LibreSign v8.0.0-rc1 fails configuration check

[DazeEnd]

Describe the bug I am new to LibreSign. Now that v8.0.0-rc1 is available, which supports Nextcloud 28, I wanted to install and evaluate it, but the "Configuration check" section shows multiple errors. In addition, the "Download binaries" button doesn't seem to be doing anything.

To Reproduce On a fresh install of AlmaLinux 8.0, running Apache 2.4.37 and PHP v8.2.15 (via php-fpm), I installed Nextcloud 28.0.2. (No Docker image. Just directly installed from a Nextcloud tar ball.) Once Nextcloud was installed and working, I did the following:

1. Uncompress libresign (v8.0.0-rc1) directory and move to Nextcloud apps directory

2. sudo chown -R apache:apache libresign/

3. Enable Libresign app in Nextcloud

4. Install Java, PDFtk, and JSignPdf: sudo -u apache php occ libresign:install --java sudo -u apache php occ libresign:install --pdftk sudo -u apache php occ libresign:install --jsignpdf

   (All three commands show downloading progress at 100%)

5. Refresh the Settings > Administration > LibreSign screen

   Configuration check shows that each line has a status of "error".

   java error message: Invalid java version. Found: expected: openjdk version "17.0.5" 2022-10-18 pdftk error message: PDFtk binary is invalid: /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/pdftk jsignpdf error message: Necessary Java to run JSignPdf

6. Examine nextcloud.log. The log file is empty.

7. Examine [DocumentRoot]/data/appdata_ocnb4cjpki06/libresign. I see: a "java" directory containing jdk-17.0.5+8.jre a "jsignpdf-2.2.2" direcotry a "pdftk" executable a "openssl_config" directory which is empty

8. In Nextcloud Settings > Administration > LibreSign, click the "Download binaries" button. The button changes text to "Downloading binaries" with spinning activity indicator.

9. After waiting 20 minutes, the button clicked in step 8 still reads "Downloading binaries", and the activity indicator is still spinning. After reloading the page, the button returns to reading "Download binaries" with no activity indicator. I would check to see if anything was actually installed, but I don't know where to look.

10. I examined [DocumentRoot]/data/appdata_ocnb4cjpki06/libresign, and didn't notice any changes.

Expected behavior I expected that the Configuration check section would show "Success" or at least something other than "error".

Screenshots

Environment information (please complete the following information):

• OS: AlmaLinux 8.9 (installed on Linode)
• Apache: v2.4.37
• PHP: v8.2.15
• Browser: Chrome
• LibreSign Version: 8.0.0-rc1
• Nextcloud Server Version: 28.0.2
• Logs: The nextcloud.log file is completely empty

Additional context This my first time attempting to install LibreSign, so it's quite possible that I'm doing something wrong. If there are installation instructions that I missed, please feel free to direct me to them. And if there is a better way to request support, please direct me to that as well.

[vitormattos]

Hi @DazeEnd Thanks by your help to LibreSign reporting your case.

Let's go to check by steps to identify what happening.

I will split the tests to do in separated comments here.

[vitormattos]

Invalid Java Version

What the code do: https://github.com/LibreSign/libresign/blob/0857dc3d7964cd0e6cc48ce1c21da4f3f377dcda/lib/Service/ConfigureCheckService.php#L184-L200 To do this test handmade you need to:

1. Get the value of java_path setting using this command:

   occ config:app:get libresign java_path

   The return will be like this: /var/www/html/data/appdata_oc0r7z9n35di/libresign/java/jdk-17.0.5+8-jre/bin/java

2. Run the command to check the Java version Using this command:

   `occ config:app:get libresign java_path` -version

   The will run the output of command that is the path of executable file with namejava` and we need to use the option -version to check the version The output need to be equals to:

   openjdk version "17.0.5" 2022-10-18
   OpenJDK Runtime Environment Temurin-17.0.5+8 (build 17.0.5+8)
   OpenJDK 64-Bit Server VM Temurin-17.0.5+8 (build 17.0.5+8, mixed mode, sharing)

The code check if the first row of output contains the text openjdk version "17.0.5" 2022-10-18. If is different, LibreSign will show the message Invalid java version when load the settings page.

