backports/nextcloud: backport version 26.0.0

backports/nextcloud/APKBUILD

@@ -0,0 +1,269 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+pkgname=nextcloud
+pkgver=26.0.0
+pkgrel=0
+_replaced_ver=25
+pkgdesc="A safe home for all your data"
+url="https://nextcloud.com/"
+arch="noarch"
+license="AGPL-3.0-only"
+_php=php81
+_php_mods="-bcmath -ctype -curl -dom -gd -fileinfo -gmp -iconv -intl
+	-mbstring -opcache -openssl -pcntl -posix -session
+	-simplexml -xml -xmlreader -xmlwriter -zip"
+depends="ca-certificates $_php ${_php_mods//-/$_php-}"
+makedepends="xmlstarlet"
+provides="$pkgname-accessibility=$pkgver-r$pkgrel
+	$pkgname-bruteforcesettings=$pkgver-r$pkgrel
+	$pkgname-contactsinteraction=$pkgver-r$pkgrel
+	$pkgname-cloud_federation_api=$pkgver-r$pkgrel
+	$pkgname-dav=$pkgver-r$pkgrel
+	$pkgname-files=$pkgver-r$pkgrel
+	$pkgname-files_videoplayer=$pkgver-r$pkgrel
+	$pkgname-federatedfilesharing=$pkgver-r$pkgrel
+	$pkgname-lookup_server_connector=$pkgver-r$pkgrel
+	$pkgname-oauth2=$pkgver-r$pkgrel
+	$pkgname-provisioning_api=$pkgver-r$pkgrel
+	$pkgname-related_resources=$pkgver-r$pkgrel
+	$pkgname-settings=$pkgver-r$pkgrel
+	$pkgname-theming=$pkgver-r$pkgrel
+	$pkgname-twofactor_totp=$pkgver-r$pkgrel
+	$pkgname-twofactor_backupcodes=$pkgver-r$pkgrel
+	$pkgname-viewer=$pkgver-r$pkgrel
+	$pkgname-workflowengine=$pkgver-r$pkgrel
+	"
+replaces="nextcloud$_replaced_ver"
+install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade
+	$pkgname-initscript.post-install"
+subpackages="$pkgname-doc $pkgname-initscript $pkgname-mysql $pkgname-pgsql $pkgname-sqlite
+	$pkgname-default-apps:_default_apps"
+source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2
+	nextcloud-dont-chmod.patch
+	dont-update-htaccess.patch
+	disable-integrity-check-as-default.patch
+	use-external-docs-if-local-not-avail.patch
+
+	$pkgname-config.php
+	$pkgname.logrotate
+	$pkgname.confd
+	$pkgname.cron
+	$pkgname-mysql.cnf
+	fpm-pool.conf
+	occ
+	"
+options="!check"
+pkgusers="nextcloud"
+pkggroups="www-data"
+builddir="$srcdir"/$pkgname
+
+# List of bundled apps to separate into subpackages. Keep it in sync!
+# Note: Don't add "bruteforcesettings", "contactsinteraction",
+# "cloud_federation_api", "files", "dav",
+# "federatedfilesharing", "lookup_server_connector", "provisioning_api",
+# "oauth2", "settings", "twofactor_backupcodes", "twofactor_totp",
+# "theming", "viewer", "workflowengine", "related_resources"
+# here, these should be always installed.
+_apps="activity
+	admin_audit
+	circles
+	comments
+	dashboard
+	encryption
+	federation
+	files_external
+	files_pdfviewer
+	files_rightclick
+	files_sharing
+	files_trashbin
+	files_versions
+	firstrunwizard
+	logreader
+	nextcloud_announcements
+	notifications
+	password_policy
+	photos
+	privacy
+	recommendations
+	serverinfo
+	support
+	sharebymail
+	survey_client
+	suspicious_login
+	systemtags
+	text
+	user_ldap
+	user_status
+	weather_status
+	"
+for _i in $_apps; do
+	subpackages="$subpackages $pkgname-$_i:_package_app"
