Breaking

Why the Markdown Variants? git list files in a local and remote branch Kubernetes tool comparison Kubernetes core tools git rename (branch/release-tag) risks

home

Nextcloud

Nextcloud does it again

By Frank Earnhardt #, #, #

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
– core
– INVALID_HASH
– core/js/mimetypelist.js
– EXTRA_FILE
– core/img/filetypes/drawio.svg
– core/img/filetypes/dwb.svg

Raw output
==========
Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[core/js/mimetypelist.js] => Array
(
[expected] => cb945c6402e12d9e7d42d0359acf95a6e9a9b0c1f3bd8528f598a7fb1694e5ae34c80cf44ef6c8901eac1bfdd152de3315fc7eac007efee0f33f09ed3e518b6a
[current] => 886b215eedc44a79136d9d3ca806316959c1fad0e9a1848f9359931bb76acc9e03c3e2aa1a8d06a46b0d3e4414213b1918212cf024c83a765868db37391d7fb3
)

)

[EXTRA_FILE] => Array
(
[core/img/filetypes/drawio.svg] => Array
(
[expected] =>
[current] => 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
)

[core/img/filetypes/dwb.svg] => Array
(
[expected] =>
[current] => 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701
)
)
)
)


occ integrity:check-core
root@215a5788ec22:/# occ integrity:check-app –all
appointments: App signature not found, skipping app integrity check
secrets: App signature not found, skipping app integrity check
epubviewer: App signature not found, skipping app integrity check
timemanager: App signature not found, skipping app integrity check
files_linkeditor: App signature not found, skipping app integrity check
workflow_kitinerary: App signature not found, skipping app integrity check
metadata: App signature not found, skipping app integrity check
cookbook: App signature not found, skipping app integrity check
ownershiptransfer: App signature not found, skipping app integrity check
bookmarks: App signature not found, skipping app integrity check

nextcloud invalidsignatureexception for mimetypelist.js

An InvalidSignatureException for mimetypelist.js in Nextcloud is a file integrity error, most often caused by a failed or incomplete update. The issue means that the checksum (signature) of the mimetypelist.js file on your server does not match the one expected by the Nextcloud core. 

You can resolve this by regenerating the file with the occ command. 

How to fix the mimetypelist.js signature error

  1. Open a command line session on your Nextcloud server.
  2. Navigate to your Nextcloud root directory. This is typically /var/www/nextcloud/.
  3. Run the following occ command as your web server user (e.g., www-data on Debian/Ubuntu or apache on Red Hat/CentOS):shsudo -u www-data php occ maintenance:mimetype:update-js Use code with caution.This command will regenerate the mimetypelist.js file with the correct contents and signature.
  4. Rescan the core integrity files to confirm the fix.shsudo -u www-data php occ integrity:check-core Use code with caution.
  5. Refresh your Nextcloud admin page. The security warning should now be gone. 

Additional troubleshooting

If the occ command does not resolve the issue, here are a few other methods to try.

Replace the file manually

Download a fresh copy of the Nextcloud source code for your specific version and replace the single corrupted file.

  1. Find your Nextcloud version.
  2. Navigate to the releases page on the Nextcloud server repository on GitHub and find your version’s release archive (e.g., v29.0.7).
  3. Download the .tar.gz or .zip file for your version.
  4. Extract the archive and locate the core/js/mimetypelist.js file.
  5. Copy the fresh mimetypelist.js file from the extracted archive over the one on your server.
  6. Run occ integrity:check-core to confirm the fix. 

Update your instance again

If the error appeared after an update, rerunning the update process may resolve the issue.

