update httpd directives using latest upstream htaccess content

nextcloud-README.fedora

@@ -12,7 +12,7 @@ If not, make sure your webserver is running properly.
 
 Webserver
 ---------
-Currently nextcloud in Fedora supports httpd (Apache) and nginx. You must install
+Currently nextcloud in Fedora/EPEL supports httpd (Apache) and nginx. You must install
 at least one webserver subpackage (nextcloud-<webserver>). These packages
 include additional configuration files for the webservers. Remote access is
 disabled by default on httpd. To enable access from any host for Apache **AFTER** you
@@ -67,7 +67,7 @@ ownership and SELinux context attributes.
 Logging
 -------
 As specified by the configuration file, nextcloud sends messages to the system
-logger, which means in a standard Fedora configuration it will log to the
+logger, which means in a standard Fedora/EPEL configuration it will log to the
 systemd journal: try "journalctl -b -t Nextcloud". You can also change the
 loglevel or switch to the built-in log mechanism of nextcloud.
 
@@ -115,4 +115,4 @@ systemctl enable --now nextcloud-cron.timer
 Migration from owncloud
 -----------------------
 
-For detailed instructions on this please read MIGRATION.fedora
+For detailed instructions on this please read MIGRATION.distro

nextcloud-defaults.inc

@@ -1,78 +1,8 @@
-# These are based on the .htaccess file shipped by ownCloud, with
-# appropriate adjustments for distribution packaging. Some directives
-# that are irrelevant to the Fedora/EPEL ecosystem are omitted. This
-# file contains directives that should be applied within the /nextcloud
-# filesystem; directives that should be applied site-wide when
-# ownCloud is installed are placed directly in nextcloud.conf.
+# The contents of the default Nextcloud .htaccess file are appended to this
+# file during build. Some directives may be irrelevant to the Fedora/EPEL
+# ecosystem but are NOT omitted.
 #
 # DO NOT EDIT THIS FILE DIRECTLY. To override any element of the
-# packaged ownCloud configuration, create a new /etc/httpd/conf.d/
-# file which will be read later than 'nextcloud.conf'.
+# packaged Nextcloud configuration, create a new /etc/httpd/conf.d/
+# file which will be read later than this one.
 
-AllowOverride None
-
-ErrorDocument 403 /nextcloud/core/templates/403.php
-ErrorDocument 404 /nextcloud/core/templates/404.php
-
-<IfModule mod_fcgid.c>
-    <IfModule mod_setenvif.c>
-        <IfModule mod_headers.c>
-            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
-        </IfModule>
-    </IfModule>
-    <FilesMatch \.(php|phar)$>
-        SetHandler "proxy:unix:/run/php-fpm/nextcloud.sock|fcgi://localhost"
-    </FilesMatch>
-</IfModule>
-
-<IfModule mod_php5.c>
-    php_value upload_max_filesize 10G
-    php_value post_max_size 10G
-    php_value memory_limit 512M
-    php_value mbstring.func_overload 0
-    php_value always_populate_raw_post_data -1
-    php_value default_charset 'UTF-8'
-    php_value output_buffering off
-    <IfModule mod_env.c>
-        SetEnv htaccessWorking true
-    </IfModule>
-</IfModule>
-
-<IfModule mod_php7.c>
-    php_value upload_max_filesize 10G
-    php_value post_max_size 10G
-    php_value memory_limit 512M
-    php_value mbstring.func_overload 0
-    php_value always_populate_raw_post_data -1
-    php_value default_charset 'UTF-8'
-    php_value output_buffering off
-    <IfModule mod_env.c>
-        SetEnv htaccessWorking true
-    </IfModule>
-</IfModule>
-
-# The rewrites for legacy caldav and carddav URLs are omitted here
-# because they do not work with Fedora's ownCloud directory layout.
-# See https://github.com/nextcloud/core/issues/243#issuecomment-75426453
-<IfModule mod_rewrite.c>
-    RewriteEngine on
-    RewriteBase /nextcloud/
-    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-    RewriteRule ^remote/(.*) remote.php [QSA,L]
-</IfModule>
-
-AddDefaultCharset utf-8
-Options -Indexes
-
-<IfModule pagespeed_module>
-    ModPagespeed Off
-</IfModule>
-
-<IfModule mod_headers.c>
-    <FilesMatch "\.(css|js)$">
-        Header set Cache-Control "max-age=7200, public"
-    </FilesMatch>
-    # https://docs.nextcloud.com/server/25/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
-    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
-</IfModule>