+done
+
+# Directory for apps shipped with Nextcloud.
+_appsdir="usr/share/webapps/$pkgname/apps"
+
+package() {
+	local basedir="var/lib/$pkgname"
+	local datadir="$basedir/data"
+	local wwwdir="usr/share/webapps/$pkgname"
+	local confdir="etc/$pkgname"
+
+	mkdir -p "$pkgdir"
+	cd "$pkgdir"
+
+	mkdir -p ./${wwwdir%/*}
+	cp -a "$builddir" ./$wwwdir
+
+	chmod +x ./$wwwdir/occ
+	chmod 664 ./$wwwdir/.htaccess \
+		./$wwwdir/.user.ini
+
+	# Let's not ship upstream's 'updatenotification' app and updater, which
+	# has zero chance of working and a big chance of blowing things up.
+	rm -r ./$wwwdir/apps/updatenotification \
+		./$wwwdir/lib/private/Updater/VersionCheck.php
+
+	# Replace bundled CA bundle with ours.
+	ln -sf /etc/ssl/certs/ca-certificates.crt ./$wwwdir/resources/config/ca-bundle.crt
+
+	install -d -m 770 -o nextcloud -g www-data \
+		./$confdir ./$datadir ./$basedir/apps
+	install -d -m 775 -o nextcloud -g www-data \
+		./var/log/$pkgname
+
+	# Create symlink from web root to site-apps, so web server can find
+	# assets w/o explicit configuration for this layout.
+	ln -s /$basedir/apps ./$wwwdir/apps-appstore
+
+	mv ./$wwwdir/config/* ./$confdir/
+	rm -r ./$wwwdir/config
+	ln -s /$confdir ./$wwwdir/config
+
+	mkdir -p ./usr/share/doc/$pkgname
+	mv ./$wwwdir/core/doc ./usr/share/doc/$pkgname/core
+
+	install -m 660 -o nextcloud -g www-data \
+		"$srcdir"/$pkgname-config.php ./$confdir/config.php
+
+	install -m 644 -D "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
+
+	install -m 755 -D "$srcdir"/occ ./usr/bin/occ
+
+	# Clean some unnecessary files.
+	find . -name .gitignore -delete \
+		-o -name .bower.json -delete \
+		-o -name 'README*' -delete \
+		-o -name 'CHANGELOG*' -delete \
+		-o -name 'CONTRIBUTING*' -delete
+	find . -name .github -type d -prune -exec rm -r {} \;
+}
+
+doc() {
+	replaces="nextcloud$_replaced_ver-doc"
+	default_doc
+
+	local target="$subpkgdir"/usr/share/webapps/$pkgname/core/doc
+	mkdir -p "${target%/*}"
+	ln -s ../../../doc/$pkgname/core "$target"
+	install -m644 README.alpine "$subpkgdir"/usr/share/webapps/$pkgname/README.alpine
+}
+
+initscript() {
+	pkgdesc="Init script that runs Nextcloud with php-fpm"
+	depends="$pkgname $_php-fpm"
+	replaces="nextcloud$_replaced_ver-initscript"
+
+	local confdir="$subpkgdir/etc/$_php/php-fpm.d"
+	local fpm_name="php-fpm${_php#php}"
+
+	install -m 644 -D "$srcdir"/fpm-pool.conf "$confdir"/$pkgname.conf
+	install -m 644 -D "$srcdir"/$pkgname.confd "$subpkgdir"/etc/conf.d/$pkgname
+	install -m 755 -D "$srcdir"/$pkgname.cron "$subpkgdir"/etc/periodic/15min/$pkgname
+
+	mkdir -p "$subpkgdir"/etc/init.d
+	ln -s $fpm_name "$subpkgdir"/etc/init.d/$pkgname
+}
+
+pgsql() {
+	pkgdesc="Nextcloud PostgreSQL support"
+	depends="$pkgname $_php-pgsql $_php-pdo_pgsql"
+	replaces="nextcloud$_replaced_ver-pgsql"
+	mkdir -p "$subpkgdir"
+}
+
+sqlite() {
+	pkgdesc="Nextcloud SQLite support"
+	depends="$pkgname $_php-sqlite3 $_php-pdo_sqlite"
+	replaces="nextcloud$_replaced_ver-sqlite"
