.com/cs3org/reva/pull/4911
+
+ * Enhancement #4937: @labkode steps down as project owner
+
+   Hugo (@labkode) steps down as project owner of Reva.
+
+   https://github.com/cs3org/reva/pull/4937
+
+ * Enhancement #4579: Remove domain-specific code to other repos
+
+   https://github.com/cs3org/reva/pull/4579
+
+ * Enhancement #4824: Refactor Ceph code
+
+   https://github.com/cs3org/reva/pull/4824
+
+ * Enhancement #4797: Refactor CI jobs and bump to latest deps
+
+   https://github.com/cs3org/reva/pull/4797
+
+ * Enhancement #4934: Access to EOS via tokens over gRPC
+
+   As a guest account, accessing a file shared with you relies on a token that is generated on behalf
+   of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC
+   client. Additionally, the HTTP client now takes tokens into account.
+
+   https://github.com/cs3org/reva/pull/4934
+
+ * Enhancement #4870: Only load X509 on https
+
+   Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by
+   default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit
+   tests, as these fail when this key pair is not on the file system (which is the case for the test
+   pipeline as well).
+
+   This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the
+   EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger
+   the loading of the key pair.
+
+   https://github.com/cs3org/reva/pull/4870
+
+ * Enhancement #5014: Log app when creating EOS gRPC requests
+
+   https://github.com/cs3org/reva/pull/5014
+
+ * Enhancement #4892: Do not read eos user ACLs any longer
+
+   This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it
+   to the GRPC client.
+
+   https://github.com/cs3org/reva/pull/4892
+
+ * Enhancement #4720: Differentiate quota for user types in EOS
+
+   We now assign a different initial quota to users depending on their type, whether PRIMARY or
+   not.
+
+   https://github.com/cs3org/reva/pull/4720
+
+ * Enhancement #4863: Favourites for eos/grpc
+
+   https://github.com/cs3org/reva/pull/4863
+
+ * Enhancement #5013: Updated dependencies + moved to go 1.22
+
+   https://github.com/cs3org/reva/pull/5013
+
+ * Enhancement #4514: Pass lock holder metadata on uploads
+
+   We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the
+   case of conflicts due to lock mismatch.
+
+   https://github.com/cs3org/reva/pull/4514
+
+ * Enhancement #4970: Improved logging on createHome
+
+   https://github.com/cs3org/reva/pull/4970
+
+ * Enhancement #4984: Drop shadow namespaces
+
+   This comes as part of the effort to operate EOS without being root, see
+   https://github.com/cs3org/reva/pull/4977
+
+   In this PR the post-home creation hook (and corresponding flag) is replaced by a
+   create_home_hook, and the following configuration parameters are suppressed:
+
+   Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes
+   default_quota_files uploads_namespace (unused)
+
+   https://github.com/cs3org/reva/pull/4984
+
+ * Enhancement #4670: Ocm: support bearer token access
+
+   This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having
+   the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD
+   server package, and the Discover methods have been all consolidated in one place.
+
+   https://github.com/cs3org/reva/pull/4670
+
+ * Enhancement #4977: Do not use root on EOS
+
+   Currently, the EOS drivers use root authentication for many different operations. This has
+   now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only
+   operations * the user himselft
+
+   Note that home creation is excluded here as this will be tackled in a different PR.
+
+   https://github.com/cs3org/reva/pull/4977/
+
+
 Changelog for reva 1.28.0 (2024-02-27)
 =======================================
 

RELEASE_DATE

@@ -1 +1 @@
-2024-02-27
+2025-01-07

VERSION

@@ -1 +1 @@
-1.28.0
+1.29.0

changelog/NOTE.md

@@ -1,202 +1,324 @@
-Changelog for reva 1.28.0 (2024-02-27)
+Changelog for reva 1.29.0 (2025-01-07)
 =======================================
 
-The following sections list the changes in reva 1.28.0 relevant to
+The following sections list the changes in reva 1.29.0 relevant to
 reva users. The changes are ordered by importance.
 
