Double hop, to X (production) major code integrity check failures

Server
,
1

Steps to reproduce

  1. update to 9.18 and then 10.0.0.7 (production)
  2. finish update with occ upgrade
    3.

Expected behaviour

Normal operation

Actual behaviour

Message on the GUI after logging in

Server configuration

Operating system: Debian

Web server: Apache

Database: mysql

PHP version: 7.0

ownCloud version: (see ownCloud admin page) 10.0.0.7

Updated from an older ownCloud or fresh install: update

Where did you install ownCloud from: first 9.0.1 (23 December), to 9.1.8 then 10.0.7

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/... no

Are you using encryption: yes/no no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... yes ldap

LDAP configuration (delete this part if not used) is working fine

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

Technical information

The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results

  • core
    • INVALID_HASH
      • updater/README.md
      • updater/app/bootstrap.php
      • updater/app/config/container.php
      • updater/pub/js/main.js
      • updater/src/Command/BackupDataCommand.php
      • updater/src/Command/BackupDbCommand.php
      • updater/src/Command/CheckSystemCommand.php
      • updater/src/Command/CheckpointCommand.php
      • updater/src/Command/CleanCacheCommand.php
      • updater/src/Command/Command.php
      • updater/src/Command/DetectCommand.php
      • updater/src/Command/ExecuteCoreUpgradeScriptsCommand.php
      • updater/src/Command/InfoCommand.php
      • updater/src/Command/MaintenanceModeCommand.php
      • updater/src/Command/PostUpgradeCleanupCommand.php
      • updater/src/Command/PostUpgradeRepairCommand.php
      • updater/src/Command/PreUpgradeRepairCommand.php
      • updater/src/Command/RestartWebServerCommand.php
      • updater/src/Command/StartCommand.php
      • updater/src/Command/UpdateConfigCommand.php
      • updater/src/Console/Application.php
      • updater/src/Controller/DownloadController.php
      • updater/src/Controller/IndexController.php
      • updater/src/Formatter/HtmlOutputFormatter.php
      • updater/src/Http/Request.php
      • updater/src/Resources/views/base.php
      • updater/src/Resources/views/partials/inner.php
      • updater/src/Resources/views/partials/login.php
      • updater/src/Utils/AppManager.php
      • updater/src/Utils/Checkpoint.php
      • updater/src/Utils/Collection.php
      • updater/src/Utils/ConfigReader.php
      • updater/src/Utils/DocLink.php
      • updater/src/Utils/Feed.php
      • updater/src/Utils/Fetcher.php
      • updater/src/Utils/FilesystemHelper.php
      • updater/src/Utils/Locator.php
      • updater/src/Utils/OccRunner.php
      • updater/src/Utils/Registry.php
      • updater/src/Utils/ZipExtractor.php
      • updater/vendor/autoload.php
      • updater/vendor/composer/autoload_files.php
      • updater/vendor/composer/autoload_psr4.php
      • updater/vendor/composer/autoload_real.php
      • updater/vendor/composer/installed.json
      • updater/vendor/paragonie/random_compat/CHANGELOG.md
      • updater/vendor/paragonie/random_compat/ERRATA.md
      • updater/vendor/paragonie/random_compat/lib/random.php
      • updater/vendor/react/promise/CHANGELOG.md
      • updater/vendor/react/promise/composer.json
      • updater/vendor/react/promise/src/LazyPromise.php
      • updater/vendor/react/promise/src/Promise.php
      • updater/vendor/react/promise/src/functions.php
      • updater/vendor/symfony/console/Application.php
      • updater/vendor/symfony/console/CHANGELOG.md
      • updater/vendor/symfony/console/Command/Command.php
      • updater/vendor/symfony/console/Command/HelpCommand.php
      • updater/vendor/symfony/console/Command/ListCommand.php
      • updater/vendor/symfony/console/Descriptor/ApplicationDescription.php
      • updater/vendor/symfony/console/Descriptor/Descriptor.php
      • updater/vendor/symfony/console/Descriptor/MarkdownDescriptor.php
      • updater/vendor/symfony/console/Descriptor/TextDescriptor.php
      • updater/vendor/symfony/console/Formatter/OutputFormatter.php
      • updater/vendor/symfony/console/Formatter/OutputFormatterStyleStack.php
      • updater/vendor/symfony/console/Helper/DescriptorHelper.php
      • updater/vendor/symfony/console/Helper/DialogHelper.php
      • updater/vendor/symfony/console/Helper/Helper.php
      • updater/vendor/symfony/console/Helper/HelperSet.php
      • updater/vendor/symfony/console/Helper/ProgressBar.php
      • updater/vendor/symfony/console/Helper/ProgressHelper.php
      • updater/vendor/symfony/console/Helper/QuestionHelper.php
      • updater/vendor/symfony/console/Helper/SymfonyQuestionHelper.php
      • updater/vendor/symfony/console/Helper/Table.php
      • updater/vendor/symfony/console/Helper/TableCell.php
      • updater/vendor/symfony/console/Helper/TableHelper.php
      • updater/vendor/symfony/console/Helper/TableStyle.php
      • updater/vendor/symfony/console/Input/ArgvInput.php
      • updater/vendor/symfony/console/Input/ArrayInput.php
      • updater/vendor/symfony/console/Input/Input.php
