[arch-commits] Commit in nextcloud/trunk (5 files)

David Runge dvzrv at archlinux.org
Fri Apr 9 09:12:53 UTC 2021 

    Date: Friday, April 9, 2021 @ 09:12:52
  Author: dvzrv
Revision: 915107

upgpkg: nextcloud 21.0.1-1: Upgrade to 21.0.1.

Order optdepends alphabetically and update info for sudo optdepend.
Move the group change of directories below /usr/share/webapps/nextcloud in the
.install file to a conditional statement, that only applies when upgrading from
21.0.0-6 and below (as the change has been introduced with 21.0.0-6).
Change occ wrapper to use runuser when run as root and otherwise fall back to
using sudo for privilege elevation.
Change tmpfiles.d integration to not recursively apply the ownership for the
state directory anymore (it can be very slow on slow disks and large amounts of
files: https://bugs.archlinux.org/task/69888).
Change uwsgi config to also include /var/lib/nextcloud in open_basedir as it is
required for some security checks.

Modified:
  nextcloud/trunk/PKGBUILD
  nextcloud/trunk/nextcloud.install
  nextcloud/trunk/nextcloud.occ.sh
  nextcloud/trunk/nextcloud.tmpfiles
  nextcloud/trunk/nextcloud.uwsgi

--------------------+
 PKGBUILD           |   24 ++++++++++++------------
 nextcloud.install  |    8 ++++----
 nextcloud.occ.sh   |   10 +++++++---
 nextcloud.tmpfiles |    1 -
 nextcloud.uwsgi    |    2 +-
 5 files changed, 24 insertions(+), 21 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-04-09 08:37:58 UTC (rev 915106)
+++ PKGBUILD	2021-04-09 09:12:52 UTC (rev 915107)
@@ -3,8 +3,8 @@
 