 Summary
 -------
 
- * Fix #4369: Carefully use root credentials to perform system level ops
- * Fix #4306: Correctly treat EOS urls containing # chars
- * Fix #4510: Propagates traceID to EOS
- * Fix #4321: Reworked List() to support version folder tricks
- * Fix #4400: Fix group-based capabilities
- * Fix #4319: Fixed registration of custom extensions in the mime registry
- * Fix #4287: Fixes registration and naming of services
- * Fix #4310: Restore changes to ceph driver
- * Fix #4294: Sciencemesh fixes
- * Fix #4307: Dynamic storage registry storage_id aliases
- * Fix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/"
- * Enh #4280: Implementation of Locks for the CephFS driver
- * Enh #4282: Support multiple templates in config entries
- * Enh #4304: Disable open in app for given paths
- * Enh #4455: Limit max number of entries returned by ListRecycle in eos
- * Enh #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat
- * Enh #4311: Init time logger for eosgrpc storage driver
- * Enh #4301: Added listversions command
- * Enh #4493: Removed notification capability
- * Enh #4288: Print plugins' version
- * Enh #4508: Add pprof http service
- * Enh #4376: Removed cback from upstream codebase
- * Enh #4391: CERNBox setup for ScienceMesh tests
- * Enh #4246: Revamp ScienceMesh integration tests
- * Enh #4240: Reworked protocol with ScienceMesh NC/OC apps
- * Enh #4370: Storage registry: fail at init if config is missing any providers
+ * Fix #4898: Make ACL operations work over gRPC
+ * Fix #4667: Fixed permission mapping to EOS ACLs
+ * Fix #4520: Do not use version folders for xattrs in EOS
+ * Fix #4599: Auth: increase verbosity of oidc parsing errors
+ * Fix #5006: Blocking reva on listSharedWithMe
+ * Fix #4557: Fix ceph build
+ * Fix #5017: No empty favs attr
+ * Fix #4620: Fix ulimits for EOS container deployment
+ * Fix #5015: Fixed error reporting in the EOS gRPC client
+ * Fix #4931: Fixed tree metadata following fix in EOS
+ * Fix #4930: Make removal of favourites work
+ * Fix #4574: Fix notifications
+ * Fix #4790: Ocm: fixed domain not having a protocol scheme
+ * Fix #4849: Drop assumptions about user types when dealing with shares
+ * Fix #4894: No certs in EOS HTTP client
+ * Fix #4810: Simplified error handling
+ * Fix #4973: Handle parsing of favs over gRPC
+ * Fix #4901: Broken PROPFIND perms on gRPC
+ * Fix #4907: Public links: return error when owner could not be resolved
+ * Fix #4591: Eos: fixed error reporting for too large recycle bin listing
+ * Fix #4896: Fix nilpointer error in RollbackToVersion
+ * Fix #4905: PurgeDate in ListDeletedEntries was ignored
+ * Fix #4939: Revert 'make home layout configurable'
+ * Enh #5028: Handle empty EOS traces
+ * Enh #4911: Cephfs refactoring + make home layout configurable
+ * Enh #4937: @labkode steps down as project owner
+ * Enh #4579: Remove domain-specific code to other repos
+ * Enh #4824: Refactor Ceph code
+ * Enh #4797: Refactor CI jobs and bump to latest deps
+ * Enh #4934: Access to EOS via tokens over gRPC
+ * Enh #4870: Only load X509 on https
+ * Enh #5014: Log app when creating EOS gRPC requests
+ * Enh #4892: Do not read eos user ACLs any longer
+ * Enh #4720: Differentiate quota for user types in EOS
+ * Enh #4863: Favourites for eos/grpc
+ * Enh #5013: Updated dependencies + moved to go 1.22
+ * Enh #4514: Pass lock holder metadata on uploads
+ * Enh #4970: Improved logging on createHome
+ * Enh #4984: Drop shadow namespaces
+ * Enh #4670: Ocm: support bearer token access
+ * Enh #4977: Do not use root on EOS
 
 Details
 -------
 
- * Bugfix #4369: Carefully use root credentials to perform system level ops
+ * Bugfix #4898: Make ACL operations work over gRPC
 
-   This PR ensures that system level ops like setlock, setattr, stat... work when invoked from a
-   gateway This is relevant for eosgrpc, as eosbinary exploited the permissivity of the eos
-   cmdline
+   This change solves two issues: * AddACL would fail, because the current implementation of
+   AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS
+   side, because it will try running a recursive find on a file, which fails. * RemoveACL would
+   fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes
+   this approach to use an approach similar to what is used in the binary client: just set the rule
+   that you want to have deleted with no permissions.
 
