chore: update cosign

chore: update Nextcloud to 26.0.13
chore: update Nextcloud to 26.0.12
2025-07-01 15:46:13 +00:00 · 2024-03-29 15:49:51 +01:00 · 2024-03-29 15:21:13 +01:00 · 2024-03-02 05:02:00 +01:00 · 2024-01-25 14:02:31 +01:00 · 2023-12-15 21:21:59 +01:00
9 changed files with 26 additions and 51 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -3,9 +3,7 @@ name: build
 on:
  workflow_dispatch:
  push:
-    branches: 
+    branches: [ version-26 ]
     - master
     - version-* 
  schedule:
    # Build the image regularly (each Friday)
    - cron: '23 04 * * 5'
@ -29,12 +27,6 @@ jobs:
      - name: Extract version for tags
        run: |
          if [[ "$GITHUB_REF" == refs/heads/* ]]; then
            BRANCH="${GITHUB_REF#refs/heads/}"
            if [ "$BRANCH" = "master" ]; then
              echo "BRANCH_VERSION=latest" >> $GITHUB_ENV
            fi
          fi
          echo "FULL_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)" >> $GITHUB_ENV
          echo "MAJOR_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)" >> $GITHUB_ENV
@ -61,7 +53,6 @@ jobs:
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            ${{ env.BRANCH_VERSION }}
            ${{ env.FULL_VERSION }}
            ${{ env.MAJOR_VERSION }}
--- a/20
+++ b/20
@ -1,24 +1,24 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=28.0.4
+ARG NEXTCLOUD_VERSION=26.0.13
-ARG PHP_VERSION=8.2
+ARG PHP_VERSION=8.1
 ARG NGINX_VERSION=1.24
-ARG ALPINE_VERSION=3.19
+ARG ALPINE_VERSION=3.17
 ARG HARDENED_MALLOC_VERSION=11
-ARG SNUFFLEUPAGUS_VERSION=0.10.0
+ARG SNUFFLEUPAGUS_VERSION=0.9.0
 ARG UID=1000
 ARG GID=1000
-# nextcloud-28.0.4.tar.bz2
+# nextcloud-26.0.13.tar.bz2
-ARG SHA256_SUM="9bfecee1e12fba48c49e9a71caa81c4ba10b2884787fab75d64ccfd122a13019"
+ARG SHA256_SUM="0a362df7a1233348f99d1853fd7e79f0667b552c145dc45012fab54ac31c79ae"
 # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
 ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
 # ---------------------------------------------------
 ### Build PHP base
-FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
+FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
 ARG SNUFFLEUPAGUS_VERSION
@ -43,7 +43,6 @@ RUN apk -U upgrade \
        gmp \
        icu \
        libjpeg-turbo \
        librsvg \
        libpq \
        libpq \
        libwebp \
@ -59,7 +58,6 @@ RUN apk -U upgrade \
        bcmath \
        exif \
        gd \
        bz2 \
        intl \
        ldap \
        opcache \
@ -85,7 +83,7 @@ RUN apk -U upgrade \
 ### Build Hardened Malloc
 ARG ALPINE_VERSION
-FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
+FROM alpine:${ALPINE_VERSION} as build-malloc
 ARG HARDENED_MALLOC_VERSION
 ARG CONFIG_NATIVE=false
@ -99,7 +97,7 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
 ### Fetch nginx
-FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
+FROM nginx:${NGINX_VERSION}-alpine as nginx
 ### Build Nextcloud (production environemnt)
--- a/README.md
+++ b/README.md
@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
 ## Tags
 - `latest` : latest Nextcloud version
- `x` : latest Nextcloud x.x (e.g. `28`)
+- `x` : latest Nextcloud x.x (e.g. `25`)
- `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`)
+- `x.x.x` : Nextcloud x.x.x (e.g. `25.0.0`)
 You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
 Only the **latest stable version** will be maintained by myself.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -7,16 +7,12 @@ and will receive the minor version updates and security patches.
 | Version | Supported          |
 | ------- | ------------------ |
-| 28. x   | :white_check_mark: |
+| 25. x   | :white_check_mark: |
-| 27. x   | :white_check_mark: |
+| 24. x   | :white_check_mark: |
 | 26. x   | :negative_squared_cross_mark: |
 | 25. x   | :negative_squared_cross_mark: |
 | 24. x   | :negative_squared_cross_mark: |
 | 23. x   | :negative_squared_cross_mark: |
 | 22. x   | :negative_squared_cross_mark: |
 Please update to the latest version available. Major migrations are always tested before being pushed.
 An up-to-date list of the currently maintained Nextcloud versions can also be found in the [Nextcloud Repository Wiki](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule).