+	mkdir -p "$subpkgdir"
+}
+
+mysql() {
+	pkgdesc="Nextcloud MySQL support"
+	depends="$pkgname $_php-pdo_mysql"
+	replaces="nextcloud$_replaced_ver-mysql"
+
+	mkdir -p "$subpkgdir"
+	install -m 644 -D "$srcdir"/$pkgname-mysql.cnf "$subpkgdir"/etc/my.cnf.d/$pkgname.cnf
+}
+
+_default_apps() {
+	pkgdesc="Nextcloud default apps"
+	depends="$pkgname"
+	replaces="nextcloud$_replaced_ver-default-apps"
+
+	local path; for path in "$pkgdir"/"$_appsdir"/*; do
+		if grep -q '<default_enable\s*/>' "$path"/appinfo/info.xml; then
+			depends="$depends $pkgname-${path##*/}"
+		fi
+	done
+
+	mkdir -p "$subpkgdir"
+}
+
+_package_app() {
+	local appname="${subpkgname#"$pkgname"-}"
+	local appinfo="$pkgdir/$_appsdir/$appname/appinfo/info.xml"
+
+	local name=$(xmlstarlet sel -t -v 'info/name/text()' "$appinfo")
+	pkgdesc="Nextcloud ${name:-$appname} app"
+	replaces="nextcloud$_replaced_ver-$appname"
+
+	local php_deps=$(xmlstarlet sel -t -v 'info/dependencies/lib/text()' "$appinfo" \
+		| xargs -r -n1 printf "$_php-%s\n")
+	local app_deps=""
+
+	case "$appname" in
+		dashboard) app_deps="-accessibility"
+		;;
+		files_sharing)	app_deps="-federatedfilesharing"
+		;;
+		photos)
+				app_deps="-viewer"
+				provides="$pkgname-gallery=$pkgver-r$pkgrel"
+				replaces="$replaces nextcloud$_replaced_ver-gallery"
+		;;
+		serverinfo) app_deps="-files_sharing"
+	esac
+
+	depends="$pkgname $php_deps ${app_deps//-/$pkgname-}"
+
+	mkdir -p "$subpkgdir"/$_appsdir
+	mv "$pkgdir"/$_appsdir/$appname "$subpkgdir"/$_appsdir/
+}
+
+sha512sums="
+ad589d2e128fd73e9282e1f41d5189dc3216270e546524e8feaefa9013202e806047cc304ef77a8954eac16b010b3d65bc99ce8547256c1df6e90b69aa2f232a  nextcloud-26.0.0.tar.bz2
+aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9  nextcloud-dont-chmod.patch
+aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731  dont-update-htaccess.patch
+d2100a837fef1eeae5f706650ab4c985d9e00f61efa5526ef76c7c1f5811c3906eb6c3c13c151eff9677a0c303faab64411a5a84d6792728bc520d2c618d7d5b  disable-integrity-check-as-default.patch
+fa63b5de7e6a44d91af6403bd1f2739f0f785b99a1bd5c978b91d1348fead9059d847c228a90e13844c66be60d4ee9186e4ecb18ac367899a7f153211ac057b4  use-external-docs-if-local-not-avail.patch
+5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1  nextcloud-config.php
+7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba  nextcloud.logrotate
+dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a  nextcloud.confd
+bd077495e4caea88f5d5d8f65e6607ecff03671a26cb08cdcad57bd8e82397f75a2a8f49971c6ebdb8d158904784ff13849fa4944263bbd43056ffced70f054c  nextcloud.cron
+b9ad5434c384c96608f00d65c45f782e279c6756da8fb706f62ecaf7b7aa420077cb6989da5e85becc47418884ec0672e7db874174454ca679fdca84a50f537f  nextcloud-mysql.cnf
+78ef204ee7c12b228c0b7b04333514e561c1c8e19153f5507224fa4fdd112aaaa6331747014f3b72181298f52ecd4223bcff4bd963b49b49153265254b07e79b  fpm-pool.conf
+0c2e880f68f76d04fd8264986cc7735597bb7ede846e7e67dec2bf58fcd85cc4e28e03a3c05c7299e56803eecfbc4d035d9e4dbf09508631c9256a38ed59d413  occ
+"