-   https://github.com/cs3org/reva/pull/4369
+   https://github.com/cs3org/reva/pull/4898
 
- * Bugfix #4306: Correctly treat EOS urls containing # chars
+ * Bugfix #4667: Fixed permission mapping to EOS ACLs
 
-   https://github.com/cs3org/reva/pull/4306
+   This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing).
 
- * Bugfix #4510: Propagates traceID to EOS
+   https://github.com/cs3org/reva/pull/4667
 
-   This PR fixes the cases where the EOS trace ID was always a bunch of zeroes.
+ * Bugfix #4520: Do not use version folders for xattrs in EOS
 
-   https://github.com/cs3org/reva/pull/4510
+   This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are
+   stored on the files.
 
- * Bugfix #4321: Reworked List() to support version folder tricks
+   https://github.com/cs3org/reva/pull/4520
 
-   https://github.com/cs3org/reva/pull/4321
+ * Bugfix #4599: Auth: increase verbosity of oidc parsing errors
 
- * Bugfix #4400: Fix group-based capabilities
+   This is to help further debugging of auth issues. An unrelated error reporting was also fixed.
 
-   The group-based capabilities require an authenticated endpoint, as we must query the
-   logged-in user's groups to get those. This PR moves them to the `getSelf` endpoint in the user
-   handler.
+   https://github.com/cs3org/reva/pull/4599
 
-   https://github.com/cs3org/reva/pull/4400
+ * Bugfix #5006: Blocking reva on listSharedWithMe
 
- * Bugfix #4319: Fixed registration of custom extensions in the mime registry
+   `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable.
+   This has now been fixed
 
-   This PR ensures custom extensions/mime-types are registered by trimming any eventual
-   leading '.' from the extension.
+   https://github.com/cs3org/reva/pull/5006
 
-   https://github.com/cs3org/reva/pull/4319
+ * Bugfix #4557: Fix ceph build
 
- * Bugfix #4287: Fixes registration and naming of services
+   https://github.com/cs3org/reva/pull/4557
 
-   https://github.com/cs3org/reva/pull/4287
+ * Bugfix #5017: No empty favs attr
 
- * Bugfix #4310: Restore changes to ceph driver
+   See issue #5016: we now unset the favs attr if no more favs are set
 
-   PR [4166](https://github.com/cs3org/reva/pull/4166) accidentally reverted the ceph
-   driver changes. This PR recovers them.
+   https://github.com/cs3org/reva/pull/5017
 
-   https://github.com/cs3org/reva/pull/4310
+ * Bugfix #4620: Fix ulimits for EOS container deployment
 
- * Bugfix #4294: Sciencemesh fixes
+   https://github.com/cs3org/reva/pull/4620
 
-   Fixes different issues introduced with the recent changes, in ocm/sciencemesh, in
-   particular the `GetAccepetdUser` and `/sciencemesh/find-accepted-users` endpoints.
+ * Bugfix #5015: Fixed error reporting in the EOS gRPC client
 
-   https://github.com/cs3org/reva/pull/4294
+   This in particular fixes the lock-related errors
 
- * Bugfix #4307: Dynamic storage registry storage_id aliases
+   https://github.com/cs3org/reva/pull/5015
 
-   Fixes the bug where the dynamic storage registry would not be able to resolve storage ids like
-   `eoshome-a`, as those are aliased and need to be resolved into the proper storage-id
-   (`eoshome-i01`).
+ * Bugfix #4931: Fixed tree metadata following fix in EOS
 
-   https://github.com/cs3org/reva/pull/4307
+   The treecount is now populated from the EOS response.
 
- * Bugfix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/"
+   https://github.com/cs3org/reva/pull/4931
 
-   This PR removes an unnecessary and potentially problematic call, which would fail if any of the
-   configured storage providers has an issue.
+ * Bugfix #4930: Make removal of favourites work
 
-   https://github.com/cs3org/reva/pull/4497
+   Currently, removing a folder from your favourites is broken, because the handleFavAttr
+   method is only called in SetAttr, not in UnsetAttr. This change fixes this.
 
- * Enhancement #4280: Implementation of Locks for the CephFS driver
+   https://github.com/cs3org/reva/pull/4930
 
-   This PR brings CS3APIs Locks for CephFS
+ * Bugfix #4574: Fix notifications
 
-   https://github.com/cs3org/reva/pull/4280
+   https://github.com/cs3org/reva/pull/4574
 
- * Enhancement #4282: Support multiple templates in config entries
+ * Bugfix #4790: Ocm: fixed domain not having a protocol scheme
 
-   This PR introduces support for config entries with multiple templates, such as `parameter =
-   "{{ vars.v1 }} foo {{ vars.v2 }}"`. Previously, only one `{{ template }}` was allowed in a given
-   configuration entry.
+   This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the
+   remote server due to the domain having an unsupported protocol scheme. in this case domain
+   doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe.
 
-   https://github.com/cs3org/reva/pull/4282
+   https://github.com/cs3org/reva/pull/4790
 
- * Enhancement #4304: Disable open in app for given paths
+ * Bugfix #4849: Drop assumptions about user types when dealing with shares
 
-   https://github.com/cs3org/reva/pull/4304
+   We may have external accounts with regular usernames (and with null uid), therefore the
+   current logic to heuristically infer the user type from a grantee's username is broken. This PR
+   removes those heuristics and requires the upper level to resolve the user type.
 
- * Enhancement #4455: Limit max number of entries returned by ListRecycle in eos
+   https://github.com/cs3org/reva/pull/4849
 
-   The idea is to query first how many entries we'd have from eos recycle ls and bail out if "too
-   many".
+ * Bugfix #4894: No certs in EOS HTTP client
 
-   https://github.com/cs3org/reva/pull/4455
+   Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When
+   EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found
+   there, the whole authn flow is aborted and the user is mapped to nobody.
 
- * Enhancement #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat
+   https://github.com/cs3org/reva/pull/4894
 
-   https://github.com/cs3org/reva/pull/4309
+ * Bugfix #4810: Simplified error handling
 
- * Enhancement #4311: Init time logger for eosgrpc storage driver
+   Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91
 
-   Before the `eosgrpc` driver was using a custom logger. Now that the reva logger is available at
-   init time, the driver will use this.
+   https://github.com/cs3org/reva/pull/4810
 
-   https://github.com/cs3org/reva/pull/4311
+ * Bugfix #4973: Handle parsing of favs over gRPC
 
- * Enhancement #4301: Added listversions command
+   To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of
+   users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen
+   in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the
+   higher-level call in eosfs.
 
-   https://github.com/cs3org/reva/pull/4301
+   https://github.com/cs3org/reva/pull/4973
 
- * Enhancement #4493: Removed notification capability
+ * Bugfix #4901: Broken PROPFIND perms on gRPC
 
-   This is not needed any longer, the code was simplified to enable notifications if they are
-   configured
+   When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were
+   erroneous because ACL permissions were being ignored. This stems from a bug in
+   grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being
+   populated.
 
-   https://github.com/cs3org/reva/pull/4493
+   https://github.com/cs3org/reva/pull/4901
+   see:
 
- * Enhancement #4288: Print plugins' version
+ * Bugfix #4907: Public links: return error when owner could not be resolved
 
-   https://github.com/cs3org/reva/pull/4288
+   https://github.com/cs3org/reva/pull/4907
 
- * Enhancement #4508: Add pprof http service
+ * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing
 
-   This service is useful to trigger diagnostics on running processes
+   EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly
+   handled in this case.
 
-   https://github.com/cs3org/reva/pull/4508
+   https://github.com/cs3org/reva/pull/4591
 
- * Enhancement #4376: Removed cback from upstream codebase
+ * Bugfix #4896: Fix nilpointer error in RollbackToVersion
 
-   The code has been moved to as a CERNBox plugin.
+   https://github.com/cs3org/reva/pull/4896
 
-   https://github.com/cs3org/reva/pull/4376
+ * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored
 
- * Enhancement #4391: CERNBox setup for ScienceMesh tests
+   The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in
+   reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST
+   requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the
+   loop that is used to iterate over all days in the date range.
 
