I updated Nextcloud in cloudron environment from 29.0.8 to 30.0.2
After update, some pages in one collective can not be opened.
I have 6 collectives running, only 1 is affected, and only some subpages in that collective are affected.
Log says the files can not be decrypted. Also opening these files with files/text fails.
Update
I decrypted all files using occ. Opened some random files, they are successfully decrypted.
Only the files in the affected collective are still encrypted
exploring data/files_encryption/keys/files/Collectives for the affected files, there is no folder or Master.shareKey
The Basics
Nextcloud Server version 29.0.8 - 30.0.2
Operating system and version Ubuntu 22.04.4 LTS
Is this the first time you’ve seen this error? Yes
When did this problem seem to first start?
after update
Installation method (e.g. AIO, NCP, Bare Metal/Archive, etc.)
cloudron
Are you using Cloudflare, mod_security, or similar? No
Summary of the issue you are facing:
Some files can not be opened. Log says:
“Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.”
Steps to replicate it (hint: details matter!):
Don’t know how to replicate. I can just say what I did
updated from 29.0.8 to 30.0.2 via cloudron
facing problems opening files via collectives
did a backup to 29.0.8: Problem still exists
Log entries
"Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you."
DecryptionFailedException Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.
{“reqId”:“MOloVwM1sFfQRtokuGCN”,“level”:3,“time”:“2024-12-03T10:09:25+00:00”,“remoteAddr”:“84.189.220.42”,“user”:“xxx”,“app”:“no app in context”,“method”:“PROPFIND”,“url”:“/remote.php/dav/files/xxx/xxx/Protokoll/”,“message”:“Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0”,“version”:“30.0.2.2”,“data”:,“id”:“674edbf305e87”}
From my understanding, encryption has a folder for keys: files_encryption
For a reason I don’t know yet, collectives has a special folder: files_encryption/keys/files/Collectives
there are all collectives listed and each page and subpage has its own folder with a master.sharekey
For some reason, my affected collectives don’t have such a folder / master.sharekey
I checked my backups and apparently those collectives didn’t have an encryption folder / sharekey in the past as well. For some reason, I could still open them.
But as I remember they behaved strange, they were loading an old version instantly, and then it took like 10sec to load the current version. Maybe there was some routine to check for the keys?
So, but why do the affected collectives didn’t open under 30.0.2 (or a collectives update) And furthermore, why do they not open after a rollback to 29.0.8?
Seems like the update from 29.0.8 to 30.0.2 caused some issues with file decryption, especially in the collectives. I would suggest checking if there’s any corruption in the encryption keys after the update or if permissions were altered during the upgrade. Also, you might want to verify if all the necessary encryption keys and files are correctly synced across the system. It could also help to try running the occ command to check for any inconsistencies in the database or encryption settings. Hopefully, Nextcloud will release a patch for this soon.
It looks like the encryption issue is related to missing keys or permissions after the update. You could try the following:
Check Encryption Keys: Ensure the keys for the affected collective are intact in /data/files_encryption/keys/.
Use OCC Commands: Try occ encryption:scan or occ encryption:decrypt for the affected files.
Re-share Files: Since the error mentions shared files, re-sharing them might help.
Revert to Backup: If issues persist, consider reaching out to Nextcloud support.
Has anyone else experienced this after the 30.0.2 update?:
Comment:
It seems like this encryption issue might be related to how Nextcloud handles file encryption during updates, especially in shared directories like collectives. From the logs, the error indicates that the system can’t decrypt the file, which could be because the files were shared or there’s a missing encryption key.
Here are a few steps you could try to resolve this:
Check the Encryption Keys: Since you mentioned there’s no folder or Master.shareKey in the /data/files_encryption/keys/ directory for the affected collective, that’s a significant clue. Make sure the encryption keys are properly configured, and verify that the keys for the affected collective are intact.
Use OCC for Decryption: You’ve already decrypted some files using the occ command. Try running occ encryption:scan or occ encryption:decrypt for the affected collective to ensure the files are properly decrypted.
Check File Ownership: The log suggests the issue might be with shared files. It could be worth re-sharing the files or verifying the file ownerships to ensure there’s no mismatch in permissions post-update.
Revert to Backup (if necessary): Since the issue persisted after restoring from a backup, this suggests the encryption issue might be due to an incompatibility between versions. If the problem remains unresolved, consider opening a ticket with Nextcloud support, as they might have a fix or further debugging steps for issues introduced in the update.
I hope this helps, and I’d love to hear if anyone has successfully resolved similar issues after the 30.0.2 update!
This comment acknowledges the issue, suggests troubleshooting steps, and invites others to share their experiences. Let me know if you’d like any adjustments!