backports/nextcloud/README.alpine

@@ -0,0 +1,5 @@
+## nextcloud-serverinfo package
+
+If you are using the provided nextcloud php-fpm configuration,
+nextcloud-serverinfo package requires to enable 'shell_exec' function
+in php configuration file 'nextcloud.conf'.

backports/nextcloud/disable-integrity-check-as-default.patch

@@ -0,0 +1,15 @@
+We patch some files and Nextcloud's integrity check doesn't like it...
+APK ensures integrity of all installed files, so this Nextcloud's integrity
+check doesn't add any value.
+
+--- a/lib/private/IntegrityCheck/Checker.php
++++ b/lib/private/IntegrityCheck/Checker.php
+@@ -111,7 +111,7 @@
+ 		 */
+ 		$isIntegrityCheckDisabled = false;
+ 		if ($this->config !== null) {
+-			$isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
++			$isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', true);
+ 		}
+ 		if ($isIntegrityCheckDisabled === true) {
+ 			return false;

backports/nextcloud/dont-update-htaccess.patch

@@ -0,0 +1,32 @@
+Don't mess with .htaccess files.
+
+Patch ported from https://src.fedoraproject.org/cgit/rpms/nextcloud.git/tree/nextcloud-9.1.0-dont_update_htacess.patch
+
+--- a/core/register_command.php
++++ b/core/register_command.php
+@@ -135,7 +135,6 @@
+ 	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
+ 	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
+ 	$application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
+-	$application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
+ 	$application->add(new OC\Core\Command\Maintenance\UpdateTheme(\OC::$server->getMimeTypeDetector(), \OC::$server->getMemCacheFactory()));
+ 
+ 	$application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->query(\OC\Installer::class)));
+
+--- a/lib/private/Updater.php
++++ b/lib/private/Updater.php
+@@ -233,14 +233,6 @@
+ 			throw new \Exception('Updates between multiple major versions and downgrades are unsupported.');
+ 		}
+ 
+-		// Update .htaccess files
+-		try {
+-			Setup::updateHtaccess();
+-			Setup::protectDataDirectory();
+-		} catch (\Exception $e) {
+-			throw new \Exception($e->getMessage());
+-		}
+-
+ 		// create empty file in data dir, so we can later find
+ 		// out that this is indeed an ownCloud data directory
+ 		// (in case it didn't exist before)

