[Wapt] Erreur "Database is locked"

Hubert TOUVET htouvet at tranquil.it
Mon Mar 25 17:38:23 CET 2019


WAPT- (2019-03-25)

(hash 2f2f40b24e)

* [FIX] waptconsole / hosts for packages : F5 does a local refresh

* [FIX] Improve update performance with repositories with a lot of packages.

* [FIX] improves wapttray reporting

   fix faulty inverted logic for notify_user parameter

* [FIX] waptconsole : bad filtering of hosts for package (Enterprise)

* [FIX] waptexit : fix waptexit closes even if Running task if no 
pending task / pending updates

* [FIX] waptexit : fix potential case where waptexit remains running 
with high cpu load

* [FIX] waptconsole:  Fix HostsForPackage grid not filtered properly 
(was unproperly using Search expr from first page)

* [FIX] waptservice : None has no check_install_is_running error at 
waptservice startup

* [FIX] core : set persistent_dir and persistent_source_dir attribute on 
setup module for install_wapt

* [FIX] core : fix bug in guessed persistent_dir for dev mode

* [FIX] core : fix error resetting status of stucked processes in local 
db (check_install_running)

* [FIX] waptservice : Trap error setting runstatus in db in tasks 
manager loop

   Don't send runstatus to server each time it is set

* [UPD] core : define explicitely the private_dir of Wapt object

* [UPD] server : Don't refuse to provide authtoken if fqdn has changed 
(this does not introduce sepcific risk as request is signed against UUID)

* [UPD] core : if package_uuid attribute is not set in package's control 
(old wapt), it is set  to a reproductible hash when package is appended 
to local waptdb so we can use it to lookup packages faster (dict)

* [NEW] waptconsole : Add audit scheduling setup in waptagent dialog 

   add set_waptaudit_task_period in innosetup installers

* [IMP] setuphelpers: add win32_displays  to default wmi keys for report

* [IMP] server setup : create X509 certificate / RSA key for hosts ssl 
certificate signing and authentication during setup of server

* [IMP] waptexit: add sizeable border and icons

   show progress of long tasks

* [IMP] waptservice : Process update of packages as a task instead of 
waiting for its completion when upgrading (to avoid timeout when running 
upgrade waptservice task)

   add `update_packages` optional (default True) parameter for upgrade 
waptservice action

* [NEW] Add audit scheduling setup in waptagent compilation dialog 

* [NEW] setuphelpers : Add get_local_profiles setuphelpers

* [IMP] waptserver : Don't refuse to provide authtoken for websockets 
auth if fqdn has changed

* [IMP] flush stdout before sending status to waptserver

* [IMP] waptcrypto handle alternative object names in csr build

* [IMP] wapt-get : --force option on wapt-get.exe service mode

* [NEW] use client side auth for waptwua too

* [CHANGE] server setup : nginx windows config : relocate logs and pid

   add conditional client side ssl auth in nginx config

* [CHANGE] waptconsole : refactor wget, wgets WaptRemoteRepo WaptServer 
to use requests.Session object to handle specific ssl client auth and 

   Be sure to set privateKey password dialog callback to decrypt client 
side ssl auth key

* [IMP] waptcrypto : add waptcrypto.is_pem_key_encrypted

* [IMP] waptconsole : Make sure waptagent window is fully visible.

* [IMP] waptconsole : Make sure Right click select row on all grids

WAPT- (2019-03-06)

(hash ec8aa25ef)


* upgraded OpenSSL dlls to 1.0.2r for 
https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/ (moderate risk))


* Much reworked wizard pages embedded in waptserversetup.exe windows 
server installer. Install of waptserver on Windows is easy again.

    register server as a client of waptserver

    create new key / cert pair

    build waptagent.exe and waptupgrade package

    configure package prefix

* If client certificate signing is enabled on waptserver (waptserver.ini 
config), the server sign a CSR for the client when the client is 
registered. See 

* wapt-get: added new command `create-keycert` to create a pair of RSA 
key / x509 certificate in batch mode. self signed or signed with a CA 

     (options are case sensitive...)

