Server: Integrity check fails on 16.0.2 / 16.0.3

Created on 14 Jul 2019 · 10Comments · Source: nextcloud/server

Steps to reproduce

Update Nextcloud from 16.0.1 to 16.0.2 or 16.0.3

Expected behaviour

Integrity check should pass

Actual behaviour

Integrity check fails in the Nextcloud VM as well. It didn't happen in 16.0.1 but started to happen when upgrading from 16.0.1/16.0.2 --> 16.0.3.

In the VM we copy the content of .htaccess to .user.ini due to that the max_upload values are changed (PHP-FPM). That file gets an invalid hash as a result. Though nothing is changed in the way the script works in that matter, so I'm guessing you guys made the check more strict, or it's actually a bug?

cc @LukasReschke

More info under "Known issues" here: https://github.com/nextcloud/vm/releases/tag/16.0.3

Server configuration detail

Operating system: Linux 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64

Webserver: Apache/2.4.29 (Ubuntu) (fpm-fcgi)

Database: pgsql PostgreSQL 10.9 (Ubuntu 10.9-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit

PHP version:

7.2.19-0ubuntu0.18.04.1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, json, PDO, xml, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, imap, intl, redis, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, shmop, SimpleXML, smbclient, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 16.0.3 - 16.0.3.0

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[.user.ini] => Array
(
[expected] => 4843b3217e91f8536cb9b52700efb20300290292cf6286f92794d4cec99df286afeb7dd6c91b1be20bc55eda541eef230a5c5e7dcd46c189edd0ed1e80c6d3f5
[current] => 3fadb60f97666a1f66cf5ef4a4b4944f9326f6c7e6c2eae8b8b7f0a7ece705c67a99624c6ea56e4a6526ea9ac5611563b0df56b093c6f5f48c1ee2ff560d54cc
)

            )

    )

)

List of activated apps

Enabled:
 - accessibility: 1.2.0
 - activity: 2.9.1
 - bookmarks: 1.0.6
 - calendar: 1.7.0
 - cloud_federation_api: 0.2.0
 - comments: 1.6.0
 - contacts: 3.1.3
 - dav: 1.9.2
 - extract: 1.2.0
 - federatedfilesharing: 1.6.0
 - federation: 1.6.0
 - files: 1.11.0
 - files_antivirus: 2.1.1
 - files_pdfviewer: 1.5.0
 - files_rightclick: 0.13.0
 - files_sharing: 1.8.0
 - files_texteditor: 2.8.0
 - files_trashbin: 1.6.0
 - files_versions: 1.9.0
 - files_videoplayer: 1.5.0
 - firstrunwizard: 2.5.0
 - gallery: 18.3.0
 - impersonate: 1.3.0
 - issuetemplate: 0.5.0
 - logreader: 2.1.0
 - lookup_server_connector: 1.4.0
 - nextcloud_announcements: 1.5.0
 - notes: 3.0.0
 - notifications: 2.4.1
 - oauth2: 1.4.2
 - password_policy: 1.6.0
 - phonetrack: 0.5.2
 - privacy: 1.0.0
 - provisioning_api: 1.6.0
 - richdocuments: 3.3.13
 - serverinfo: 1.6.0
 - sharebymail: 1.6.0
 - survey_client: 1.4.0
 - systemtags: 1.6.0
 - tasks: 0.11.0
 - theming: 1.7.0
 - twofactor_backupcodes: 1.5.0
 - updatenotification: 1.6.0
 - viewer: 1.0.0
 - workflowengine: 1.6.0
Disabled:
 - admin_audit
 - encryption
 - files_external
 - recommendations
 - support
 - user_ldap

Configuration (config/config.php)

{
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "localhost",
        "192.168.15.111",
        "cloud.danielhansson.nu",
        "office.danielhansson.nu"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "pgsql",
    "version": "16.0.3.0",
    "overwrite.cli.url": "https:\/\/clouddanielhansson\/",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpmode": "smtp",
    "remember_login_cookie_lifetime": "1800",
    "log_rotate_size": "10485760",
    "memcache.local": "\\OC\\Memcache\\Redis",
    "filelocking.enabled": true,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 0,
        "timeout": 0.5,
        "dbindex": 0,
        "password": "***REMOVED SENSITIVE VALUE***"
    },
    "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
    "forwarded_for_headers": [
        "HTTP_X_FORWARDED",
        "HTTP_FORWARDED_FOR"
    ],
    "htaccess.RewriteBase": "\/",
    "loglevel": "2",
    "log_type": "file",
    "logfile": "\/mnt\/ncdata\/nextcloud.log",
    "logtimezone": "Europe\/Stockholm",
    "maintenance": false,
    "mail_smtpsecure": "tls",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "LOGIN",
    "mail_smtpauth": 1,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "trashbin_retention_obligation": "auto, 90",
    "activity_expire_days": 60,
    "app_install_overwrite": [
        "tasks"
    ]
}

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption:

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Operating system:

Logs

Web server error log

Insert your web server log here

Nextcloud log

Insert your Nextcloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

0. Needs triage bug

Source

enoch85

All 10 comments

Sorry for bumping, but saw that this got solved: https://github.com/nextcloud/server/pull/16492

cc @MorrisJobke @kesselb

enoch85 on 23 Jul 2019

👍1

@Dennis1993 Why was this closed?

enoch85 on 23 Jul 2019

Still valid.

enoch85 on 23 Jul 2019

https://stackoverflow.com/questions/38190279/can-i-override-php-setting-in-htaccess-when-using-php-fpm

It's not longer necessary to alter the .htaccess with php-fpm. Not a solution but one warning less :sunglasses:

kesselb on 24 Jul 2019

👍1

@kesselb Thanks, but I don't edit .htacess and it's not complaining about it either. It's complaining about .user.ini which I copy from .htaccess.

In the VM we copy the content of .htaccess to .user.ini

Do you know if this is the case?

so I'm guessing you guys made the check more strict, or it's actually a bug?

enoch85 on 24 Jul 2019

https://github.com/nextcloud/vm/blob/f2e590d10d3222fffbc020d1f575bcbb21ffe3f0/lib.sh#L574-L575

This is not going to work. The .user.ini format is different from .htaccess. https://github.com/nextcloud/server/pull/14430 take a look at this pr. It's not longer required to patch .user.ini or .htaccess for a higher upload limit. Set the right values within the php-fpm configuration.

kesselb on 24 Jul 2019

👍1

Thanks @kesselb! Will definitely try that.

enoch85 on 24 Jul 2019

Yep - @kesselb is right. Changing .htaccess or .user.ini is not allowed. And should also not be needed.

MorrisJobke on 24 Jul 2019

@MorrisJobke So just to be clear here, it worked in 16.0.1, so something changed in 16.0.3? It seems from the PR that this behavior was in 16.0.0 already. Yet it worked in both 16.0.0 and 16.0.1 :thinking:

enoch85 on 24 Jul 2019

I don't know why the integrity check does not complain about 16.0.0 / 16.0.1 :disappointed:

kesselb on 12 Aug 2019

Was this page helpful?

0 / 5 - 0 ratings