Re: [dspace-tech] Re: Restoring a deleted collection

[Sean Carte]

Hi Tim

I went with the third option and have spun up a test instance from a backup
before the collection was deleted, but I can't get the AIP packager to work
recursively on the collection; I get: exception; no such file or directory.

If I try a single item from that collection it works:

 /dspace/bin/dspace packager -d -a -t AIP -e sean.ca...@gmail.com -i
10413/20198 20198.zip

Disseminating DSpace ITEM [ hdl=10413/20198 ] to 20198.zip

Also disseminating all child objects (recursive mode)..
This may take a while, please check your logs for ongoing status while we
process each package.

CREATED a total of 1 dissemination package files.

Would you like to view a list of all files that were created? [y/n]: y



CREATED package file: /dspace/20198.zip


But not for the collection:

/dspace/bin/dspace packager -d -a -t AIP -e sean.ca...@gmail.com -i
10413/6680 6680.zip

Disseminating DSpace COLLECTION [ hdl=10413/6680 ] to 6680.zip

Also disseminating all child objects (recursive mode)..
This may take a while, please check your logs for ongoing status while we
process each package.
Exception: No such file or directory
java.io.IOException: No such file or directory
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createTempFile(File.java:2063)
at
org.dspace.content.crosswalk.RoleCrosswalk.disseminateElement(RoleCrosswalk.java:190)
at
org.dspace.content.packager.AbstractMETSDisseminator.crosswalkToMetsElement(AbstractMETSDisseminator.java:1356)
at
org.dspace.content.packager.AbstractMETSDisseminator.makeMdSec(AbstractMETSDisseminator.java:626)
at
org.dspace.content.packager.AbstractMETSDisseminator.addToAmdSec(AbstractMETSDisseminator.java:739)
at
org.dspace.content.packager.AbstractMETSDisseminator.addAmdSec(AbstractMETSDisseminator.java:765)
at
org.dspace.content.packager.AbstractMETSDisseminator.makeManifest(AbstractMETSDisseminator.java:862)
at
org.dspace.content.packager.AbstractMETSDisseminator.writeZipPackage(AbstractMETSDisseminator.java:334)
at
org.dspace.content.packager.AbstractMETSDisseminator.disseminate(AbstractMETSDisseminator.java:271)
at
org.dspace.content.packager.DSpaceAIPDisseminator.disseminate(DSpaceAIPDisseminator.java:165)
at
org.dspace.content.packager.AbstractPackageDisseminator.disseminateAll(AbstractPackageDisseminator.java:102)
at org.dspace.app.packager.Packager.disseminate(Packager.java:642)
at org.dspace.app.packager.Packager.main(Packager.java:461)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.dspace.app.launcher.ScriptLauncher.runOneCommand(ScriptLauncher.java:229)
at org.dspace.app.launcher.ScriptLauncher.main(ScriptLauncher.java:81)


I have tried other collection handles with the same result. And a sitewide
export also fails with the same error.

Any ideas where I've gone wrong?

Sean

On Tue, 15 Feb 2022 at 17:40, 'Tim Donohue' via DSpace Technical Support <
dspace-tech@googlegroups.com> wrote:

> Hi Sean,
>
> Unfortunately, it's not at all easy to restore a single Collection from a
> database backup.  But, here's a few other options to consider:
>
> If you happened to also do a recent AIP backup, then that's much easier,
> as you can just restore the Collection by reimporting its AIP(s) in restore
> mode:
> https://wiki.lyrasis.org/display/DSDOC6x/AIP+Backup+and+Restore#AIPBackupandRestore-Restoring/ReplacingusingAIP(s)
>
> Another option would be to see if you can just restore the entire database
> from that backup (which can result in data loss if you've added new data
> since that last backup occurred). If you restore the database though, you'd
> also likely need to restore the "[dspace]/assetstore" folder from a backup
> at the same time (as any Item's files that were deleted from that
> assetstore folder during the Collection deletion would also require
> restoring).
>
> A third option, if you have a backup of the database & assetstore folder
> from around the same time would be to use those to spin up a separate
> *test* instance of your DSpace site, with the same data as that last
> backup.  Then you could do an AIP backup of the deleted Collection at that
> point in time, and use the AIP tools to then restore it into your
> production DSpace  (make sure to fully test the restoration though before
> running it against your production site)
>
> My recommendation would be to go with one of those approaches, when
> possible.  Restoring a single collection from a database backup would be
> highly complex to do at the database levelas it essentially would
> require somehow restoring the necessary deleted columns to several tables
> at once.  It's something even I've never done before.
>
> Good luck,
>
> Tim
>
>
>
> On Tuesday, February 15, 2022 at 4:35:54 AM UTC-6 sean@gmail.com
> wrote:
>