 pkgname=nextcloud
 # NOTE: do not package x.0.0 versions as they are considered beta
-pkgver=21.0.0
-pkgrel=9
+pkgver=21.0.1
+pkgrel=1
 pkgdesc="A cloud server to store your files centrally on a hardware controlled by you"
 arch=('any')
 url="https://nextcloud.com"
@@ -13,6 +13,7 @@
 optdepends=(
   'curl: for cron jobs from within uwsgi'
   'ffmpeg: for preview generation'
+  'libreoffice: for preview generation'
   'mariadb: to use a local MariaDB server'
   'memcached: to use a local memcached server'
   'php-apcu: for caching with APCU'
@@ -28,8 +29,7 @@
   'postgresql: to use a local PostgreSQL server'
   'redis: to use a local Redis server'
   'smbclient: for SMB/CIFS integration'
-  'sudo: for occ command'
-  'libreoffice: for preview generation'
+  'sudo: for privilege elevation in occ command when not run as root'
   'uwsgi-plugin-php: run as application container'
 )
 backup=(
@@ -49,24 +49,24 @@
   "${pkgname}.tmpfiles"
   "${pkgname}.uwsgi"
 )
-sha512sums=('a1ae3400f0fb5997e54b0cee821c50d13e4ba0e27c9d11731c8b5233cba564666121a58aed848ccd2593a9783e27db1ed98ff559588a76a1acaeaf083ef4404a'
+sha512sums=('a1339515349af45d293985e939235cf7a6723f0b65144c0635c66bc8110caa13a7e10672550aeb9aa46a61b93b28240cdb76696e41ccae76b8bed6d8667d3c51'
             'SKIP'
             '6f9f284d78d414a3bb7c159a812b105e31e8cd2393afee44465701e6f18169709f6d492d790e403e1e66f308c51b6b6496d29ddce29e4fac2c73a3c84a10c7fe'
             '92592f9a76ee534d0ae6d3aedf2257c147337debe7e2d6dbec1daff66a682e3abc74611e08662058de314bf3ea6ff1c85efd678674b782d71251c38786e446f9'
             '7b18b73ee369607b8ee3d00d2a054262a7b8f3033fc4873eb333c9b9333d7338870c035910ae123b564a65d7d245730178137311048f0713d5bc524de3654923'
-            '1340a9f3479ac83248242547ce948552334ed81097f18fb20c4e9cc3aaafe1575790024bf73399babec8c91858ea0ed4898def4111c4c4585a48e28d8b63e2f3'
+            'daae0331998fc3b135c18330cd8f8405958abce1a913cdbc16accc3c49f2b185a6d44cf4d768eb1eb11d1dd1d81dcc3fe75ec959bd9f4c9c5eb85c450d5ad408'
             '1d06f339c43d57e5f5406c2698b815241fd9e39039a9e55f777face510c9a5ddae5ccd4e051393e8f16f391301a6aa03fff2462837a2d3441d969ea7195e7d84'
-            'e9cc3e29358720ff6514dff4670c7e61462fc01b6150bf668e6b3084ffaf57f618c68ab718f2277edf484aa6357ce5bbd4eb78c83f3f4561d99e9243b337f6c8'
-            '234dfd58717a59c7df78c0f7db61e441fd9a56529f147c19d062b30f18218d230882f5a059339d13f7610e5a5f4213d9d66d9d7ddd3d0ac00cacf4fa4d85101c')
-b2sums=('7c583c150f6b315830191329310993582439e7aef57f306b93681d654b8fa7d4d5dafee082befd493aafd2bf6efd940d52ca0ca05b8e42b79a1599ff3e809550'
+            '78d6b36a9e32727adc7d40de1c4306d815c6d67b32a452bae9e916f65d83997a9a695fb2957a323978fc4909f71c03c9d49059b4e43ee41e572da8a7c3866dec'
+            '70c173e12c1fcd7ea54463c606516275adcb7e113a5fc97e0364972c742bbdd711c8fb97c236e9194e2cbe228129425aa146265a741966c2f0abedf79d3cf25a')
+b2sums=('75483871d83b5513ccdd8b4e142c63ac2efbe651df15a2a3631ccfdc0865d5a78f0aca2205359fe329ea28a550a6bdcfd05c45f2d059bca98ebca52f8d7d6c88'
         'SKIP'
         'a7e1aa1d8cb2b0ff7832bb7d6d857987733253317c0f3727e744502aeaa3b2008351b47ecc24e348fe7b252cefaffe2418797523ee288dfd55e128917e8fbe2c'
         '4ad061efbc20b4d0e9f8cfd01c5e8e612fa5af29bce754b77f90c1835b98ee445ef4de3d8c83da91461053622620af14d880eb9014b51f2383c75f1860d479f4'
         '772a9571fe7d88dbcbeb46351a188354e237dfe8e020131f2752b3a36cff0ff177423b4cfd6a1a5f28946f86a8581f3e24ee06ebda7260c5f862ca4071908e43'
-        '7644165e2218cde22e44ed5f2e65362b847aa37866b00406761a859506a6d5c97ecf8b59c437f16b82927158a7a74f77ff4f87e7c6f96e4d86b5af91dfd9736c'
+        '150273823fdadcaecf3e2af036067581cb4cf02507c6da2a533ef3c288a2a715d076f83c6d6d4ff13cd336184f595361318faa2acdc68979edfad7afef0b575b'
         '1a61a89531636b65dade03cd7edca8747b3e1e880f9bbd4d5a53cffa452d70fe17e345cfed739ae92e99e336d4c1f2633c84a5c84a4ee6da518762bf1396b1db'
-        '913ce3c91de88c991ec79fe237eb40c13a7e9babd4463694b5f6c25ff47f6a133d48f5cd25a38d4fcb425a822ff5541db9cd4c0f545b3f4726272599278fa95f'
-        '21b4ca4e7d4191eef136f3f805533f0ec6ad16db0b9cd0c92d0a800e5bf7043d82ce4f9c8c563b5c952c366989e5dd56e138bebc8cc02db13b8d713c7d9d30a3')
+        '65ddc58d074f08d1169e60db4082b3cf40bc95eb98711bca8f3e5b2e6d037dc60934f888e6efbcbf00274521510e6ab8309249400817fac5f8d628ea54c52958'
+        'e578d24006f87194e92a20738cb51cbcf8d2515e83fe5a603298f0a82032446b227de74c484899271b2c0b3028f010b2d7d4169f2704ddf5cd2548587a6e09f1')
 validpgpkeys=('28806A878AE423A28372792ED75899B9A724937A') # Nextcloud Security <security at nextcloud.com>
 
