OSCAR 19 Installation


This basic install is adequate for a local install of OSCAR with scripted encrypted backups and Secure Socket Layer technology.

Document Version History

  • v1.0 – initial OSCAR 19 version published to worldoscar.org – April 25, 2019
  • v1.1 – expanded PGP instructions to include configuration details – May 16, 2019
  • v1.2 – reverted to Open Java 8 – May 22, 2019
  • v1.3 – added instructions for J9 as an option – January 31, 2020
  • v1.4– extended memory considerations added – December 22, 2020 – January 4, 2021

copyright © 2012-2021 by Peter Hutten-Czapski MD under the Creative Commons Attribution-Share Alike 3.0 Unported License


  1. Preface
  2. Document Version History
  3. Prerequisites
  4. Installing The Infrastructure Packages
  5. OPTIONAL: Certbot
  6. Java
  7. Other Dependencies
  8. Installing OSCAR
  9. Trying It Out
  10. Finishing touches
    • 2FA
    • PGP
    • Firewall
  11. Upgrades and Downgrades
  12. Removal of OSCAR


It is assumed that

  1. You have the time.  Allow a minimum of 30 minutes to install Ubuntu, 11 minutes to install the infrastructure packages, and a final 15 minutes to install OSCAR itself.  Downloading the software adds additional time and is dependent on your connection and can take 20 additional minutes @150KB/s.
  2. You are using suitable hardware.  While the OSCAR server may run on recent CPUs with 2GB RAM I consider 3GB a minimum.  I suggest aiming to consumer grade machines with 8GB RAM for 1-3 MD’s increasing to server grade machines with 32GB for 7+ MD’s.  Server grade machines offer component redundancy and improved reliability that is an advantage in any setting, but all systems need contingency plans for hardware failure. The author runs Intel Xeon server with 72GB RAM and hardware RAID as well as a i7 backup server with 16GB RAM for a database that is 5GB (compressed) in size and has 24 users.
  3. We do not assume you are using a virtual machine (VM) but we recommend it for enterprise level equipment.  A virtualization environment (hypervisor) allows you to install one or more servers as virtual machines (VM) to improve security and ease maintenance.
  4. There are significant disadvantages of trying ANY other version of the software versions specified herein unless you have extensive OSCAR configuration experience.  Better to get it running on spec and only then try something a bit different.
  5. You have installed the 18.04 64 bit LTS version of Ubuntu.  Both desktop and server versions have been tested and are supported to April 2028.  We strongly recommend *full disk encryption*, if you are able to manually provide the password after a power outage or reboot.  You will need the “alternate server installer” to enable this setup for the server as the subiquity installer doesn’t currently have the option to encrypt the LVM.
  6. You have a basic level of Linux knowledge and you can open a Linux terminal
  7. You can cut and paste EXACTLY the following instructions (These instructions are sensitive to spelling packages and order. )

NOTE: Firefox will copy with Control+C while a Linux terminal requires Shift+Control+V for paste

Installing The Infrastructure Packages

WE REITERATE For production use we recommend these exact instructions as it will be easier for the community to support you if you are having problems.  If you are both familiar with OSCAR and are testing or are willing to take chances when you colour outside the lines feel free to deviate from the instructions as you wish, and if its substantive deviation (and it works), please submit back your version.  In some cases these instructions will provide alternate tested configurations that work.

First ensure that the Universe repository is available (if not already enabled, it isn’t for subiquity installer Ubuntu 18.04 server) and update.

sudo add-apt-repository universe
sudo apt update
sudo apt upgrade 

OPTIONAL components

Note if you don’t use Certbot the Deb installer will still configure a secure https connection for you with a self signed certificate.  Use Certbot it you have a fully qualified domain name  FQDN (I mean you own your website name eg www.example.com).


Certbot will register your server with Lets Encrypt so that external browser access to the OSCAR will be with a green padlock for a trusted connection.

To install certbot execute the following

sudo apt install certbot

Certbot sets up a temporary standalone webserver that needs to communicate on port 80 to the lets encrypt server to authenticate that you are the owner of the website.  If your server is behind a router/firewalls you will need to open port 80 on your router and forward that port as port 80 on your server.  Those instructions vary by router.  In the following replace FQDM with your the fully qualified domain name that you own (eg www.example.org)

sudo certbot certonly --standalone -d FQDN

Test by checking if there are files as below

sudo ls /etc/letsencrypt/live/FQDN
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

The OSCAR Deb installer will install the certificate for you when it runs.