-   This PR includes a bundled CERNBox-like web UI and backend to test the ScienceMesh workflows
-   with OC10 and NC
+   https://github.com/cs3org/reva/pull/4905
 
-   https://github.com/cs3org/reva/pull/4391
+ * Bugfix #4939: Revert 'make home layout configurable'
 
- * Enhancement #4246: Revamp ScienceMesh integration tests
+   Partial revert of #4911, to be re-added after more testing and configuration validation. The
+   eoshome vs eos storage drivers are to be adapted.
 
-   This extends the ScienceMesh tests by running a wopiserver next to each EFSS/IOP, and by
-   including a CERNBox-like minimal configuration. The latter is based on local storage and
-   in-memory shares (no db dependency).
+   https://github.com/cs3org/reva/pull/4939
 
-   https://github.com/cs3org/reva/pull/4246
+ * Enhancement #5028: Handle empty EOS traces
 
- * Enhancement #4240: Reworked protocol with ScienceMesh NC/OC apps
+   https://github.com/cs3org/reva/pull/5028
 
-   This ensures full OCM 1.1 coverage
+ * Enhancement #4911: Cephfs refactoring + make home layout configurable
 
-   https://github.com/cs3org/reva/pull/4240
+   https://github.com/cs3org/reva/pull/4911
 
- * Enhancement #4370: Storage registry: fail at init if config is missing any providers
+ * Enhancement #4937: @labkode steps down as project owner
 
-   This change makes the dynamic storage registry fail at startup if there are missing rules in the
-   config file. That is, any `mount_id` in the routing table must have a corresponding
-   `storage_id`/`address` pair in the config, otherwise the registry will fail to start.
+   Hugo (@labkode) steps down as project owner of Reva.
 
-   https://github.com/cs3org/reva/pull/4370
+   https://github.com/cs3org/reva/pull/4937
+
+ * Enhancement #4579: Remove domain-specific code to other repos
+
+   https://github.com/cs3org/reva/pull/4579
+
+ * Enhancement #4824: Refactor Ceph code
+
+   https://github.com/cs3org/reva/pull/4824
+
+ * Enhancement #4797: Refactor CI jobs and bump to latest deps
+
+   https://github.com/cs3org/reva/pull/4797
+
+ * Enhancement #4934: Access to EOS via tokens over gRPC
+
+   As a guest account, accessing a file shared with you relies on a token that is generated on behalf
+   of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC
+   client. Additionally, the HTTP client now takes tokens into account.
+
+   https://github.com/cs3org/reva/pull/4934
+
+ * Enhancement #4870: Only load X509 on https
+
+   Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by
+   default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit
+   tests, as these fail when this key pair is not on the file system (which is the case for the test
+   pipeline as well).
+
+   This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the
+   EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger
+   the loading of the key pair.
+
+   https://github.com/cs3org/reva/pull/4870
+
+ * Enhancement #5014: Log app when creating EOS gRPC requests
+
+   https://github.com/cs3org/reva/pull/5014
+
+ * Enhancement #4892: Do not read eos user ACLs any longer
+
+   This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it
+   to the GRPC client.
+
+   https://github.com/cs3org/reva/pull/4892
+
+ * Enhancement #4720: Differentiate quota for user types in EOS
+
+   We now assign a different initial quota to users depending on their type, whether PRIMARY or
+   not.
+
+   https://github.com/cs3org/reva/pull/4720
+
+ * Enhancement #4863: Favourites for eos/grpc
+
+   https://github.com/cs3org/reva/pull/4863
+
+ * Enhancement #5013: Updated dependencies + moved to go 1.22
+
+   https://github.com/cs3org/reva/pull/5013
+
+ * Enhancement #4514: Pass lock holder metadata on uploads
+
+   We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the
+   case of conflicts due to lock mismatch.
+
+   https://github.com/cs3org/reva/pull/4514
+
+ * Enhancement #4970: Improved logging on createHome
+
+   https://github.com/cs3org/reva/pull/4970
+
+ * Enhancement #4984: Drop shadow namespaces
+
+   This comes as part of the effort to operate EOS without being root, see
+   https://github.com/cs3org/reva/pull/4977
+
+   In this PR the post-home creation hook (and corresponding flag) is replaced by a
+   create_home_hook, and the following configuration parameters are suppressed:
+
+   Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes
+   default_quota_files uploads_namespace (unused)
+
+   https://github.com/cs3org/reva/pull/4984
+
+ * Enhancement #4670: Ocm: support bearer token access
+
+   This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having
+   the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD
+   server package, and the Discover methods have been all consolidated in one place.
+
+   https://github.com/cs3org/reva/pull/4670
+
+ * Enhancement #4977: Do not use root on EOS
+
+   Currently, the EOS drivers use root authentication for many different operations. This has
+   now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only
+   operations * the user himselft
+
+   Note that home creation is excluded here as this will be tackled in a different PR.
+
+   https://github.com/cs3org/reva/pull/4977/
 