backports/nextcloud/fpm-pool.conf

@@ -0,0 +1,200 @@
+[global]
+; Error log file
+; Default Value: log/php-fpm.log
+error_log = /var/log/nextcloud/php-fpm.log
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+log_level = warning
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+emergency_restart_threshold = 10
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+emergency_restart_interval = 1m
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+process_control_timeout = 10s
+
+
+[nextcloud]
+user = nextcloud
+group = www-data
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses on a
+;                            specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket (the path is *not*
+;                            relative to chroot!)
+; Note: This value is mandatory.
+listen = /run/nextcloud/fastcgi.sock
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0666
+listen.mode  = 0660
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static   ... a fixed number of child processes.
+;   dynamic  ... the number of child processes are set dynamically.
+;   ondemand ... no children are created at startup; children will be forked
+;                when new requests will connect.
+; Note: This value is mandatory.
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 10
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 120s
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page.
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+pm.status_path =
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+ping.path = /ping
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+; Note: the path is *not* relative to chroot.
+;slowlog = /var/log/nextcloud/php-fpm.slow.log
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+;
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+;
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr/lib/php7.x)
+
+; Allow HTTP file uploads.
+php_admin_flag[file_uploads] = true
+
+; Maximal size of a file that can be uploaded via web interface.
+php_admin_value[memory_limit] = 512M
+php_admin_value[post_max_size] = 513M
+php_admin_value[upload_max_filesize] = 513M
+
+; Where to store temporary files.
+php_admin_value[session.save_path] = /var/tmp/nextcloud
+php_admin_value[sys_temp_dir] = /var/tmp/nextcloud
+php_admin_value[upload_tmp_dir] = /var/tmp/nextcloud
+
+; Log errors to specified file.
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = /var/log/nextcloud/php.error.log
+
+; OPcache error_log file name. Empty string assumes "stderr"
+php_admin_value[opcache.error_log] = /var/log/nextcloud/php.error.log
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; This must be disabled for ownCloud.
+php_admin_flag[output_buffering] = false
+
+; Overload(replace) single byte functions by mbstring functions.
+; This must be disabled for ownCloud.
+php_admin_flag[mbstring.func_overload] = false
+
+; Never populate the $HTTP_RAW_POST_DATA variable.
+; http://php.net/always-populate-raw-post-data
+php_admin_value[always_populate_raw_post_data] = -1
+
+; Disable certain functions for security reasons.
+; http://php.net/disable-functions
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,curl_multi_exec,show_source
+
+; Set recommended settings for OpCache.
+; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+php_admin_flag[opcache.enable] = true
+php_admin_flag[opcache.enable_cli] = true
+php_admin_flag[opcache.save_comments] = true
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 10000
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.revalidate_freq] = 1

backports/nextcloud/nextcloud-config.php

@@ -0,0 +1,37 @@
+<?php
+$CONFIG = array (
+  'datadirectory' => '/var/lib/nextcloud/data',
+  'logfile' => '/var/log/nextcloud/nextcloud.log',
+  'apps_paths' => array (
+    // Read-only location for apps shipped with Nextcloud and installed by apk.
+    0 => array (
+      'path' => '/usr/share/webapps/nextcloud/apps',
+      'url' => '/apps',
+      'writable' => false,
+    ),
+    // Writable location for apps installed from AppStore.
+    1 => array (
+      'path' => '/var/lib/nextcloud/apps',
+      'url' => '/apps-appstore',
+      'writable' => true,
+    ),
+  ),
+  'updatechecker' => false,
+  'check_for_working_htaccess' => false,
+
+  // Uncomment to enable Zend OPcache.
+  //'memcache.local' => '\OC\Memcache\APCu',
+
+  // Uncomment this and add user nextcloud to the redis group to enable Redis
+  // cache for file locking. This is highly recommended, see
+  // https://github.com/nextcloud/server/issues/9305.
+  //'memcache.locking' => '\OC\Memcache\Redis',
+  //'redis' => array(
+  //  'host' => '/run/redis/redis.sock',
+  //  'port' => 0,
+  //  'dbindex' => 0,
+  //  'timeout' => 1.5,
+  //),
+
+  'installed' => false,
+);