      • updater/vendor/symfony/console/Input/InputDefinition.php
      • updater/vendor/symfony/console/Input/InputInterface.php
      • updater/vendor/symfony/console/Input/StringInput.php
      • updater/vendor/symfony/console/LICENSE
      • updater/vendor/symfony/console/Output/ConsoleOutput.php
      • updater/vendor/symfony/console/Output/OutputInterface.php
      • updater/vendor/symfony/console/Question/ChoiceQuestion.php
      • updater/vendor/symfony/console/Question/Question.php
      • updater/vendor/symfony/console/Shell.php
      • updater/vendor/symfony/console/Style/SymfonyStyle.php
      • updater/vendor/symfony/console/Tester/ApplicationTester.php
      • updater/vendor/symfony/console/Tester/CommandTester.php
      • updater/vendor/symfony/console/composer.json
      • updater/vendor/symfony/process/ExecutableFinder.php
      • updater/vendor/symfony/process/PhpExecutableFinder.php
      • updater/vendor/symfony/process/PhpProcess.php
      • updater/vendor/symfony/process/Pipes/AbstractPipes.php
      • updater/vendor/symfony/process/Pipes/PipesInterface.php
      • updater/vendor/symfony/process/Pipes/UnixPipes.php
      • updater/vendor/symfony/process/Pipes/WindowsPipes.php
      • updater/vendor/symfony/process/Process.php
      • updater/vendor/symfony/process/ProcessBuilder.php
      • updater/vendor/symfony/process/ProcessUtils.php
      • updater/vendor/symfony/process/composer.json
      • updater/vendor/composer/ClassLoader.php
      • updater/vendor/composer/LICENSE
      • updater/vendor/react/promise/src/FulfilledPromise.php
      • updater/vendor/react/promise/src/RejectedPromise.php
      • updater/vendor/react/promise/src/UnhandledRejectionException.php
      • updater/vendor/react/promise/.travis.yml
      • updater/vendor/react/promise/phpunit.xml.dist
      • updater/vendor/react/promise/README.md
      • updater/vendor/react/promise/LICENSE
      • updater/vendor/symfony/process/Exception/ProcessFailedException.php
      • updater/vendor/symfony/process/phpunit.xml.dist
      • updater/vendor/symfony/process/README.md
      • updater/vendor/symfony/console/Formatter/OutputFormatterStyle.php
      • updater/vendor/symfony/console/Input/InputArgument.php
      • updater/vendor/symfony/console/Input/InputOption.php
      • updater/vendor/symfony/console/Output/Output.php
      • updater/vendor/symfony/console/Output/StreamOutput.php
      • updater/vendor/symfony/console/Output/NullOutput.php
      • updater/vendor/symfony/console/Helper/TableSeparator.php
      • updater/vendor/symfony/console/phpunit.xml.dist
      • updater/vendor/symfony/console/README.md
    • FILE_MISSING
      • updater/vendor/composer/autoload_static.php
      • updater/vendor/symfony/console/Helper/ProgressIndicator.php
      • updater/vendor/symfony/polyfill-mbstring/Mbstring.php
      • updater/vendor/symfony/polyfill-mbstring/bootstrap.php
      • updater/vendor/symfony/polyfill-mbstring/composer.json
    • EXTRA_FILE
      • updater/src/Tests/Http/RequestTest.php
      • updater/src/Tests/Utils/FeedTest.php
      • updater/src/Tests/Utils/FetcherTest.php
      • updater/src/Tests/Utils/RegistryTest.php
      • updater/src/Tests/Utils/CheckpointTest.php
      • updater/src/Tests/Utils/DocLinkTest.php
      • updater/src/Tests/Utils/AppManagerTest.php
      • updater/src/Tests/Utils/OccRunnerTest.php
      • updater/src/Tests/Utils/ConfigReaderTest.php
      • updater/src/Tests/bootstrap.php
      • updater/src/Tests/Controller/DownloadControllerTest.php
      • updater/src/Tests/phpunit.xml
      • updater/src/Tests/StreamInterface.php
      • updater/src/Command/DisableNotShippedAppsCommand.php
      • updater/src/Command/EnableNotShippedAppsCommand.php
      • updater/src/Command/DbUpgradeCommand.php
      • updater/vendor/ircmaxell/password-compat/lib/password.php
      • updater/vendor/ircmaxell/password-compat/LICENSE.md
      • updater/vendor/ircmaxell/password-compat/version-test.php
      • updater/vendor/ircmaxell/password-compat/composer.json
      • updater/vendor/symfony/polyfill-php55/bootstrap.php
      • updater/vendor/symfony/polyfill-php55/Php55ArrayColumn.php
      • updater/vendor/symfony/polyfill-php55/README.md
      • updater/vendor/symfony/polyfill-php55/Php55.php
      • updater/vendor/symfony/polyfill-php55/composer.json
      • updater/vendor/symfony/polyfill-php56/Php56.php
      • updater/vendor/symfony/polyfill-php56/bootstrap.php
      • updater/vendor/symfony/polyfill-php56/README.md
      • updater/vendor/symfony/polyfill-php56/composer.json
      • updater/vendor/symfony/polyfill-util/TestListener.php
      • updater/vendor/symfony/polyfill-util/README.md
      • updater/vendor/symfony/polyfill-util/BinaryOnFuncOverload.php
      • updater/vendor/symfony/polyfill-util/composer.json
      • updater/vendor/symfony/polyfill-util/Binary.php
      • updater/vendor/symfony/polyfill-util/BinaryNoFuncOverload.php
      • updater/.travis.yml
      • updater/CONTRIBUTING.md
      • updater/composer.lock
      • updater/nbproject/project.xml
      • updater/nbproject/project.properties
      • updater/box.json
      • updater/.scrutinizer.yml
      • updater/composer.json