 ## Automated vulnerability scanning
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@ -18,6 +18,7 @@ server {
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "noindex, nofollow" always;
@ -48,7 +49,7 @@ server {
            return 404;
        }
-        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
            include /etc/nginx/fastcgi_params;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@ -61,12 +62,12 @@ server {
            fastcgi_read_timeout 1200;
        }
-        location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|svg|gif|map)$ {
            try_files $uri /index.php$uri$is_args$args;
            expires 6M;
            access_log off;
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@ -9,11 +9,6 @@ events {
 http {
    include /etc/nginx/mime.types;
    # Add .mjs as a file extension for javascript
    # https://github.com/nextcloud/server/pull/36057
    types {
        application/javascript mjs;
    }
    default_type  application/octet-stream;
    access_log /nginx/logs/access.log combined;
--- a/rootfs/usr/local/bin/run.sh
+++ b/rootfs/usr/local/bin/run.sh
@ -15,16 +15,6 @@ if [ "$PHP_HARDENING" == "true" ] && [ ! -f /usr/local/etc/php/conf.d/snuffleupa
    cp /usr/local/etc/php/snuffleupagus/* /usr/local/etc/php/conf.d
 fi
 # Check if database is available
 if [ -n "${DB_TYPE}" ] && [ "${DB_TYPE}" != "sqlite3" ]; then
  DB_PORT=${DB_PORT:-$( [ "${DB_TYPE}" = "pgsql" ] && echo 5432 || echo 3306 )}
  until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT}"
  do
    echo "waiting for the database container..."
    sleep 1
  done
 fi
 # If new install, run setup
 if [ ! -f /nextcloud/config/config.php ]; then
    touch /nextcloud/config/CAN_INSTALL
--- a/rootfs/usr/local/bin/setup.sh
+++ b/rootfs/usr/local/bin/setup.sh
@ -55,6 +55,14 @@ cat >> /nextcloud/config/autoconfig.php <<EOF;
 ?>
 EOF
 if [ ${DB_TYPE} != "sqlite3" ]; then
  until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT:-3306}"
  do
    echo "waiting for the database container..."
    sleep 1
  done
 fi
 echo "Starting automatic configuration..."
 # Execute setup
 (cd /nextcloud; php index.php &>/dev/null)
--- a/rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
+++ b/rootfs/usr/local/etc/php/snuffleupagus/nextcloud-php8.rules
@ -47,10 +47,6 @@ sp.disable_function.function("ini_get").param("option").value("open_basedir").fi
 sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
 sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
 # Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
 sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow(); 
 sp.disable_function.function("libxml_set_external_entity_loader").drop(); 
 # Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
 sp.disable_function.function("chmod").param("permissions").value("438").drop();
 sp.disable_function.function("chmod").param("permissions").value("511").drop();
Author	SHA1	Message	Date
hoellen	45a234493e	chore: update cosign	2024-03-29 15:49:51 +01:00
hoellen	3e34e9ce75	chore: update Nextcloud to 26.0.13	2024-03-29 15:21:13 +01:00
Jan Wagner	e124f93eef	chore: update Nextcloud to 26.0.12	2024-03-02 05:02:00 +01:00
hoellen	a80fb64d67	chore: update Nextcloud to 26.0.11	2024-01-25 14:02:31 +01:00
Jan Wagner	33b04cc14c	chore: update Nextcloud to 26.0.10	2023-12-15 21:21:59 +01:00
hoellen	099ebeba30	chore: update Nextcloud to 26.0.9	2023-11-24 09:26:28 +01:00
Jan Wagner	8d52cdd1cd	chore: update Nextcloud to 26.0.8	2023-10-30 10:19:05 +01:00
Jan Wagner	bc284dd800	chore: update Nextcloud to 26.0.7	2023-09-21 15:53:13 +02:00
hoellen	16b55d47e4	chore: update Nextcloud to 26.0.6	2023-09-14 13:05:43 +02:00
hoellen	b89abfd29c	chore: update Nextcloud to 26.0.5	2023-08-10 12:35:16 +02:00
hoellen	3df8828362	fix: disable snuffleupagus xxe protection Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader. ref: https://github.com/nextcloud/server/pull/39490 https://github.com/hoellen/docker-nextcloud/issues/42	2023-07-26 08:10:55 +02:00
hoellen	9fab1bee28	chore: update Nextcloud to 26.0.4	2023-07-21 00:16:34 +03:00
hoellen	33f4837a7a	chore: update Nextcloud to 26.0.3	2023-06-22 18:18:23 +02:00
hoellen	867943620a	chore: split version-26 to new branch	2023-06-12 14:07:27 +02:00