nextcloud-fedora-autoloader.php

@@ -1,70 +0,0 @@
-<?php
-$vendor = '##DATADIR##/php';
-
-if (!isset($fedoraClassLoader) || !($fedoraClassLoader instanceof \Symfony\Component\ClassLoader\ClassLoader)) {
-    if (!class_exists('Symfony\\Component\\ClassLoader\\ClassLoader', false)) {
-        require_once $vendor . '/Symfony/Component/ClassLoader/ClassLoader.php';
-    }
-
-    $fedoraClassLoader = new \Symfony\Component\ClassLoader\ClassLoader();
-    $fedoraClassLoader->register();
-}
-
-// For PEAR components
-$fedoraClassLoader->setUseIncludePath(true);
-
-// Dependencies from 3rdparty composer.json
-// "guzzlehttp/guzzle"
-require_once $vendor . '/GuzzleHttp/autoload.php';
-// "sabre/dav"
-require_once $vendor . '/Sabre/DAV/autoload.php';
-// "doctrine/dbal"
-require_once $vendor . '/Doctrine/DBAL/autoload.php';
-// mcnetic/zipstreamer"
-require_once $vendor . '/ZipStreamer/autoload.php';
-// "phpeclib/phpseclib"
-require_once $vendor . '/phpseclib/autoload.php';
-// "rackspace/php-opencloud"
-require_once $vendor . '/OpenCloud/autoload.php';
-// "jeremeamia/superclosure"
-require_once $vendor . '/SuperClosure/autoload.php';
-// "bantu/ini-get-wrapper"
-require_once $vendor . '/bantu/IniGetWrapper/IniGetWrapper.php';
-// "natxet/CssMin"
-require_once $vendor . '/natxet/CssMin/autoload.php';
-// "punic/punic"
-require_once $vendor . '/Punic/autoload.php';
-// "patchwork/utf8"
-require_once $vendor . '/Patchwork/autoload.php';
-// "symfony/console"
-require_once $vendor . '/Symfony/Component/Console/autoload.php';
-// "symfony/event-dispatcher"
-require_once $vendor . '/Symfony/Component/EventDispatcher/autoload.php';
-// "symfony/routing"
-require_once $vendor . '/Symfony/Component/Routing/autoload.php';
-// "symfony/process"
-require_once $vendor . '/Symfony/Component/Process/autoload.php';
-// "pimple/pimple"
-require_once $vendor . '/Pimple/autoload.php';
-// "ircmaxell/password-compat"
-if (file_exists($vendor . '/password_compat/password.php')) {
-   require_once $vendor . '/password_compat/password.php';
-}
-// "nikic/php-parser"
-require_once $vendor . '/PhpParser/autoload.php';
-// "icewind/Streams"
-require_once $vendor . '/Icewind/Streams/autoload.php';
-// "swiftmailer/swiftmailer
-require_once $vendor . '/Swift/swift_required.php';
-// "league/flysystem"
-require_once $vendor . '/League/Flysystem/autoload.php';
-// "interfasys/lognormalizer"
-require_once $vendor . '/InterfaSys/LogNormalizer/autoload.php';
-// "deepdiver1975/TarSTreamer"
-require_once $vendor . '/ownCloud/TarStreamer/autoload.php';
-// "patchwork/jsqueeze"
-require_once $vendor . '/Patchwork/JSqueeze.php';
-// "symfony/polyfill-php{55,56,70}"
-require_once $vendor . '/Symfony/Polyfill/autoload.php';
-// "lukasreschke/id3parser": "^0.0.1"
-require_once $vendor . '/ID3Parser/autoload.php';

nextcloud-httpd.conf

@@ -16,9 +16,12 @@ Alias /nextcloud /usr/share/nextcloud
 # Allows compliant CalDAV / CardDAV clients to be configured using only
 # the domain name. For more details see # http://tools.ietf.org/html/rfc6764
 