Raw output

Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[updater/README.md] => Array
(
[expected] => 51f0f8413afe2f23c881b4e47a4595baf9b50b4e3a7de264dc3e90ec46e5a52793a7380371e06ea9195047ca5597edd72c1df8d58f634b3d349356712a702e4e
[current] => d574dd08a2dd1ec8608615e1ceb15b6894ed0c87ff99dfd24e3394e178dbcc841ad41a76cae71c4ccad02aa5f1db4651752f27b7005af6f0024028669fa2c1ab
)

this goes on an d on (could not even post it here)

2

Hey,

i just have found this in your post:

Did you had a look at the mentioned documentation / link? Maybe this can help you and give you some background information about the integrity messages.

3

Yes i did. Tomorrow i am going to take a deeper look.

This is production and i found two other issues:
1. All users are gone (ldap).
2. Can’t set max upload size anywhere in GUI

  1. Is quite something. Not any of the shared folders show up to anyone before the sharer-user logs on. Quite a thing been calling for hours all project managers to login so everyone can work tomorrow....

So the integrety check is not my biggest concern atm

4

I had a search for the word "LDAP" on https://doc.owncloud.org/server/latest/admin_manual/release_notes.html and found some notes on changes in the LDAP implementation and some references to occ commands and cron jobs which could help for 1.

5

Thanks, all seems fine it is just that the userdDB in ownCloud is completely empty. After a user (LDAP) logs on the UUID get's mapped to their data and all is fine.

Annoying thing though.

6

Mhhh, but did you had a look at my posted reference above? From what i understand you need to run some commands / cron jobs to get this userDB filled. This won't be done automatically according to the release notes linked above.

7

Mmm, well each time a consecutive user logs on all is good to normal. Did not see any commands i need to run to make that happen before hand.

File integrety is sorted, copied all the files and all good now.

8

I think if you follow this advice you will find some commands to make this happen beforehand:

There something like the following text was showing up in my search:

"Existing LDAP users only show up in the user management page and the share dialog after being synced"

which is pointing to a command to run.

9

Yes, or just the user to sign in... On initial config the users don't appear either if i believe (if i recall that well) only after first logon.

If there is a command i would be glad to know it though.