Linux packages status


#18

Hello, I just want to tell you guys, that Nextcloud is avariable on OpenBSD-current, on the ports tree and also packages, the very last version to this point.


#19

@mcostan

To confirm NextCloud 11 will be packaged for EPEL7 as the bump in PHP minimum version isn’t until NC12.

At that point I’m not sure what I’ll do yet, as I cannot use SCL in an EPEL package.

My options are:

  • To maintain 11 for as long as NC maintains support for 11
  • To retire from EPEL and see if I can maintain it as part of the CentOS SCL SIG
  • To advise people to use upstream packages, or to switch to RemiRepo, as I believe Remi will continue to maintain it on his PHP stack there using the Fedora SRPMs I’ll be generating
  • To use the upcoming Fedora nextcloud container on an EL7 box using docker/runc.

However, that decision is indeed still a little way off.

In terms of Fedora at least Nextcloud will be maintained so long as it exists :wink:

I ended up packaging NC 10 rather than the 11 build to get through the review quicker as there were some dependency issues.

You can keep track of the NC 11 status with this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1433919


#20

A post was split to a new topic: Migrate RH 7 client to Nextcloud


#21

Actually I’m the maintainer for this repository:

It’s very simple package for CentOS 7 which we are currently using on our project (NethServer).

I managed to make it work with php-fpm-56 from SCL.

Any developer can confirm it? The official doc says that PHP 5.6 is required for NC 11 (https://docs.nextcloud.com/server/11/admin_manual/installation/system_requirements.html#supported-platforms)


#22

A post was merged into an existing topic: Migrate ownCloud on RH 7 to Nextcloud


#23

@ivaradi I just added a link to your (I think) OBS repo. A user is asking about the Dolphin integration - Client for Dolphin file manager (KDE)?


Client for Dolphin file manager (KDE)?
#24

@jospoortvliet

RHEL (server & client in EPL7 repo)

You probably mean “EPEL” (instead of EPL)? :wink:


#25

@morph027 you state explicitly on the page that your packages are not ‘official’. Now you can argue back and forth on that, but this is a community - you’re undeniably part of it, providing these packages for loads of people, and we have no ‘official’ stamps for packages, pro or con :wink:

You maintain recipes in a public git repo on gitlab, which would be a big requirement if there ever was one for being ‘official’. Another would be getting contributions, having a team - I’m sure you’d welcome PR’s, though.

What I’m saying is - I don’t want to tell you what to do but I kindly suggest the big disclaimer about this not being ‘official’ isn’t really needed… :wink:


#26

Nice to know, going to remove this :wink:

But as said before, with the new updater, packages aren’t necessary anymore IMHO. It just works :wink:


#27

Agreed. But we don’t have automatic updates yet - once we have that I really think it is better if people don’t use packages but use the zip file, from a security point of view…


#28

But it will be impossible to have an automatic updater unless a lot of stuff changes. Right now, if you follow the secure directory guide, it kills the updater from working. You have to log in as root and chown things back to apache. Then you can run the update. Then you have to chown it all back.


#29

Our current security hardening guidelines do not recommend changing ownership or permissions on the files of Nextcloud as the security benefit is largely absent.

See this PR for a bit of information on this. Essentially I believe the issue is that it is so easy to work around the limitation of non-writable application files that it makes no difference while it DOES create a higher barrier to updating which is a far more dangerous situation.

Feel free to engage in the issue above but please provide facts and links to them rather than opinions as this is a well researched topic and Lukas knows his stuff.


#30

FYI I updated the fipo with links to docker, QNAP image and VM… I also linked to it in our install page. It is easier to keep this up to date than the website…


#31

It is not official QNAP store. It is community store. I wouldn’t recommend it for newbies.


#32

Ah, I did not know that, thanks!


#33

You guide was changed after I had already followed it during my original install. The commit history of that PR shows as much.

You should be a little more concious of how recent changes are when trying to tell someone that they did something wrong.


#34

How should this be handled properly? Until NC 12 there are still the old hardening tips, you would have to notify people upgrading from NC 11 to NC 12. Would be a point for the release note which in the end nobody reads and people will come here and complain anyway.

Feel free to share your ideas on how to improve the documentation, make suggestions, you can even contribute -> https://github.com/nextcloud/documenation
The community is indispensable for improving the documentation, the developers know a lot about the code but only the users know which parts are hard to understand or which information is missing.


#35

The choco package already points to all proper sources. Else it would not have been approved by the mods there. Also this is my package :slight_smile:


#36

When I wrote my post back on May 5th, I was unaware that the hardening guide had just been changed (April 26th I believe). So my comments were based around the hardening concepts that have been in place since the early days of ownCloud as they were replicated here with Nexcloud until just recently.

Now, with a new clean install, there are no issues to address.

For anyone coming from an older Nextcloud install or an ownCloud upgrade, then it should be pretty easy to document what permissions are required and publish that information so the person upgrading can handle it.

Instead, the process just pukes out a generic “permission bad” type error and there is no clean documentation stating what the permissions are expected to be.

But because the updater has to be comparing something in order to give an error in the first place, then there should be something that can be documented.


#37

I know it was already submitted there, I said as much in my post. But the point of my comment to @jospoortvliet was to make sure it was officially supported there.