Is there a way to override file integrity check failures?

Yes, I have searched the forum on this issue.

No this issue is not related to the 16.0.2 cypress issue.

I’ve had this issue for awhile off and on, as can be seen [here]

The documentation suggests simply copying over an older version of the .htaccess files but I need a more flexible solution because

  1. I’m not sure if I have my .htaccess backup file

  2. I keep having this problem over and over again.

  3. My current manual changes to my .htaccess and .user.ini files were done on purpose to fix other problems. [click here to see thread detailing this issue]

  4. This is not just effecting core, it’s also happening to apps.

Here’s the readouts:

sudo -u www-data php occ integrity:check-core                
    - .htaccess:
      - expected: f30494d88fc2d7caf0be8b27629cb246483cea0203696e44fd376bff19db51bb89c9f4076b1f849627ef3cb011f4a20088116e7b0d10ce467a3dde5db71e108b
      - current: fa15cb5fbb6995a7036a8d31cc89cf0660b943a9efa7ba6b88994962d4effc7030cdc2abe5d0fbc5d05f864c7c632bdcdb3fea00ba9663e7a9091aa3c26abf33
    - .user.ini:
      - expected: 4843b3217e91f8536cb9b52700efb20300290292cf6286f92794d4cec99df286afeb7dd6c91b1be20bc55eda541eef230a5c5e7dcd46c189edd0ed1e80c6d3f5
      - current: 14240d7a7582f019b411929e75b00548aa62af083c542331e55e530972c0f7ee713dcf1e332ffcec38418ef2b35753a2afd18857e55362caa027738b0706043d
sudo -u www-data php occ integrity:check-app files_rightclick
      - expected: 
      - current: cf73849388838de5037624e53303618579b164ec69fd55834ce4c5332ae33f778839e36298cbcc8ede90620927e076dbb8883479754e4c09b0491b15bf7653f3

I also tried to run:

sudo -u www-data php occ maintenance:update:htaccess

And as a result I now get a 504 error when I try to go to my settings overview page via my web portal.

I’ve already tried to turn off code signing as per suggestions in the first thread I linked and that did not work.

I also understand why code signing is an important security feature, why it should be enabled, but surely there’s some way for me to override this issue? I’m 100% sure that the changes to .htaccess are due to me, and not due to any kind of invader/hacker etc.

Looking at the documentation I see that I can also sign apps or core? Is this what I need to do in order to override this issue? I tried experimenting with this by signing the rightclick app (since I figure if I screwed that up I could just reinstall it pretty easily) but this did not work due to me not giving enough or giving the wrong arguments:

┌─    |  /var/www/nextcloud                                             
└─➤ sudo -u www-data php occ integrity:check-app files_rightclick
      - expected: 
      - current: cf73849388838de5037624e53303618579b164ec69fd55834ce4c5332ae33f778839e36298cbcc8ede90620927e076dbb8883479754e4c09b0491b15bf7653f3

┌─    |  /var/www/nextcloud                                             
└─➤ sudo -u www-data php occ integrity:sign-app files_rightclick 

  Too many arguments, expected arguments "command".  

integrity:sign-app [--path PATH] [--privateKey PRIVATEKEY] [--certificate CERTIFICATE]

I’m guessing the issue there is I need my private key and cert? Not totally sure where those are kept. All the documentation I look up is about the encrypted files app which I don’t think I have enabled.

I found the occ command for checking what your security certs locations are and when I ran this I got the following output:

└─➤ sudo -u www-data php occ  security:certificates 
| File Name | Common Name | Organization | Valid Until | Issued By |

Which… seems to indicate that I don’t have a valid security cert for my installation?

Bump? Any clue about this? I’m starting to have problems similar to my previous problems. Specifically issues I was having with the page constantly trying to reload on the web portal side.

I feel almost like I need to do a complete reinstall of NC or something but I’ve got a massive 3 terabyte server here and it’s going to take forever to resync and to get my laptop etc back in sync too. :confused:

Afaik, since NC 16.x neither .htaccess nor .user.ini should be touched and all necessary changes should be made elsewhere, e.g. PHP settings and the like. That’s also the reason, that both of those files are subject to NCs integrity check.

As far as your concern about missing certificates go… I don’t have anything in there either, which is no wonder, since my SSL cert is configured in the Apache site config.

I do also have the isssue with the in files-rightclick. I simply chose to delete that file and that made the error go away for me.


Thanks that’s super helpful!

Does this mean I should just copy over the backup I have of the .htaccess and userini? What if I don’t have them? I do have some but what if they don’t pass the integrity check? Is there no way out of this problem? Seems like… not a super great design.

Also where are the php settings for an nginx install?

You can always download the full-install from Nextcloud and unzip it somewhere. Then just copy the .htaccess and .user.ini from that unzipped install into your actual install. As I said, since these two are to be supposed to be as shipped, they need to be always the same.

As far as the php settings for an NginX install goes… I had to struggle myself a bit with that and since we’re also using php-fpm, things seemed even more unclear at first, but in the end it’s pretty easy: you will have to adjust the php settings in /etc/php.ini, e.g. the memory size and probably the size for the max. upload size.


Cool. I’ve done that now. I seem to be having other problems but I’ll look into those or create a separate thread. Thanks!

Actually scratch that. It turns out this problem isn’t fixed. It’s simply being obscured by a different error I’m having with caldav stuff.

In trying to fix a different problem I found out that just because my overview settings wasn’t showing the file integrity check failure didn’t mean that there wasn’t a failure. At least according to checking this page:

EDIT: Scratch thhat it does work! Thank you @budy