OSCAR 15 was previously run with Oracle Java.  Oracle’s licence now requires payment for “Business, Commercial or Production use” .  To remain open sourced we recommend you use Open JDK instead.

Open JDK is provided by many binaries (look for ones that are Java SE compatible) including those provided by AdoptOpenJDK, Zulu, J9, Corretto, etc and those packaged by many Linux distros including Ubuntu.  OSCAR 19 has been tested in production environments with Ubuntu JDK 8, Eclipse J9 JDK8 and Zulu JDK 8. Pick one of the following.

a) UBUNTU Open JDK 8

The Open JDK 8 packaged by Ubuntu is currently the default recommendation.

sudo apt-get install openjdk-8-jdk

Test if desired (your output will be slightly different):

$ java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 8u222-b12-0ubuntu0.18.04.1)
OpenJDK 64-Bit Server VM (build 25.222-b12, mixed mode)

b)J9 Open JDK 8

The Eclipse J9 is suggested if you are having Java errors with the Ubuntu package. Its JVM is completely different than hotspot which may be a performance advantage.  If you add the repository as below it will also get automated updates.

$ wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add -
$ sudo add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ 
$ apt-get update 
$ apt-get install adoptopenjdk-8-openj9

Test if desired (your output will be slightly different):

$ java -version
openjdk version "1.8.0_232"
OpenJDK Runtime Environment (build 1.8.0_232-b09)
Eclipse OpenJ9 VM (build openj9-0.17.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20191017_442 (JIT enabled, AOT enabled)
OpenJ9   - 77c1cf708
OMR      - 20db4fbc
JCL      - 97b5ec8f383 based on jdk8u232-b09)

Setting the Java for the one you want

You should check and change what /usr/bin/java points at with update-alternatives BEFORE you run the OSCAR DEB

$ update-alternatives --config java
There are 4 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                               Priority   Status
* 0            /usr/lib/jvm/zulu-8-amd64/jre/bin/java              1083400   auto mode
  1            /usr/lib/jvm/adoptopenjdk-8-openj9-amd64/bin/java   1081      manual mode
  2            /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java      1069      manual mode
  3            /usr/lib/jvm/java-8-oracle/jre/bin/java             1081      manual mode
  4            /usr/lib/jvm/zulu-8-amd64/jre/bin/java              1083400   manual mode

in this example there are three Java configured and Zulu 8 is set as the default.

For a new install the DEB will pick the update-alternatives configured Java 8 at time of installation regardless of brand.  If you change the configured Java after initial installation you must manually change to the correct JDK with the $JAVA_HOME setting in

$ sudo nano /etc/default/tomcat8

For example below we have commented out the Ubuntu open JDK and configured J9


NOTE: JAVA OPTIONS also in /etc/default/tomcat8 are set by the OSCAR DEB to that what is compatible with most Open JDK’s but you may get better performance by adjusting them from the defaults.  To adjust, you should review the documentation of the package you are using.   J9 in specific has a long history with some interesting garbage collection modes and some package specific  modes detailed at https://www.eclipse.org/openj9/docs/cmdline_migration/

Other Infrastructure Dependencies


OSCAR uses wkhtmltopdf to print some pdf content.  There are two versions of that program.  One is the version that you can apt install from an Ubuntu repository, which is feature restricted but usually gives good output.  It is not updated frequently.

If you are using a version of Ubuntu that has a GUI interface (desktop) it will be running X11 and you can use the following to install version or newer.  Do not use this version if you are installing a headless server (see below instead)

sudo apt install wkhtmltopdf

If you don’t like the output or you have a headless server, the wkhtmltopdf maintained by the developers has a patched QT and more features.  Currently the list of additional features include:

  • Running without an X11 server.
  • Printing more than one HTML document into a PDF file.
  • Adding a document outline to the PDF file.
  • Adding headers and footers to the PDF file.
  • Generating a table of contents.
  • Adding links in the generated PDF file.
  • Printing using the screen media-type.
  • Disabling the smart shrink feature of webkit.

