Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2654

Artifactory bug with HTTP dates headers breaking some integrations(apt, puppet, ...)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Component/s: artifactory, core
    • Labels:
      None
    • Environment:
      OS: macOS Catalina 10.15.5 64b
      Web Browser: Chrome(83.0.4103.106 64b)
      Also tested with curl
    • Similar Issues:

      Description

      Performing a HEAD request to an artifact such as:

      https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/3.19/swarm-client-3.19.jar

      return a non conformant Last-Modified HTTP header date format which is not always GMT(https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified).

      This actually breaks some integrations that are not able to download such artifacts, apt-get for instance or puppet when using an http file resource.

      The issue seems to be already solved in recent versions of Artifactory:

      https://www.jfrog.com/jira/browse/RTFACT-21640

      Steps to reproduce:

      curl --head https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/3.19/swarm-client-3.19.jar
      

      Observer how `last-modified` is not GMT(it might actually return a GMT date some times)

        Attachments

          Activity

          Hide
          olblak Olivier Vernin added a comment -

          repo.jenkinsci.org is an Artifactory as a service managed by Jfrog, except opening a support ticket, we can't do much here.

          Based on the ticket you mentioned, it seems that the version we have is affected by it
          https://repo.jenkins-ci.org/api/system/version

          Daniel Beck is it something that you can do from the admin interface?

          Show
          olblak Olivier Vernin added a comment - repo.jenkinsci.org is an Artifactory as a service managed by Jfrog, except opening a support ticket, we can't do much here. Based on the ticket you mentioned, it seems that the version we have is affected by it https://repo.jenkins-ci.org/api/system/version Daniel Beck is it something that you can do from the admin interface?
          Hide
          danielbeck Daniel Beck added a comment -

          Nope. JFrog update it whenever they feel like it.

          Also,

          some integrations that are not able to download such artifacts, apt-get for instance or puppet

          None of this looks like uses supported by the project, so I don't really care.

          Show
          danielbeck Daniel Beck added a comment - Nope. JFrog update it whenever they feel like it. Also, some integrations that are not able to download such artifacts, apt-get for instance or puppet None of this looks like uses supported by the project, so I don't really care.
          Hide
          rvalverde Ricard Valverde added a comment -

          None of this looks like uses supported by the project, so I don't really care

          True, It's just that automating anything that needs downloading artifacts from jenkins plugins just got tons of magnitude harder because a bug.

          Show
          rvalverde Ricard Valverde added a comment - None of this looks like uses supported by the project, so I don't really care True, It's just that automating anything that needs downloading artifacts from jenkins plugins just got tons of magnitude harder because a bug.
          Hide
          olblak Olivier Vernin added a comment -

          > Nope. JFrog updates it whenever they feel like it.

          Can't we open a support ticket from repo.jenkins-ci.org, it doesn't seem to be a big effort to ask them if they can upgrade the version

          Show
          olblak Olivier Vernin added a comment - > Nope. JFrog updates it whenever they feel like it. Can't we open a support ticket from repo.jenkins-ci.org, it doesn't seem to be a big effort to ask them if they can upgrade the version
          Hide
          danielbeck Daniel Beck added a comment -

          Our support situation is very difficult, see the trouble KK had with the cert renewal earlier this year. Basically, as far as I can tell, they're not really aware that we exist – our Artifactory was set up before they had the OSS program.

          If you're volunteering to clear up this mess, go ahead.

          Show
          danielbeck Daniel Beck added a comment - Our support situation is very difficult, see the trouble KK had with the cert renewal earlier this year. Basically, as far as I can tell, they're not really aware that we exist – our Artifactory was set up before they had the OSS program. If you're volunteering to clear up this mess, go ahead.
          Hide
          danielbeck Daniel Beck added a comment -

          Personally I would prefer we limit our interactions with JFrog support to problems affecting the project so we don't get booted because we're too annoying. We simply don't have the capacity to run this ourselves.

          Show
          danielbeck Daniel Beck added a comment - Personally I would prefer we limit our interactions with JFrog support to problems affecting the project so we don't get booted because we're too annoying. We simply don't have the capacity to run this ourselves.
          Hide
          rvalverde Ricard Valverde added a comment -

          Well, I understand that demanding a free upgrade of Artifactory for enhaced features would be one thing. But asking to do a maintenance upgrade seems a fairly common and reasonable thing to ask.
          The way you put it looks like you'll never have control of the state of the web page. You handled it down to JForg and it's now theirs to do and undo at will(more than never do).

          If you are not part of the OSS program but are still being freely hosted somehow then I'd advice on clearing this out asap(and get the support you'll undoubtedly need) so to regain control of your website/repo and be able to act when something really pressing happens.

          Show
          rvalverde Ricard Valverde added a comment - Well, I understand that demanding a free upgrade of Artifactory for enhaced features would be one thing. But asking to do a maintenance upgrade seems a fairly common and reasonable thing to ask. The way you put it looks like you'll never have control of the state of the web page. You handled it down to JForg and it's now theirs to do and undo at will(more than never do ). If you are not part of the OSS program but are still being freely hosted somehow then I'd advice on clearing this out asap(and get the support you'll undoubtedly need) so to regain control of your website/repo and be able to act when something really pressing happens.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rvalverde Ricard Valverde
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: