Ubuntu Music App

Support download of albums as zip files from 7Digital

Bug #1365993 reported by Pat McGowan
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ubuntu Music App
Fix Released
Critical
Andrew Hayzen
content-hub
Fix Released
Critical
Michael Sheldon
ubuntu-download-manager
Fix Released
Critical
Manuel de la Peña
webbrowser-app
Fix Released
Critical
Michael Sheldon
content-hub (Ubuntu RTM)
Fix Released
Undecided
Unassigned
webbrowser-app (Ubuntu RTM)
Fix Released
Undecided
Unassigned

Bug Description

The site offers users the option to download an entire purchased album as a single zip file. Currently there is no download target for this so the operation fails.

Need to investigate if there is any mime type to key off when the zip is offered, or some other file naming convention.

Related branches

lp:~ahayzen/music-app/content-hub-multi-file
Victor Thompson: Approve
Ubuntu Phone Apps Jenkins Bot: Approve (continuous-integration)
Diff: 559 lines (+140/-124)
2 files modified
music-app.qml (+52/-25)
po/com.ubuntu.music.pot (+88/-99)
lp:~michael-sheldon/webbrowser-app/7digital-album-download
Olivier Tilloy: Approve
PS Jenkins bot: Approve (continuous-integration)
Diff: 83 lines (+44/-13)
1 file modified
src/app/Downloader.qml (+44/-13)
lp:~mandel/ubuntu-download-manager/deflate
Sergio Schvezov: Approve
PS Jenkins bot: Approve (continuous-integration)
Michael Sheldon (community): Needs Fixing
Diff: 1370 lines (+912/-76)
31 files modified
CMakeLists.txt (+1/-1)
debian/changelog (+3/-2)
debian/control (+1/-0)
debian/libudm-common0.symbols (+4/-0)
debian/ubuntu-download-manager.install (+1/-0)
src/CMakeLists.txt (+1/-0)
src/common/priv/ubuntu/transfers/system/file_manager.cpp (+6/-0)
src/common/priv/ubuntu/transfers/system/file_manager.h (+1/-0)
src/common/public/ubuntu/transfers/metadata.cpp (+17/-0)
src/common/public/ubuntu/transfers/metadata.h (+5/-0)
src/downloads/priv/CMakeLists.txt (+2/-0)
src/downloads/priv/ubuntu/downloads/file_download.cpp (+83/-66)
src/downloads/priv/ubuntu/downloads/file_download.h (+9/-4)
src/downloads/priv/ubuntu/downloads/header_parser.cpp (+72/-0)
src/downloads/priv/ubuntu/downloads/header_parser.h (+42/-0)
src/downloads/qml/metadata.cpp (+13/-0)
src/downloads/qml/metadata.h (+6/-1)
src/downloads/qml/single_download.h (+2/-2)
src/extractor/CMakeLists.txt (+33/-0)
src/extractor/ubuntu/downloads/extractor/deflator.cpp (+80/-0)
src/extractor/ubuntu/downloads/extractor/deflator.h (+63/-0)
src/extractor/ubuntu/downloads/extractor/factory.cpp (+60/-0)
src/extractor/ubuntu/downloads/extractor/factory.h (+52/-0)
src/extractor/ubuntu/downloads/extractor/main.cpp (+100/-0)
src/extractor/ubuntu/downloads/extractor/unzip.cpp (+75/-0)
src/extractor/ubuntu/downloads/extractor/unzip.h (+57/-0)
tests/common/file_manager.h (+1/-0)
tests/downloads/daemon/test_download.cpp (+82/-0)
tests/downloads/daemon/test_download.h (+5/-0)
tests/downloads/daemon/test_metadata.cpp (+31/-0)
tests/downloads/daemon/test_metadata.h (+4/-0)
lp:~michael-sheldon/content-hub/download-zip-integration
PS Jenkins bot: Approve (continuous-integration)
Ken VanDine: Approve
Ubuntu Phablet Team: Pending requested
Diff: 66 lines (+26/-2)
2 files modified
src/com/ubuntu/content/detail/transfer.cpp (+24/-2)
src/com/ubuntu/content/detail/transfer.h (+2/-0)
Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

Ken maybe you can test this to see if there is something we can key off of for the mapping

Changed in content-hub:
assignee: nobody → Ken VanDine (ken-vandine)
importance: Undecided → High
Revision history for this message
Victor Thompson (vthompson) wrote :

Might it be best if ContentHub added an "extract" method to ContentItem [1]? The rest of the functionality to import with the Music app should be rather straight forward.

[1] http://developer.ubuntu.com/api/qml/sdk-14.10/Ubuntu.Content.ContentItem/

Revision history for this message
Victor Tuson Palau (vtuson) wrote :

this should be critical

Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

This is what the header in the download looks like. We could try to use the custom header fields to id this:

HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Mon, 15 Sep 2014 18:17:24 GMT
Content-Type: application/zip
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Content-Disposition: attachment; filename="The Script - No Sound Without Silence.zip"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-7dig: PROD-DOWNLOAD02
x-7d-sys-hostname: PROD-DOWNLOAD02

Revision history for this message
Ken VanDine (ken-vandine) wrote :

We could add a special case for 7Digital in webbrowser-app, and use the custom header to map to ContentType.Music. This would hand off the zip file to music-app to extract, but in pure QML there isn't a way to extract the files. If we added an extract API in content-hub, I'd be a little worried about possible malicious content being extracted by a trusted helper. Any site could add the custom header exposing us to extracting content in an unconfined process.

I'd like to hear what someone from security thinks.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I do think the proper way is to add an extract API and I also agree that we don't want to expose untrusted content extraction to unconfined processes. We are doing a pretty good job with media-hub, mediascanner, gallery, webapps, thumbnailing, etc with processes and untrusted input, so we shouldn't be lax here.