 

docs/content/en/docs/changelog/1.29.0/_index.md

@@ -0,0 +1,333 @@
+
+---
+title: "v1.29.0"
+linkTitle: "v1.29.0"
+weight: 40
+description: >
+  Changelog for Reva v1.29.0 (2025-01-07)
+---
+
+Changelog for reva 1.29.0 (2025-01-07)
+=======================================
+
+The following sections list the changes in reva 1.29.0 relevant to
+reva users. The changes are ordered by importance.
+
+Summary
+-------
+
+ * Fix #4898: Make ACL operations work over gRPC
+ * Fix #4667: Fixed permission mapping to EOS ACLs
+ * Fix #4520: Do not use version folders for xattrs in EOS
+ * Fix #4599: Auth: increase verbosity of oidc parsing errors
+ * Fix #5006: Blocking reva on listSharedWithMe
+ * Fix #4557: Fix ceph build
+ * Fix #5017: No empty favs attr
+ * Fix #4620: Fix ulimits for EOS container deployment
+ * Fix #5015: Fixed error reporting in the EOS gRPC client
+ * Fix #4931: Fixed tree metadata following fix in EOS
+ * Fix #4930: Make removal of favourites work
+ * Fix #4574: Fix notifications
+ * Fix #4790: Ocm: fixed domain not having a protocol scheme
+ * Fix #4849: Drop assumptions about user types when dealing with shares
+ * Fix #4894: No certs in EOS HTTP client
+ * Fix #4810: Simplified error handling
+ * Fix #4973: Handle parsing of favs over gRPC
+ * Fix #4901: Broken PROPFIND perms on gRPC
+ * Fix #4907: Public links: return error when owner could not be resolved
+ * Fix #4591: Eos: fixed error reporting for too large recycle bin listing
+ * Fix #4896: Fix nilpointer error in RollbackToVersion
+ * Fix #4905: PurgeDate in ListDeletedEntries was ignored
+ * Fix #4939: Revert 'make home layout configurable'
+ * Enh #5028: Handle empty EOS traces
+ * Enh #4911: Cephfs refactoring + make home layout configurable
+ * Enh #4937: @labkode steps down as project owner
+ * Enh #4579: Remove domain-specific code to other repos
+ * Enh #4824: Refactor Ceph code
+ * Enh #4797: Refactor CI jobs and bump to latest deps
+ * Enh #4934: Access to EOS via tokens over gRPC
+ * Enh #4870: Only load X509 on https
+ * Enh #5014: Log app when creating EOS gRPC requests
+ * Enh #4892: Do not read eos user ACLs any longer
+ * Enh #4720: Differentiate quota for user types in EOS
+ * Enh #4863: Favourites for eos/grpc
+ * Enh #5013: Updated dependencies + moved to go 1.22
+ * Enh #4514: Pass lock holder metadata on uploads
+ * Enh #4970: Improved logging on createHome
+ * Enh #4984: Drop shadow namespaces
+ * Enh #4670: Ocm: support bearer token access
+ * Enh #4977: Do not use root on EOS
+
+Details
+-------
+
+ * Bugfix #4898: Make ACL operations work over gRPC
+
+   This change solves two issues: * AddACL would fail, because the current implementation of
+   AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS
+   side, because it will try running a recursive find on a file, which fails. * RemoveACL would
+   fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes
+   this approach to use an approach similar to what is used in the binary client: just set the rule
+   that you want to have deleted with no permissions.
+
+   https://github.com/cs3org/reva/pull/4898
+
+ * Bugfix #4667: Fixed permission mapping to EOS ACLs
+
+   This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing).
+
+   https://github.com/cs3org/reva/pull/4667
+
+ * Bugfix #4520: Do not use version folders for xattrs in EOS
+
+   This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are
+   stored on the files.
+
+   https://github.com/cs3org/reva/pull/4520
+
+ * Bugfix #4599: Auth: increase verbosity of oidc parsing errors
+
+   This is to help further debugging of auth issues. An unrelated error reporting was also fixed.
+
+   https://github.com/cs3org/reva/pull/4599
+
+ * Bugfix #5006: Blocking reva on listSharedWithMe
+
+   `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable.
+   This has now been fixed
+
+   https://github.com/cs3org/reva/pull/5006