The only feature that OSCAR has to have in a headless server is the ability to run without  X11.  The ability to disable the smart shrink can solve some output issues. You can get this version from the developer, and then install it and its dependencies with apt. You are on your own to notice download and install newer versions.  Note that versions 12.6 and above disable local file access by default and may need additional work to run with OSCAR.

wget https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox_0.12.5-1.bionic_amd64.deb
sudo apt install ./wkhtmltox_0.12.5-1.bionic_amd64.deb 

For OSCAR to pick up this binary either change the OSCAR property file or make a link

sudo ln -s /usr/local/bin/wkhtmltopdf /usr/bin/wkhtmltopdf

Test it to check the resultant pdf to see that it has the following output and displays correctly.

$ wkhtmltopdf -s Letter -T 10mm -L 8mm -R 8mm --print-media-type --disable-smart-shrinking --enable-local-file-access http://worldoscar.org test.pdf
Loading pages (1/6)
Counting pages (2/6)                                               
Resolving links (4/6)                                                       
Loading headers and footers (5/6)                                           
Printing pages (6/6)

MariaDB 10

OSCAR uses this database to store your data. You can use the latest version of MariaDB obtained on Ubuntu 18.04 Universe re with:

sudo apt install mariadb-server mariadb-client libmysql-java

This installation has no initial password and will need to be secured with the following (follow the scripts suggested defaults)

Feel free to use numbers and letters in your password.  If you proceed with the complication of using symbols “#,!, &,*, (, ), / , \ and $” in this password (e.g. pass&word), be sure to escape them when providing them to scripts below where the instructions supply ******  that require it (e.g. pass\&word).

$ sudo mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] 
New password: 
Re-enter new password: 
Remove anonymous users? [Y/n] 
Disallow root login remotely? [Y/n] 
Remove test database and access to it? [Y/n] 
Reload privilege tables now? [Y/n] 

Now there will only be the one root user set for MariaDB.

OPTIONAL: If you want to install phpmyadmin (not described) as a MariaDB front end do it now before the next step.

Log into the MariaDB server with that ‘root’ user and provide the password you just set with the following command:

$ sudo mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 65
Server version: 10.1.34-MariaDB-0ubuntu0.18.04.1 Ubuntu 18.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

Then you will want OSCAR to be able to login without using the unix_socket plugin to pass Linux root credentials.

The plugin prevents non system root users from logging in to MariaDB, but allows for root users to log in to MariaDB directly without a password. By removing the plugin everyone (including the non privileged tomcat user) can, and has to, sign into MariaDB by providing the MariaDB password.

MariaDB [(none)]> use mysql;
MariaDB [mysql]> update user set plugin='' where User='root';
MariaDB [mysql]> flush privileges;
MariaDB [mysql]> quit

VERSION NOTES: While OSCAR previously used MySQL, MySQL 5.7 and newer do not natively support OSCAR 15 although this is technically possible with modification. The MariaDB database is a binary compatible fork of MySQL.  Its developers (who founded MySQL) claim that it is faster than MySQL and better optimized.  Advanced cluster replication is available but varies from MySQL.

Tomcat 8.5

Java uses Apache Tomcat to present OSCAR’s webpages to your internet browser from the Universe repository.  There is no end of life for Tomcat 8.5 announced, but we expect that it will last to 2023 (Tomcat 7 after all is still supported in 2019).  The following, although it says tomcat8, installs tomcat 8.5.

sudo apt install tomcat8

Test by pointing your browser at http://localhost:8080

For a headless server you can test by installing a non graphical browser such as lynx.  Otherwise test from another machine by replacing localhost with the IP of the server.

It works !

If you’re seeing this page via a web browser, it means you’ve setup Tomcat successfully. Congratulations!

This is the default Tomcat home page. It can be found on the local filesystem at: /var/lib/tomcat8/webapps/ROOT/index.html

Tomcat8 veterans might be pleased to learn that this system instance of Tomcat is installed with CATALINA_HOME in /usr/share/tomcat8 and CATALINA_BASE in /var/lib/tomcat8, following the rules from /usr/share/doc/tomcat8-common/RUNNING.txt.gz.

If you don’t get a welcome screen then it is likely that Tomcat is not picking up your java, see troubleshooting in the Java section above.

Other Dependencies

Unzip is used to decompress zip files.  Curl is an internet file transfer utility.  Pgpgpg is optionally used by OSCAR to encrypt charts for export. Uncomplicated Fire Wall (ufw) will secure the server.  Apt-get them

sudo apt install unzip curl pgpgpg ufw

Installing OSCAR

Download the OSCAR deb package from Sourceforge.  There are several to choose from.

