27.1.1 - Howto Reset INVALID_HASH on .htaccess to eliminate issue in 'Admin Overview'

drankinatty · September 22, 2023, 8:03pm

Setup for Nextcloud 27.1.1

Archlinux: 6.5.4-arch2-1
Apache / 2.4.57 (Unix)
OpenSSL / 3.1.3
mod_fcgid / 2.3.9
PHP / 8.1.23

Admin->Overview now flags the core .htaccess file as invalid. Arch modifies this file to fit the install per the webapp standard to isolate Nextcloud to be accessible only though the nextcloud user rather than the general web-server user.

The issue you are facing:

When the Admin->Overview runs, the following details are generated:

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- .htaccess

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.htaccess] => Array
                        (
                            [expected] => 9b8693928ff69f527448d45fac34849ef67eaa4916ac2895bba944fe2307cb9ce0b78099acd8b3059ebc00995a25932fff5df203cd8dc0d7443162edc8b74df7
                            [current] => 896f323be9420620b1beb5a1d69a480f8435604a9412d916cbe4a82097d92ce38d33856df18d9628b3d3218840b0ab81c2f4910f01645dc9ff1c0fe47ed0ad53
                        )

                )

        )

)

The .htaccess file is fine, and includes wanted additions. How do we tell Nextcloud, through occ or otherwise to update the core array with the hash for the current file?

Is this the first time you’ve seen this error? (Y/N):

Steps to replicate it:

Modify the core .htaccess and then choose Administration Settings from menu to have ‘Overview’ checks run…

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

{
    "system": {
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "default_locale": "en_US",
        "default_phone_region": "US",
        "knowledgebaseenabled": true,
        "apps_paths": [
            {
                "path": "\/usr\/share\/webapps\/nextcloud\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/lib\/nextcloud\/apps",
                "url": "\/wapps",
                "writable": true
            }
        ],
        "trusted_domains": [
            "localhost",
            "mysite.com",
            "192.168.6.111"
        ],
        "overwrite.cli.url": "https:\/\/mysite.com\/nextcloud",
        "htaccess.RewriteBase": "\/nextcloud",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "27.1.1.0",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "app_install_overwrite": [
            "issuetemplate"
        ],
        "theme": "",
        "loglevel": 2,
        "memcache.local": "\\OC\\Memcache\\APCu"
    }
}

tflidd · September 24, 2023, 12:38pm

Where is the problem, it tells you that the .htaccess was changed, you know that for your setup it needs to change, so everything is ok, no?

When you can add exceptions, then you could silence the test altogether.

drankinatty · September 25, 2023, 1:20am

Thank you, yes, I am just starting with nextcloud and I have not found were or how to add that exception. A link is fine if you have one. Is it in the admin manual or in the github wiki somewhere? I was hoping there was an occ command for it. I’ve looked at maintenance:update:htaccess and the integrity:... commands, but that doesn’t seem to be it. Where would I find how to do this?

I’ve found the source of the signature, nextcloud/core/signature.json, but I can’t see that I’m supposed to manually edit the file (which would then trigger it’s signature invalid), what do I use to update the .htaccess hash in that file? If the answer is:

A text editor,
sed, or
jq

I’m good with that, I just don’t want to create further problems without finding a reference for the way NC wants this done. (note: changing core/signature.json to include the correct sha512sum prevents the occ integrity:check-core from running properly)

Solution from Prior Post

NONE was necessary. I appears this has cropped up a time or to and a solution was posted at Integrity Check failed ->> .htaccess file invalid where you essentially add 'integrity.check.disabled' => true, to your config/config.php file, go to the Admin Overview, let it warn about the .htaccess file, click Rescan, log out/log in and finally remove the line added to config.php (personally, though not checked, the Rescan with the added line should be sufficient, then remove the line)