[vitormattos]

PDFtk binary is invalid

What the code do: https://github.com/LibreSign/libresign/blob/0857dc3d7964cd0e6cc48ce1c21da4f3f377dcda/lib/Service/ConfigureCheckService.php#L133-L161 To do this test handmade you need to:

1. Get the value of pdftk_path setting using this command:

   occ config:app:get libresign pdftk_path

   The return will be like this: /var/www/html/data/appdata_oc0r7z9n35di/libresign/pdftk

2. Run the command to check the Java version Using this command:

   `occ config:app:get libresign pdftk_path` --version

   The will run the output of command that is the path of executable file with namepdftk` and we need to use the option --version to check the version The output need to be equals to:

   pdftk port to java 3.3.3 a Handy Tool for Manipulating PDF Documents
   Copyright (c) 2017-2018 Marc Vinyals - https://gitlab.com/pdftk-java/pdftk
   Copyright (c) 2003-2013 Steward and Lee, LLC.
   pdftk includes a modified version of the iText library.
   Copyright (c) 1999-2009 Bruno Lowagie, Paulo Soares, et al.
   This is free software; see the source code for copying conditions. There is
   NO warranty, not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

The code check if the first row match with regex: pdftk port to java (?<version>.*) a Handy Tool extracting the version number from first row, that need to be equals to 3.3.3

[DazeEnd]

Invalid Java Version

I ran the commands you requested, and the version reported back was 17.0.5.

Here is a copy-and-paste of the commands and output:

[ceperry@newton public_html]$ sudo -u apache php occ config:app:get libresign java_path
/var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/java/jdk-17.0.5+8-jre/bin/java
[ceperry@newton public_html]$ sudo -u apache /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/java/jdk-17.0.5+8-jre/bin/java -version
openjdk version "17.0.5" 2022-10-18
OpenJDK Runtime Environment Temurin-17.0.5+8 (build 17.0.5+8)
OpenJDK 64-Bit Server VM Temurin-17.0.5+8 (build 17.0.5+8, mixed mode, sharing)

[DazeEnd]

PDFtk binary is invalid

@vitormattos I checked the version of PDFtk, as requested, and it is reporting version 3.3.3.

Here is a copy-and-paste of the commands and output:

[ceperry@newton public_html]$ sudo -u apache php occ config:app:get libresign pdftk_path
/var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/pdftk
[ceperry@newton public_html]$ sudo -u apache /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/pdftk --version
pdftk port to java 3.3.3 a Handy Tool for Manipulating PDF Documents
Copyright (c) 2017-2018 Marc Vinyals - https://gitlab.com/pdftk-java/pdftk
Copyright (c) 2003-2013 Steward and Lee, LLC.
pdftk includes a modified version of the iText library.
Copyright (c) 1999-2009 Bruno Lowagie, Paulo Soares, et al.
This is free software; see the source code for copying conditions. There is
NO warranty, not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[vitormattos]

Could you share the output of follow command?

occ libresign:configure:check

This is the same that you can see at administration settings, but executed by occ command.

Is a bit strange because you received an empty string about java version and when you executed the command to check the Java version, you got the right version.

[DazeEnd]

That command triggered an exception:

[ceperry@newton public_html]$ sudo -u apache php occ libresign:configure:check
An unhandled exception has been thrown:
Error: Class "Jeidison\JSignPDF\JSignPDF" not found in /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Handler/JSignPdfHandler.php:53
Stack trace:
#0 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(136): OCA\Libresign\Handler\JSignPdfHandler->getJSignPdf()
#1 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(65): OCA\Libresign\Service\ConfigureCheckService->checkJSignPdf()
#2 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(50): OCA\Libresign\Service\ConfigureCheckService->checkSign()
#3 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Command/Configure/Check.php(89): OCA\Libresign\Service\ConfigureCheckService->checkAll()
#4 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Command/Command.php(298): OCA\Libresign\Command\Configure\Check->execute()
#5 /var/www/newton-test.relanet.com/nextcloud/public_html/core/Command/Base.php(177): Symfony\Component\Console\Command\Command->run()
#6 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(1040): OC\Core\Command\Base->run()
#7 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand()
#8 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun()
#9 /var/www/newton-test.relanet.com/nextcloud/public_html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run()
#10 /var/www/newton-test.relanet.com/nextcloud/public_html/console.php(100): OC\Console\Application->run()
#11 /var/www/newton-test.relanet.com/nextcloud/public_html/occ(11): require_once('...')
#12 {main}

