From 5eacd55153b0ad0cde3080f56b4772905b7dae63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@dtext.online>
Date: Mon, 4 May 2026 12:24:24 +0200
Subject: [PATCH] nextcloud/install: session-bus override, KWallet existence
 check, pass REPO vars
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- sync_client_software.sh: add system-wide flatpak session-bus override for
  Nextcloud so KWallet D-Bus access works for all users; fix broken compound
  test ([ a || b ] → [ a ] || [ b ])
- user_run.sh: check KWallet entries with hasEntry before writing — skip write
  and print info message when both passwords are already present; remove stale
  commented-out code
- install.sh: forward REPO_URL and REPO_BRANCH into configure.sh environment
  for both the su- and direct-bash invocation paths
- configure.sh: simplify do_configure (user cleanup)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../0050_nextcloud_desktopclient/user_run.sh  | 46 +++++++------------
 system_setup/configure.sh                     |  7 +--
 system_setup/install.sh                       |  4 +-
 system_setup/sync_client_software.sh          |  5 +-
 4 files changed, 23 insertions(+), 39 deletions(-)

diff --git a/client_software/0050_nextcloud_desktopclient/user_run.sh b/client_software/0050_nextcloud_desktopclient/user_run.sh
index f046584..f37b760 100755
--- a/client_software/0050_nextcloud_desktopclient/user_run.sh
+++ b/client_software/0050_nextcloud_desktopclient/user_run.sh
@@ -4,6 +4,9 @@
 #
 # Sofwareinstallation script for Nextcloud Desktop
 #
+# Hint: No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh
+# before as it is needed there already
+
 echo "Setup Nextcloud- Sync"
 
 #Local Vars
@@ -93,7 +96,9 @@ for i in {0..99}; do
             echo "Please check the above output!"
             exit 1
         fi
-        # The Flatpak autoprovisioning may not successfully write the apppassword to
+done
+
+# The Flatpak autoprovisioning may not successfully write the apppassword to
         # KWallet from inside the sandbox, so write it directly via D-Bus.
         # Nextcloud stores HTTP credentials in folder "Nextcloud" with keys:
         #   user:url/:0            (legacy password entry)
@@ -110,18 +115,24 @@ for i in {0..99}; do
             if ! ( ${NC_QB_CMD} "${NC_QB_SVC}" | grep -q "${NC_QB_PATH}" ); then
                 NC_QB_PATH="/modules/kwalletd5"
             fi
-            echo "Writing Nextcloud app password to KWallet via D-Bus (${NC_QB_PATH})"
+            echo "Checking Nextcloud app password in KWallet via D-Bus (${NC_QB_PATH})"
             NC_WALLET_HANDLE=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.open "kdewallet" 0 "${NC_WALLET_APPID}")
             if [[ -n "${NC_WALLET_HANDLE}" && "${NC_WALLET_HANDLE}" != "-1" ]]; then
                 HAS_FOLDER=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}")
                 if [[ "${HAS_FOLDER}" != "true" ]]; then
                     ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.createFolder "${NC_WALLET_HANDLE}" "Nextcloud" "${NC_WALLET_APPID}" >/dev/null
                 fi
-                ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
-                ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+                HAS_PW1=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasEntry "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${NC_WALLET_APPID}")
+                HAS_PW2=$(${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.hasEntry "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${NC_WALLET_APPID}")
+                if [[ "${HAS_PW1}" == "true" && "${HAS_PW2}" == "true" ]]; then
+                    echo "Nextcloud app password already present in KWallet — no change needed."
+                else
+                    ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+                    ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.writePassword "${NC_WALLET_HANDLE}" "Nextcloud" "${DAVTOKEN_USER}_app-password:${NC_WALLET_URL}:0" "${DAVTOKEN_PASS}" "${NC_WALLET_APPID}" >/dev/null
+                    echo "Nextcloud app password written to KWallet successfully."
+                fi
                 ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.sync "${NC_WALLET_HANDLE}" "${NC_WALLET_APPID}" >/dev/null
                 ${NC_QB_CMD} ${NC_QB_SVC} ${NC_QB_PATH} org.kde.KWallet.close "${NC_WALLET_HANDLE}" false "${NC_WALLET_APPID}" >/dev/null
-                echo "Nextcloud app password written to KWallet successfully."
             else
                 echo "Warning: Could not open KWallet (handle: ${NC_WALLET_HANDLE}). Nextcloud may prompt for credentials on next start."
             fi
@@ -129,32 +140,7 @@ for i in {0..99}; do
             echo "KWallet not available (non-KDE desktop) — skipping credential storage."
         fi
     fi
-done
 
