From 7767f572a4733f8ce81310a2a38889588bb4f3c3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 4 Apr 2023 16:52:03 -0400 Subject: [PATCH] backports/nextcloud: backport version 26.0.0 --- backports/nextcloud/APKBUILD | 269 ++++++++++++++++++ backports/nextcloud/README.alpine | 5 + .../disable-integrity-check-as-default.patch | 15 + .../nextcloud/dont-update-htaccess.patch | 32 +++ backports/nextcloud/fpm-pool.conf | 200 +++++++++++++ backports/nextcloud/nextcloud-config.php | 37 +++ .../nextcloud/nextcloud-dont-chmod.patch | 58 ++++ .../nextcloud-initscript.post-install | 28 ++ backports/nextcloud/nextcloud-mysql.cnf | 3 + backports/nextcloud/nextcloud.confd | 8 + backports/nextcloud/nextcloud.cron | 6 + backports/nextcloud/nextcloud.logrotate | 6 + backports/nextcloud/nextcloud.post-upgrade | 57 ++++ backports/nextcloud/nextcloud.pre-install | 6 + backports/nextcloud/nextcloud.pre-upgrade | 10 + backports/nextcloud/occ | 10 + ...use-external-docs-if-local-not-avail.patch | 32 +++ 17 files changed, 782 insertions(+) create mode 100644 backports/nextcloud/APKBUILD create mode 100644 backports/nextcloud/README.alpine create mode 100644 backports/nextcloud/disable-integrity-check-as-default.patch create mode 100644 backports/nextcloud/dont-update-htaccess.patch create mode 100644 backports/nextcloud/fpm-pool.conf create mode 100644 backports/nextcloud/nextcloud-config.php create mode 100644 backports/nextcloud/nextcloud-dont-chmod.patch create mode 100644 backports/nextcloud/nextcloud-initscript.post-install create mode 100644 backports/nextcloud/nextcloud-mysql.cnf create mode 100644 backports/nextcloud/nextcloud.confd create mode 100644 backports/nextcloud/nextcloud.cron create mode 100644 backports/nextcloud/nextcloud.logrotate create mode 100644 backports/nextcloud/nextcloud.post-upgrade create mode 100644 backports/nextcloud/nextcloud.pre-install create mode 100644 backports/nextcloud/nextcloud.pre-upgrade create mode 100644 backports/nextcloud/occ create mode 100644 backports/nextcloud/use-external-docs-if-local-not-avail.patch diff --git a/backports/nextcloud/APKBUILD b/backports/nextcloud/APKBUILD new file mode 100644 index 0000000..d7f1f1d --- /dev/null +++ b/backports/nextcloud/APKBUILD @@ -0,0 +1,269 @@ +# Contributor: Jakub Jirutka +# Maintainer: Leonardo Arena +pkgname=nextcloud +pkgver=26.0.0 +pkgrel=0 +_replaced_ver=25 +pkgdesc="A safe home for all your data" +url="https://nextcloud.com/" +arch="noarch" +license="AGPL-3.0-only" +_php=php81 +_php_mods="-bcmath -ctype -curl -dom -gd -fileinfo -gmp -iconv -intl + -mbstring -opcache -openssl -pcntl -posix -session + -simplexml -xml -xmlreader -xmlwriter -zip" +depends="ca-certificates $_php ${_php_mods//-/$_php-}" +makedepends="xmlstarlet" +provides="$pkgname-accessibility=$pkgver-r$pkgrel + $pkgname-bruteforcesettings=$pkgver-r$pkgrel + $pkgname-contactsinteraction=$pkgver-r$pkgrel + $pkgname-cloud_federation_api=$pkgver-r$pkgrel + $pkgname-dav=$pkgver-r$pkgrel + $pkgname-files=$pkgver-r$pkgrel + $pkgname-files_videoplayer=$pkgver-r$pkgrel + $pkgname-federatedfilesharing=$pkgver-r$pkgrel + $pkgname-lookup_server_connector=$pkgver-r$pkgrel + $pkgname-oauth2=$pkgver-r$pkgrel + $pkgname-provisioning_api=$pkgver-r$pkgrel + $pkgname-related_resources=$pkgver-r$pkgrel + $pkgname-settings=$pkgver-r$pkgrel + $pkgname-theming=$pkgver-r$pkgrel + $pkgname-twofactor_totp=$pkgver-r$pkgrel + $pkgname-twofactor_backupcodes=$pkgver-r$pkgrel + $pkgname-viewer=$pkgver-r$pkgrel + $pkgname-workflowengine=$pkgver-r$pkgrel + " +replaces="nextcloud$_replaced_ver" +install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade + $pkgname-initscript.post-install" +subpackages="$pkgname-doc $pkgname-initscript $pkgname-mysql $pkgname-pgsql $pkgname-sqlite + $pkgname-default-apps:_default_apps" +source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2 + nextcloud-dont-chmod.patch + dont-update-htaccess.patch + disable-integrity-check-as-default.patch + use-external-docs-if-local-not-avail.patch + + $pkgname-config.php + $pkgname.logrotate + $pkgname.confd + $pkgname.cron + $pkgname-mysql.cnf + fpm-pool.conf + occ + " +options="!check" +pkgusers="nextcloud" +pkggroups="www-data" +builddir="$srcdir"/$pkgname + +# List of bundled apps to separate into subpackages. Keep it in sync! +# Note: Don't add "bruteforcesettings", "contactsinteraction", +# "cloud_federation_api", "files", "dav", +# "federatedfilesharing", "lookup_server_connector", "provisioning_api", +# "oauth2", "settings", "twofactor_backupcodes", "twofactor_totp", +# "theming", "viewer", "workflowengine", "related_resources" +# here, these should be always installed. +_apps="activity + admin_audit + circles + comments + dashboard + encryption + federation + files_external + files_pdfviewer + files_rightclick + files_sharing + files_trashbin + files_versions + firstrunwizard + logreader + nextcloud_announcements + notifications + password_policy + photos + privacy + recommendations + serverinfo + support + sharebymail + survey_client + suspicious_login + systemtags + text + user_ldap + user_status + weather_status + " +for _i in $_apps; do + subpackages="$subpackages $pkgname-$_i:_package_app" +done + +# Directory for apps shipped with Nextcloud. +_appsdir="usr/share/webapps/$pkgname/apps" + +package() { + local basedir="var/lib/$pkgname" + local datadir="$basedir/data" + local wwwdir="usr/share/webapps/$pkgname" + local confdir="etc/$pkgname" + + mkdir -p "$pkgdir" + cd "$pkgdir" + + mkdir -p ./${wwwdir%/*} + cp -a "$builddir" ./$wwwdir + + chmod +x ./$wwwdir/occ + chmod 664 ./$wwwdir/.htaccess \ + ./$wwwdir/.user.ini + + # Let's not ship upstream's 'updatenotification' app and updater, which + # has zero chance of working and a big chance of blowing things up. + rm -r ./$wwwdir/apps/updatenotification \ + ./$wwwdir/lib/private/Updater/VersionCheck.php + + # Replace bundled CA bundle with ours. + ln -sf /etc/ssl/certs/ca-certificates.crt ./$wwwdir/resources/config/ca-bundle.crt + + install -d -m 770 -o nextcloud -g www-data \ + ./$confdir ./$datadir ./$basedir/apps + install -d -m 775 -o nextcloud -g www-data \ + ./var/log/$pkgname + + # Create symlink from web root to site-apps, so web server can find + # assets w/o explicit configuration for this layout. + ln -s /$basedir/apps ./$wwwdir/apps-appstore + + mv ./$wwwdir/config/* ./$confdir/ + rm -r ./$wwwdir/config + ln -s /$confdir ./$wwwdir/config + + mkdir -p ./usr/share/doc/$pkgname + mv ./$wwwdir/core/doc ./usr/share/doc/$pkgname/core + + install -m 660 -o nextcloud -g www-data \ + "$srcdir"/$pkgname-config.php ./$confdir/config.php + + install -m 644 -D "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname + + install -m 755 -D "$srcdir"/occ ./usr/bin/occ + + # Clean some unnecessary files. + find . -name .gitignore -delete \ + -o -name .bower.json -delete \ + -o -name 'README*' -delete \ + -o -name 'CHANGELOG*' -delete \ + -o -name 'CONTRIBUTING*' -delete + find . -name .github -type d -prune -exec rm -r {} \; +} + +doc() { + replaces="nextcloud$_replaced_ver-doc" + default_doc + + local target="$subpkgdir"/usr/share/webapps/$pkgname/core/doc + mkdir -p "${target%/*}" + ln -s ../../../doc/$pkgname/core "$target" + install -m644 README.alpine "$subpkgdir"/usr/share/webapps/$pkgname/README.alpine +} + +initscript() { + pkgdesc="Init script that runs Nextcloud with php-fpm" + depends="$pkgname $_php-fpm" + replaces="nextcloud$_replaced_ver-initscript" + + local confdir="$subpkgdir/etc/$_php/php-fpm.d" + local