[vitormattos]

Sounds that you haven't the folder vendor. Could you check if you have the folder vendor/jsignpdf/jsignpdf-php ?

[DazeEnd]

The vendor folder does exist on the server, as part of the LibreSign app folder.

[ceperry@newton jsignpdf-php]$ pwd
/var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/vendor/jsignpdf/jsignpdf-php
[ceperry@newton jsignpdf-php]$ ls -al
total 116
drwxr-xr-x. 6 apache apache  4096 Feb  9 07:53 .
drwxr-xr-x. 3 apache apache  4096 Feb  9 07:53 ..
-rw-r--r--. 1 apache apache   682 Feb  9 07:53 composer.json
-rw-r--r--. 1 apache apache 75693 Feb  9 07:53 composer.lock
drwxr-xr-x. 2 apache apache  4096 Feb  9 07:53 example
-rwxr-xr-x. 1 apache apache    35 Feb  9 07:53 .gitignore
-rw-r--r--. 1 apache apache   267 Feb  9 07:53 phpunit.xml
-rw-r--r--. 1 apache apache  1268 Feb  9 07:53 README.md
drwxr-xr-x. 3 apache apache  4096 Feb  9 07:53 src
drwxr-xr-x. 4 apache apache  4096 Feb  9 07:53 tests
drwxr-xr-x. 2 apache apache  4096 Feb  9 07:53 tmp

[DazeEnd]

I just did a manual examination, and it appears that all files included under jsignpdf-php that exist in the libresign-v8.0.0-rc1.tar.gz file that I downloaded are included on the server. Here's a full listing, in case it's helpful:

[ceperry@newton jsignpdf]$ pwd
/var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/vendor/jsignpdf
[ceperry@newton jsignpdf]$ ls -Rl jsignpdf-php/
jsignpdf-php/:
total 104
-rw-r--r--. 1 apache apache   682 Feb  9 07:53 composer.json
-rw-r--r--. 1 apache apache 75693 Feb  9 07:53 composer.lock
drwxr-xr-x. 2 apache apache  4096 Feb  9 07:53 example
-rw-r--r--. 1 apache apache   267 Feb  9 07:53 phpunit.xml
-rw-r--r--. 1 apache apache  1268 Feb  9 07:53 README.md
drwxr-xr-x. 3 apache apache  4096 Feb  9 07:53 src
drwxr-xr-x. 4 apache apache  4096 Feb  9 07:53 tests
drwxr-xr-x. 2 apache apache  4096 Feb  9 07:53 tmp

jsignpdf-php/example:
total 4
-rw-r--r--. 1 apache apache 516 Feb  9 07:53 index.php

jsignpdf-php/src:
total 12
-rw-r--r--. 1 apache apache 1078 Feb  9 07:53 JSignFileService.php
-rw-r--r--. 1 apache apache  786 Feb  9 07:53 JSignPDF.php
drwxr-xr-x. 2 apache apache 4096 Feb  9 07:53 Sign

jsignpdf-php/src/Sign:
total 12
-rw-r--r--. 1 apache apache 3525 Feb  9 07:53 JSignParam.php
-rw-r--r--. 1 apache apache 5493 Feb  9 07:53 JSignService.php

jsignpdf-php/tests:
total 12
drwxr-xr-x. 2 apache apache 4096 Feb  9 07:53 Builder
-rw-r--r--. 1 apache apache 3786 Feb  9 07:53 JSignPDFTest.php
drwxr-xr-x. 2 apache apache 4096 Feb  9 07:53 resources

jsignpdf-php/tests/Builder:
total 4
-rw-r--r--. 1 apache apache 861 Feb  9 07:53 JSignParamBuilder.php

jsignpdf-php/tests/resources:
total 88
-rw-r--r--. 1 apache apache 25834 Feb  9 07:53 certificado-error.pfx
-rw-r--r--. 1 apache apache  2537 Feb  9 07:53 certificado.pfx
-rw-r--r--. 1 apache apache 25834 Feb  9 07:53 pdf-error-test.pdf
-rw-r--r--. 1 apache apache 25834 Feb  9 07:53 pdf-test.pdf

jsignpdf-php/tmp:
total 0

[vitormattos]

