From cda4bc06dbeab6d34d7046159c5f752073dec898 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sat, 22 Jun 2024 10:11:58 -0500 Subject: [PATCH 1/6] remove nextcloud-fedora-autoloader.php as it is no longer used --- nextcloud-fedora-autoloader.php | 70 --------------------------------- 1 file changed, 70 deletions(-) delete mode 100644 nextcloud-fedora-autoloader.php diff --git a/nextcloud-fedora-autoloader.php b/nextcloud-fedora-autoloader.php deleted file mode 100644 index a125728..0000000 --- a/nextcloud-fedora-autoloader.php +++ /dev/null @@ -1,70 +0,0 @@ -register(); -} - -// For PEAR components -$fedoraClassLoader->setUseIncludePath(true); - -// Dependencies from 3rdparty composer.json -// "guzzlehttp/guzzle" -require_once $vendor . '/GuzzleHttp/autoload.php'; -// "sabre/dav" -require_once $vendor . '/Sabre/DAV/autoload.php'; -// "doctrine/dbal" -require_once $vendor . '/Doctrine/DBAL/autoload.php'; -// mcnetic/zipstreamer" -require_once $vendor . '/ZipStreamer/autoload.php'; -// "phpeclib/phpseclib" -require_once $vendor . '/phpseclib/autoload.php'; -// "rackspace/php-opencloud" -require_once $vendor . '/OpenCloud/autoload.php'; -// "jeremeamia/superclosure" -require_once $vendor . '/SuperClosure/autoload.php'; -// "bantu/ini-get-wrapper" -require_once $vendor . '/bantu/IniGetWrapper/IniGetWrapper.php'; -// "natxet/CssMin" -require_once $vendor . '/natxet/CssMin/autoload.php'; -// "punic/punic" -require_once $vendor . '/Punic/autoload.php'; -// "patchwork/utf8" -require_once $vendor . '/Patchwork/autoload.php'; -// "symfony/console" -require_once $vendor . '/Symfony/Component/Console/autoload.php'; -// "symfony/event-dispatcher" -require_once $vendor . '/Symfony/Component/EventDispatcher/autoload.php'; -// "symfony/routing" -require_once $vendor . '/Symfony/Component/Routing/autoload.php'; -// "symfony/process" -require_once $vendor . '/Symfony/Component/Process/autoload.php'; -// "pimple/pimple" -require_once $vendor . '/Pimple/autoload.php'; -// "ircmaxell/password-compat" -if (file_exists($vendor . '/password_compat/password.php')) { - require_once $vendor . '/password_compat/password.php'; -} -// "nikic/php-parser" -require_once $vendor . '/PhpParser/autoload.php'; -// "icewind/Streams" -require_once $vendor . '/Icewind/Streams/autoload.php'; -// "swiftmailer/swiftmailer -require_once $vendor . '/Swift/swift_required.php'; -// "league/flysystem" -require_once $vendor . '/League/Flysystem/autoload.php'; -// "interfasys/lognormalizer" -require_once $vendor . '/InterfaSys/LogNormalizer/autoload.php'; -// "deepdiver1975/TarSTreamer" -require_once $vendor . '/ownCloud/TarStreamer/autoload.php'; -// "patchwork/jsqueeze" -require_once $vendor . '/Patchwork/JSqueeze.php'; -// "symfony/polyfill-php{55,56,70}" -require_once $vendor . '/Symfony/Polyfill/autoload.php'; -// "lukasreschke/id3parser": "^0.0.1" -require_once $vendor . '/ID3Parser/autoload.php'; From 3461401d17b18933476d4d358a4969dfebf818ee Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Sat, 22 Jun 2024 12:29:35 -0500 Subject: [PATCH 2/6] add epel compatibility --- nextcloud-README.fedora | 6 +++--- nextcloud-httpd.conf | 3 +++ nextcloud.spec | 21 +++++++++++++-------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/nextcloud-README.fedora b/nextcloud-README.fedora index b64fc8d..748b6cf 100644 --- a/nextcloud-README.fedora +++ b/nextcloud-README.fedora @@ -12,7 +12,7 @@ If not, make sure your webserver is running properly. Webserver --------- -Currently nextcloud in Fedora supports httpd (Apache) and nginx. You must install +Currently nextcloud in Fedora/EPEL supports httpd (Apache) and nginx. You must install at least one webserver subpackage (nextcloud-). These packages include additional configuration files for the webservers. Remote access is disabled by default on httpd. To enable access from any host for Apache **AFTER** you @@ -67,7 +67,7 @@ ownership and SELinux