The naming format is oscar_emr{OSCAR_VERSION}-{DEB_VERSION}~{BUILD}.deb

  • The progression of any release is alpha, beta, release candidate, and then general release which reflects the amount of formal and informal testing that the build has undergone
  • We recommend the latest OSCAR 19 general release for production
  • Note that stability is not necessarily improved by a higher build number.
  • If you are experiencing bugs, try either upgrading to a higher number build (the last 3 digits of the deb’s name) that incorporates the fix, or downgrading to an earlier deb that does not have the problem.

All are at http://sourceforge.net/projects/oscarmcmaster/files

Note that the latest filename or path may be slightly different than exampled below.

wget http://sourceforge.net/projects/oscarmcmaster/files/Oscar\ Debian\+Ubuntu\ deb\ Package/oscar_emr19-31~1109.deb

Now simply run the package and follow the instructions

sudo dpkg -i oscar_emr19-25~1025.deb

The deb will provide feedback as to what it is doing however if you want more verbose details open another terminal window and invoke

tail -f /usr/share/oscar-emr/Oscar19install.log

New installs get the following install screens. (for upgrades see Appendix 1 below)

Start by providing the MySQL/MariaDB password you assigned.  OSCAR will use it to set up a modernized  version of the oscar_15 database for OSCAR 19.

This window will give you the option to populate the database with a demo patient with which to develop familiarity with OSCAR.  You can remove the demo data later with the following (replace ****** with your MariaDB/Mysql password, escaping any symbols (if any) that you used in the password).

mysql -uroot -p******* oscar_15 <  /usr/share/oscar-emr/undemo.sql

While customary production settings will be applied, they can be changed manually through editing /usr/share/tomcat8/oscar.properties in your favorite text editor. Note that OSCAR/Tomcat need to restart whenever the properties file is modified, to have the settings take effect.

The terminal will provide feedback as OSCAR is assembled and configured.

Allow for a good quarter hour for the deb to run.  Once Tomcat restarts you will be given back the prompt.

You can read the readme!

less /usr/share/oscar-emr/README.txt 

Trying It Out

At this point you have a fairly plain install. To test the connection, click on the link displayed on the output above or open your web browser and type in the address manually.  While most new browsers (Chrome, Safari, Edge etc) will work, for production use we strongly recommend FireFox ESR version, for stability, for tested OSCAR features and a large number of grease monkey addons that you can get on these pages.  It also is open source and doesn’t sell your data.

Whatever browser you choose you should see the OSCAR login page with clicking on one of the following links.

In most cases you will be prompted to reach your SSL secured OSCAR server at https://localhost:8443/oscar .

Firefox will complain with an “insecure connection” error as the certificate is either self-signed, or it is a proper certificate but accessed on the local network and not on what you supplied for the FQDN (www.something.org) .   As it is your installation you can safely click on “Advanced” and set an exception and proceed to your OSCAR server.

Sometimes you get an Apache Tomcat error page indicating that the resource (oscar) is not available.  This usually will occur if you have inadequate memory allocated (see above for minimum and suggested provisioning).

Rarely if the installer was unable to configure SSL for you, the deb will warn you that your installation may be INSECURE but will work at http://localhost:8080/oscar

In the latter case, if  you had not already done so please manually secure your Oscar server using standard instructions for hardening for Tomcat 8 provided by Apache and others on the web.

The initial login parameters for OSCAR are as follows:

User Name: oscardoc
Password: mac2002
2nd Level Passcode: 1117

When you login then you will be presented with a one time password reset for security purposes
8 characters upper and lower case numbers and symbols are required with default oscar.properties settings

You have successfully installed a plain OSCAR and you can start playing with it.

Finishing Touches

You have 99% of a production ready OSCAR instance at this point.  There are some minimal additional configuration settings that you really should do at this point to secure any exported data and to protect the server itself.

Two factor authentication increases the security of the login process.

Data exports depend on PGP to encrypt the zipped patient files.

Principles of layered security require that a firewall be configured on the server even if your box is behind a solid open source router such as pfSense.


OSCAR can be configured to support  increased security.  Two-factor authorization is achieved with the user name and password (what the end user knows) and a one-time pin generated by an authenticator housed in the users smartphone (something they have).  Starting in OSCAR 19.1 a 2FA.sql script will be set to run for new installs, and be made available for running for upgrades.

