Restore NCP with just "ncdata" possible?

citizenserious · July 20, 2021, 4:03pm

hi @Mageunic thanks again.
The password change doesn’t work somehow… the weird thing is, that now I can put in whatever I want when sudo mysql -u root -p is asking me for a password. It just accepts anything now, maybe because of the try to change it?
When trying to change it, there just appears the next command line but no output whatsoever.
When restarting I get the same Internal server error because of the change of the database password in the config file.

I tried decrypting my files. I got the error “In Crypt.php line 505: Bad Signature”
Line 505 from “/var/www/nextcloud/apps/encryption/lib/Crypto/Crypt.php”, is throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature')); inside a if block.

Thats the block:

/**
 * check for valid signature
 *
 * @param string $data
 * @param string $passPhrase
 * @param string $expectedSignature
 * @throws GenericEncryptionException
 */
private function checkSignature($data, $passPhrase, $expectedSignature) {
	$enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);

	$signature = $this->createSignature($data, $passPhrase);
	$isCorrectHash = hash_equals($expectedSignature, $signature);

	if (!$isCorrectHash && $enforceSignature) {
		throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
	} elseif (!$isCorrectHash && !$enforceSignature) {
		$this->logger->info("Signature check skipped", ['app' => 'encryption']);
	}
}`

but I don’t know where everywhere I have to change the signature to the old one.

Mageunic · July 21, 2021, 11:03am

@citizenserious this is strange for the second comand, I will try to find a solution.
To change mysql user password, try this : https://linuxconfig.org/how-to-change-mariadb-user-password

citizenserious · July 21, 2021, 2:13pm

@Mageunic the website is awesome, I changed both the root and user password. But nevertheless the password gets changed in the config file with every reboot. So as a workaround I just used the password it changes to every time, now it works. Maybe I try to look into this particular phenomena later.

Edit:
I also tried to replace the Crypt.php with the old one, and give it the right permission, but it didn’t work. And I also tried to replace the whole directory “/var/www/nextcloud/apps/encryption” give it the right permission, but it also didn’t work.

That’s the log file with the old encryption directory:

[no app in context] Error: OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature at <>

/var/www/nextcloud/apps/encryption/lib/Crypto/Crypt.php line 480
OCA\Encryption\Crypto\Crypt->checkSignature("*** sensitive parameters replaced ***")
/var/www/nextcloud/apps/encryption/lib/Crypto/Crypt.php line 429
OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent("*** sensitive parameter replaced ", " sensitive parameter replaced ***", “AES-256-CTR”, 0)
/var/www/nextcloud/apps/encryption/lib/KeyManager.php line 237
OCA\Encryption\Crypto\Crypt->decryptPrivateKey("*** sensitive parameters replaced ***")
/var/www/nextcloud/apps/encryption/lib/Users/Setup.php line 64
OCA\Encryption\KeyManager->validateMasterKey()
/var/www/nextcloud/apps/encryption/lib/AppInfo/Application.php line 57
OCA\Encryption\Users\Setup->setupSystem()
/var/www/nextcloud/apps/encryption/appinfo/app.php line 38
OCA\Encryption\AppInfo\Application->setUp(OC\Encryption\Manager {})
/var/www/nextcloud/lib/private/legacy/OC_App.php line 303
require_once("/var/www/nextcl … p")
/var/www/nextcloud/lib/private/legacy/OC_App.php line 185
OC_App::requireAppFile(OCA\Encryption\AppInfo\Application {})
/var/www/nextcloud/lib/private/legacy/OC_App.php line 138
OC_App::loadApp(“encryption”)
/var/www/nextcloud/lib/base.php line 979
OC_App::loadApps()
/var/www/nextcloud/index.php line 37
OC::handleRequest()

The log file with the default encryption directory is the exact same, so nothing changes when replacing the encryption directory…

Mageunic · July 21, 2021, 5:53pm

@citizenserious
have you try to disable and enable encryption module ?

maybe this can help but not sure for your issue …

citizenserious · July 21, 2021, 6:13pm

@Mageunic I don’t think that the server encryption still has a legacy encryption module, there was an update once. Anyway I deactivated the encryption in the settings and the app, then enabled it again like you suggested but unfortunately it did not work.
My files were not on legacy anymore I am really sure about it because I disabled the legacy extension while it was still working, and I had to make sure first that there are no files left with the legacy encryption. Thats what ncc encryption:scan:legacy-format was for.

Mageunic · July 22, 2021, 3:42pm

@citizenserious I don’t know how to solve your issue at the moment…

citizenserious · July 22, 2021, 5:11pm

@Mageunic you already helped me a lot. And the main problems are solved. Thank you again. I will try to write a summary soon (: Also I got the most important data synchronized with other devices, so I will put my instance back to work again now. And take care about the rest later.
Thanks again mate, you safed me so much trouble.

citizenserious · July 23, 2021, 12:33pm

How to manually restore an nextcloudpi instance (with enabled encryption): many thanks to @Mageunic

What you need:

/var/www
/var/lib/mysql
your data directory, by default it is at: /var/www/nextcloud/data

Preparation:

Setup a new NCP instance
update/upgrade
activate the instance and note the passwords
update nextcloud pi (sudo ncp-config). Update nextcloud inside the nextcloud itself.
$ sudo apt-get install imagemagick php-imagick
$ ncc db:add-missing-indices
$ ncc db:convert-filecache-bigint

Restore the database:

remove mysql: $ rm -rf /var/lib/mysql
copy your database: $ cp -r -p /location/of/database /var/lib/mysql
set the right permission for the database: $ sudo chown -R mysql:mysql /var/lib/mysql/

Restore www:
1.0 remove www: $ rm -rf /var/www
2.0 copy your www: $ cp -r /location/of/www /var/www
3.0 setting permissions:
3.1: $ sudo chown -R www-data:www-data /var/www/nextcloud
3.2: $ sudo chown -R www-data:www-data /var/www/ncp-previewgenerator
3.3: $ sudo chown -R www-data:www-data /var/www/ncp-web
3.4: $ sudo chmod 711 /var/www/nextcloud

— REBOOT – $ sudo reboot now

look for the database password for ncadmin in /var/www/nextcloud/config/config.php
by the way → make sure the location of your data directory (ncdata) is set right in the config.php (default location of database: /var/www/nextcloud/data)
Change MariaDB Passwords for ncadmin to the password discovered (nicely described here: https://linuxconfig.org/how-to-change-mariadb-user-password)
- § sudo mariadb -u root -p
  - it asks for a password, you can type anything here, it doesn’t mater, just hit enter.
    MariaDB [(none)]> use mysql;
    MariaDB [mysql]> ALTER USER 'ncadmin'@'localhost' IDENTIFIED BY 'the_password_from_the_config.php'
    MariaDB [mysql]> FLUSH PRIVILEGES;
    MariaDB [mysql]> exit

Thats it, your instance should work with all your encrypted files and settings you had before.

Mageunic · July 23, 2021, 1:24pm

@citizenserious I forgot to say that the other installation that will be used to restore the server must be in the same version as the one you want to restore, otherwise you may encounter problems or not be able to access the server.