     /CommonName : CN to embed in certificate

     /Email /Country /Locality /Organization /OrgUnit : additional 
attributes to embed in certificate

     /PrivateKeyPassword : specify the password for private key in clear 
text form

     /PrivateKeyPassword64 : specify the password for private key in 
base64 encoding form

     /NoPrivateKeyPassword : Ask to create or use an unencrypted RSA 
private key

     /CA=1 (or 0)): create a certification authority certificate if 1 
(default to 1)

     /CodeSigning=1 (or 0) ): create a code signing certificate if 1 
(default to 1)

     /ClientAuth=1 (or 0) : create a certificate for authenticating a 
client on a https server with ssl auth. (default to 1)

     /CAKeyFilename : path to CA private key to use for signing the new 
certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini 
[global] default_ca_key_path setting)

     /CACertFilename : path to CA certificate to use for signing the new 
certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini 
[global] default_ca_cert_path setting)

     /CAKeyPassword : specify the password for CA private key in clear 
text form to use for signing the new certificate (no default)

     /CAKeyPassword64 : specify the password for CA private key in 
base64 encoding form to use for signing the new certificate (no default)

     /NoCAKeyPassword : specify that the CA private to use for signing 
the new certificate is unencrypted

     /EnrollNewCert : copy the newly created certificate in <wapt>\ssl 
to be taken in account as an authorized packages signer certificate.

     /SetAsDefaultPersonalCert : set personal_certificate_path in 
configuration inifile [global] section (default 

* [NEW] wapt-get: added new commands `build-waptagent` to compile a 
customized waptagent in batch mode.

     Copy waptagent.exe and pre-waptupgrade locally (if not 
/DeployWaptAgentLocally, upload to server with https)

     /DeployWaptAgentLocally : Copy the newly built waptagent.exe and 
prefix-waptupgrade_xxx.wapt to  local server repository directory ( 
<wapt>\waptserver\repository\wapt\ )

* [NEW] `wapt-get register` : Add options for easy configuration of wapt 
when registering

   `--pin-server-cert` : When registering, pin the server certificate. 
(check that CN of certificate matches hostname of server and repo)

   `--wapt-server-url` : When registering, set wapt-get.ini wapt_server 

   `--wapt-repo-url` : When registering, set wapt-get.ini repo_url 
setting. (if not provided, and there is not repo_url set in 
wapt-get.ini, extrapolate repo_url from wapt_server url)

* [NEW] wapt-get Add check-valid-codesigning-cert / 
CheckPersonalCertificateIsCodeSigning action

Improvements and fixes

* python libraries updates

   upgrade cryptography from 2.3.1 to 2.5.0

   upgrade pyOpenSSL from 18.0.0 from 19.0.0

* [FIX] don't reset host.server_uuid in server db when host disconnect 
from websocket

   set host.server_uuid in server db when host get a token

* [FIX] Modify isAdminLoggedIn to try to fix cases when we are admin but 
function return false

* [FIX]Ensure valid package name in package wizard (issue959)

* [FIX] regression Use python cryptography 2.4.2 openssl bindings for 
windows XP agent (openssl bindings of the python cryptopgraphy default 
WHL >= 2.5 does not work on windows XP)

* [FIX] trap exception when creating db tables from scratch fails, 
allowing upgrade of structure.

