mailinabox icon indicating copy to clipboard operation
mailinabox copied to clipboard

Published 20 hours ago verified publisher icon mail-in-a-box

Upgrade Nextcloud to latest v27

Open binarykitchen opened this issue 1 year ago • 16 comments

Because new Nextcloud vulnerabilities have been reported and look scary, we should consider upgrading Nextcloud from the current v26 to the latest v27 and ensure it truly fixes that vulnerability.

But such a PR would depend on upgrading to PHP v8.1 first, which is covered in the other ticket (dependency): https://github.com/mail-in-a-box/mailinabox/issues/2398

Make sure all is exactly covered as precisely documented in this migration guide: docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_27.html

binarykitchen avatar Jun 18 '24 06:06 binarykitchen

8.0 is marked as deprecated; not removed. We can upgrade to 27. In fact I’ve been running on it for months.

There is another gotcha for the upgrade. File permissions need to be adjusted when deploying the release.

yodax avatar Jun 18 '24 06:06 yodax

8.0 is marked as deprecated; not removed. We can upgrade to 27. In fact I’ve been running on it for months.

I see. Hmmm. Still, deprecation warnings shouldn't be ignored. And one day we will want to upgrade to v28 anyway ...

File permissions need to be adjusted when deploying the release.

Oh? Any more information on this? Is that difficult? Do we have a PR for this?

binarykitchen avatar Jun 18 '24 07:06 binarykitchen

Still, deprecation warnings shouldn't be ignored.

Definitely, but with a security issue present we probably should get that out of the way first. Several years ago I did the work to get us to a ppa for php_next (can't remember the version) we can probably reuse much of that work.

Oh? Any more information on this?

Pretty simple fix really, took a while to figure it out though... nextcloud now requires the deployed files to have write permissions by the webserver user otherwise the upgrade via occ can't proceed.

This commit solves that on my fork. My fork can't be directly merged since I run some nextcloud customizations that would cause conflicts, but it's not much. So a quick merge should be possible. https://github.com/yodax/mailinabox/commit/1aaf0fba16a06c33e9735fc834973fe8faf369df

Here is the full diff

We can ignore the phone number stuff and the manual updates to the calendar and contacts components. I believe the calendar updates is required for v27.

yodax avatar Jun 18 '24 07:06 yodax

Thanks, mate

Pretty simple fix really, took a while to figure it out though... nextcloud now requires the deployed files to have write permissions by the webserver user otherwise the upgrade via occ can't proceed.

Do you think you could do a PR for this for a first step?

We can ignore the phone number stuff and the manual updates to the calendar and contacts components. I believe the calendar updates is required for v27.

Uh, many of us MiaB users still access Nextcloud with owncloud-unlockadmin.sh so this should be sorted.

binarykitchen avatar Jun 18 '24 07:06 binarykitchen

Do you think you could do a PR for this for a first step?

No sorry, I don't have the time. I can provide guidance when someone runs into problems.

yodax avatar Jun 18 '24 10:06 yodax

Okay, Respekt: So, are you suggesting fixing the server writing issues first before upgrading PHP to v8.1?

binarykitchen avatar Jun 18 '24 10:06 binarykitchen

The write issues are required for v27. So I'd suggest doing the upgrade to the latest v27 with the write issue as well since you can't upgrade without that fix. Then do the php ppa upgrade. Then the upgrade to nextcloud vnext.

yodax avatar Jun 18 '24 11:06 yodax

@yodax Tell me, the new v69 has this update: "Fixed file permissions when setting up Nextcloud."

See https://github.com/mail-in-a-box/mailinabox/blob/main/CHANGELOG.md#version-69-july-20-2024

Does that include the PHP writing issue fix?

binarykitchen avatar Jul 20 '24 23:07 binarykitchen

That message refers to commit #2377 which only fixes the syntax of a chown command specific to nextcloud

TheRedCyclops avatar Jul 21 '24 11:07 TheRedCyclops

Thanks, all clear. Then that's not related to the "nextcloud now requires the deployed files to have write permissions by the webserver" issue Yodax mentioned further above? Or am I wrong?

binarykitchen avatar Jul 21 '24 23:07 binarykitchen

I took this to be one and the same.

matidau avatar Jul 22 '24 00:07 matidau

Sorry, I do not follow. Is that a yes or no?

binarykitchen avatar Jul 22 '24 01:07 binarykitchen

That message refers to commit #2377 which only fixes the syntax of a chown command specific to nextcloud

The commit #2377 by @jvolkenant fixes the chown part of @yodax commit yodax@1aaf0fb

Pretty simple fix really, took a while to figure it out though... nextcloud now requires the deployed files to have write permissions by the webserver user otherwise the upgrade via occ can't proceed.

This commit solves that on my fork. My fork can't be directly merged since I run some nextcloud customizations that would cause conflicts, but it's not much. So a quick merge should be possible. yodax@1aaf0fb

I believe it is only the chown command that is needed to fix this, not the chmod. Happy for @yodax or anyone else to chime in.

matidau avatar Jul 22 '24 01:07 matidau

I found that the access rights changes were necessary. It was reported during the occ commands that they needed to be changed. Regardless, when someone does the actual upgrade, it will be pretty clear if it's needed since it will fail with an error message telling you that this needs changing.

Looking at the original code I should've placed my changes next to the original chown's. I'll merge that into my branch later.

yodax avatar Jul 22 '24 04:07 yodax

@yodax please do soon and LMK - I'm keen to move on, to upgrade PHP and NC next. So gotta be sure, all is sorted about any permission issues.

binarykitchen avatar Jul 22 '24 05:07 binarykitchen

There’s no need to update my fork. It’s already diverged. I’ll fix it when I update Nextcloud.

yodax avatar Jul 22 '24 06:07 yodax