[dspace-tech] Re: FAQ: DSpace & log4j critical vulnerabilities (CVE-2021-44228 and CVE-2019-17571)

[Paul Kobasa]

Hi Tech support,

I'm using Dspace 6.3 on Centos 7. My Cyber Security colleagues tell me that 
there are 3 other vulnerabilities in our installation:

CVE-2022-23302 

,  CVE-2022-23305 
,
 
and  CVE-2022-23307 


I've not been able to verify log4j 1.x, as it is used in dspace V6.3 is 
configured in such a way that these vulnerabilities are exploitable. 

Please could you confirm if Dspace 6.3 is not affected by these?

Thanks,

Paul.

On Thursday, 16 December 2021 at 16:55:53 UTC Tim Donohue wrote:

> All, 
>
> We know it's been a crazy week for those tracking down which systems are 
> vulnerable to recent log4j vulnerabilities.
>
> As these questions continue to come up, here's a quick guide based on what 
> we know *today*.
>
> *Is DSpace vulnerable to CVE-2021-44228 (aka Log4Shell) in log4j v2?*
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228 (critical vulnerability)
>
>- *DSpace 7.0 & 7.1 are both vulnerable*.  Upgrade as soon as possible 
>to 7.1.1 (or above) or patch your system. You also must upgrade/patch your 
>Apache Solr. See 7.1.1 Release Notes for information: 
>
> https://wiki.lyrasis.org/display/DSDOC7x/Release+Notes#ReleaseNotes-7.1.1ReleaseNotes(BackendOnly)
>- DSpace 6.x, 5.x or 4.x (or below) are *not vulnerable*, as they all 
>use log4j v1 exclusively with a default configuration which is not 
>impacted. (At this time there is no way to upgrade these older DSpace 
>releases to log4j v2. See below for more info.)
>
> (Obviously, as this vulnerability is so new, it's possible there will be 
> updates. We are closely watching everything coming out of the log4j 
> community to ensure the DSpace can be updated as needed.)
>
> *Is DSpace vulnerable to CVE-2019-17571 critical vulnerability in log4j 
> v1?*
> https://nvd.nist.gov/vuln/detail/CVE-2019-17571 (critical vulnerability)
>
>- DSpace 7.x releases are *not vulnerable* as they use log4j v2.
>- DSpace 6.x, 5.x or 4.x (or below) are also *not vulnerable* (out of 
>the box). DSpace's default log4j v1 configuration does NOT use the 
>vulnerable SocketServer/SocketAppender configuration. Instead, we 
>exclusively use FileAppenders, see for example: 
>
> https://github.com/DSpace/DSpace/blob/dspace-6_x/dspace/config/log4j.properties#L46
> 
>   - HOWEVER, if you've highly customized your DSpace log4j v1 
>   configuration, you should double check you are not using 
> SocketAppenders. A 
>   vulnerable SocketServer/SocketAppender configuration would look like 
> this: 
>   
> https://howtodoinjava.com/log4j/log4j-socketappender-and-socket-server-example/
>
> *Can DSpace 6.x, 5.x or 4.x be upgraded to log4j v2?  log4j v1 is EOL.*
> Unfortunately, log4j v2 is not backwards compatible with log4j v1. 
> Therefore, this is not a simple upgrade (e.g. it took over 1,000 lines of 
> code changes to update DSpace 7.x to log4j v2, see PR 2241 
> ).  This upgrade would likely 
> be *more complex*​ in DSpace 6.x/5.x/4.x, as those releases also used 
> older versions of Apache Solr (and other dependencies) which relied on 
> log4j v1 as well. 
>
> *Overall, if you need to use log4j v2 more immediately, we'd recommend 
> upgrading to DSpace 7.x.*  It's unlikely that earlier releases will ever 
> support log4j v2. (All that said, if anyone does find a way to upgrade 
> earlier versions of DSpace to log4j v2, we'll be sure to let everyone know.)
>
> If there are other questions, feel free to ask them on this list, or email 
> secur...@dspace.org.
>
> Tim 
>
> *--*
>
> *Tim Donohue*
>
> Technical Lead, DSpace
>
> tim.dono...@lyrasis.org
>
> Lyrasis.org  | DSpace.org 

[dspace-tech] OR2022 Call for Proposals extended and registration fee

[Maureen P. Walsh]

Call for Proposals - Open Repositories 2022

6th - 9th June Denver, Colorado, USA

Extended Deadline 6th March 2022

The Open Repositories Host Committee is looking forward to inviting you to
Denver this June for our first in-person conference since 2019. We plan to
open registration on 25th March with an estimated early-bird registration
fee of $300. Considering the challenges of travel and budget approvals
during the pandemic, we are making an effort to make registration as
inexpensive as possible as we are working through all the financials.