First for global control set the oscar.properties key for Time-based One-Time Password TOTP to 1

 For a given user to be able to use 2FA the oscar_15.security table will need to have totp_enabled set to 1 and a mime32 encoded secret set.  The following is the setup for an user named oscardoc
MariaDB [oscar_15]> UPDATE security SET totp_enabled=1 WHERE user_name='oscardoc';
MariaDB [oscar_15]> UPDATE security SET totp_secret='ELA3JCFBOSJCGZEF7U2BVSZQQ7VJ4DHOBKWI35K3A3QV26HW' WHERE user_name='oscardoc';
Remember to use this secret, the time period (default 30s) and encryption (default sha1) to set up the Authenticator app on the smart phone (you can use FreeOTP app).
The server side is handled by OATHTOOL
sudo apt-get install oathtool
Ensure that crontab has an appropriate entry for the 2FA.sh script that calls oathtool
* * * * * /usr/share/oscar-emr/2FA.sh

Configuring PGP

Generate a key for use in OSCAR for the tomcat8 user.  Follow the prompts (the defaults will do fine), and set a pass phrase.  Be sure to set a name and email to serve as the UID for the key, and as a handle on any files you need to sign.  The following is similar to expected output.

$ sudo mkdir /var/lib/tomcat8/.gnupg
$ sudo chown tomcat8:tomcat8 /var/lib/tomcat8/.gnupg
$ sudo chmod 700 /var/lib/tomcat8/.gnupg
$ sudo -H -s -u tomcat8
tomcat8@hfht:~$ tmux
[detached (from session 0)]

tomcat8@hfht:~$ gpg --gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keybox '/var/lib/tomcat8/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: peter
Email address: phc@hfht.ca
You selected this USER-ID:
"peter <phc@hfht.ca>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /var/lib/tomcat8/.gnupg/trustdb.gpg: trustdb created
gpg: key 5751416F6141C64A marked as ultimately trusted
gpg: directory '/var/lib/tomcat8/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/var/lib/tomcat8/.gnupg/openpgp-revocs.d/2E1B55F5826A3B1D0A7A85E15751416F6141C64A.rev'
public and secret key created and signed.

pub   rsa3072 2019-05-16 [SC] [expires: 2021-05-15]
uid                      peter <phc@hfht.ca>
sub   rsa3072 2019-05-16 [E] [expires: 2021-05-15]


To configure OSCAR to use pgpgpg you need to change the oscar.properties file key value to the UID you selected, in the above case you would use

PGP_KEY: peter <phc@hfht.ca>

Update the location of the keyring and configuration for the tomcat8 user, for the method cited that would be the following.

PGP_ENV: GNUPGHOME=/var/lib/tomcat8/.gnupg

There are many options for encryption and you must balance ease of use and security.  Symmetric encryption will assign a password to both encrypt/decrypt the generated file.  You can configure that with the following setting (replace the ******* below with a password string)

PGP_CMD: -c --batch --passphrase *****************

To test your configuration you must

  1. restart tomcat8 to apply these property settings
  2. define a “demographic set” in Report > Demographic Report Tool
  3. export in Administration > Data Management > Demographic Export
  4. test decryption of the resultant file

There are many programs that support PGP standards in many operating systems.  You can decrypt as your previously configured tomcat8 user on the OSCAR server itself with something similar to

$ sudo -H -s -u tomcat8
tomcat8@hfhtphd03:~$ tmux
[detached (from session 0)]
tomcat8@hfht:~$ gpg -d export_set1_20190516143152.zip.pgp

You will need to supply the password that you set earlier in oscar.properties .