+
+ * Bugfix #4557: Fix ceph build
+
+   https://github.com/cs3org/reva/pull/4557
+
+ * Bugfix #5017: No empty favs attr
+
+   See issue #5016: we now unset the favs attr if no more favs are set
+
+   https://github.com/cs3org/reva/pull/5017
+
+ * Bugfix #4620: Fix ulimits for EOS container deployment
+
+   https://github.com/cs3org/reva/pull/4620
+
+ * Bugfix #5015: Fixed error reporting in the EOS gRPC client
+
+   This in particular fixes the lock-related errors
+
+   https://github.com/cs3org/reva/pull/5015
+
+ * Bugfix #4931: Fixed tree metadata following fix in EOS
+
+   The treecount is now populated from the EOS response.
+
+   https://github.com/cs3org/reva/pull/4931
+
+ * Bugfix #4930: Make removal of favourites work
+
+   Currently, removing a folder from your favourites is broken, because the handleFavAttr
+   method is only called in SetAttr, not in UnsetAttr. This change fixes this.
+
+   https://github.com/cs3org/reva/pull/4930
+
+ * Bugfix #4574: Fix notifications
+
+   https://github.com/cs3org/reva/pull/4574
+
+ * Bugfix #4790: Ocm: fixed domain not having a protocol scheme
+
+   This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the
+   remote server due to the domain having an unsupported protocol scheme. in this case domain
+   doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe.
+
+   https://github.com/cs3org/reva/pull/4790
+
+ * Bugfix #4849: Drop assumptions about user types when dealing with shares
+
+   We may have external accounts with regular usernames (and with null uid), therefore the
+   current logic to heuristically infer the user type from a grantee's username is broken. This PR
+   removes those heuristics and requires the upper level to resolve the user type.
+
+   https://github.com/cs3org/reva/pull/4849
+
+ * Bugfix #4894: No certs in EOS HTTP client
+
+   Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When
+   EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found
+   there, the whole authn flow is aborted and the user is mapped to nobody.
+
+   https://github.com/cs3org/reva/pull/4894
+
+ * Bugfix #4810: Simplified error handling
+
+   Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91
+
+   https://github.com/cs3org/reva/pull/4810
+
+ * Bugfix #4973: Handle parsing of favs over gRPC
+
+   To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of
+   users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen
+   in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the
+   higher-level call in eosfs.
+
+   https://github.com/cs3org/reva/pull/4973
+
+ * Bugfix #4901: Broken PROPFIND perms on gRPC
+
+   When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were
+   erroneous because ACL permissions were being ignored. This stems from a bug in
+   grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being
+   populated.
+
+   https://github.com/cs3org/reva/pull/4901
+   see:
+
+ * Bugfix #4907: Public links: return error when owner could not be resolved
+
+   https://github.com/cs3org/reva/pull/4907
+
+ * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing
+
+   EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly
+   handled in this case.
+
+   https://github.com/cs3org/reva/pull/4591
+
+ * Bugfix #4896: Fix nilpointer error in RollbackToVersion
+
+   https://github.com/cs3org/reva/pull/4896
+
+ * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored
+
+   The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in
+   reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST
+   requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the
+   loop that is used to iterate over all days in the date range.
+
+   https://github.com/cs3org/reva/pull/4905
+
+ * Bugfix #4939: Revert 'make home layout configurable'
+
+   Partial revert of #4911, to be re-added after more testing and configuration validation. The
+   eoshome vs eos storage drivers are to be adapted.