context attributes. Logging ------- As specified by the configuration file, nextcloud sends messages to the system -logger, which means in a standard Fedora configuration it will log to the +logger, which means in a standard Fedora/EPEL configuration it will log to the systemd journal: try "journalctl -b -t Nextcloud". You can also change the loglevel or switch to the built-in log mechanism of nextcloud. @@ -115,4 +115,4 @@ systemctl enable --now nextcloud-cron.timer Migration from owncloud ----------------------- -For detailed instructions on this please read MIGRATION.fedora +For detailed instructions on this please read MIGRATION.distro diff --git a/nextcloud-httpd.conf b/nextcloud-httpd.conf index f9ac85d..b009fd2 100644 --- a/nextcloud-httpd.conf +++ b/nextcloud-httpd.conf @@ -13,6 +13,9 @@ Alias /nextcloud/apps-appstore /var/lib/nextcloud/apps Alias /nextcloud/assets /var/lib/nextcloud/assets Alias /nextcloud /usr/share/nextcloud +# This must be set explicitly in some environments, such as el9 +AddType text/javascript .mjs + # Allows compliant CalDAV / CardDAV clients to be configured using only # the domain name. For more details see # http://tools.ietf.org/html/rfc6764 diff --git a/nextcloud.spec b/nextcloud.spec index f790d57..e077536 100644 --- a/nextcloud.spec +++ b/nextcloud.spec @@ -1,3 +1,9 @@ +%if 0%{?fedora} +%global distro fedora +%else +%global distro epel +%endif + Name: nextcloud Version: 28.0.6 Release: %autorelease @@ -38,12 +44,8 @@ Patch0: 0000-disable-update-version-check.patch Patch1: 0001-mangle-shebang.patch BuildArch: noarch -# For the systemd macros -%if 0%{?fedora} > 29 BuildRequires: systemd-rpm-macros -%else -BuildRequires: systemd -%endif + # expand pear macros on install BuildRequires: php-pear @@ -305,10 +307,13 @@ find . -name .github -type d -prune -exec rm -r {} \; -print sed -i -e 's#./\(occ upgrade\)#sudo -u apache php /usr/share/nextcloud/\1#' core/templates/update.admin.php # prepare package doc -cp %{SOURCE300} README.fedora +cp %{SOURCE300} README.%{distro} cp %{SOURCE301} README.mysql cp %{SOURCE302} README.postgresql -cp %{SOURCE303} MIGRATION.fedora +cp %{SOURCE303} MIGRATION.%{distro} + +# point the reader to the correct README filename +sed -i 's/distro/%{distro}/g' README.%{distro} # Locate license files and put them sensibly in place # get rid of all composer licenses @@ -421,7 +426,7 @@ if [ $1 -eq 0 ]; then fi %files -%doc AUTHORS README.fedora MIGRATION.fedora config/config.sample.php +%doc AUTHORS README.%{distro} MIGRATION.%{distro} config/config.sample.php %license *-LICENSE %dir %attr(-,apache,apache) %{_sysconfdir}/%{name} # contains sensitive data (dbpassword, passwordsalt) From da145e7dfc5044fca282544184a6637a0dbf9613 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Mon, 24 Jun 2024 01:43:54 +0100 Subject: [PATCH 3/6] Update the list of the bundle software --- nextcloud.spec | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/nextcloud.spec b/nextcloud.spec index e077536..727c609 100644 --- a/nextcloud.spec +++ b/nextcloud.spec @@ -90,7 +90,20 @@ Requires: php-zip Requires: %{_sysconfdir}/pki/tls/certs/ca-bundle.crt # Bundled composer libraries +# generated with utils/get-bundled-versions.py +# tar xf nextcloud-28.0.6.tar.bz2 +# cd nextcloud +# ../utils/get-bundled-versions.py # many of these can be unbundled +# I think utils/get-composer-requires.py is a tool to check if these are available on Fedora +Provides: bundled(php-composer(hexogen/kdtree)) = 0.2.5 +Provides: bundled(php-composer(icewind/smb)) = 3.5.4 +Provides: bundled(php-composer(icewind/streams)) = 0.7.7 +Provides: bundled(php-composer(bamarni/composer-bin-plugin)) = 1.8.2 +Provides: bundled(php-composer(adhocore/cli)) = 1.6.1 +Provides: bundled(php-composer(nextcloud/openapi-extractor)) = dev-main +Provides: bundled(php-composer(nikic/php-parser)) = 4.17.1 +Provides: bundled(php-composer(phpstan/phpdoc-parser)) = 