nc-integrity-fix is a script to resolve

• “Some files have not passed the integrity check”

warnings

Every Nextcloud admin has been confronted with this warning sooner or later and is then always busy searching and checking again to find and eliminate the causes.
The → search function of the forum ← shows that this problem is as old as Nextcloud itself. There are so many results (well over 500) that it is even recommended to restrict the searchquery string .

To solve this problem once and for all times - at least for such instances that have full access to the server files (no containerized solutions like Docker, AIO etc) - I created this script with → ebtb ← .

Install it this way:

sudo wget -O /usr/local/bin/nc-integrity-fix https://global-social.net/script/nc-integrity-fix
sudo chmod +x /usr/local/bin/nc-integrity-fix

Explanation:
- the first line downloads the script into the directory /usr/local/bin
- the second line makes it executable

You only need to install it once.
As all of my → ebtb ← scripts, it comes signed and does an integrity check on the first run and checks for updates on every startup.

Simply run it:

nc-integrity-fix

I really hope that this tool will make your life easier and save you a lot of searching and time in future.

Much and good luck,
ernolf

==========================================

• PayPal:
  PayPal.Me @ernolf
• Github Sponsors:
  Github Sponsors @ernolf
• Bitcoin to
  bc1qwlcqc7zsak45vwqk0dt7hnxlrta7syzstgf7t8
• Ethereum, BNB Smart Chain, Polygon to
  0x72b7901b3daa45a7266A77Aa3B3552aB686d0D0D
• Solana to
  E7e13hBB7rmhY2N1MqAY88TKobBktJA7rSpTZWAPec6Y

==========================================

You’re a life saver!!! I was just about to cut my loses and spin up a new LXC for Nextcloud when I saw your post. I was able to successfully resolve all of my integrity checks.

Thank you for all your hard work. What a legend!

Thank you for the appreciative words! That means a lot to me, as you obviously looked at the code yourself.
Your blog post encourages me to continue developing and maintaining my scripts.

ernolf

Hello ernolf,
thanks for your script, but I receive the following message:
root@5d2365650c3f:/usr/local/bin# nc-integrity-fix
… loading modules - dependency/dev/fd/63: line 43: dpkg: command not found
/dev/fd/63: line 43: dpkg: command not found

Dependency not met!

missing dependencies:

Binary Package Description

gpg gnupg GNU Privacy Guard
xmlstarlet xmlstarlet Command line XML toolkit

please install first

I am on a linixserver-nextcloud image 29.X
Pls advice what to do?
regards
Alex

Hi @Broxel,

thank you very much for your feedback!

Could you please explain more in deep what that is. I do not know that image. Is it a containerized solution?

The script is designed for and on debian based distributions with dpkg.

Since you have not installed xmlstarlet, it tries to offer you, to install it with apt-get, wich is an interface to dpkg, which fails.

You should install

xmlstarlet

with the package manager of your system and try again.

Please give me feedback if that solves it for you and maybe some more information about your OS, maybe I can implement support for it, so that future users of the script can benefit from your feedback.

ernolf

Yes. I think @Broxel is referring to this: https://hub.docker.com/r/linuxserver/nextcloud, which would be a Docker container based on Alpine.

Hi you both,
thanks. I do undestand that the script is made for Debian with dpkg. I am on an alpine based linux container. That’s ok.
I will check some of your other scripts, ernolf.
regards
Alex

OK, thank you @bb77

@Broxel :

the script is not meant to run on or from within docker images. Integrity failures should be solved by the container devs.

As you can read → here ← , it does not even support AIO or snap.

h.t.h.

Much and good luck,
ernolf

You are absolutely right. The Image developer should take care of things related to Nextcloud and underlying linux Distribution.
Anyway, many thanks to your time and Engagement here. I‘ve seen some interesting scripts and comments from you in the Forum.
Regards
Broxel

Hello, thank you for this script. I ran about five iterations of this, which removed many files. Now each successive iteration returns the following:

Q: Do you want to remove these needless file? ([y]es or [n]o) [yes]:
rm: cannot remove ‘/var/www/nextcloud/dlib/docs/docs/chm/READ’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/THE’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/README.’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/DO’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/NOT’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/EDIT’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/THE’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/TABLE’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/OF’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/CONTENTS’: No such file or directory
rm: cannot remove ‘/var/www/nextcloud/FILE3’: No such file or directory

This exception was detected for [files_mindmap]:

• Certificate is not valid.
  This script cannot resolve integrity violations of type ‘EXCEPTION’.

I resolved this by running
rm -rf /var/www/nextcloud/dlib/docs/docs/chm/

Additionally, dlib had come up often in this scan since long ago I had manually installed the ‘face recognition’ app. Those directories were owned by root. After fixing permissions on those directories (setting www-data as owner) the integrity check passed. Thanks again!

Tank you for your feedback. I am hapy that you could solve it!

Hey ernolf
great work with all your scripts. I really like them

One question - as I was looking for the error mentioned above:

This exception was detected for [files_mindmap]:

Certificate is not valid.
This script cannot resolve integrity violations of type ‘EXCEPTION’.

… did you also run into that problem and how did you resolve it?
Finally this thing doesn’t cause any problems - nextcloud itself is running fine and also mindmap doesn’t show any problems - so I guess it could also be ignored till a new version with a valid certificate is published.

Hi @hartmut001,

thank you very much for your kind feedback!

That’s exactly how it is. Certificates can only be corrected by the app developers themselves. It is a hint that shows that there is something wrong or incorrect with the certificate and such an error cannot simply be corrected by an “external” script.
As long as you understand why this is the case, there is no need to worry about it.

Much and good luck,
ernolf

After updating to 31.0.3 integrity checks reported a couple invalid hashes. Previously I’d replace a file fresh from the source and problem solved. But this time wasn’t as straight forward and harder to figure out. I decided to try your script and it worked. Errors gone, headache gone.

The script runs on Alma Linux once xmlstarlet and jq are installed. And to keep bash going I had to get rid of ‘!’ characters in the database password.

Thank you!

Hi @RAlm,

thank you very much for your valuable feedbaclk!

ernolf

this might be great for people with SU rights on the server …

Hi ernolf,

Hey, just a heads-up, I am a new user to Nextcloud, but an experienced sysadm.
Yesterday, I was trying to make a reply to this post, but my XP wasn’t high enough yet.

I was interested in your utility: nc-integrity-fix and was trying to use it in a NC instance in a Docker container running in a Portainer stack on a compute instance on Oracle Cloud Infrastructure. I was running through a series of NC upgrades (from v28 through to v301) and ran into the dreaded “integrity check” errors. Wow – those errors are… arcane (to say the least).

Anyway, because I couldn’t reply on this forum, I went and submitted an issue into your repo.

I also linked it back to my project issue (on GitLab), so you can see I’ve captured valuable diagnostics.

If you are interested in seeing if your tool could be extended into an operational context of Docker containers and even Portainer stacks, I’d be available to give you whatever additional diagnostics or collaboration you might need.

A couple of additional Qs:

1. As I was trying to get the tool up & going in the LinuxServer.io Docker image of Nextcloud (using Alpine) it failed because it wanted to use gawk, and I was wondering if a more generic all to awk would have equivalent functionality, or if there were extra capabilities you were relying upon with the GNU version?
2. I saw that sections of the code were minified, which of coure made it hard to understand, and I was wondering what the purpose of that was?

Hi @dpc-on-nc-help

That wil not work and there will never come an adaptation to run it that way. The script is intended for use on baremetal installations or virtual machines where you can behave like on baremetal.

If you get Integrity failures on a docker container, then it’s the image maintainer’s job to fix those issues. You can, but you shouldn’t tamper with them.
If you really want to dig deep under the hood, you should forget about Docker.

Don’t understand me wrong, I use docker as well but only for solutions, where I do NOT want to dig deeper into issues like this.

Much and good luck,
ernolf

Thanks for the super-quick reply, Ernolf!

As it turns out, I discovered that this particular integrity check error cycle was not caused at all by the LinuxServer.io Docker image, but rather by a previously-installed add on NC App (a Dashboard Widget). So that’s a big relief, because it reinforces the integrity of the LS.io images. They have a well-deserved reputation as a reliable “go-to” solution for images.

If you’re interested in the details, they are here:

• Solve NC Integrity Check Error by removing a problematic App

And if you’re not, maybe other noobs like me will get an insight for their own solutions?

As I get more XP on this NC Discourse, I may want to write-up a troubleshooting guide for other sysadm/devops crews who run into these hard-to-disgnose error cycles. As you rightly noted, there are hundreds of posts by folks getting “clotheslined” by these type of errors.

But I think the idea for your tool is still very useful, no matter whether it is deployed on bare metal, or a Docker container – it’s just flat-out useful to have a utility that could resolve errors like these.

And as I was looking over your code, I still have a few questions I was wondering if you could help with?

1. As I was trying to get the tool up & going (using Alpine) it failed because it wanted to use gawk, and I was wondering if a more generic all to awk would have equivalent functionality, or if there were extra capabilities you were relying upon with the GNU version?
2. I saw that sections of the code were minified, which of coure made it hard to understand, and I was wondering what the purpose of that was?