-Redirect 301 /.well-known/carddav    /nextcloud/remote.php/dav
-Redirect 301 /.well-known/caldav     /nextcloud/remote.php/dav
-Redirect 301 /.well-known/webdav     /nextcloud/remote.php/dav
+# Nextcloud 29 checks specifically for trailing slash in dav 301 redirects
+# https://github.com/nextcloud/server/issues/45033#issuecomment-2079306503
+
+Redirect 301 /.well-known/carddav    /nextcloud/remote.php/dav/
+Redirect 301 /.well-known/caldav     /nextcloud/remote.php/dav/
+Redirect 301 /.well-known/webdav     /nextcloud/remote.php/dav/
 Redirect 301 /.well-known/webfinger  /nextcloud/index.php/.well-known/webfinger
 Redirect 301 /.well-known/nodeinfo   /nextcloud/index.php/.well-known/nodeinfo
 

nextcloud-integritycheck-exclusion.patch

@@ -0,0 +1,34 @@
+From 9f38c6300712a23ccdc75e140143a1c461e15705 Mon Sep 17 00:00:00 2001
+From: Andrew Bauer <zonexpertconsulting@outlook.com>
+Date: Mon, 24 Jun 2024 10:11:23 -0500
+Subject: [PATCH] silence integrity check for excluded files
+
+---
+ lib/private/IntegrityCheck/Checker.php | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
+index a6de3cf6030d7..3974483601b08 100644
+--- a/lib/private/IntegrityCheck/Checker.php
++++ b/lib/private/IntegrityCheck/Checker.php
+@@ -337,7 +337,20 @@ private function verify(string $signaturePath, string $basePath, string $certifi
+ 		$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
+ 		$differences = array_unique(array_merge($differencesA, $differencesB));
+ 		$differenceArray = [];
++
++		# Nasty hack to silence the integrity checker for files patched during the build process or files we simply don't care about
++		$excludedFilenames = [
++//sedplaceholder			];
++
+ 		foreach ($differences as $filename => $hash) {
++
++			# Skip if the file in question matches our exclusion list
++			foreach ($excludedFilenames as $excludedFilename) {
++			  if (strpos($filename, $excludedFilename)!==false) {
++			    break 2;
++			  }
++			}
++
+ 			// Check if file should not exist in the new signature table
+ 			if (!array_key_exists($filename, $expectedHashes)) {
+ 				$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';

nextcloud.spec

@@ -1,11 +1,16 @@
+%if 0%{?fedora}
+%global distro fedora
+%else
+%global distro epel
+%endif
+
 Name:           nextcloud
-Version:        28.0.6
+Version:        29.0.3
 Release:        %autorelease
 Summary:        Private file sync and share server
 License:        AGPLv3+ and MIT and BSD and ASL 2.0 and WTFPL and CC-BY-SA and GPLv3+ and Adobe
 URL:            http://nextcloud.com
 Source0:        https://download.nextcloud.com/server/releases/%{name}-%{version}.tar.bz2
-%define php_version 8.2
 
 # basic nextcloud config.php, nextcloud's
 # initial setup will fill out other settings appropriately
@@ -36,14 +41,12 @@ Source303:      %{name}-MIGRATION.fedora
 Patch0:         0000-disable-update-version-check.patch
 # Change occ shebang to /usr/bin/php
 Patch1:         0001-mangle-shebang.patch
+# Add the ability to exclude files we specify from the nextcloud integrity checker
+Patch2:         nextcloud-integritycheck-exclusion.patch
 