+
+   https://github.com/cs3org/reva/pull/4939
+
+ * Enhancement #5028: Handle empty EOS traces
+
+   https://github.com/cs3org/reva/pull/5028
+
+ * Enhancement #4911: Cephfs refactoring + make home layout configurable
+
+   https://github.com/cs3org/reva/pull/4911
+
+ * Enhancement #4937: @labkode steps down as project owner
+
+   Hugo (@labkode) steps down as project owner of Reva.
+
+   https://github.com/cs3org/reva/pull/4937
+
+ * Enhancement #4579: Remove domain-specific code to other repos
+
+   https://github.com/cs3org/reva/pull/4579
+
+ * Enhancement #4824: Refactor Ceph code
+
+   https://github.com/cs3org/reva/pull/4824
+
+ * Enhancement #4797: Refactor CI jobs and bump to latest deps
+
+   https://github.com/cs3org/reva/pull/4797
+
+ * Enhancement #4934: Access to EOS via tokens over gRPC
+
+   As a guest account, accessing a file shared with you relies on a token that is generated on behalf
+   of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC
+   client. Additionally, the HTTP client now takes tokens into account.
+
+   https://github.com/cs3org/reva/pull/4934
+
+ * Enhancement #4870: Only load X509 on https
+
+   Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by
+   default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit
+   tests, as these fail when this key pair is not on the file system (which is the case for the test
+   pipeline as well).
+
+   This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the
+   EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger
+   the loading of the key pair.
+
+   https://github.com/cs3org/reva/pull/4870
+
+ * Enhancement #5014: Log app when creating EOS gRPC requests
+
+   https://github.com/cs3org/reva/pull/5014
+
+ * Enhancement #4892: Do not read eos user ACLs any longer
+
+   This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it
+   to the GRPC client.
+
+   https://github.com/cs3org/reva/pull/4892
+
+ * Enhancement #4720: Differentiate quota for user types in EOS
+
+   We now assign a different initial quota to users depending on their type, whether PRIMARY or
+   not.
+
+   https://github.com/cs3org/reva/pull/4720
+
+ * Enhancement #4863: Favourites for eos/grpc
+
+   https://github.com/cs3org/reva/pull/4863
+
+ * Enhancement #5013: Updated dependencies + moved to go 1.22
+
+   https://github.com/cs3org/reva/pull/5013
+
+ * Enhancement #4514: Pass lock holder metadata on uploads
+
+   We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the
+   case of conflicts due to lock mismatch.
+
+   https://github.com/cs3org/reva/pull/4514
+
+ * Enhancement #4970: Improved logging on createHome
+
+   https://github.com/cs3org/reva/pull/4970
+
+ * Enhancement #4984: Drop shadow namespaces
+
+   This comes as part of the effort to operate EOS without being root, see
+   https://github.com/cs3org/reva/pull/4977
+
+   In this PR the post-home creation hook (and corresponding flag) is replaced by a
+   create_home_hook, and the following configuration parameters are suppressed:
+
+   Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes
+   default_quota_files uploads_namespace (unused)
+
+   https://github.com/cs3org/reva/pull/4984
+
+ * Enhancement #4670: Ocm: support bearer token access
+
+   This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having
+   the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD
+   server package, and the Discover methods have been all consolidated in one place.
+
+   https://github.com/cs3org/reva/pull/4670
+
+ * Enhancement #4977: Do not use root on EOS
+
+   Currently, the EOS drivers use root authentication for many different operations. This has
+   now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only
+   operations * the user himselft
+
+   Note that home creation is excluded here as this will be tackled in a different PR.
+
+   https://github.com/cs3org/reva/pull/4977/
+
+