news
news copied to clipboard
nextcloud
Files failed integrity check after updating to NC 24.0.5
IMPORTANT
Read and tick the following checkbox after you have created the issue or place an x inside the brackets ;)
- [x] I have read the CONTRIBUTING.md and followed the provided tips
- [x] I accept that the issue will be closed without comment if I do not check here
- [x] I accept that the issue will be closed without comment if I do not fill out all items in the issue template.
Explain the Problem
What problem did you encounter? After updating to NC 24.0.5 some files of News version 18.1.1 give fail to pass the buildin integrity check of NC
Steps to Reproduce
- Update to NC 24.0.5
- As Admin, go to Settings, Overview
- In the group Security you immediately see a red error message
System Information
- News app version: 18.1.1
- Nextcloud version: 24.0.5
- Cron type: system cron
- PHP version: 18
- Database and version: ?
- Browser and version: Chromium 105.0
- OS and version: Ubuntu 22.04
Contents of the integrity check
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- core
- INVALID_HASH
- core/js/mimetypelist.js
- news
- EXTRA_FILE
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/CSS/4.14.0,4114918a13a428a8482a8a449792a5a8747582b5,1.ser
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/URI/4.14.0,3478238e680361cd87bf880f5b3cc50a1e7abc6c,1.ser
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/HTML/4.14.0,100a0d442686872045400b774dcb082c945a1908,2019080701.ser
Raw output
==========
Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[core/js/mimetypelist.js] => Array
(
[expected] => 94195a260a005dac543c3f6aa504f1b28e0078297fe94a4f52f012c16c109f0323eecc9f767d6949f860dfe454625fcaf1dc56f87bb8350975d8f006bbbdf14a
[current] => 1b07fb272efa65a10011ed52a6e51260343c5de2a256e1ae49f180173e2b6684ccf90d1af3c19fa97c31d42914866db46e3216883ec0d6a82cec0ad5529e78b1
)
)
)
[news] => Array
(
[EXTRA_FILE] => Array
(
[vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/CSS/4.14.0,4114918a13a428a8482a8a449792a5a8747582b5,1.ser] => Array
(
[expected] =>
[current] => d72f6c0057bccbd6f798c2c8da7820be90eebdeb672c4d962bbd1a7b67e2fcfe25f9e8ae9da0cfc68bca98bf3c0ce969841187d36cf6b9857ae46a91e593ad77
)
[vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/URI/4.14.0,3478238e680361cd87bf880f5b3cc50a1e7abc6c,1.ser] => Array
(
[expected] =>
[current] => ab08a13c9d6765c71769c6d2940ec65ad0752b8772da219d427bb34c6a35872c664379ea00285d855f84330e0665fe28dbb5b216251259f3efa32bb7cc70b697
)
[vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/HTML/4.14.0,100a0d442686872045400b774dcb082c945a1908,2019080701.ser] => Array
(
[expected] =>
[current] => 540a367e60974a65ddc6db7481eeb141077ba7275caa4c1d478ab76baa8381a865983319035a324109709bb5dafcf92f621837c480458ab84765f7d874174006
)
)
)
)
I've installed the news app using the normal method of installing (i.e. using the "apps" section in the admin-part of NC). I've installed the news app last month when I was on NC 24.0.3, upgrading to NC 24.0.4 gave nog security errors. Only after upgrading to NC 24.0.5 these security issues arised.
Hope this helps in the search for the issue.
The files in the news section should not exist. They actually get stored in the temp directory of your php installation. Maybe that directory is not available and leading to this. That might be the case if your instance is running on some web-hosting service for example.
You can delete those files, from within the nextcloud directory you need to add the rest of the path apps/news/vendor...
Then also check your configuration, maybe it is already configured, in that case this would be a server issue.
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=tempdirectory
The core file is a different topic though. As the name suggests it is part of nextclouds core and has nothing to do with news.
On our side we could maybe improve the code somehow but I'm not sure how. We need the Admin to have a valid temp directory. https://github.com/nextcloud/news/blob/fd01e9ad7b60081c1b4e54a42580987f3636f6cd/lib/AppInfo/Application.php#L92
I think I had this issue as well last night, took me 4 hours to figure out it wasn't going to work and downgraded back to 24.0.3 manually. No errors seem to be logged in either error_log of nextcloud.log, the updater.log also didn't show much useful into as it just stopped at the failing point.
Hair-pulling-frustrating.
And yes the NC updater should get A LOT more lenient for updates and not fail on every nitpicky nonsense item like 'stray files from news plugin' or a php.ini in root. It's perfectly fine to have some extra system files or temp files here and there. NC should deal with that gracefully, or at least CLEARLY provide errors and solutions for it. Especially if you know the files are temporary and legit - Just skip them, or delete them during update but do NOT make it a user problem.
In this case I don't think anyone but the server hosting is to blame, nextcloud correctly detected non-declared files in an app, which are a real security problem. In this case they were written there by news however, simply because the hoster misconfigured the tmp path.
In this case I don't think anyone but the server hosting is to blame, nextcloud correctly detected non-declared files in an app, which are a real security problem. In this case they were written there by news however, simply because the hoster misconfigured the tmp path.
If that's the case then indeed yes, no harm done by NC and my post doesn't apply to this issue. I was just browsing around here and somewhat recognized the issue with the update failing for no clear reason.
My comment/complaint still stands though - It then just belongs in a different topic probably.