The organizers of the 17th International Conference on Open Repositories
are pleased to invite you to contribute to the program. The conference
theme is:
Building Trust Together: Integrating, Collaborating & Sharing

How can we build networks of trust by integrating and collaborating? How do
we collaboratively integrate user communities and new types and sources of
data?

Invitation to participate:

OR2022 will provide an opportunity to explore and reflect on the ways
repositories enable trust, integration, collaboration and sharing. It will
give participants new insights and inspiration, which will play a key role
in developing, supporting and sharing an open agenda and open tools for
research and scholarship.

We particularly welcome proposals on the overall theme of “Building Trust
Together”, and also on other administrative, organizational or practical
topics related to digital repositories. We are interested in the following
sub-themes:

   1.

   Integrating repositories and other platforms: Institutional & Domain
   repositories, PID services, CRIS, Digipres, Scholarly workflow, funder
   services, etc.
   2.

   Integrating content: novel or complex formats, data types & sources:
   Citizen Science data, gatekeeping and trust for uncurated data, Open
   Government Data, Wikimedia and web data, emerging formats, mediation and
   ownership of augmented data, etc.
   3.

   Collaborations & Communities: Repository networks, registries, federated
   services, integrating new user communities and bridging diverse user
   communities, Cultural Heritage data and Research data, sharing and
   co-creation and supporting non-academic use, financial/cultural and
   language barriers, supporting local communities and local knowledge, etc.
   4.

   Trust in the machine: Linked data, big data, the machine as a user,
   large and complex datasets, simulation and large-scale computation, new
   technologies (IIIF, Blockchain), visualisations, etc.
   5.

   Building Trust: Tackling Bias, democratizing science, long-term
   preservation and repository certification, Safeguarding rights, FAIR & CARE
   principles, compliance with local legislation and with funder and publisher
   policies, Open Governance, business models and sustainability, Repositories
   in the “fake news” era, etc.
   6.

   Supporting Reproducible Research: Repositories in the broader open
   research ecosystem, services for reproducibility of research, repositories
   as digital humanities and open science platforms, national and
   international open data mandates, etc.
   7.

   Discovery, Use, Reuse and Impact: Metrics, assessment, bibliometrics,
   altmetrics, analytics, open citations, licences and reuse conditions,
   increasing content visibility and findability, aggregation serves, impact
   outside of the academic context, etc.
   8.

   Building Future Repositories: Next Gen Repositories, the Pubfair
   framework and new models, repurposing the repository, the repository role
   in global challenges and societal change - Global warming, pandemic
   response, remote working, etc.

Updated deadline for submissions is 6th March 2022.

Registration will open by the end of March 2022.

Submission Process

The Program Committee has provided templates to use for submissions (see
below for links). Please use the submission template, and then submit
through ConfTool https://www.conftool.net/or2022 where you will be asked to
provide additional information (such as primary contact and the conference
subtheme your submission best fits).

Accepted proposals in all categories will be made available through the
conference’s website. Later, the presentations and associated materials
will be made available in an open repository; you will be contacted to
upload your set of slides or poster. Some conference sessions may be live
streamed or recorded, then made publicly available, or you may be asked to
record your presentation for upload to the repository.


Submission Categories

Presentations

Presentations make up the bulk of the Open Repositories conference.
Presentations are substantive discussions of a relevant topic; successful
submissions in past years have typically described work relevant to a wide
audience. These typically are placed in a 30 minute time slot (generally
alongside two other presentations for a total of 90 minutes). We strongly
encourage presentations that can be delivered in 20-25 minu

[dspace-tech] Display Embargo Date

[mad...@udel.edu]

Hi All,

We are running Dspace version 5.3, using the XMLUI for the front end. I 
wanted to know if anyone has work out a way to display the embargo date for 
a bitstream for public view?

Thanks
Keith Jones
Systems Programmer

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/6b3f61ad-3d2d-4c2c-93c5-87e11b92e7e4n%40googlegroups.com.