Uncomplicated Firewall

The default settings should allow all outgoing connections and deny all incoming

sudo ufw default deny incoming
sudo ufw default allow outgoing

The following are ports that you will need to consider in any firewall on an OSCAR server

  • As a minimum users will access OSCAR externally on port 8443, it needs to be open
  • if you are using SSH to access your sever you need to allow your port (usually 22) *before* you enable the firewall
  • OPTIONAL Certbot needs port 80 to renew the server certificate
  • OPTIONAL Phpmyadmin uses port 80 to administer MariaDB
  • OSCAR uses port 3306 locally to access patient data in MariDB, it can be closed to external access
  • OSCAR uses port 8080 locally to access drugref for the lists of drugs, it can be closed to external access
sudo ufw allow 8443
sudo ufw allow 22

ports 3306 and 8080 will be blocked to external access with the default rules but I like to explicitly close them with

sudo ufw close 3306
sudo ufw close 8080

Enable the firewall

sudo ufw enable

Check the settings

sudo ufw status

Upgrades and Downgrades


Migrations from OSCAR 15 use the same syntax for upgrade as for installation and both the program and the database will be updated.  You can do this safely as you will not break your installation.  However as upgrading will occasionally break functionality with a new bug, be prepared to revert by downgrading.  Ensure you have backup in hand (!) and then you can revert to an earlier OSCAR 19 thusly

sudo dpkg -i oscar_emr19beta-1~932.deb

Data Migration OSCAR 15-19

If you are upgrading from OSCAR 15 remember to run the data migration tools in Administration to finish your setup.  Everyone has to run the migrations to Roster Data.

Administration > Updates and Migrations

Only those with pre-existing HRM data need to run the HRM utility.  ONAR migration is a tool for migration from OSCAR 12, you do not need to run.  The DEB will migrate you to the new Contacts interface (the old one is deprecated), do not run the migration utility after a DEB install or you will have duplicate entries!  You will need to upgrade the Roster data.  Do not rush, for even a medium sized clinic these migrations can take over an hour.

Upgrade Roster Data

This utility will migrate OSCAR 15 rostered physician data to the newer OSCAR 19 format (OntarioMD 5.0 CMS standard). This utility will set the Enrolled To Physician to that of MRP for patients where Roster Status was set to ROSTERED.
This is only run once on conversion of an OSCAR 15 system to an OSCAR 19
Allow a coffee break for this to run.  When finished “Upgrade Complete” will display

Migrate HRM

This utility will migrate OSCAR 15 HRM data to the newer OSCAR 19 format. This is only run once on conversion of an OSCAR 15 system to an OSCAR 19. Allow at least an hour for this
when done the “Changes were successful” message will display

Middle Names

In prior versions middle names were often inserted into the first name spot in the master demographic record.  You can migrate them to the middle names section with the following.

First log into MariaDB and clean the data in case end users have  added padding to the first_name

$ sudo mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 65
Server version: 10.1.34-MariaDB-0ubuntu0.18.04.1 Ubuntu 18.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> UPDATE demographic set first_name=TRIM(first_name);

Now extract the second (and further) name for middleNames

UPDATE `demographic` SET `middleNames` = CASE
    WHEN `middleNames`='' OR `middleNames` IS NULL
        THEN If(length(`first_name`) - length(replace(`first_name`, ' ', ''))>0,SUBSTRING_INDEX(`first_name`, ' ',   -length(`first_name`) + length(replace(`first_name`, ' ', ''))), '')
    ELSE `middleNames` END;

Now trim the first_name to just the first

UPDATE demographic SET first_name=If(length(first_name) - length(replace(first_name, ' ', ''))>0,SUBSTRING_INDEX(first_name, ' ', 1) ,first_name);


OSCAR 19 is a rolling release so that stability can fluctuate.  If the newer version you install appears unstable you can downgrade the installation by running the older deb to overwrite the new.  With OSCAR you used to have to delete the existing oscar.war first to be sure that newer java classes can be replaced with the older ones.  This is strictly no longer necessary but remains good form.

sudo rm /var/lib/tomcat8/webapps/oscar.war

then run the older deb over the new one.  Note that if you have used a data migration tool in OSCAR 19 you can only go back to OSCAR 18 or newer, there is no going back to OSCAR 15 at that point.  If you are using Java 8 and Tomcat 8.5 you can use a DEB no older than oscar_emr15-88~844.deb.

sudo dpkg -i oscar_emr15-88~844.deb

Removal of OSCAR

Although OSCAR isn’t for everyone, consider asking for help on the sourceforge list for BC-users (its misnamed) or sending us a note why you are uninstalling it.  OSCAR can be removed using dpkg

sudo dpkg --remove oscar-emr

This will remove the program, but keep the data and configurations.
For complete removal of all sensitive patient data, or just to clear your server for further testing, you need to use purge.  Be very careful that you are on the right server and have backups on hand before you run this as it cannot be undone.

sudo dpkg --purge oscar-emr