fpm_name="php-fpm${_php#php}" + + install -m 644 -D "$srcdir"/fpm-pool.conf "$confdir"/$pkgname.conf + install -m 644 -D "$srcdir"/$pkgname.confd "$subpkgdir"/etc/conf.d/$pkgname + install -m 755 -D "$srcdir"/$pkgname.cron "$subpkgdir"/etc/periodic/15min/$pkgname + + mkdir -p "$subpkgdir"/etc/init.d + ln -s $fpm_name "$subpkgdir"/etc/init.d/$pkgname +} + +pgsql() { + pkgdesc="Nextcloud PostgreSQL support" + depends="$pkgname $_php-pgsql $_php-pdo_pgsql" + replaces="nextcloud$_replaced_ver-pgsql" + mkdir -p "$subpkgdir" +} + +sqlite() { + pkgdesc="Nextcloud SQLite support" + depends="$pkgname $_php-sqlite3 $_php-pdo_sqlite" + replaces="nextcloud$_replaced_ver-sqlite" + mkdir -p "$subpkgdir" +} + +mysql() { + pkgdesc="Nextcloud MySQL support" + depends="$pkgname $_php-pdo_mysql" + replaces="nextcloud$_replaced_ver-mysql" + + mkdir -p "$subpkgdir" + install -m 644 -D "$srcdir"/$pkgname-mysql.cnf "$subpkgdir"/etc/my.cnf.d/$pkgname.cnf +} + +_default_apps() { + pkgdesc="Nextcloud default apps" + depends="$pkgname" + replaces="nextcloud$_replaced_ver-default-apps" + + local path; for path in "$pkgdir"/"$_appsdir"/*; do + if grep -q '' "$path"/appinfo/info.xml; then + depends="$depends $pkgname-${path##*/}" + fi + done + + mkdir -p "$subpkgdir" +} + +_package_app() { + local appname="${subpkgname#"$pkgname"-}" + local appinfo="$pkgdir/$_appsdir/$appname/appinfo/info.xml" + + local name=$(xmlstarlet sel -t -v 'info/name/text()' "$appinfo") + pkgdesc="Nextcloud ${name:-$appname} app" + replaces="nextcloud$_replaced_ver-$appname" + + local php_deps=$(xmlstarlet sel -t -v 'info/dependencies/lib/text()' "$appinfo" \ + | xargs -r -n1 printf "$_php-%s\n") + local app_deps="" + + case "$appname" in + dashboard) app_deps="-accessibility" + ;; + files_sharing) app_deps="-federatedfilesharing" + ;; + photos) + app_deps="-viewer" + provides="$pkgname-gallery=$pkgver-r$pkgrel" + replaces="$replaces nextcloud$_replaced_ver-gallery" + ;; + serverinfo) app_deps="-files_sharing" + esac + + depends="$pkgname $php_deps ${app_deps//-/$pkgname-}" + + mkdir -p "$subpkgdir"/$_appsdir + mv "$pkgdir"/$_appsdir/$appname "$subpkgdir"/$_appsdir/ +} + +sha512sums=" +ad589d2e128fd73e9282e1f41d5189dc3216270e546524e8feaefa9013202e806047cc304ef77a8954eac16b010b3d65bc99ce8547256c1df6e90b69aa2f232a nextcloud-26.0.0.tar.bz2 +aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9 nextcloud-dont-chmod.patch +aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731 dont-update-htaccess.patch +d2100a837fef1eeae5f706650ab4c985d9e00f61efa5526ef76c7c1f5811c3906eb6c3c13c151eff9677a0c303faab64411a5a84d6792728bc520d2c618d7d5b disable-integrity-check-as-default.patch +fa63b5de7e6a44d91af6403bd1f2739f0f785b99a1bd5c978b91d1348fead9059d847c228a90e13844c66be60d4ee9186e4ecb18ac367899a7f153211ac057b4 use-external-docs-if-local-not-avail.patch +5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1 nextcloud-config.php +7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate +dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd +bd077495e4caea88f5d5d8f65e6607ecff03671a26cb08cdcad57bd8e82397f75a2a8f49971c6ebdb8d158904784ff13849fa4944263bbd43056ffced70f054c nextcloud.cron +b9ad5434c384c96608f00d65c45f782e279c6756da8fb706f62ecaf7b7aa420077cb6989da5e85becc47418884ec0672e7db874174454ca679fdca84a50f537f nextcloud-mysql.cnf +78ef204ee7c12b228c0b7b04333514e561c1c8e19153f5507224fa4fdd112aaaa6331747014f3b72181298f52ecd4223bcff4bd963b49b49153265254b07e79b fpm-pool.conf +0c2e880f68f76d04fd8264986cc7735597bb7ede846e7e67dec2bf58fcd85cc4e28e03a3c05c7299e56803eecfbc4d035d9e4dbf09508631c9256a38ed59d413 occ +" diff --git a/backports/nextcloud/README.alpine b/backports/nextcloud/README.alpine new file mode 100644 index 0000000..229ab60 --- /dev/null +++ b/backports/nextcloud/README.alpine @@ -0,0 +1,5 @@ +## nextcloud-serverinfo package + +If you are using the provided nextcloud php-fpm configuration, +nextcloud-serverinfo package requires to enable 'shell_exec' function +in php configuration file 'nextcloud.conf'. diff --git a/backports/nextcloud/disable-integrity-check-as-default.patch b/backports/nextcloud/disable-integrity-check-as-default.patch new file mode 100644 index 0000000..54ea7a5 --- /dev/null +++ b/backports/nextcloud/disable-integrity-check-as-default.patch @@ -0,0 +1,15 @@ +We patch some files and Nextcloud's integrity check doesn't like it... +APK ensures integrity of all installed files, so this Nextcloud's integrity +check doesn't add any value. + +--- a/lib/private/IntegrityCheck/Checker.php ++++ b/lib/private/IntegrityCheck/Checker.php +@@ -111,7 +111,7 @@ + */ + $isIntegrityCheckDisabled = false; + if ($this->config !== null) { +- $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false); ++ $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', true); + } + if ($isIntegrityCheckDisabled === true) { + return false; diff --git a/backports/nextcloud/dont-update-htaccess.patch b/backports/nextcloud/dont-update-htaccess.patch new file mode 100644 index 0000000..aecaebc --- /dev/null +++ b/backports/nextcloud/dont-update-htaccess.patch @@ -0,0 +1,32 @@ +Don't mess with .htaccess files. + +Patch ported from https://src.fedoraproject.org/cgit/rpms/nextcloud.git/tree/nextcloud-9.1.0-dont_update_htacess.patch + +--- a/core/register_command.php ++++ b/core/register_command.php +@@ -135,7 +135,6 @@ + $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader())); + $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector())); + $application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig())); +- $application->add(new OC\Core\Command\Maintenance\UpdateHtaccess()); + $application->add(new OC\Core\Command\Maintenance\UpdateTheme(\OC::$server->getMimeTypeDetector(), \OC::$server->getMemCacheFactory())); + + $application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->query(\OC\Installer::class))); + +--- a/lib/private/Updater.php ++++ b/lib/private/Updater.php +@@ -233,14 +233,6 @@ + throw new \Exception('Updates between multiple major versions and downgrades are unsupported.'); + } + +- // Update .htaccess files +- try { +- Setup::updateHtaccess(); +- Setup::protectDataDirectory(); +- } catch (\Exception $e) { +- throw new \Exception($e->getMessage()); +- } +- + // create empty file in data dir, so we can later find + // out that this is indeed an ownCloud data directory + // (in case it didn't exist before) diff --git a/backports/nextcloud/fpm-pool.conf b/backports/nextcloud/fpm-pool.conf new file mode 100644 index 0000000..cae9acc --- /dev/null +++ b/backports/nextcloud/fpm-pool.conf @@ -0,0 +1,200 @@ +[global] +; Error log file +; Default Value: log/php-fpm.log +error_log = /var/log/nextcloud/php-fpm.log + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = warning + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 10 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 1m + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +process_control_timeout = 10s + + +[nextcloud] +user = nextcloud +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket (the path is *not* +; relative to chroot!) +; Note: This value is mandatory. +listen = /run/nextcloud/fastcgi.sock + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +listen.mode = 0660 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static ... a fixed number of child processes. +; dynamic ... the number of child processes are set dynamically. +; ondemand ... no children are created at startup; children will be forked +; when new requests will connect. +; Note: This value