occ integrity:check-app and Admin panel "rescan" deliver inconsistent results

[simonspa]

When handling apps via the command line interface, the integrity check behaves differently than when started form the Admin panel.

• Starting occ integrity:check-app <app name> on an unsigned app (no appinfo/signature.json) fails with

  {"EXCEPTION":
    {
      "class":"OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException",
      "message":"Signature data not found.
    }
  }
  

  because it is not shipped with the app. There currently is no way of ignoring apps without signing data.
• Clicking "Rescan" in the Admin panel will succeed because apps without signature data will be skipped automatically, via:

  server/lib/private/IntegrityCheck/Checker.php

  Lines 581 to 585 in 65abdea

  	if ($isShipped) {
  	$appNeedsToBeChecked = true;
  	} elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
  	// Otherwise only if the application explicitly ships a signature.json file
  	$appNeedsToBeChecked = true;

Steps to reproduce

1. Run occ integrity:check-app <app name>
2. Observe that the command returns an exception
3. Check the admin panel for the error "Some files have not passed the integrity check"
4. Click the "Rescan" button in the admin panel
5. Observe that the error is gone and the app installation is now considered of integrity

Expected behaviour

CLI and web interface should provide coherent information about the integrity state of the installation.

Actual behaviour

CLI and web interface disagree on integrity of apps installed.

Server configuration

Nextcloud version: 17.0.0

Signing status: Funny enough, this is what the issue is about...

Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- apporder
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- bookmarks
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- bruteforcesettings
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- calendar
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- drawio
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- event_update_notification
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- impersonate
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- metadata
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- previewgenerator
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- twofactor_admin
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- twofactor_totp
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.
- twofactor_u2f
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.

Raw output
==========
Array
(
    [apporder] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [bookmarks] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [bruteforcesettings] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [calendar] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [drawio] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [event_update_notification] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [impersonate] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [metadata] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [previewgenerator] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [twofactor_admin] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [twofactor_totp] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

    [twofactor_u2f] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

)

List of activated apps:

App list

Enabled:
  - accessibility: 1.3.0
  - activity: 2.10.1
  - apporder: 0.8.0
  - bookmarks: 2.3.1
  - bruteforcesettings: 1.4.0
  - calendar: 1.7.1
  - cloud_federation_api: 1.0.0
  - comments: 1.7.0
  - contacts: 3.1.6
  - dav: 1.13.0
  - drawio: 0.9.4
  - event_update_notification: 1.0.0
  - federatedfilesharing: 1.7.0
  - federation: 1.7.0
  - files: 1.12.0
  - files_downloadactivity: 1.6.0
  - files_pdfviewer: 1.6.0
  - files_rightclick: 0.15.1
  - files_sharing: 1.9.0
  - files_trashbin: 1.7.0
  - files_versions: 1.10.0
  - files_videoplayer: 1.6.0
  - firstrunwizard: 2.6.0
  - gallery: 18.4.0
  - impersonate: 1.4.0
  - logreader: 2.2.0
  - lookup_server_connector: 1.5.0
  - metadata: 0.10.0
  - nextcloud_announcements: 1.6.0
  - notes: 3.0.3
  - notifications: 2.5.0
  - oauth2: 1.5.0
  - password_policy: 1.7.0
  - passwords: 2019.11.0
  - previewgenerator: 2.1.0
  - privacy: 1.1.0
  - provisioning_api: 1.7.0
  - quota_warning: 1.6.0
  - serverinfo: 1.7.0
  - sharebymail: 1.7.0
  - support: 1.0.1
  - survey_client: 1.5.0
  - systemtags: 1.7.0
  - tasks: 0.11.3
  - text: 1.1.0
  - theming: 1.8.0
  - twofactor_admin: 1.0.0
  - twofactor_backupcodes: 1.6.0
  - twofactor_totp: 4.0.0
  - twofactor_u2f: 4.0.0
  - updatenotification: 1.7.0
  - viewer: 1.1.0
  - workflowengine: 1.7.0
Disabled:
  - admin_audit
  - encryption
  - files_external
  - recommendations
  - user_ldap

[szaimen]

Is this Issue still valid? If not, please close this issue. Thanks! :)

[simonspa]

Hi @szaimen

yes, this is still relevant, the mechanics hasn't changed. I meant to work on this and fix it but haven't found the time. If you like, assign it to me. :)

Simon

[fuomag9]

The issue is still valid and this has started appearing after update to nextcloud 25 for me and many other as referenced in #25243 (comment)

[MarslMarcello]

Yes I can confirm it. After rebooting one instance, the error/warning disappeared. My second one still has the error warning.

[szaimen]

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

[simonspa]

• Run on CLI:

# sudo -u www-data php occ integrity:check-app bookmarks
  - EXCEPTION:
    - class: OC\IntegrityCheck\Exceptions\InvalidSignatureException
    - message: Signature data not found.

• Check admin page:

• After rescan from admin page:

[szaimen]

which version did you test on?

[simonspa]

NC25.0.2