backports/nextcloud/nextcloud-dont-chmod.patch

@@ -0,0 +1,58 @@
+commit d8f09abd65e5fd620b8b0d720daee293c355660c
+Author: Leonardo Arena <rnalrd@alpinelinux.org>
+Date:   Mon Aug 31 06:59:15 2020 +0000
+
+    Don't chmod. The package takes care of setting the right permissions for directories and files
+
+diff --git a/lib/private/Config.php b/lib/private/Config.php
+index cbdbc5b2..1118981b 100644
+--- a/lib/private/Config.php
++++ b/lib/private/Config.php
+@@ -242,9 +242,6 @@ class Config {
+ 		touch($this->configFilePath);
+ 		$filePointer = fopen($this->configFilePath, 'r+');
+ 
+-		// Prevent others not to read the config
+-		chmod($this->configFilePath, 0640);
+-
+ 		// File does not exist, this can happen when doing a fresh install
+ 		if (!is_resource($filePointer)) {
+ 			throw new HintException(
+diff --git a/lib/private/Log/File.php b/lib/private/Log/File.php
+index 9e9abb11..7db25286 100644
+--- a/lib/private/Log/File.php
++++ b/lib/private/Log/File.php
+@@ -82,9 +82,6 @@ class File extends LogDetails implements IWriter, IFileBased {
+ 	public function write(string $app, $message, int $level) {
+ 		$entry = $this->logDetailsAsJSON($app, $message, $level);
+ 		$handle = @fopen($this->logFile, 'a');
+-		if ($this->logFileMode > 0 && is_file($this->logFile) && (fileperms($this->logFile) & 0777) != $this->logFileMode) {
+-			@chmod($this->logFile, $this->logFileMode);
+-		}
+ 		if ($handle) {
+ 			fwrite($handle, $entry."\n");
+ 			fclose($handle);
+diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php
+index 49d4ee94..b0943843 100644
+--- a/lib/private/TempManager.php
++++ b/lib/private/TempManager.php
+@@ -96,7 +96,6 @@ class TempManager implements ITempManager {
+ 			if ($postFix !== '') {
+ 				$fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix);
+ 				touch($fileNameWithPostfix);
+-				chmod($fileNameWithPostfix, 0600);
+ 				$this->current[] = $fileNameWithPostfix;
+ 				return $fileNameWithPostfix;
+ 			}
+diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php
+index 71f6edba..216abdf8 100644
+--- a/lib/private/legacy/OC_Util.php
++++ b/lib/private/legacy/OC_Util.php
+@@ -1004,7 +1004,6 @@ class OC_Util {
+ 			. ' cannot be listed by other users.');
+ 		$perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ 		if (substr($perms, -1) !== '0') {
+-			chmod($dataDirectory, 0770);
+ 			clearstatcache();
+ 			$perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ 			if ($perms[2] !== '0') {

backports/nextcloud/nextcloud-initscript.post-install

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# It's not needed to be writable for www-data group when running with php-fpm.
+for dir in /etc/nextcloud \
+	/etc/nextcloud/config.php \
+	/var/lib/nextcloud/data \
+	/var/lib/nextcloud/apps
+do
+	chmod g-w $dir
+done
+chgrp root /etc/nextcloud/config.php
+
+# This must be writable (only) by nextcloud user.
+chmod 750 /var/log/nextcloud
+
+mkdir /var/tmp/nextcloud # If /var/tmp doesn't exist there's a big problem
+chown nextcloud /var/tmp/nextcloud
+chmod 700 /var/tmp/nextcloud
+
+cat <<EOF
+*
+* Point your web server to /run/nextcloud/fastcgi.sock and start Nextcloud with
+* /etc/init.d/nextcloud start. You can modify php-fpm settings in
+* /etc/php81/fpm.d/nextcloud.conf.
+*
+EOF
+
+exit 0

backports/nextcloud/nextcloud-mysql.cnf

@@ -0,0 +1,3 @@
+[server]
+# See https://github.com/nextcloud/server/issues/25436
+innodb_read_only_compressed=off

backports/nextcloud/nextcloud.confd

@@ -0,0 +1,8 @@
+# Config file for /etc/init.d/nextcloud
+
+name="Nextcloud"
+user="nextcloud"
+group="www-data"
+
+# Uncomment if you use Nextcloud with Redis for caching.
+#rc_need="redis"

backports/nextcloud/nextcloud.cron

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Run only when nextcloud service is started.
+if rc-service nextcloud -q status >/dev/null 2>&1; then
+	su nextcloud -s /bin/sh -c 'php81 -f /usr/share/webapps/nextcloud/cron.php'
+fi

backports/nextcloud/nextcloud.logrotate

@@ -0,0 +1,6 @@
+/var/log/nextcloud/*.log {
+	daily
+	compress
+	copytruncate
+	su nextcloud www-data
+}