-##Check if Nextcloud was already setup
-#if [ $SETUP_NEEDED = "0" ]; then
-#    echo "Nextcloud was already setup, skipping configure and starting Service"
-#    echo "If you want to reset, please delete the Folder [HOME]/.var/app/com.nextcloud.desktopclient.nextcloud manually."
-#    echo "Command: rm -rif ~/.var/app/com.nextcloud.desktopclient.nextcloud/"
-#    su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER
-#    exit $?
-#fi
-
-#No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh
-
-#Cleanup Nextcloud Configuration completely, while otherwise, the configure will not work
-#echo "Remove $SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
-#rm -rif "$SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud"
-
-#echo "Exec as $SUDO_USER: ${SYNCCMD}"
-#echo "Exec as $SUDO_USER: ${SYNCCMD_HIDDENPW}"
-#su -c "${SYNCCMD}" $SUDO_USER
-#if [ $? -ne 0 ]; then
-#    echo "=========== !!! ========================"
-#    echo "Error: It looks like this did not work!"
-#    echo "Please check the above output!"
-#    exit 1
-#fi
 # Now start Nextcloud
 echo "Starting Nextcloud Client in Background"
 systemd-run --user --no-block --unit=nextcloud-client.service --setenv=SESSION_MANAGER= ${BASECMD} >>${TEMPDIR}/nc_desktop_client.log 2>&1
diff --git a/system_setup/configure.sh b/system_setup/configure.sh
index ac022dc..016426f 100755
--- a/system_setup/configure.sh
+++ b/system_setup/configure.sh
@@ -40,12 +40,7 @@ override_conf_var() {
 
 do_configure() {
     mkdir -p "$(dirname "$CONF_FILE")"
-    cp "$CONF_DIST" "$CONF_FILE"
-
-    # Source the dist defaults (unset computed vars first so they are re-evaluated).
-    unset TLDOMAIN DOMAIN SERVERFQDN_IPA SERVERFQDN_NC CLIENTADMINGROUP \
-          DECRYPTEDDATADIR ENCRYPTEDDATADIR IPAVAULTUSE IPAVAULTNAME HOSTNM FQDN
-    # shellcheck disable=SC1090
+    cp "$CONF_DIST" "$CONF_FILE" # Either setup_system.conf or setup_system.conf.dist to config.d/configure.conf
 
     echo ""
     echo "=== System Configuration ==="
diff --git a/system_setup/install.sh b/system_setup/install.sh
index 8d560c0..522e050 100755
--- a/system_setup/install.sh
+++ b/system_setup/install.sh
@@ -49,10 +49,10 @@ finish_install() {
     if [[ "${RUN_CONF,,}" == "y" ]]; then
         if [[ -n "$SUDO_USER" && "$SUDO_USER" != "root" ]]; then
             info "Running configure.sh as user '$SUDO_USER'..."
-            su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' bash '$CONF_SCRIPT'"
+            su - "$SUDO_USER" -c "DISPLAY='${DISPLAY}' WAYLAND_DISPLAY='${WAYLAND_DISPLAY}' REPO_URL='${REPO_URL}' REPO_BRANCH='${REPO_BRANCH}' bash '$CONF_SCRIPT'"
         else
             info "Running configure.sh as root..."
-            bash "$CONF_SCRIPT"
+            REPO_URL="$REPO_URL" REPO_BRANCH="$REPO_BRANCH" bash "$CONF_SCRIPT"
         fi
     else
         echo
diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh
index b015552..bc19f3f 100755
--- a/system_setup/sync_client_software.sh
+++ b/system_setup/sync_client_software.sh
@@ -31,6 +31,9 @@ if [[ $? -ne 0 ]]; then
 fi
 echo ""
 
+# Ensure session bus access for Nextcloud (may be blocked by Flatseal or missing from manifest)
+/usr/bin/flatpak override --system --socket=session-bus com.nextcloud.desktopclient.nextcloud
+
 #Do an upgrade of the Base package if its configured and if there are changes
 chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
 chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
@@ -92,7 +95,7 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
             OLD_REPO_BRANCH="$REPO_BRANCH"
             source $(dirname "$0")/setup_system.inc.sh
             #Compare the Repository URLS after that
-            if [ "$REPO_URL" != "$OLD_REPO_URL" || "$REPO_BRANCH" != "$OLD_REPO_BRANCH" ]; then
+            if [ "$REPO_URL" != "$OLD_REPO_URL" ] || [ "$REPO_BRANCH" != "$OLD_REPO_BRANCH" ]; then
                 echo "The Repository for installation was"
                 echo "$OLD_REPO_URL Branch $OLD_REPO_BRANCH"
                 echo "After reading the config, the Repository has changed to"