That said, this is not particularly difficult to secure-- add an extract API, have the download manager call out to a helper program that is confined. This helper program should only write out to specific folder such as /run/user/*/content-extractor so we could have rules like:
  /run/user/*/content-extractor/ rw,
  /run/user/*/content-extractor/** rw,

When the extractor is done extracting, the content-hub can move the extracted files into place. Note: '/run/user/*/content-extractor/' is just an example, point is, we don't want the extractor extracting to all over the filesystem-- have the extractor extract to somewhere safe and let content-hub do the moving around.

Revision history for this message
Olli Ries (ories) wrote :

raising importance to critical as per status meeting

Changed in content-hub:
importance: High → Critical
Andrew Hayzen (ahayzen)
Changed in music-app:
importance: High → Critical
Ken VanDine (ken-vandine)
Changed in ubuntu-download-manager:
importance: Undecided → Critical
Changed in webbrowser-app:
importance: Undecided → Critical
assignee: nobody → Michael Sheldon (michael-sheldon)
Changed in ubuntu-download-manager:
assignee: nobody → Manuel de la Peña (mandel)
Andrew Hayzen (ahayzen)
Changed in music-app:
assignee: nobody → Andrew Hayzen (andrew-hayzen)
Bill Filler (bfiller)
Changed in ubuntu-download-manager:
assignee: Manuel de la Peña (mandel) → Sergio Schvezov (sergiusens)
tags: added: touch-2014-09-25
Andrew Hayzen (ahayzen)
Changed in music-app:
status: New → In Progress
Michael Sheldon (michael-sheldon)
Changed in webbrowser-app:
status: New → In Progress
Revision history for this message
Sergio Schvezov (sergiusens) wrote :

Assigning bug back to mandel, he says it's easy enough for him to fix

Changed in ubuntu-download-manager:
assignee: Sergio Schvezov (sergiusens) → Manuel de la Peña (mandel)
Manuel de la Peña (mandel)
Changed in ubuntu-download-manager:
status: New → In Progress
Revision history for this message
Manuel de la Peña (mandel) wrote :

The download manager by default is setting the Accept-endoding header to identity to ensure that it can check the hash of a downloaded file without the need of dealing with gzip, zip etc.. the correct solution (pointed out in the following bug https://bugreports.qt-project.org/browse/QTBUG-18239) is not to set the accepted-encoding in the request.

I'm going to solve the bug doing the following:

1. Allow the browser or download manager client to set a flag in the metadata stating that we DO want to deflate the file.
2. Do not set the accepted-encoding to identity so that QNetworkAccessManager does its work.

The download manager will be using the file name provided by the content-disposition header withou the extension when the deflate flag is passed to avoif confusions.

Revision history for this message
Manuel de la Peña (mandel) wrote :

Sorry for the typos, is quite late in my time zone.

Revision history for this message
Ubuntu Phone Apps Jenkins Bot (ubuntu-phone-apps-jenkins-bot) wrote :

Fix committed into lp:music-app at revision None, scheduled for release in music-app, milestone 1.0

Changed in music-app:
status: In Progress → Fix Committed
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Based on the solution we've come up with, there shouldn't be any work to do in content-hub

Changed in content-hub:
assignee: Ken VanDine (ken-vandine) → nobody
status: New → Invalid
Revision history for this message
Michael Sheldon (michael-sheldon) wrote :

There might be some slight changes needed in content-hub, as currently the download manager finished() signal (which we use to add content items) just provides a single file path. So we may have to either listen to an additional signal or receive a directory via finished() and walk through it adding the items. So for now I'll re-open the content-hub item and assign it to myself to implement when the download manager work is finished.

Changed in content-hub:
status: Invalid → In Progress
assignee: nobody → Michael Sheldon (michael-sheldon)
Victor Thompson (vthompson)
Changed in music-app:
status: Fix Committed → Fix Released
Bill Filler (bfiller)
tags: added: touch-2014-10-02
removed: touch-2014-09-25
Jean-Baptiste Lallement (jibel)
tags: added: beta qa-daily-testing
Bill Filler (bfiller)
tags: added: touch-2014-10-09
removed: touch-2014-10-02
Bill Filler (bfiller)
tags: added: touch-2014-10-16
removed: touch-2014-10-09
Olli Ries (ories)
tags: added: touch-2014-10-23
removed: touch-2014-10-16
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package content-hub - 0.0+14.10.20141014-0ubuntu1

---------------
content-hub (0.0+14.10.20141014-0ubuntu1) 14.09; urgency=low

  [ CI bot ]
  * Resync trunk

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Michael Sheldon ]
  * Add support for receiving directories of unzipped files from
    download manager. (LP: #1365993)
 -- Ubuntu daily release <email address hidden> Tue, 14 Oct 2014 16:11:13 +0000

Changed in content-hub (Ubuntu RTM):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webbrowser-app - 0.23+14.10.20141015.1-0ubuntu1

---------------
webbrowser-app (0.23+14.10.20141015.1-0ubuntu1) 14.09; urgency=low

  [ Michael Sheldon ]
  * Detect 7 digital album downloads and request that they get unzipped
    by download manager. (LP: #1365993)

  [ Ubuntu daily release ]
  * New rebuild forced
 -- Ubuntu daily release <email address hidden> Wed, 15 Oct 2014 11:56:39 +0000

Changed in webbrowser-app (Ubuntu RTM):
status: New → Fix Released
Bill Filler (bfiller)
Changed in webbrowser-app:
status: In Progress → Fix Released
Changed in ubuntu-download-manager:
status: In Progress → Fix Released
Changed in content-hub:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.