Provide patch for NC-25-enterprise

[michielbdejong]

The NC-25-enterprise zip file does not contain tests, so applying https://patch-diff.githubusercontent.com/raw/nextcloud/server/pull/36228.patch chokes at line 87.

Here is a version of that patch without the tests-related changes: https://raw.githubusercontent.com/pondersource/sciencemesh-php/main/36228-excl-tests.patch

[michielbdejong]

Hm, apps/files_sharing/src/components/SharingInput.vue is also missing from the zip file.

[michielbdejong]

We would have to patch the minified JS files in the dist/ folder. To do that, we would need to reproduce how this zip file was created, and then run that process from the patched source files to create the patched dist files (and then we could generate a .patch file from that diff).

[michielbdejong]

Will discuss with @mickenordin what the best way forward is here.

[michielbdejong]

As discussed on Zoom, we don't need to reproduce the whole build process, only the step that generates the JS files in the dist/ folder. I'm running this now in a GitPod instance:

npm run build

[michielbdejong]

Done, also git add dist and git reset origin/stable25 apps/*/tests.

[michielbdejong]

These two extra commits should help: https://github.com/pondersource/server/pull/271/commits

Now testing this corrected patch against the zip file

[michielbdejong]

OK, https://patch-diff.githubusercontent.com/raw/pondersource/server/pull/272.patch works now.

[michielbdejong]

It seems that when rebasing on https://github.com/SUNET/nextcloud-custom/tree/b9097abdcf6757e34f19442b28de6e4d8d0637e8 the Sharing tab of the drawer dialog for files/folders disappears. I'll try to reproduce this and see if we can find a fix.

[michielbdejong]

@parhamin2010 can you have a look at this one maybe?

[michielbdejong]

@parhamin2010 maybe this checklist can help you to plan your work on this issue in a structured way. You can tick the boxes as you complete each step:

• [x] Step 1: build the dockerfile
• [x] Step 2: run it
• [x] Step 3: reproduce the issue
• [x] Step 4: analyse the issue
• [ ] Step 5: fix the issue :)

[michielbdejong]

We were able to get to step 1 with:

docker build -t nextcloud-custom .

We were able to get to step 1 with:

docker run -it -p 80:80 nextcloud-custom /bin/bash
service apache2 start

Now we can see the login screen on https://80-sunet-nextcloudcustom-h4nf7knr509.ws-us87.gitpod.io/index.php Next step: see what the admin user/pwd is (configure it?)

[michielbdejong]

I tried to do the setup with admin/admin but this image doesn't support sqlite. So we need to run a mariadb container next to it. @parhamin2010 / @mrvahedi68 can you continue working on this from here?

[michielbdejong]

@parhamin2010 what did you do to get mariadb running?

[michielbdejong]

docker run --restart=always -d --network=testnet --name=maria1.docker -e MARIADB_ROOT_PASSWORD=eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek mariadb --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed

[michielbdejong]

This is how far we got during the standup just now:

#!/bin/bash
set -e

docker network create testnet
docker stop `docker ps -q`
docker rm `docker ps -aq`
docker build -t nextcloud-custom .
echo service apache2 start
docker run --network=testnet --name maria1.docker -d -p 3306:3306 -e MARIADB_ROOT_PASSWORD=eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek mariadb --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
docker run --network=testnet --restart=always -d --name=firefox -p 5800:5800 -v /tmp/shm:/config:rw --network=testnet --shm-size 2g jlesage/firefox:v1.17.1
docker run --network=testnet -it -p 80:80 nextcloud-custom /bin/bash

# in a separate window, try:
docker exec -it -u www-data confident_kalam /bin/bash
cd /var/www/html
php console.php maintenance:install --admin-user einstein --admin-pass relativity --database "mysql" --database-name "efss" --database-user "root" --database-pass "eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek" --database-host "maria1.docker"

[parhamin2010]

Facing with issue to connect to MariaDB. Checklist done to find the root cause:

• Network is running
• Database exists (nextcloud)
• Ports are open inside the images (mariadb, nextcloud, firefox)
• nc is running on port 80, mariadb is running on port 3306, firefox is running on 5800

all of them are on same network. issue is related is connection refused by nc to mariadb

[parhamin2010]