is mandatory. +pm = ondemand + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +pm.process_idle_timeout = 120s + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +pm.status_path = + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +ping.path = /ping + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +; Note: the path is *not* relative to chroot. +;slowlog = /var/log/nextcloud/php-fpm.slow.log + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. +; +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. +; +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr/lib/php7.x) + +; Allow HTTP file uploads. +php_admin_flag[file_uploads] = true + +; Maximal size of a file that can be uploaded via web interface. +php_admin_value[memory_limit] = 512M +php_admin_value[post_max_size] = 513M +php_admin_value[upload_max_filesize] = 513M + +; Where to store temporary files. +php_admin_value[session.save_path] = /var/tmp/nextcloud +php_admin_value[sys_temp_dir] = /var/tmp/nextcloud +php_admin_value[upload_tmp_dir] = /var/tmp/nextcloud + +; Log errors to specified file. +php_admin_flag[log_errors] = on +php_admin_value[error_log] = /var/log/nextcloud/php.error.log + +; OPcache error_log file name. Empty string assumes "stderr" +php_admin_value[opcache.error_log] = /var/log/nextcloud/php.error.log + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; This must be disabled for ownCloud. +php_admin_flag[output_buffering] = false + +; Overload(replace) single byte functions by mbstring functions. +; This must be disabled for ownCloud. +php_admin_flag[mbstring.func_overload] = false + +; Never populate the $HTTP_RAW_POST_DATA variable. +; http://php.net/always-populate-raw-post-data +php_admin_value[always_populate_raw_post_data] = -1 + +; Disable certain functions for security reasons. +; http://php.net/disable-functions +php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,curl_multi_exec,show_source + +; Set recommended settings for OpCache. +; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache +php_admin_flag[opcache.enable] = true +php_admin_flag[opcache.enable_cli] = true +php_admin_flag[opcache.save_comments] = true +php_admin_value[opcache.interned_strings_buffer] = 8 +php_admin_value[opcache.max_accelerated_files] = 10000 +php_admin_value[opcache.memory_consumption] = 128 +php_admin_value[opcache.revalidate_freq] = 1 diff --git a/backports/nextcloud/nextcloud-config.php b/backports/nextcloud/nextcloud-config.php new file mode 100644 index 0000000..035fb79 --- /dev/null +++ b/backports/nextcloud/nextcloud-config.php @@ -0,0 +1,37 @@ + '/var/lib/nextcloud/data', + 'logfile' => '/var/log/nextcloud/nextcloud.log', + 'apps_paths' => array ( + // Read-only location for apps shipped with Nextcloud and installed by apk. + 0 => array ( + 'path' => '/usr/share/webapps/nextcloud/apps', + 'url' => '/apps', + 'writable' => false, + ), + // Writable location for apps installed from AppStore. + 1 => array ( + 'path' => '/var/lib/nextcloud/apps', + 'url' => '/apps-appstore', + 'writable' => true, + ), + ), + 'updatechecker' => false, + 'check_for_working_htaccess' => false, + + // Uncomment to enable Zend OPcache. + //'memcache.local' => '\OC\Memcache\APCu', + + // Uncomment this and add user nextcloud to the redis group to enable Redis + // cache for file locking. This is highly recommended, see + // https://github.com/nextcloud/server/issues/9305. + //'memcache.locking' => '\OC\Memcache\Redis', + //'redis' => array( + // 'host' => '/run/redis/redis.sock', + // 'port' => 0, + // 'dbindex' => 0, + // 'timeout' => 1.5, + //), + + 'installed' => false, +); diff --git a/backports/nextcloud/nextcloud-dont-chmod.patch b/backports/nextcloud/nextcloud-dont-chmod.patch new file mode 100644 index 