Sounds that the composer isn't working fine. Could you run a composer install at root folder of libresign? Is at the same folder that contains the vendor folder. If work fine, we will check what's different between your environment and my environment.

To download the composer.phar file, to to root folder of LibreSign and run the follow commands:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'edb40769019ccf227279e3bdd1f5b2e9950eb000c3233ee85148944e555d97be3ea4f40c3c2fe73b22f875385f6a5155') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"

Having the composer.phar file, run php composer.phar install --no-dev and test again the command: occ libresign:configure:check

[DazeEnd]

I got an error when running composer-setup.php, so I stopped there. Here's a listing of what I did:

[ceperry@newton libresign]$ pwd
/var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign
[ceperry@newton libresign]$ sudo -u apache php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
[ceperry@newton libresign]$ ls
appinfo  CHANGELOG.md  composer-setup.php  img  js  l10n  lib  LICENSE  templates  tests  vendor
[ceperry@newton libresign]$ sudo -u apache php -r "if (hash_file('sha384', 'composer-setup.php') === 'edb40769019ccf227279e3bdd1f5b2e9950eb000c3233ee85148944e555d97be3ea4f40c3c2fe73b22f875385f6a5155') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Installer verified
[ceperry@newton libresign]$ sudo -u apache php composer-setup.php
All settings correct for using Composer
Unable to create Composer home directory "/usr/share/httpd/.config/composer": mkdir(): Permission denied

[DazeEnd]

As you can see above, I was running the commands as user apache, but the permissions on my /usr/share/httpd folder require root permission.

[ceperry@newton httpd]$ pwd
/usr/share/httpd
[ceperry@newton httpd]$ ls -al
total 28
drwxr-xr-x.  5 root root  4096 Feb 13 12:53 .
drwxr-xr-x. 96 root root  4096 Feb 13 14:45 ..
drwxr-xr-x.  3 root root  4096 Feb 13 12:53 error
drwxr-xr-x.  3 root root 12288 Feb 13 12:53 icons
drwxr-xr-x.  2 root root  4096 Feb 13 12:53 noindex

I can run it again as root, but my web server (and therefore Nextcloud) run as user apache, so that might be a problem.

[vitormattos]

You also can download the .phar file without the installer:

wget https://github.com/composer/composer/releases/download/2.7.1/composer.phar

[DazeEnd]

Should the composer.phar file go in LibreSign root directory, or in /usr/share/httpd/.config/composer?

[DazeEnd]

I downloaded the compose.phar file to the LibreSign root directory and ran the script. It complained that I didn't have a composer.json file, and asked if I wanted to use the one it found that Nextcloud created. I stopped because I wasn't sure whether using Nextcloud's file would break something.

Should I use Nexcloud's composer.json file, or should I create/download a new one specifically for LibreSign?

[ceperry@newton libresign]$ pwd
/var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign
[ceperry@newton libresign]$ ls
appinfo  CHANGELOG.md  composer.phar  img  js  l10n  lib  LICENSE  templates  tests  vendor
[ceperry@newton libresign]$ sudo -u apache php composer.phar install --no-dev
No composer.json in current directory, do you want to use the one at /var/www/newton-test.relanet.com/nextcloud/public_html? [Y,n]? n
Composer could not find a composer.json file in /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign
To initialize a project, please create a composer.json file. See https://getcomposer.org/basic-usage

[vitormattos]

Right, when the build is made, the composer.json is removed.

Another way to check is cloning the branch stable28, but you will need to build the frontend assets and will be necessary the node at your server.