 BuildArch:      noarch
-# For the systemd macros
-%if 0%{?fedora} > 29
 BuildRequires:  systemd-rpm-macros
-%else
-BuildRequires:  systemd
-%endif
+
 # expand pear macros on install
 BuildRequires:  php-pear
 
@@ -88,7 +91,20 @@ Requires:       php-zip
 Requires:       %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
 
 # Bundled composer libraries
+# generated with utils/get-bundled-versions.py
+# tar xf nextcloud-28.0.6.tar.bz2
+# cd nextcloud
+# ../utils/get-bundled-versions.py
 # many of these can be unbundled
+# I think utils/get-composer-requires.py is a tool to check if these are available on Fedora
+Provides: bundled(php-composer(hexogen/kdtree)) = 0.2.5
+Provides: bundled(php-composer(icewind/smb)) = 3.5.4
+Provides: bundled(php-composer(icewind/streams)) = 0.7.7
+Provides: bundled(php-composer(bamarni/composer-bin-plugin)) = 1.8.2
+Provides: bundled(php-composer(adhocore/cli)) = 1.6.1
+Provides: bundled(php-composer(nextcloud/openapi-extractor)) = dev-main
+Provides: bundled(php-composer(nikic/php-parser)) = 4.17.1
+Provides: bundled(php-composer(phpstan/phpdoc-parser)) = 1.24.2
 Provides: bundled(php-composer(amphp/amp)) = 2.6.2
 Provides: bundled(php-composer(amphp/byte-stream)) = 1.8.1
 Provides: bundled(php-composer(amphp/parallel)) = 1.4.3
@@ -99,21 +115,13 @@ Provides: bundled(php-composer(amphp/sync)) = 1.4.2
 Provides: bundled(php-composer(league/flysystem)) = 2.5.0
 Provides: bundled(php-composer(league/mime-type-detection)) = 1.11.0
 Provides: bundled(php-composer(psr/log)) = 1.1.4
-Provides: bundled(php-composer(rubix/ml)) = 0.4.1
+Provides: bundled(php-composer(rubix/ml)) = 2.1.1
 Provides: bundled(php-composer(rubix/tensor)) = 2.2.3
 Provides: bundled(php-composer(symfony/polyfill-mbstring)) = 1.27.0
 Provides: bundled(php-composer(symfony/polyfill-php73)) = 1.26.0
 Provides: bundled(php-composer(symfony/polyfill-php80)) = 1.27.0
-Provides: bundled(php-composer(adhocore/cli)) = 1.6.1
-Provides: bundled(php-composer(nextcloud/openapi-extractor)) = 1.6.1
-Provides: bundled(php-composer(nikic/php-parser)) = 4.17.1
-Provides: bundled(php-composer(phpstan/phpdoc-parser)) = 1.24.2
-Provides: bundled(php-composer(hexogen/kdtree)) = 0.2.5
 Provides: bundled(php-composer(christian-riesen/base32)) = 1.6.0
 Provides: bundled(php-composer(rullzer/easytotp)) = 0.1.4
-Provides: bundled(php-composer(icewind/smb)) = 3.5.4
-Provides: bundled(php-composer(icewind/streams)) = 0.7.7
-Provides: bundled(php-composer(bamarni/composer-bin-plugin)) = 1.8.2
 Provides: bundled(php-composer(aws/aws-crt-php)) = 1.0.2
 Provides: bundled(php-composer(aws/aws-sdk-php)) = 3.240.8
 Provides: bundled(php-composer(bantu/ini-get-wrapper)) = 1.0.1
@@ -156,7 +164,7 @@ Provides: bundled(php-composer(php-http/guzzle7-adapter)) = 1.0.0
 Provides: bundled(php-composer(php-http/httplug)) = 2.2.0
 Provides: bundled(php-composer(php-http/promise)) = 1.1.0
 Provides: bundled(php-composer(php-opencloud/openstack)) = 3.2.1
-Provides: bundled(php-composer(phpseclib/phpseclib)) = 2.0.45
+Provides: bundled(php-composer(phpseclib/phpseclib)) = 2.0.47
 Provides: bundled(php-composer(pimple/pimple)) = 3.5.0
 Provides: bundled(php-composer(psr/cache)) = 3.0.0
 Provides: bundled(php-composer(psr/clock)) = 1.0.0
@@ -305,10 +313,13 @@ find . -name .github    -type d -prune -exec rm -r {} \; -print
 sed -i -e 's#./\(occ upgrade\)#sudo -u apache php /usr/share/nextcloud/\1#' core/templates/update.admin.php
 