0000000..2145508 --- /dev/null +++ b/backports/nextcloud/nextcloud-dont-chmod.patch @@ -0,0 +1,58 @@ +commit d8f09abd65e5fd620b8b0d720daee293c355660c +Author: Leonardo Arena +Date: Mon Aug 31 06:59:15 2020 +0000 + + Don't chmod. The package takes care of setting the right permissions for directories and files + +diff --git a/lib/private/Config.php b/lib/private/Config.php +index cbdbc5b2..1118981b 100644 +--- a/lib/private/Config.php ++++ b/lib/private/Config.php +@@ -242,9 +242,6 @@ class Config { + touch($this->configFilePath); + $filePointer = fopen($this->configFilePath, 'r+'); + +- // Prevent others not to read the config +- chmod($this->configFilePath, 0640); +- + // File does not exist, this can happen when doing a fresh install + if (!is_resource($filePointer)) { + throw new HintException( +diff --git a/lib/private/Log/File.php b/lib/private/Log/File.php +index 9e9abb11..7db25286 100644 +--- a/lib/private/Log/File.php ++++ b/lib/private/Log/File.php +@@ -82,9 +82,6 @@ class File extends LogDetails implements IWriter, IFileBased { + public function write(string $app, $message, int $level) { + $entry = $this->logDetailsAsJSON($app, $message, $level); + $handle = @fopen($this->logFile, 'a'); +- if ($this->logFileMode > 0 && is_file($this->logFile) && (fileperms($this->logFile) & 0777) != $this->logFileMode) { +- @chmod($this->logFile, $this->logFileMode); +- } + if ($handle) { + fwrite($handle, $entry."\n"); + fclose($handle); +diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php +index 49d4ee94..b0943843 100644 +--- a/lib/private/TempManager.php ++++ b/lib/private/TempManager.php +@@ -96,7 +96,6 @@ class TempManager implements ITempManager { + if ($postFix !== '') { + $fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix); + touch($fileNameWithPostfix); +- chmod($fileNameWithPostfix, 0600); + $this->current[] = $fileNameWithPostfix; + return $fileNameWithPostfix; + } +diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php +index 71f6edba..216abdf8 100644 +--- a/lib/private/legacy/OC_Util.php ++++ b/lib/private/legacy/OC_Util.php +@@ -1004,7 +1004,6 @@ class OC_Util { + . ' cannot be listed by other users.'); + $perms = substr(decoct(@fileperms($dataDirectory)), -3); + if (substr($perms, -1) !== '0') { +- chmod($dataDirectory, 0770); + clearstatcache(); + $perms = substr(decoct(@fileperms($dataDirectory)), -3); + if ($perms[2] !== '0') { diff --git a/backports/nextcloud/nextcloud-initscript.post-install b/backports/nextcloud/nextcloud-initscript.post-install new file mode 100644 index 0000000..532ff91 --- /dev/null +++ b/backports/nextcloud/nextcloud-initscript.post-install @@ -0,0 +1,28 @@ +#!/bin/sh + +# It's not needed to be writable for www-data group when running with php-fpm. +for dir in /etc/nextcloud \ + /etc/nextcloud/config.php \ + /var/lib/nextcloud/data \ + /var/lib/nextcloud/apps +do + chmod g-w $dir +done +chgrp root /etc/nextcloud/config.php + +# This must be writable (only) by nextcloud user. +chmod 750 /var/log/nextcloud + +mkdir /var/tmp/nextcloud # If /var/tmp doesn't exist there's a big problem +chown nextcloud /var/tmp/nextcloud +chmod 700 /var/tmp/nextcloud + +cat </dev/null 2>&1; then + su nextcloud -s /bin/sh -c 'php81 -f /usr/share/webapps/nextcloud/cron.php' +fi diff --git a/backports/nextcloud/nextcloud.logrotate b/backports/nextcloud/nextcloud.logrotate new file mode 100644 index 0000000..19e17fd --- /dev/null +++ b/backports/nextcloud/nextcloud.logrotate @@ -0,0 +1,6 @@ +/var/log/nextcloud/*.log { + daily + compress + copytruncate + su nextcloud www-data +} diff --git a/backports/nextcloud/nextcloud.post-upgrade b/backports/nextcloud/nextcloud.post-upgrade new file mode 100644 index 0000000..898b0ea --- /dev/null +++ b/backports/nextcloud/nextcloud.post-upgrade @@ -0,0 +1,57 @@ +#!