I will make a test here using the same version of PHP and check if the command occ libresign:configure:check will work fine.

[DazeEnd]

Ok. I finally figured out that you were just wanting me to install Composer on my system. I now have it installed.

[ceperry@newton public_html]$ which composer
/usr/bin/composer
[ceperry@newton public_html]$ composer --version
Composer version 2.7.1 2024-02-09 15:26:28

After installing Composer, I again ran occ libresign:configure:check, but it still threw an exception:

[ceperry@newton public_html]$ sudo -u apache php occ libresign:configure:check
An unhandled exception has been thrown:
Error: Class "Jeidison\JSignPDF\JSignPDF" not found in /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Handler/JSignPdfHandler.php:53
Stack trace:
#0 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(136): OCA\Libresign\Handler\JSignPdfHandler->getJSignPdf()
#1 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(65): OCA\Libresign\Service\ConfigureCheckService->checkJSignPdf()
#2 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Service/ConfigureCheckService.php(50): OCA\Libresign\Service\ConfigureCheckService->checkSign()
#3 /var/www/newton-test.relanet.com/nextcloud/public_html/apps/libresign/lib/Command/Configure/Check.php(89): OCA\Libresign\Service\ConfigureCheckService->checkAll()
#4 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Command/Command.php(298): OCA\Libresign\Command\Configure\Check->execute()
#5 /var/www/newton-test.relanet.com/nextcloud/public_html/core/Command/Base.php(177): Symfony\Component\Console\Command\Command->run()
#6 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(1040): OC\Core\Command\Base->run()
#7 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(301): Symfony\Component\Console\Application->doRunCommand()
#8 /var/www/newton-test.relanet.com/nextcloud/public_html/3rdparty/symfony/console/Application.php(171): Symfony\Component\Console\Application->doRun()
#9 /var/www/newton-test.relanet.com/nextcloud/public_html/lib/private/Console/Application.php(206): Symfony\Component\Console\Application->run()
#10 /var/www/newton-test.relanet.com/nextcloud/public_html/console.php(100): OC\Console\Application->run()
#11 /var/www/newton-test.relanet.com/nextcloud/public_html/occ(11): require_once('...')
#12 {main}

[vitormattos]

I identified the problem, the build process removed a necessary folder. I will create a new RC with this fix.

[DazeEnd]

Hi @vitormattos.

Just FYI, I copied the composer folder from the stable28 branch into the LibreSign app directory in Nextcloud. After copying the folder over, the occ libresign:configure:check now reports success:

[ceperry@newton public_html]$ pwd
/var/www/newton-test.relanet.com/nextcloud/public_html
[ceperry@newton public_html]$ sudo -u apache php occ libresign:configure:check
 --------- ------------------- ---------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------- 
  Status    Resource            Message                                                                                                                                  Tip                                         
 --------- ------------------- ---------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------- 
  success   java                Java version: openjdk version "17.0.5" 2022-10-18                                                                                                                                    
  success   java                Java binary: /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/java/jdk-17.0.5+8-jre/bin/java                                               
  success   pdftk               PDFtk version: 3.3.3                                                                                                                                                                 
  success   pdftk               PDFtk path: /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/pdftk                                                                         
  success   jsignpdf            JSignPdf version: 2.2.2                                                                                                                                                              
  success   jsignpdf            JSignPdf path: /var/www/newton-test.relanet.com/nextcloud/public_html/data/appdata_ocnb4cjpki06/libresign/jsignpdf-2.2.2/JSignPdf.jar                                                
   error    openssl-configure   OpenSSL (root certificate) not configured.                                                                                               Run occ libresign:configure:openssl --help  
 --------- ------------------- ---------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------- 

However, the LibreSign settings screen still reports errors in the "Configuration Check" section:

It's quite possible that I didn't copy the right files and/or directories, so I think I'm done testing this until a new release candidate is released, or until you ask me to do something.

[vitormattos]

Yes! Is this the problem. I already fixed but now the CI broked :-( I think that is about changes at server side.

i.e.: https://github.com/LibreSign/libresign/actions/runs/7934148255/job/21664466828?pr=2295