* [FIX] Reduce the risk of "database is locked" error

* [FIX] fix deprecation warning for verifier and signer when checking 
crl signature

* [FIX] persistent_dir calculation in package's call_setup_hook when 
package_uuid is None in local wapt DB (for clients migrated from pre 1.7 
wapt, error None has no len() in audit log)

* [FIX] regression Don't try to use host_certificate / key for client 
side ssl auth if they are not accessible

* [IMP] Define proxies for crl download in wapt-get scan-packages

* [IMP] Fix bad normalization action icon

* [IMP] paste from clipboard action available in most packages editing grid

* [IMP] Propose to define package root dev path, package prefix, 
waptagent or new private key/ cert when launching waptconsole

* [IMP] Remove the need to define waptdev directory when editing groups 
/ profiles / wua packages / self-service packages

* [IMP] Grid Columns translations in french

* [IMP] waptexit responsiveness improvements

   Separate events check thread and tasks check thread.

* [NEW] Add ClientAuth checkbox when building certificate in waptconsole

* [NEW] Add --quiet -q option to postconf.py

* [MISC] add an example of client side cert auth

* Add clientAuth extended usage to x509 certificates (default True) for 
https client auth using personal certificate

* Makes use of ssl client cert and key in waptconsole for server auth

* fix ssl client certificate auth not taken in account for server api 
and host repo

* add is_client_auth property for certificates

   default None for is_client_auth cert / csr build

   don't fallback to host's client certificate auth if it is not 
clientAuth capable (if so, http error 400)

* [MISC] waptcrypto : Add SSLPKCS12 to encapsulate pcks#12 key/cert store

* [MISC] Add splitter for log memo in Packages for hosts panel

* Store fixes

* Be tolerant when no persistent_dir in wsus packages

   Min wapt version 1.7.3 for self service packages and waptwua packages

* fix WsusUpdates has no attribute 'downloaded'

WAPT- (2019-02-19)

(hash 373f7d92)

Bug fixes

* fix softs normalization dialog closed when typing F key (Enterprise)

* include waptwua in nginx wapt server windows locations (Enterprise)

* fix force option from service or websockets not being taken in account 
in install_msi_if_needed or install_exe_if_needed

* improved win updates reporting (uninstall behaviour)  (Enterprise)

* add uninstall action for winupdates in waptconsole  (Enterprise)

* fix reporting from dmi "size type" fields with non int content 


* waptexit: Allow minimize button

* waptexit: Layout changes

* AD Auth : less restrictive on user name sanitity check (Enterprise)

* handle updates of data for winupdates with additional download urls  

* Add some additional info fields to WsusUpdates table (Enterprise)

* add filename to Packages table for reporting and store usage (Enterprise)

* Add uninstall win updates to waptconsole (Enterprise)

* Add windows updates uninstall task capabilities (Enterprise)