1.24.2 Provides: bundled(php-composer(amphp/amp)) = 2.6.2 Provides: bundled(php-composer(amphp/byte-stream)) = 1.8.1 Provides: bundled(php-composer(amphp/parallel)) = 1.4.3 @@ -101,21 +114,13 @@ Provides: bundled(php-composer(amphp/sync)) = 1.4.2 Provides: bundled(php-composer(league/flysystem)) = 2.5.0 Provides: bundled(php-composer(league/mime-type-detection)) = 1.11.0 Provides: bundled(php-composer(psr/log)) = 1.1.4 -Provides: bundled(php-composer(rubix/ml)) = 0.4.1 +Provides: bundled(php-composer(rubix/ml)) = 2.1.1 Provides: bundled(php-composer(rubix/tensor)) = 2.2.3 Provides: bundled(php-composer(symfony/polyfill-mbstring)) = 1.27.0 Provides: bundled(php-composer(symfony/polyfill-php73)) = 1.26.0 Provides: bundled(php-composer(symfony/polyfill-php80)) = 1.27.0 -Provides: bundled(php-composer(adhocore/cli)) = 1.6.1 -Provides: bundled(php-composer(nextcloud/openapi-extractor)) = 1.6.1 -Provides: bundled(php-composer(nikic/php-parser)) = 4.17.1 -Provides: bundled(php-composer(phpstan/phpdoc-parser)) = 1.24.2 -Provides: bundled(php-composer(hexogen/kdtree)) = 0.2.5 Provides: bundled(php-composer(christian-riesen/base32)) = 1.6.0 Provides: bundled(php-composer(rullzer/easytotp)) = 0.1.4 -Provides: bundled(php-composer(icewind/smb)) = 3.5.4 -Provides: bundled(php-composer(icewind/streams)) = 0.7.7 -Provides: bundled(php-composer(bamarni/composer-bin-plugin)) = 1.8.2 Provides: bundled(php-composer(aws/aws-crt-php)) = 1.0.2 Provides: bundled(php-composer(aws/aws-sdk-php)) = 3.240.8 Provides: bundled(php-composer(bantu/ini-get-wrapper)) = 1.0.1 @@ -158,7 +163,7 @@ Provides: bundled(php-composer(php-http/guzzle7-adapter)) = 1.0.0 Provides: bundled(php-composer(php-http/httplug)) = 2.2.0 Provides: bundled(php-composer(php-http/promise)) = 1.1.0 Provides: bundled(php-composer(php-opencloud/openstack)) = 3.2.1 -Provides: bundled(php-composer(phpseclib/phpseclib)) = 2.0.45 +Provides: bundled(php-composer(phpseclib/phpseclib)) = 2.0.47 Provides: bundled(php-composer(pimple/pimple)) = 3.5.0 Provides: bundled(php-composer(psr/cache)) = 3.0.0 Provides: bundled(php-composer(psr/clock)) = 1.0.0 From 704431c4efcaf657f16721ce236bcb1c095c9757 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 24 Jun 2024 10:32:32 -0500 Subject: [PATCH 4/6] implement workaround for rhbz#2279608 --- nextcloud-integritycheck-exclusion.patch | 34 +++++++++++++++++++++++ nextcloud.spec | 35 ++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 nextcloud-integritycheck-exclusion.patch diff --git a/nextcloud-integritycheck-exclusion.patch b/nextcloud-integritycheck-exclusion.patch new file mode 100644 index 0000000..766cf1c --- /dev/null +++ b/nextcloud-integritycheck-exclusion.patch @@ -0,0 +1,34 @@ +From 9f38c6300712a23ccdc75e140143a1c461e15705 Mon Sep 17 00:00:00 2001 +From: Andrew Bauer +Date: Mon, 24 Jun 2024 10:11:23 -0500 +Subject: [PATCH] silence integrity check for excluded files + +--- + lib/private/IntegrityCheck/Checker.php | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php +index a6de3cf6030d7..3974483601b08 100644 +--- a/lib/private/IntegrityCheck/Checker.php ++++ b/lib/private/IntegrityCheck/Checker.php +@@ -337,7 +337,20 @@ private function verify(string $signaturePath, string $basePath, string $certifi + $differencesB = array_diff($currentInstanceHashes, $expectedHashes); + $differences = array_unique(array_merge($differencesA, $differencesB)); + $differenceArray = []; ++ ++ # Nasty hack to silence the integrity checker for files patched during the build process or files we simply don't care about ++ $excludedFilenames = [ ++//sedplaceholder ]; ++ + foreach ($differences as $filename => $hash) { ++ ++ # Skip if the file in question matches our exclusion list ++ foreach ($excludedFilenames as $excludedFilename) { ++ if (strpos($filename, $excludedFilename)!