backports/nextcloud/nextcloud.post-upgrade

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+ver_new="$1"
+ver_old="$2"
+
+if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ]; then
+	cat >&2 <<-EOF
+	*
+	* All Nextcloud's bundled apps (except "files" and "dav") have been moved to
+	* separate subpackages (e.g. nextcloud-activity). If you want to install
+	* all apps that are enabled by default at once, run:
+	*
+	*     apk add nextcloud-default-apps
+	*
+	EOF
+
+	if [ "$(ls -A /var/lib/nextcloud/apps)" ]; then
+		cat >&2 <<-EOF
+		*
+		* Nextcloud's bundled apps have been moved from /var/lib/nextcloud/apps
+		* to /usr/share/webapps/nextcloud/apps. Only apps installed from App Store
+		* should be stored in /var/lib/nextcloud/apps.
+		*
+		* It seems that you have installed some apps from App Store, so you have to
+		* add /var/lib/nextcloud/apps to your apps_paths. Copy "apps_paths" key
+		* from /etc/nextcloud/config.php.apk-new to your config.php.
+		* 
+		EOF
+	fi
+fi
+
+if [ $(apk version -t "$ver_old" '15.0.2-r0') = '<' ]; then
+	cat >&2 <<-EOF
+	*
+	* App "user_external" is no longer available via release channel.
+	* You need to uninstall the package and install it via appstore:
+	*
+	*     apk del nextcloud-user_external
+	*
+	EOF
+
+fi
+
+if [ $(apk version -t "$ver_old" '20.0.0-r0') = '<' ]; then
+	cat >&2 <<-EOF
+	*
+	* If you are updating from Alpine 3.12->3.13
+	* please use the transitional package nextcloud19
+	* to upgrade from Nextcloud 18->20
+	*
+	EOF
+
+fi
+
+if [ "${ver_new%-r*}" != "${ver_old%-r*}" ]; then
+	echo '  * Run "occ upgrade" to finish upgrading your NextCloud instance!' >&2
+fi

backports/nextcloud/nextcloud.pre-install

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+adduser -S -D -H -h /var/lib/nextcloud -s /sbin/nologin -G www-data -g Nextcloud nextcloud 2>/dev/null
+
+exit 0

backports/nextcloud/nextcloud.pre-upgrade

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+ver_old="$2"
+apps_link='/usr/share/webapps/nextcloud/apps'
+
+# Remove apps symlink before replacing files to avoid losing installed apps.
+# This is a workaround for some issue in apk.
+if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ] && [ -L "$apps_link" ]; then
+	rm "$apps_link"
+fi

backports/nextcloud/occ

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+NEXTCLOUD_DIR='/usr/share/webapps/nextcloud'
+: ${NEXTCLOUD_USER:="nextcloud"}
+
+if [ "$(id -un)" != "$NEXTCLOUD_USER" ]; then
+	exec su -s /bin/sh "$NEXTCLOUD_USER" -c '$0 "$@"' -- php81 $NEXTCLOUD_DIR/occ "$@"
+else
+	exec php81 $NEXTCLOUD_DIR/occ "$@"
+fi

backports/nextcloud/use-external-docs-if-local-not-avail.patch

@@ -0,0 +1,32 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Tue, 27 Jun 2017 02:07:00 +0200
+Subject: [PATCH] Show link to external docs if local is not installed
+
+---
+ apps/settings/templates/help.php | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/apps/settings/templates/help.php b/apps/settings/templates/help.php
+index 18cba185..45b5c8d5 100644
+--- a/apps/settings/templates/help.php
++++ b/apps/settings/templates/help.php
+@@ -43,6 +43,17 @@
+ </div>
+ 
+ <div id="app-content" class="help-includes">
++<?php if ($_['localDocs']) { ?>
+ 	<iframe src="<?php print_unescaped($_['url']); ?>" class="help-iframe" tabindex="0">
+ 	</iframe>
++<?php } else { ?>
++	<div class="section">
++		<h2>Local documentation is not installed</h2>
++		<p>Please use
++			<a href="<?php print_unescaped($_['url']); ?>" target="_blank" rel="noreferrer">
++				<?php p($l->t('online documentation')); ?> ↗
++			</a>
++		</p>
++	</div>
++<?php } ?>
+ </div>
+-- 
+2.37.3