/bin/sh + +ver_new="$1" +ver_old="$2" + +if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ]; then + cat >&2 <<-EOF + * + * All Nextcloud's bundled apps (except "files" and "dav") have been moved to + * separate subpackages (e.g. nextcloud-activity). If you want to install + * all apps that are enabled by default at once, run: + * + * apk add nextcloud-default-apps + * + EOF + + if [ "$(ls -A /var/lib/nextcloud/apps)" ]; then + cat >&2 <<-EOF + * + * Nextcloud's bundled apps have been moved from /var/lib/nextcloud/apps + * to /usr/share/webapps/nextcloud/apps. Only apps installed from App Store + * should be stored in /var/lib/nextcloud/apps. + * + * It seems that you have installed some apps from App Store, so you have to + * add /var/lib/nextcloud/apps to your apps_paths. Copy "apps_paths" key + * from /etc/nextcloud/config.php.apk-new to your config.php. + * + EOF + fi +fi + +if [ $(apk version -t "$ver_old" '15.0.2-r0') = '<' ]; then + cat >&2 <<-EOF + * + * App "user_external" is no longer available via release channel. + * You need to uninstall the package and install it via appstore: + * + * apk del nextcloud-user_external + * + EOF + +fi + +if [ $(apk version -t "$ver_old" '20.0.0-r0') = '<' ]; then + cat >&2 <<-EOF + * + * If you are updating from Alpine 3.12->3.13 + * please use the transitional package nextcloud19 + * to upgrade from Nextcloud 18->20 + * + EOF + +fi + +if [ "${ver_new%-r*}" != "${ver_old%-r*}" ]; then + echo ' * Run "occ upgrade" to finish upgrading your NextCloud instance!' >&2 +fi diff --git a/backports/nextcloud/nextcloud.pre-install b/backports/nextcloud/nextcloud.pre-install new file mode 100644 index 0000000..e9cf539 --- /dev/null +++ b/backports/nextcloud/nextcloud.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +adduser -S -D -H -h /var/lib/nextcloud -s /sbin/nologin -G www-data -g Nextcloud nextcloud 2>/dev/null + +exit 0 diff --git a/backports/nextcloud/nextcloud.pre-upgrade b/backports/nextcloud/nextcloud.pre-upgrade new file mode 100644 index 0000000..f444e78 --- /dev/null +++ b/backports/nextcloud/nextcloud.pre-upgrade @@ -0,0 +1,10 @@ +#!/bin/sh + +ver_old="$2" +apps_link='/usr/share/webapps/nextcloud/apps' + +# Remove apps symlink before replacing files to avoid losing installed apps. +# This is a workaround for some issue in apk. +if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ] && [ -L "$apps_link" ]; then + rm "$apps_link" +fi diff --git a/backports/nextcloud/occ b/backports/nextcloud/occ new file mode 100644 index 0000000..dbadfc2 --- /dev/null +++ b/backports/nextcloud/occ @@ -0,0 +1,10 @@ +#!/bin/sh + +NEXTCLOUD_DIR='/usr/share/webapps/nextcloud' +: ${NEXTCLOUD_USER:="nextcloud"} + +if [ "$(id -un)" != "$NEXTCLOUD_USER" ]; then + exec su -s /bin/sh "$NEXTCLOUD_USER" -c '$0 "$@"' -- php81 $NEXTCLOUD_DIR/occ "$@" +else + exec php81 $NEXTCLOUD_DIR/occ "$@" +fi diff --git a/backports/nextcloud/use-external-docs-if-local-not-avail.patch b/backports/nextcloud/use-external-docs-if-local-not-avail.patch new file mode 100644 index 0000000..9919133 --- /dev/null +++ b/backports/nextcloud/use-external-docs-if-local-not-avail.patch @@ -0,0 +1,32 @@ +From: Jakub Jirutka +Date: Tue, 27 Jun 2017 02:07:00 +0200 +Subject: [PATCH] Show link to external docs if local is not installed + +--- + apps/settings/templates/help.php | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/apps/settings/templates/help.php b/apps/settings/templates/help.php +index 18cba185..45b5c8d5 100644 +--- a/apps/settings/templates/help.php ++++ b/apps/settings/templates/help.php +@@ -43,6 +43,17 @@ + + +
++ + ++ ++
++

Local documentation is not installed

++

Please use ++ ++ t('online documentation')); ?> ↗ ++ ++

++
++ +
+-- +2.37.3