  1. Run the update command from your Nextcloud root directory.shsudo -u www-data php occ upgrade Use code with caution.
  2. Run occ integrity:check-core to check if the error is resolved. 

occ maintenance:mimetype:update-db –repair-filecache Updated 1 filecache rows for mimetype “text/markdown” Added 0 new mimetypes Updated 1 filecache rows root@3caede5f1732:/# occ maintenance:mimetype:update-js mimetypelist.js is updated root@3caede5f1732:/# occ integrity:check-core – INVALID_HASH: – core/js/mimetypelist.js: – expected: 83befc51175b6888bc37997804057c6c8a42d7f6acab0f698e00d64b2d3b6b71e43ef4c59086b9cdd5154b0ed86aae1153ea68770b34cc78e446cac6af86d0ac – current: ac185cb718d6ef767785a841f527c46dac8fbd1ac4511528e93dab4c5756543bf4e5b7ce21d2c446c25ab4ed5e135caff9a0fbc36f8ae97f87516ac9e56c551c

Even after running 

occ maintenance:mimetype:update-js, the INVALID_HASH error for mimetypelist.js can persist due to several reasons, especially if you are using Docker or certain third-party apps. In these cases, the occ command might not properly replace the file, or an app is modifying it incorrectly. 

How to resolve the invalid hash for mimetypelist.js

Method 1: Manually replace the file

This is the most reliable way to fix the issue when occ fails.

  1. Identify your Nextcloud version.
  2. Download the official Nextcloud archive for your specific version from the Nextcloud server releases on GitHub.
  3. Find and extract the correct file. Locate core/js/mimetypelist.js within the extracted archive.
  4. Replace the file on your server. Overwrite the existing core/js/mimetypelist.js file on your server with the fresh one from the archive. For a Docker container, you will need to copy the file into the running container using docker cp.
  5. Run the integrity check again.shocc integrity:check-core Use code with caution.The error should now be resolved. 

Method 2: Check for app conflicts

Certain third-party apps, like OnlyOffice or Draw.io, are known to modify mimetypelist.js and cause integrity check failures. 

  1. Temporarily disable third-party apps. Go to your “Apps” page in the Nextcloud admin panel and disable any third-party or non-official apps.
  2. Rerun the occ commands.shocc maintenance:mimetype:update-js occ integrity:check-core Use code with caution.
  3. If the error is gone, re-enable your apps one by one to find the one causing the conflict. Report the issue to the app developer. 

Method 3: Temporarily disable the integrity check

For advanced users, you can temporarily disable the integrity check to clear the error, but this should only be a temporary solution while you investigate the root cause. 

  1. Add the following line to your config/config.php file:php'integrity.check.disabled' => true, Use code with caution.
  2. Refresh your Nextcloud admin page. The integrity check error will be suppressed.
  3. Re-enable the integrity check by removing the line from config/config.php after you have resolved the issue. 

Method 4: Check file permissions

Incorrect file permissions can sometimes prevent occ from overwriting the file correctly.

  1. Check the owner and permissions for the core/js/mimetypelist.js file on your server.
  2. Ensure that the web server user (e.g., www-data) has the correct ownership and write permissions for the file.
  3. Run the occ commands again. 

Don’t have OnlyOffice App Disabled Draw.io occ integrity:check-core – INVALID_HASH: – core/js/mimetypelist.js: – expected: 83befc51175b6888bc37997804057c6c8a42d7f6acab0f698e00d64b2d3b6b71e43ef4c59086b9cdd5154b0ed86aae1153ea68770b34cc78e446cac6af86d0ac – current: ac185cb718d6ef767785a841f527c46dac8fbd1ac4511528e93dab4c5756543bf4e5b7ce21d2c446c25ab4ed5e135caff9a0fbc36f8ae97f87516ac9e56c551c

This error indicates that the 

occ command failed to properly update or replace the mimetypelist.js file, as the checksum remains invalid. The most likely causes are permission issues or a Docker environment with restricted file access. Since you’ve already tried disabling potential app conflicts, the most reliable solution is to manually replace the file. 

Manual file replacement steps

  1. Identify your Nextcloud version. The error output does not show your Nextcloud version. You can find this in the admin panel or by checking the version.php file in your Nextcloud installation directory.
  2. Download the official release archive. Go to the Nextcloud server releases page on GitHub and download the .tar.gz or .zip file for your exact Nextcloud version.
  3. Extract the correct file. Unpack the downloaded archive and locate the core/js/mimetypelist.js file.
  4. Replace the file on your server.
    • For a standard installation: Overwrite the existing core/js/mimetypelist.js file on your server with the fresh one from the archive. For example:shsudo cp /path/to/extracted/core/js/mimetypelist.js /path/to/your/nextcloud/core/js/ Use code with caution.
    • For a Docker container: Use the docker cp command to copy the file into the running container.shdocker cp /path/to/extracted/core/js/mimetypelist.js <container_id>:/var/www/html/core/js/ Use code with caution.
  5. Set the correct file permissions. Ensure the web server user (e.g., www-data) owns the file and has the necessary permissions.shsudo chown www-data:www-data /path/to/your/nextcloud/core/js/mimetypelist.js Use code with caution.
  6. Run the integrity check again.shocc integrity:check-core Use code with caution. 

Alternative solutions

Download the file directly from GitHub

If you know your Nextcloud version, you can download the correct mimetypelist.js file directly from the GitHub repository for that specific release tag. 

<em># Example for Nextcloud 31</em>
wget https://raw.githubusercontent.com/nextcloud/server/v31.0.2/core/js/mimetypelist.js

Then, copy the downloaded file to the correct location using cp or docker cp

Use the integrity check bypass (Temporary)

If you cannot perform the manual file replacement immediately, you can temporarily disable the integrity check in your config.php file.

occ -V Nextcloud 31.0.5

Even though you ran the correct 

occ commands and disabled potentially conflicting apps, the hash for mimetypelist.js remains invalid. This is a known issue that can occur after updates, and in your case with Nextcloud 31.0.5, it has proven resistant to the standard fixes. The most reliable solution is to manually replace the file with a fresh copy from the official release. 

Manual replacement procedure for Nextcloud 31.0.5

  1. Download the Nextcloud 31.0.5 archive.
    Download the correct version of the Nextcloud source code, either as a .tar.bz2 or .zip file, from the official release server.sh<em># Option 1: Using wget</em> wget https://download.nextcloud.com/server/releases/nextcloud-31.0.5.tar.bz2 <em># Option 2: Using curl</em> curl -o nextcloud-31.0.5.tar.bz2 https://download.nextcloud.com/server/releases/nextcloud-31.0.5.tar.bz2 Use code with caution.
  2. Extract the archive.
    Extract the downloaded archive to a temporary folder to access the original file.shtar -xf nextcloud-31.0.5.tar.bz2 Use code with caution.
  3. Replace the corrupted file.
    Copy the fresh mimetypelist.js file from your extracted archive to your Nextcloud installation directory, overwriting the old one. This step is particularly important if you are in a Docker container environment where occ might not have full filesystem write access.
    • For a standard installation:shsudo cp ./nextcloud/core/js/mimetypelist.js /path/to/your/nextcloud/core/js/ Use code with caution.
    • For a Docker container:shdocker cp ./nextcloud/core/js/mimetypelist.js <container_id>:/var/www/html/core/js/ Use code with caution.
  4. Set correct file permissions.
    Ensure the web server user (e.g., www-data on Debian/Ubuntu) owns the file and has the necessary permissions.shsudo chown www-data:www-data /path/to/your/nextcloud/core/js/mimetypelist.js Use code with caution.
  5. Re-run the integrity check.
    After replacing the file, run the integrity check again to confirm the fix.shsudo -u www-data php occ integrity:check-core Use code with caution.The INVALID_HASH error for mimetypelist.js should now be gone. 

Final cleanup

You can remove the downloaded archive and extracted files once the issue is resolved. 

rm -r nextcloud-31.0.5 nextcloud-31.0.5.tar.bz2

Would it be better to upgrade to 31.0.9 ?

Yes, it would be better to upgrade to Nextcloud 31.0.9 for both security and stability reasons. 

  • Maintenance releases: Version 31.0.9 is a maintenance release that includes important bug fixes and security improvements. Staying on 31.0.5 leaves you vulnerable to issues that have already been patched.
  • A potential side benefit: A fresh, full upgrade process could overwrite the corrupted mimetypelist.js file and resolve the integrity check error automatically. 

How to upgrade

Before you begin, always back up your entire Nextcloud installation, including the data folder, config.php, and the database.

  1. Stop your web server. This prevents any file access while you are performing the upgrade.
  2. Run the update via the command line. This is the most reliable method and can be performed with the occ command.shsudo -u www-data php /path/to/your/nextcloud/updater/updater.phar Use code with caution.Replace /path/to/your/nextcloud with the correct path to your installation.
  3. Run the upgrade command. Once the update is downloaded, run the upgrade process.shsudo -u www-data php /path/to/your/nextcloud/occ upgrade Use code with caution.
  4. Confirm the integrity check. After the upgrade, rerun the integrity check.shsudo -u www-data php /path/to/your/nextcloud/occ integrity:check-core Use code with caution. 

If the mimetypelist.js error persists after the upgrade, use the manual file replacement method from the previous response. The new archive you download for the 31.0.9 upgrade will contain the correct, uncorrupted file.

I’m running within docker container

For Nextcloud running in a Docker container, the standard upgrade procedure involves pulling the new image and recreating the container, as the application state is generally stateless inside the container itself. This is the best approach to both fix the mimetypelist.js hash and upgrade to the latest, most secure version. 

Why a manual file replacement is not the best approach

While you could use docker cp to manually replace the file, it’s not the best practice for Dockerized applications. Your changes to the container’s filesystem are not permanent; they will be lost when the container is recreated from the original image. The recommended method is to upgrade the image itself, as this ensures your application environment is consistent and up-to-date. 

Upgrade procedure for Docker users

This process applies to a standard Nextcloud Docker setup using persistent volumes for your configuration and data. 

Step 1: Back up your data

Before any upgrade, back up your data and configuration. While your volumes should be safe, it’s a critical safety measure.

  • Back up your database.
  • Back up your data directory (the one mounted from your host).
  • Back up your config.php file

Step 2: Stop your current container

Use the appropriate Docker command to stop your Nextcloud container.

  • For docker-compose:shdocker-compose down Use code with caution.
  • For docker run:shdocker stop <container_name> Use code with caution.

Step 3: Pull the new image

Pull the Nextcloud 31.0.9 image from Docker Hub.

docker pull nextcloud:31.0.9

Step 4: Recreate the container

This step is the most important for the upgrade. Recreate your Nextcloud container using the new image, ensuring that your persistent volumes are mapped correctly to preserve your data and configuration.

  • For docker-compose:
    Modify your docker-compose.yml file to specify the new version tag (31.0.9) for the Nextcloud image, then run docker-compose up -d.yaml<em># In your docker-compose.yml</em> services: nextcloud: image: nextcloud:31.0.9-apache <em># ... other configurations</em> Use code with caution.shdocker-compose up -d Use code with caution.
  • For docker run:
    Run a new container using the same parameters as before, but with the new image tag.shdocker run -d --name nextcloud ... nextcloud:31.0.9-apache Use code with caution.

Step 5: Run the occ upgrade command

The Nextcloud upgrade process will automatically run when the container starts. However, you can manually trigger it and monitor the process by executing the occ upgrade command inside the container. 

docker exec --user www-data <container_name> php occ upgrade

Step 6: Check integrity

Once the upgrade is complete, check the core integrity again to confirm the mimetypelist.js hash error is gone. 

docker exec --user www-data <container_name> php occ integrity:check-core

The new image should have the correct mimetypelist.js file, and the hash error should be resolved.

Initializing nextcloud 31.0.9.1 (this can take a while) … Upgrading nextcloud from 31.0.5.1 … Setting permissions Nextcloud or one of the apps require upgrade – only a limited number of commands are available You may use your browser or the occ upgrade command to do the upgrade Setting log level to debug Turned on maintenance mode Updating database schema Updated database Updating <photos> … Updated <photos> to 4.0.0 Update app cospend from App Store Starting code integrity check… Finished code integrity check Update successful Turned off maintenance mode Resetting log level Initializing finished [custom-init] No custom files found, skipping… [ls.io-init] done. GUI: Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them. Missing indices: “unique_category_per_user” in table “vcategory” For more details see the documentation ↗. Technical information ===================== The following list covers which files have failed the integrity check. Please read the previous linked documentation to learn more about the errors and how to fix them. Results ======= – files_mindmap – EXCEPTION – OC\IntegrityCheck\Exceptions\InvalidSignatureException – Certificate is not valid. Raw output ========== Array ( [files_mindmap] => Array ( [EXCEPTION] => Array ( [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException [message] => Certificate is not valid. ) ) )

The integrity check failure with the 

files_mindmap app indicates an issue with that specific app, not the core Nextcloud installation. The “Certificate is not valid” error means the app’s code signature is invalid, which is a problem that must be fixed by the app developer. 

The files_mindmap app is now maintained by the Nextcloud organization, and this specific error is a known issue being tracked on GitHub. 

How to resolve the files_mindmap error

The best solution is to completely remove and reinstall the app, which will force Nextcloud to download a fresh copy with a valid signature.

  1. Open a command-line session on your Docker host.
  2. Temporarily remove the files_mindmap app.
    Execute the following command inside your Nextcloud container to disable and remove the app.shdocker exec --user www-data <container_name> php occ app:remove files_mindmap Use code with caution.Replace <container_name> with the name of your Nextcloud container.
  3. Run the integrity check again.
    This will confirm that the error related to files_mindmap is gone.shdocker exec --user www-data <container_name> php occ integrity:check-core Use code with caution.
  4. Reinstall the files_mindmap app.
    You can either do this from the Nextcloud web interface under “Apps” or by running the occ command.shdocker exec --user www-data <container_name> php occ app:install files_mindmap Use code with caution.

Other potential issues

  • Missing optional indices: As indicated in your upgrade log, you should run the db:add-missing-indices command to improve database performance.shdocker exec --user www-data <container_name> php occ db:add-missing-indices Use code with caution.
  • Persistent caching issues: If the app integrity error continues, it’s possible a stale result is being cached. You can run occ maintenance:repair to flush various caches and force a rescan.shdocker exec --user www-data <container_name> php occ maintenance:repair Use code with caution.

I upgraded to the latest:Nextcloud Hub 25 Autumn (32.0.0) And I’m still getting that error plus another one. AppAPI deploy daemon AppAPI default deploy daemon is not set. Please register a default deploy daemon in the settings to install External Apps (Ex-Apps). Code integrity

Files_mindmap integrity exception

The InvalidSignatureException for the files_mindmap app on Nextcloud Hub 25 Autumn (32.0.0) is a known issue. This can happen due to a corrupted app during installation or an issue with the app’s signature. The best way to resolve this is to remove and reinstall the app. 

  1. Remove the app via occ.shdocker exec --user www-data <container_name> php occ app:remove files_mindmap Use code with caution.
  2. Run the integrity check again to confirm the error is gone.shdocker exec --user www-data <container_name> php occ integrity:check-core Use code with caution.
  3. Reinstall the app via occ or the web interface.shdocker exec --user www-data <container_name> php occ app:install files_mindmap Use code with caution. 

AppAPI deploy daemon error

The “AppAPI default deploy daemon is not set” warning appears when the built-in AppAPI app is enabled but not configured. This is normal behavior and is not an error that impacts your core Nextcloud functions. It is only required for installing and managing “External Apps” (Ex-Apps), which are applications that run separately in their own containers. 

If you don’t need Ex-Apps

You can disable the AppAPI app to get rid of the warning. 

  1. Execute this command:shdocker exec --user www-data <container_name> php occ app:disable app_api Use code with caution.

If you need Ex-Apps

To configure AppAPI, you need to set up a daemon that can manage Docker containers. This often involves running a separate HaRP or docker-socket-proxy container that Nextcloud’s AppAPI connects to. 

  1. Install a deploy daemon like HaRP or docker-socket-proxy in your Docker environment.
  2. Configure the AppAPI app in your Nextcloud admin settings by registering the daemon.
  3. Test the connection to the daemon to ensure it is reachable.
  4. Register the daemon to save the configuration. 

Other recommendations

  • Add missing indices: Your last upgrade log showed a prompt to run occ db:add-missing-indices. This is a recommended step to improve database performance.shdocker exec --user www-data <container_name> php occ db:add-missing-indices Use code with caution.
  • Final integrity check: After resolving the app issues, run the integrity check one last time.shdocker exec --user www-data <container_name> php occ integrity:check-core Use code with caution.

occ app:remove files_mindmap files_mindmap is not enabled

If occ app:remove files_mindmap fails because the app is not enabled, but the integrity check still reports an exception for it, it means there are orphaned app files on your server. Nextcloud’s core integrity checker scans the filesystem, finds the files for files_mindmap at the location where apps are normally stored (apps/files_mindmap), and then checks their signatures. The error occurs because the files are present but the app itself is not registered or enabled in the database, so the integrity check fails. 

The solution is to manually remove the leftover app directory. 

How to manually remove orphaned app files

  1. Open a shell session on your Docker host.
  2. Access the Docker container’s shell. You can do this with the docker exec command.shdocker exec -it <container_name> sh Use code with caution.Replace <container_name> with the name of your Nextcloud container.
  3. Navigate to the apps directory. The apps are usually in /var/www/html/apps/ inside the container.shcd /var/www/html/apps/ Use code with caution.
  4. Remove the files_mindmap directory.shrm -rf files_mindmap Use code with caution.
  5. Exit the container’s shell.shexit Use code with caution.
  6. Run the integrity check again on your host.shdocker exec --user www-data <container_name> php occ integrity:check-core Use code with caution.This time, the integrity checker will not find the files_mindmap directory, and the exception should be resolved.

What to do after removing the app

  • If you want to use the files_mindmap app: Go to the Apps page in the Nextcloud web interface and reinstall it. This will ensure you get a fresh, properly signed version of the app.
  • If you don’t need the app: You can simply ignore it. The orphaned files that caused the error are now gone, and your integrity check will pass. 

I could not locate any file with that name. occ integrity:check-core root@215a5788ec22:/# occ integrity:check-app –all appointments: App signature not found, skipping app integrity check secrets: App signature not found, skipping app integrity check epubviewer: App signature not found, skipping app integrity check timemanager: App signature not found, skipping app integrity check files_linkeditor: App signature not found, skipping app integrity check workflow_kitinerary: App signature not found, skipping app integrity check metadata: App signature not found, skipping app integrity check cookbook: App signature not found, skipping app integrity check ownershiptransfer: App signature not found, skipping app integrity check bookmarks: App signature not found, skipping app integrity check

Since the files_mindmap directory was not found, the integrity check that produced the “Certificate is not valid” exception was likely reporting a cached error. The subsequent check with occ integrity:check-app --all produced a new set of “App signature not found” warnings for multiple apps. This indicates the integrity check is working correctly and reporting problems with specific apps. 

Resolving the “App signature not found” errors

The “App signature not found” warning means the integrity checker couldn’t find a signature.json file for those apps. This can happen if an app was installed manually, had a failed update, or is not compatible with your Nextcloud version. 

Step 1: Identify apps and remove orphaned data

Your list includes several apps with integrity issues. First, ensure these app directories are correctly located and if they exist, remove the orphaned files.

  1. Access the Docker container’s shell:shdocker exec -it <container_name> sh Use code with caution.
  2. Go to the apps directory:shcd /var/www/html/apps/ Use code with caution.
  3. List the apps and check for the problematic ones:shls -l Use code with caution.
  4. Remove each problematic app directory if it exists:
    For each app showing the error (e.g., appointmentssecretsepubviewer), remove its directory.shrm -rf appointments rm -rf secrets rm -rf epubviewer <em># ... and so on for all apps listed</em> Use code with caution.
  5. Exit the container’s shell:shexit Use code with caution.

Step 2: Clear the integrity check cache

The files_mindmap error was cached, and the same might be happening with other app errors. To ensure a fresh check, clear the cache.

  1. Execute the maintenance:repair command, which flushes various caches.shdocker exec --user www-data <container_name> php occ maintenance:repair Use code with caution.
  2. Optionally, you can directly clear the integrity checker cache from the database, as demonstrated in a similar issue on GitHub.sh<em># This requires database access. Proceed with caution.</em> UPDATE oc_appconfig SET configvalue = '[]' WHERE appid = 'core' AND configkey = 'oc.integritycheck.checker'; Use code with caution. 

Step 3: Reinstall or disable apps

After removing the orphaned files and clearing the cache, you can choose to reinstall the apps you want or leave them disabled.

  • To reinstall a required app (e.g., appointments), use occ:shdocker exec --user www-data <container_name> php occ app:install appointments Use code with caution.
  • To disable apps you don’t need, run:shdocker exec --user www-data <container_name> php occ app:disable <app_id> Use code with caution.

Step 4: Run the integrity check again

After cleaning up the app files and reinstalling the ones you need, run the full check again.

docker exec --user www-data <container_name> php occ integrity:check-core

What happens to my bookmarks if I remove the app for bookmarks?

If you remove the Bookmarks app from Nextcloud, your bookmarks will not be deleted immediately. The bookmarks data is stored in your Nextcloud database, and removing the app only unlinks the app’s files. It does not automatically delete the corresponding database entries. 

This means that if you reinstall the Bookmarks app, all your bookmarks and folders should reappear as they were. 

Before you remove the app

While the database entries should be safe, it is always a good practice to back up your data.

  1. Use the export function: Inside the Bookmarks app, you can find an option to export your bookmarks to a standard HTML file. Download this file to your computer.
  2. Back up your database: Since the bookmarks are stored in the database, a full database backup will also save your bookmarks. If you are using a Docker setup with mounted volumes, your database volume is likely already backed up if you have a regular backup strategy in place.
  3. Confirm the app’s status: Check if the app is currently enabled or disabled. If it’s disabled, the occ app:remove command will report an error, as you experienced with the files_mindmap app. 

How to remove and reinstall the app

  1. Back up your bookmarks using the app’s built-in export feature.
  2. Disable the app using occ:shdocker exec --user www-data <container_name> php occ app:disable bookmarks Use code with caution.
  3. Remove the orphaned app files: The file integrity check failed because of lingering files. After disabling the app, you can manually remove its directory.shdocker exec -it <container_name> sh rm -rf /var/www/html/apps/bookmarks exit Use code with caution.
  4. Clear the integrity check cache:shdocker exec --user www-data <container_name> php occ maintenance:repair Use code with caution.
  5. Reinstall the app: Reinstalling from the app store via the GUI or with occ will download a clean, signed version.shdocker exec --user www-data <container_name> php occ app:install bookmarks Use code with caution.Alternatively, you can just enable the app again if the file integrity check is no longer reporting issues after the cleanup. 

By following these steps, you can fix the integrity issue without risking your bookmarks.

occ maintenance:repair
occ config:app:set core oc.integritycheck.checker --value='[]'

This situation, where occ app:remove fails because the app is “not enabled” but occ integrity:check-app reports an error after a reinstall, is caused by inconsistencies between the database record and the files on the filesystem. When you use occ app:install, it downloads a fresh copy of the app, but it seems to be failing to register the signature correctly in the database. 

Here is a step-by-step procedure to resolve the cookbook app signature issue, which involves a clean install of the app. 

Clean reinstall of the cookbook app

  1. Disable and remove the app (again) to be certain. Your previous app:remove command failed because it was disabled, but the app database entry might still exist.shdocker exec --user www-data <container_name> php occ app:disable cookbook docker exec --user www-data <container_name> php occ app:remove cookbook Use code with caution.If app:remove fails, that’s okay, as you are about to handle the files manually.
  2. Manually remove the app’s files to prevent lingering corrupted files. You already did this, but re-confirm that the cookbook directory does not exist in /app/www/public/apps/.shdocker exec -it <container_name> sh cd /app/www/public/apps/ rm -rf cookbook/ exit Use code with caution.
  3. Clear the integrity check cache. This is a crucial step to eliminate any cached integrity issues.shdocker exec --user www-data <container_name> php occ maintenance:repair Use code with caution.Then, to be thorough, clear the app integrity checker cache from the database.shdocker exec --user www-data <container_name> php occ config:app:set core oc.integritycheck.checker --value='[]' Use code with caution.
  4. Reinstall the app correctly. This time, the app should be installed with a fresh, valid signature that is correctly registered in the database.shdocker exec --user www-data <container_name> php occ app:install cookbook Use code with caution.
  5. Re-run the integrity check. Now, when you run the integrity check, it should properly validate the app’s signature.shdocker exec --user www-data <container_name> php occ integrity:check-app cookbook Use code with caution.orshdocker exec --user www-data <container_name> php occ integrity:check-core Use code with caution.