* add filename to Packages table

* increased default clockskew tolerance for client socket io

Le 25/03/2019 à 15:23, Bastien HERMITTE a écrit :
> Merci Simon, je vais tester ça.
> Aurais-tu le changelog de cette version ?
> Merci.
> Cordialement,
> Bastien
> Le 23/03/2019 à 12:31, Simon Fonteneau a écrit :
>> On a fait pas mal de Modification dans la dernière version. waptexit 
>> et également pour le problème du "Database is locked"
>> https://wapt.tranquil.it/wapt/nightly/wapt-
>> La version n'est pas une release car elle n'a pas encore été 
>> complément testé chez nous (manque de temps)
>> Mais elle est en prod chez nous et chez quelques clients.
>> Vous pouvez l'installer si voulez.
>> Simon
>> Le 22/03/2019 à 13:39, Bastien HERMITTE a écrit :
>>> Bonjour,
>>> J'ai également ce problème depuis le passage en 1.7.
>>> Cela pose problème notamment pour le waptexit, qui n'effectue pas 
>>> les mises à jour, et du coup se relance à chaque fois.
>>> Cordialement,
>>> Bastien
>>> Le 18/03/2019 à 16:05, Floflobel Bellencontre a écrit :
>>>> Bonjour,
>>>> Nous avons le même problème de notre côté et nous ne pouvons plus 
>>>> effectuer de mise à jours ou il faut vraiment essayer plusieurs fois.
>>>> Avez-vous une solution de contournement en attendant la release de 
>>>> la version ?
>>>> Savez-vous dans combien de temps cette version sera release sur le 
>>>> dépôt debian ?
>>>> Cordialement,
>>>> On 3/15/19 9:39 AM, Jean-Charles GRANGER wrote:
>>>>> Bonjour Hubert,
>>>>> Merci pour l'information et la confirmation, je suis rassuré, ça 
>>>>> n'est pas une erreur de conf de notre coté.
>>>>> Pour la mise à jour, elle sera publiée sur le dépôt 
>>>>> officiel ou bien il faut l'installer manuellement ?
>>>>> Cordialement,
>>>>> JCG
>>>>> -- 
>>>>> Jean-Charles GRANGER
>>>>> Unité Informatique du Campus
>>>>> Antenne du Coeur d'Ecole
>>>>> Montpellier SupAgro / INRA Montpellier
>>>>> Le 14/03/2019 à 17:48, Hubert TOUVET a écrit :
>>>>>> Je confirme que cette erreur est plus fréquent en
>>>>>> Le problème est lié à la base locale qui ne peut être en écriture 
>>>>>> que pour un process / thread à la fois.
>>>>>> Il faut donc que les transactions en écriture soient les plus 
>>>>>> brèves possibles.
>>>>>> A priori, la version corrige cela. (d'après les tests 
>>>>>> faits par nous en charge)
>>>>>> Hubert
>>>>>> Le 14/03/2019 à 16:05, Jean-Charles GRANGER a écrit :
>>>>>>> Bonjour à tous,
>>>>>>> Depuis le passage à la version 1.7 (je suis en, j'ai 
>>>>>>> une erreur très fréquente sur de nombreux postes lorsque je fais 
>>>>>>> un update ou un upgrade :
>>>>>>>     FATAL ERROR : OperationalError: database is locked
>>>>>>> Elle empêche la remontée d'informations vers le serveur, et du 
>>>>>>> coup, je ne sais plus quelles machines sont à jour ou non. Et 
>>>>>>> les machines elles-mêmes ne le savent pas : comme elles n'ont 
>>>>>>> pas acquitté la réussite des installations au serveur, elles 
>>>>>>> pensent avoir échoué et relancent les installations à l'arrêt 
>>>>>>> suivant.
>>>>>>> Parfois en insistant un peu en ligne de commande, les mises à 
>>>>>>> jour finissent par remonter correctement (j'ai pu vérifier 
>>>>>>> qu'elles s'installent sans problème, c'est juste la remontée 
>>>>>>> d'info qui ne se fait pas bien).
>>>>>>> Je n'ai pas de tâches planifiées qui lancent Wapt en tâche de 
>>>>>>> fond pour faire certaines opérations.
>>>>>>> Quelqu'un a déjà eu ce problème ?
>>>>>>> Cordialement,
>>>>>>> JCG
>>>>>> _______________________________________________
>>>>>> WAPT mailing list
>>>>>> WAPT at lists.tranquil.it
>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>> _______________________________________________
>>>>> WAPT mailing list
>>>>> WAPT at lists.tranquil.it
>>>>> http://lists.tranquil.it/listinfo/wapt
>>>> _______________________________________________
>>>> WAPT mailing list
>>>> WAPT at lists.tranquil.it
>>>> http://lists.tranquil.it/listinfo/wapt
>>> _______________________________________________
>>> WAPT mailing list
>>> WAPT at lists.tranquil.it
>>> http://lists.tranquil.it/listinfo/wapt
>> _______________________________________________
>> WAPT mailing list
>> WAPT at lists.tranquil.it
>> http://lists.tranquil.it/listinfo/wapt
> _______________________________________________
> WAPT mailing list
> WAPT at lists.tranquil.it
> http://lists.tranquil.it/listinfo/wapt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20190325/b3f02f8e/attachment.html>

More information about the WAPT mailing list