 prepare() {

Modified: nextcloud.install
===================================================================
--- nextcloud.install	2021-04-09 08:37:58 UTC (rev 915106)
+++ nextcloud.install	2021-04-09 09:12:52 UTC (rev 915107)
@@ -1,13 +1,13 @@
 # arg 1:  the new package version
 # arg 2:  the old package version
 post_upgrade() {
-  if [ "$(vercmp "$2" 21.0.0)" -le 0 ]; then
+  if [ "$(vercmp "$2" '21.0.0-6')" -lt 0 ]; then
     printf "WARNING: Major changes introduced to package!\n"
     printf "         The application is now run as its own user - nextcloud.\n"
     printf "         Default directories for runtime, state and log files are provided.\n"
     printf "         A convenience wrapper around occ is provided in /usr/bin/occ.\n"
+    # directories below /usr/share/webapps/nextcloud are still group-owned by the
+    # nextcloud user due to nextcloud < 21.0.0
+    find /usr/share/webapps/nextcloud -type d -exec chgrp root {} \;
   fi
-  # directories below /usr/share/webapps/nextcloud are still group-owned by the
-  # nextcloud user due to nextcloud < 21.0.0
-  find /usr/share/webapps/nextcloud -type d -exec chgrp root {} \;
 }

Modified: nextcloud.occ.sh
===================================================================
--- nextcloud.occ.sh	2021-04-09 08:37:58 UTC (rev 915106)
+++ nextcloud.occ.sh	2021-04-09 09:12:52 UTC (rev 915107)
@@ -3,6 +3,7 @@
 readonly default_config="/etc/php/php.ini"
 readonly default_php_command="/usr/bin/php"
 readonly default_user="nextcloud"
+readonly preserved_environment_vars="NEXTCLOUD_CONFIG_DIR"
 
 config=""
 php_command=""
@@ -15,8 +16,6 @@
   fi
 }
 
-check_sudo
-
 # allow overriding the php.ini
 if [[ -n "${NEXTCLOUD_PHP_CONFIG}" ]] && [[ -f "${NEXTCLOUD_PHP_CONFIG}" ]]; then
   config="${NEXTCLOUD_PHP_CONFIG}"
@@ -38,4 +37,9 @@
   user="${default_user}"
 fi
 
-sudo --preserve-env=NEXTCLOUD_CONFIG_DIR -u "$user" "$php_command" -c "${config}" /usr/share/webapps/nextcloud/occ "$@"
+if [[ "${UID}" -eq 0 ]]; then
+  runuser --whitelist-environment="${preserved_environment_vars}" -u "$user" -- "$php_command" -c "${config}" /usr/share/webapps/nextcloud/occ "$@"
+else
+  check_sudo
+  sudo --preserve-env="${preserved_environment_vars}" -u "$user" "$php_command" -c "${config}" /usr/share/webapps/nextcloud/occ "$@"
+fi

Modified: nextcloud.tmpfiles
===================================================================
--- nextcloud.tmpfiles	2021-04-09 08:37:58 UTC (rev 915106)
+++ nextcloud.tmpfiles	2021-04-09 09:12:52 UTC (rev 915107)
@@ -3,7 +3,6 @@
 Z %C/nextcloud - nextcloud nextcloud
 d %t/nextcloud 0755 nextcloud nextcloud
 z %L/nextcloud 0755 nextcloud nextcloud
-Z %S/nextcloud - nextcloud nextcloud
 z %S/nextcloud 0755 nextcloud nextcloud
 z %S/nextcloud/apps 0755 nextcloud nextcloud
 z %S/nextcloud/data 0770 nextcloud nextcloud

Modified: nextcloud.uwsgi
===================================================================
--- nextcloud.uwsgi	2021-04-09 08:37:58 UTC (rev 915106)
+++ nextcloud.uwsgi	2021-04-09 09:12:52 UTC (rev 915107)
@@ -24,7 +24,7 @@
 php-docroot = /usr/share/webapps/%n
 php-index = index.php
 php-set = date.timezone=Europe/Berlin
-php-set = open_basedir=%(cloud_data_dir):%(cloud_writable_apps_dir):/tmp/:/usr/share/webapps/%n:/etc/webapps/%n:/dev/urandom:/usr/lib/php/modules:/run/redis/redis.sock:/var/log/%n/%n.log:/proc/meminfo
+php-set = open_basedir=%(cloud_data_dir):%(cloud_writable_apps_dir):/var/lib/%n:/tmp/:/usr/share/webapps/%n:/etc/webapps/%n:/dev/urandom:/usr/lib/php/modules:/run/redis/redis.sock:/var/log/%n/%n.log:/proc/meminfo
 php-set = session.save_path=/tmp
 php-set = session.gc_maxlifetime  21600
 php-set = session.gc_divisor  500

More information about the arch-commits mailing list