This process of disabling, manually removing files, clearing cache, and reinstalling ensures a clean app state. You should apply this same method to all the apps that were flagged with “App signature not found” warnings in the previous output. Remember to back up any app-specific data if it’s important before you begin. 

The occ maintenance:repair command ran, and most steps completed successfully. However, there are a couple of issues that need attention:

  1. Memories App Warning: You received a SQLSTATE[HY000]: General error: 1419 You do not have the SUPER privilege and binary logging is enabled warning related to the Memories app. This indicates that your database user lacks the SUPER privilege required to create a specific trigger. This can happen in managed hosting environments or when using a database user with restricted permissions. As the warning indicates, the app will likely run in a “compatibility mode” without this feature, but it’s not a critical failure.
  2. Unresolved App Integrity Errors: You still have app integrity issues, as your previous occ outputs show. Running maintenance:repair doesn’t directly fix app signatures. The “App signature not found” errors persist because of the app inconsistencies you’ve been working on. 

How to fix the SQLSTATE 1419

The MySQL 

SQLSTATE[HY000]: General error: 1419 error occurs when a user without SUPER privileges tries to perform an operation (like creating a trigger) while binary logging is enabled on the database server. This is a security feature to prevent privilege escalation. 

In a Docker environment, the Nextcloud container runs as a specific user (e.g., www-data), and the MySQL/MariaDB container also runs as a user with limited privileges, so this error is common. 

Here are the primary ways to fix this, listed in order of preference for a production environment.

Option 1: Set log_bin_trust_function_creators (Recommended)

This option allows users with CREATE ROUTINE privileges (which the Nextcloud user should have) to create and alter functions and triggers, even when binary logging is enabled. 

  1. Access the database container: You will need to access the database container to run a command. If your database is named nextcloud-db, the command would look like this:shdocker exec -it <database_container_name> mariadb -u <user> -p Use code with caution.
    • Replace <database_container_name> with the name of your database container.
    • Replace <user> with the correct database user (e.g., nextclouduser or root).
  2. Run the SET GLOBAL command:sqlSET GLOBAL log_bin_trust_function_creators = 1; Use code with caution.
  3. Run the maintenance:repair command again: This will re-attempt the database operations that failed.shdocker exec --user www-data <nextcloud_container_name> php occ maintenance:repair Use code with caution. 

Option 2: Add a custom configuration file

For a more permanent fix that persists across container recreations, you can create a custom configuration file for your database.

  1. Create a file on your host machine named 60-trust-function-creators.cnf (the 60 ensures it is loaded after other config files).ini[mysqld] log_bin_trust_function_creators = 1 Use code with caution.
  2. Mount the file into your database container: Add a volume mount to your docker-compose.yml file under your database service.yaml<em># In your docker-compose.yml</em> services: db: image: mariadb:latest volumes: - ./db_data:/var/lib/mysql - ./60-trust-function-creators.cnf:/etc/mysql/mariadb.conf.d/60-trust-function-creators.cnf <em># ... other configurations</em> Use code with caution.
  3. Recreate your database container:shdocker-compose down docker-compose up -d Use code with caution.
  4. Run occ maintenance:repair:shdocker exec --user www-data <nextcloud_container_name> php occ maintenance:repair Use code with caution.

Option 3: Disable binary logging (Not recommended for replication)

If you are certain that you do not need database replication, you can disable binary logging entirely. This is generally not recommended for production environments.

  1. Modify your database server’s configuration file. Add skip-log-bin under the [mysqld] section.
  2. Restart the database container

What to do next

After you have successfully re-run the occ maintenance:repair command without the SQLSTATE 1419 error, you should proceed with cleaning up the remaining app integrity issues as discussed previously.

By Frank Earnhardt

Related Post

Leave a Reply

You Missed

Ghost Hugo Markdown Obsidian

Why the Markdown Variants?

git How-To

git list files in a local and remote branch

Kubernetes

Kubernetes tool comparison

Kubernetes

Kubernetes core tools