 # prepare package doc
-cp %{SOURCE300} README.fedora
+cp %{SOURCE300} README.%{distro}
 cp %{SOURCE301} README.mysql
 cp %{SOURCE302} README.postgresql
-cp %{SOURCE303} MIGRATION.fedora
+cp %{SOURCE303} MIGRATION.%{distro}
+
+# point the reader to the correct README filename
+sed -i 's/distro/%{distro}/g' README.%{distro}
 
 # Locate license files and put them sensibly in place
 # get rid of all composer licenses
@@ -318,6 +329,42 @@ find -wholename "*/composer/LICENSE" -exec mv {} composer-LICENSE \;
 find . -mindepth 2 \( -name '*LICENSE*' -o -name '*LICENCE*' \) | { while read a ; do mv "$a" $(echo $a | sed "s_^./__" | tr "/ " "__" )-LICENSE ; done ; }
 find . -mindepth 2 -name '*COPYING*' | { while read a ; do mv "$a" $(echo $a | sed "s_^./__" | tr "/ " "__" )-COPYING ; done ; }
 
+# case-sensitive list of partial matches to exclude from the nextcloud integrity checker
+# include readme, license, other docs, and any files we move or patch during the build
+excludedFilenames="
+README
+readme
+LICENSE
+LICENCE
+license
+copying
+COPYING
+AUTHORS
+htaccess
+gitignore
+user.ini
+update.admin.php
+Updater.php
+occ
+Checker.php
+"
+
+# nextcloud source files use tabs rather than spaces, ew
+tabs="				"
+cr="
+"
+
+# Add quotes, commas, and escaped newlines
+for f in $excludedFilenames; do
+  formattedlist="$formattedlist$tabs'$f',\\$cr"
+done
+
+# look for our sed placeholder we patched in earlier, then insert our formatted list of keywords
+sed -i "s|//sedplaceholder|${formattedlist}|" lib/private/IntegrityCheck/Checker.php
+
+# Build nextcloud-defaults.inc from upstream .htaccess. We will install it later.
+cat .htaccess >> %{SOURCE105}
+
 %check
 # Make sure there are no license files left over
 : Check for leftover license files
@@ -421,7 +468,7 @@ if [ $1 -eq 0 ]; then
 fi
 
 %files
-%doc AUTHORS README.fedora MIGRATION.fedora config/config.sample.php
+%doc AUTHORS README.%{distro} MIGRATION.%{distro} config/config.sample.php
 %license *-LICENSE
 %dir %attr(-,apache,apache) %{_sysconfdir}/%{name}
 # contains sensitive data (dbpassword, passwordsalt)

sources

@@ -1 +1 @@
-SHA512 (nextcloud-28.0.6.tar.bz2) = f34c895602bd63f2e61492e91b9949852f9d2422c3b8740e851107efe5d46de72d8ec06a15c808fa27503546067d62d3166b55ff9979b18f36546845791941c2
+SHA512 (nextcloud-29.0.3.tar.bz2) = b3e27bff91446b33fd26408577a9ee04ef74684de37cf9971e572fd00ca9c864060e6fee3a30279488fd3b1fdbe3497da607241ae2eb1b566fa2cef9142ad900