exclude configuration from code signing

[neeral85]

Steps to reproduce

install nextcloud
run occ integrity:check-core

Expected behaviour

no error /warning on clean installation with customized configuration. (all configuration files should be excluded from code signing)

Actual behaviour

modification on ".user.ini" are recocnized as code modification.

Server configuration detail

Operating system: Linux 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64

Webserver: Apache/2.4.29 (Ubuntu) (fpm-fcgi)

Database: pgsql PostgreSQL 10.5 (Ubuntu 10.5-0ubuntu0.18.04) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0, 64-bit

PHP version:

7.2.10-0ubuntu0.18.04.1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, redis, PDO, xml, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, json, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, shmop, SimpleXML, smbclient, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 14.0.1 - 14.0.1.1

**Updated from an older Nextcloud/ownCloud or fresh install: fresh
**Where did you install Nextcloud from: https://github.com/nextcloud/vm

List of activated apps

Enabled:
 - accessibility: 1.0.1
 - activity: 2.7.0
 - admin_audit: 1.4.0
 - bruteforcesettings: 1.1.0
 - cloud_federation_api: 0.0.1
 - dav: 1.6.0
 - drop_account: 0.0.11
 - federatedfilesharing: 1.4.0
 - files: 1.9.0
 - files_accesscontrol: 1.4.0
 - files_antivirus: 1.3.2
 - files_automatedtagging: 1.4.0
 - files_retention: 1.3.0
 - files_sharing: 1.6.2
 - files_texteditor: 2.6.0
 - files_trackdownloads: 1.3.1
 - files_trashbin: 1.4.1
 - files_versions: 1.7.1
 - groupfolders: 1.3.3
 - issuetemplate: 0.4.0
 - logreader: 2.0.0
 - lookup_server_connector: 1.2.0
 - nextcloud_announcements: 1.3.0
 - notifications: 2.2.1
 - oauth2: 1.2.1
 - password_policy: 1.4.0
 - provisioning_api: 1.4.0
 - registration: 0.4.3
 - serverinfo: 1.4.0
 - socialsharing_email: 1.0.4
 - support: 1.0.0
 - systemtags: 1.4.0
 - tasks: 0.9.7
 - theming: 1.5.0
 - twofactor_backupcodes: 1.3.1
 - updatenotification: 1.4.1
 - user_ldap: 1.4.0
 - workflowengine: 1.4.0
Disabled:
 - comments
 - encryption
 - federation
 - files_external
 - files_pdfviewer
 - files_videoplayer
 - firstrunwizard
 - gallery
 - sharebymail
 - survey_client
 - user_external
 - user_saml

Configuration (config/config.php)

{
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "localhost",
        "172.18.1.85",
        "fileshare",
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "pgsql",
    "version": "14.0.1.1",
    "overwrite.cli.url": "https:\/\/fileshare.iscue.com\/",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "remember_login_cookie_lifetime": 3600,
    "session_lifetime": 3600,
    "skeletondirectory": "",
    "mail_smtpmode": "smtp",
    "log_rotate_size": 104857600,
    "memcache.local": "\\OC\\Memcache\\Redis",
    "filelocking.enabled": true,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 0,
        "timeout": 0.5,
        "dbindex": 0,
        "password": "***REMOVED SENSITIVE VALUE***"
    },
    "htaccess.RewriteBase": "\/",
    "loglevel": "2",
    "log_type": "file",
    "logfile": "\/mnt\/ncdata\/nextcloud.log",
    "logtimezone": "Europe\/Berlin",
    "maintenance": false,
    "mail_smtpauthtype": "PLAIN",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "25",
    "mail_smtpsecure": "tls",
    "updater.release.channel": "stable",
    "ldapIgnoreNamingRules": false,
    "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory"
}

[nextcloud-bot]

GitMate.io thinks possibly related issues are #1249 (exclude core/skeleton/ from code integrity checker), #10818 (Whitelist for code signing check), #9375 (Code integrity check), #140 (Global OAuth Configuration), and #9400 (Exclude folder/pictures from Gallery).

[jcklpe]

I am also having this issue. This is a standard NextCloud install using this ansible playbook: https://github.com/ReinerNippes/nextcloud

I installed the server at my parent's house about a month ago. I was having trouble getting it to be accessible from outside the local network. I came by this weekend and upgraded it to 14.03 etc. I was still having trouble getting it to access from outside the network. I also changed the .user.ini and htaccess files in order to increase the php memory limits because making those changes in the php.ini file wasn't working. I did not get any errors after doing that. Then I decided to try reinstalling the server using the ansible playbook. It then resulted in me getting the same error codes and trying to disable the integrity check in the config.php file did not work.

[MorrisJobke]

Duplicate of #1366