==false) { ++ break 2; ++ } ++ } ++ + // Check if file should not exist in the new signature table + if (!array_key_exists($filename, $expectedHashes)) { + $differenceArray['EXTRA_FILE'][$filename]['expected'] = ''; diff --git a/nextcloud.spec b/nextcloud.spec index 727c609..d71b993 100644 --- a/nextcloud.spec +++ b/nextcloud.spec @@ -42,6 +42,8 @@ Source303: %{name}-MIGRATION.fedora Patch0: 0000-disable-update-version-check.patch # Change occ shebang to /usr/bin/php Patch1: 0001-mangle-shebang.patch +# Add the ability to exclude files we specify from the nextcloud integrity checker +Patch2: nextcloud-integritycheck-exclusion.patch BuildArch: noarch BuildRequires: systemd-rpm-macros @@ -328,6 +330,39 @@ find -wholename "*/composer/LICENSE" -exec mv {} composer-LICENSE \; find . -mindepth 2 \( -name '*LICENSE*' -o -name '*LICENCE*' \) | { while read a ; do mv "$a" $(echo $a | sed "s_^./__" | tr "/ " "__" )-LICENSE ; done ; } find . -mindepth 2 -name '*COPYING*' | { while read a ; do mv "$a" $(echo $a | sed "s_^./__" | tr "/ " "__" )-COPYING ; done ; } +# case-sensitive list of partial matches to exclude from the nextcloud integrity checker +# include readme, license, other docs, and any files we move or patch during the build +excludedFilenames=" +README +readme +LICENSE +LICENCE +license +copying +COPYING +AUTHORS +htaccess +gitignore +user.ini +update.admin.php +Updater.php +occ +Checker.php +" + +# nextcloud source files use tabs rather than spaces, ew +tabs=" " +cr=" +" + +# Add quotes, commas, and escaped newlines +for f in $excludedFilenames; do + formattedlist="$formattedlist$tabs'$f',\\$cr" +done + +# look for our sed placeholder we patched in earlier, then insert our formatted list of keywords +sed -i "s|//sedplaceholder|${formattedlist}|" lib/private/IntegrityCheck/Checker.php + %check # Make sure there are no license files left over : Check for leftover license files From 57e90b38696a467b70066f03450befc0457a2426 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 3 Jul 2024 12:23:51 -0500 Subject: [PATCH 5/6] update to 29.0.3 release --- nextcloud.spec | 3 +-- sources | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/nextcloud.spec b/nextcloud.spec index d71b993..3e51ca8 100644 --- a/nextcloud.spec +++ b/nextcloud.spec @@ -5,13 +5,12 @@ %endif Name: nextcloud -Version: 28.0.6 +Version: 29.0.3 Release: %autorelease Summary: Private file sync and share server License: AGPLv3+ and MIT and BSD and ASL 2.0 and WTFPL and CC-BY-SA and GPLv3+ and Adobe URL: http://nextcloud.com Source0: https://download.nextcloud.com/server/releases/%{name}-%{version}.tar.bz2 -%define php_version 8.2 # basic nextcloud config.php, nextcloud's # initial setup will fill out other settings appropriately diff --git a/sources b/sources index 024ce6c..1abf9e9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (nextcloud-28.0.6.tar.bz2) = f34c895602bd63f2e61492e91b9949852f9d2422c3b8740e851107efe5d46de72d8ec06a15c808fa27503546067d62d3166b55ff9979b18f36546845791941c2 +SHA512 (nextcloud-29.0.3.tar.bz2) = b3e27bff91446b33fd26408577a9ee04ef74684de37cf9971e572fd00ca9c864060e6fee3a30279488fd3b1fdbe3497da607241ae2eb1b566fa2cef9142ad900 From c455a1050d906814b0c415a16dc1a6df7b901249 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 8 Jul 2024 12:46:19 -0500 Subject: [PATCH 6/6] update httpd directives using latest upstream htaccess content --- nextcloud-defaults.inc | 80 +++--------------------------------------- nextcloud-httpd.conf | 12 +++---- nextcloud.spec | 3 ++ 3 files changed, 14 insertions(+), 81 deletions(-) diff --git a/nextcloud-defaults.inc b/nextcloud-defaults.inc index 0ed8397..fef3ec6 100644 --- a/nextcloud-defaults.inc +++ b/nextcloud-defaults.inc @@ -1,78 +1,8 @@ -# These are based on the .htaccess file shipped by ownCloud, with -# appropriate adjustments for distribution packaging. Some directives -# that are irrelevant to the Fedora/EPEL ecosystem are omitted. This -# file contains directives that should be applied within the /nextcloud -# filesystem; directives that should be applied site-wide when -# ownCloud is installed are placed directly in nextcloud.conf. +# The contents of the default Nextcloud .htaccess file are appended to this +# file during build. Some directives may be irrelevant to the Fedora/EPEL +# ecosystem but are NOT omitted. # # DO NOT EDIT THIS FILE DIRECTLY. To override any element of the -# packaged ownCloud configuration, create a new /etc/httpd/conf.d/ -# file which will be read later than 'nextcloud.conf'. +# packaged Nextcloud configuration, create a new /etc/httpd/conf.d/ +# file which will be read later than this one. -AllowOverride None - -ErrorDocument 403 /nextcloud/core/templates/403.php -ErrorDocument 404 /nextcloud/core/templates/404.php - - - - - SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1 - RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION - - - - SetHandler "proxy:unix:/run/php-fpm/nextcloud.sock|fcgi://localhost" - - - - - php_value upload_max_filesize 10G - php_value post_max_size 10G - php_value memory_limit 512M - php_value mbstring.func_overload 0 - php_value always_populate_raw_post_data -1 - php_value default_charset 'UTF-8' - php_value output_buffering off - - SetEnv htaccessWorking true - - - - - php_value upload_max_filesize 10G - php_value post_max_size 10G - php_value memory_limit 512M - php_value mbstring.func_overload 0 - php_value always_populate_raw_post_data -1 - php_value default_charset 'UTF-8' - php_value output_buffering off - - SetEnv htaccessWorking true - - - -# The rewrites for legacy caldav and carddav URLs are omitted here -# because they do not work with Fedora's ownCloud directory layout. -# See https://github.com/nextcloud/core/issues/243#issuecomment-75426453 - - RewriteEngine on - RewriteBase /nextcloud/ - RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - RewriteRule ^remote/(.*) remote.php [QSA,L] - - -AddDefaultCharset utf-8 -Options -Indexes - - - ModPagespeed Off - - - - - Header set Cache-Control "max-age=7200, public" - - # https://docs.nextcloud.com/server/25/admin_manual/installation/harden_server.html#enable-http-strict-transport-security - Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" - diff --git a/nextcloud-httpd.conf b/nextcloud-httpd.conf index b009fd2..12c121e 100644 --- a/nextcloud-httpd.conf +++ b/nextcloud-httpd.conf @@ -13,15 +13,15 @@ Alias /nextcloud/apps-appstore /var/lib/nextcloud/apps Alias /nextcloud/assets /var/lib/nextcloud/assets Alias /nextcloud /usr/share/nextcloud -# This must be set explicitly in some environments, such as el9 -AddType text/javascript .mjs - # Allows compliant CalDAV / CardDAV clients to be configured using only # the domain name. For more details see # http://tools.ietf.org/html/rfc6764 -Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav -Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav -Redirect 301 /.well-known/webdav /nextcloud/remote.php/dav +# Nextcloud 29 checks specifically for trailing slash in dav 301 redirects +# https://github.com/nextcloud/server/issues/45033#issuecomment-2079306503 + +Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav/ +Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav/ +Redirect 301 /.well-known/webdav /nextcloud/remote.php/dav/ Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger Redirect 301 /.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo diff --git a/nextcloud.spec b/nextcloud.spec index 3e51ca8..d0b1174 100644 --- a/nextcloud.spec +++ b/nextcloud.spec @@ -362,6 +362,9 @@ done # look for our sed placeholder we patched in earlier, then insert our formatted list of keywords sed -i "s|//sedplaceholder|${formattedlist}|" lib/private/IntegrityCheck/Checker.php +# Build nextcloud-defaults.inc from upstream .htaccess. We will install it later. +cat .htaccess >> %{SOURCE105} + %check # Make sure there are no license files left over : Check for leftover license files