#!/bin/bash
set -e

# create network testnet, Check if network is created remove it first
docker network create testnet
# try to rm related containers
# docker stop `docker ps -q`
# docker rm `docker ps -aq`
docker build -t nextcloud-custom .
docker run --network=testnet --name maria1.docker -d -p 3306:3306 -e MARIADB_ROOT_PASSWORD=eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek mariadb --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
# docker run --network=testnet --restart=always -d --name=firefox -p 5800:5800 -v /tmp/shm:/config:rw --network=testnet --shm-size 2g jlesage/firefox:v1.17.1

docker run --name=nc.docker --network=testnet -it -p 80:80 nextcloud-custom /bin/bash
echo service apache2 start
# here you have NC available on proper URL port 80

# create DB
docker exec -it maria1.docker bash
# inside the maria1.docker container login into mysql use (mysql -u root -p) enter password for root user and run this to create db (create database nextcloud)

# in a separate window to see if we have connection to mariaDB:
docker exec -it -u www-data nc.docker /bin/bash
cd /var/www/html
php console.php maintenance:install --admin-user einstein --admin-pass relativity --database "mysql" --database-name "efss" --database-user "root" --database-pass "eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek" --database-host "maria1.docker"

here the data that you can install NC: user: einstein pw: relativity database user: root database pw: eilohtho9oTahsuongeeTh7reedahPo1Ohwi3aek database host: maria1.docker database name: nextcloud

[parhamin2010]

Facing with this error during the sciencemesh installation

[michielbdejong]

@mrvahedi68 can you help @parhamin2010 with this please?

[parhamin2010]

For fixing the issue above, it needs to copy the sciencemesh directory inside NC container from var/www/html/custom_apps to var/www/html/apps and just enabled it simply. It will show up.

[parhamin2010]

@michielbdejong could you please clarify here? I don't see the issue even when I install sciencemesh. As I said maybe I'm checking somewhere else.

[michielbdejong]

I'll have a look

[michielbdejong]

Working on this in https://github.com/pondersource/dev-stock/blob/sunet-sciencemesh-testing/scripts/sunet-sciencemesh-testing.sh

[michielbdejong]

Issue reproduced:

[michielbdejong]

Confirmed that with db6fbc2d56b44f40 of that same repo, the problem does not happen:

[michielbdejong]

The culprit seems to be the content policy prohibiting loading scripts from source-src, that's an error that shows up in the web console when the sharing tab is missing, and not with the commit where the sharing tab correctly appears.

[michielbdejong]

Content Security Policy: The page\u2019s settings blocked the loading of a resource at inline (\u201cscript-src\u201d).

[michielbdejong]

Content-Security-Policy
    default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-WWViNHBOQWJMVldpVDZTVDlZSGt3NjJHSzMzcmdRU2RySk1KU0x6QW0rMD06R0pXcTg1NDBRd0hBZC9MeGc4UzM5OC9YSFF5UzlqTGwvdDQ3R3RPdCtxUT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self'

Probably the nonce is incorrect then, maybe? - https://content-security-policy.com/nonce/

@mickenordin I see a lot of commits in https://github.com/SUNET/nextcloud-custom/commits/b9097abdcf6757e34f19442b28de6e4d8d0637e8 and it's not clear to me at which point the Content Security Policy may have changed, or on which point maybe something change (an environment variable? a build step?) that would have cause the JS files to be loaded in a different way.

The way I generated the patch was:

• take the stable-25 branch of NC
• paste in the dist folder from the rds zip
• apply the changes in the source code
• build the dist folder
• commit this and generate the patch

Maybe we can simply repeat this process, but starting from the exact commit you want it to be applied to, so we can make sure that the addition of the sciencemesh app doesn't make the JS files disappear. Would it be possible to start from a working image and then maybe we you can apply https://patch-diff.githubusercontent.com/raw/pondersource/server/pull/272.patch in a single step and see if we can make the CSP nonce behave correctly?

Or we could just wait for https://github.com/nextcloud/server/pull/36228 to be merged?

[mickenordin]

Hmm I thought I replied to this yesterday, but apparently not. The difference between those two commits is that db6fbc2d56b44f40 is using Nextcloud 23 and the other one is using Nextcloud 25: https://github.com/SUNET/nextcloud-custom/compare/db6fbc2d56b44f40...b9097abdcf6757e34f19442b28de6e4d8d0637e8

You can use the current image we are running in production: docker run docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 bash