Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14616

Corrupted plugin updates leads to plugin uninstall and lost job configuration

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • core
    • None
    • Windows 7 x64.
      Java HotSpot(TM) 64-Bit Server VM (build 14.0-b16, mixed mode).

      From mailing-list entry "Verify downloaded jpi-files":
      https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-users/2v8csoO0cxE

      Jenkins does not seem to verify the integrity of downloaded plugins right after the download has completed. Rather, the verification is only done when attempting to install/upgrade the plugin.

      This concequence of this is that corrupted plugin updates will trigger a plugin uninstall instead of upgrade. Any job-configuration related to the accidentally uninstalled plugin is then also deleted, which is pretty serious.

      Steps to reproduce:
      1: Create a job with a subversion working-copy workspace.
      2: Configure plugin manager with invalid PROXY settings, so that non-intranet HTTP-requests returns a HTML error webpage (instead of connection refused).
      3: Upgrade the subversion plugin.
      4: Jenkins will download a corrupted subversion.jpi file containing HTML content without any error message.
      5: Restart Jenkins.
      6: Loading of subversion.jpi will fail (error log attached).
      7: The subversion plugin will be uninstalled.
      8. Subversion-related configuration in all jobs will be deleted!

          [JENKINS-14616] Corrupted plugin updates leads to plugin uninstall and lost job configuration

          Jesse Glick added a comment -

          Jesse Glick added a comment - More: https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-dev/ueaAOGrtVDI

          Jesse Glick added a comment -

          Also observed when the download starts off with valid file, but it gets truncated.

          Trying java.util.jar.JarFile.<init> might suffice to validate it.

          Jesse Glick added a comment - Also observed when the download starts off with valid file, but it gets truncated. Trying java.util.jar.JarFile.<init> might suffice to validate it.

          Ryan Campbell added a comment -

          Could be done from an implementation of hudson.model.UpdateCenter.UpdateCenterConfiguration's postValidate(DownloadJob job, File src)

          Ryan Campbell added a comment - Could be done from an implementation of hudson.model.UpdateCenter.UpdateCenterConfiguration's postValidate(DownloadJob job, File src)

          evernat added a comment -

          No news on this critical issue?

          evernat added a comment - No news on this critical issue?

          Daniel Beck added a comment -

          90% of this has been resolved in Jenkins 1.625.3 / 1.641 with the checksum verification when downloading from an update site. Two cases remain:

          1. Manual file upload can upload broken files
          2. Broken update sites serve broken files and checksums match

          I think we can mostly dismiss the second case, but the first one seems interesting enough for this issue to remain open.

          Daniel Beck added a comment - 90% of this has been resolved in Jenkins 1.625.3 / 1.641 with the checksum verification when downloading from an update site. Two cases remain: 1. Manual file upload can upload broken files 2. Broken update sites serve broken files and checksums match I think we can mostly dismiss the second case, but the first one seems interesting enough for this issue to remain open.

            Unassigned Unassigned
            forderud Fredrik Orderud
            Votes:
            7 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: