Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56249

userContent *zip* (all files in zip) stopped working at 2.164

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • core
    • Windows 2008 R2 Enterprise, Jenkins 2.164+

    Description

      When using the (all files in zip) functionality starting at 2.164, either from the UI or URL (https:/myjenkins/userContent/*zip*/image.zip), the resulting image.zip has no content. 

      This has silently broken our builds, which utilize this functionality to retrieve certain content. Downgrading jenkins.war to 2.163 restores the functionality.

      Attachments

        Activity

          arjo_poldervaart Arjo Poldervaart added a comment - - edited

          Our use is similar to that of Glenn. To provide some context:

          If we want to release an artifact to production, we tag it in our SCM and let Jenkins build it, Jenkins then copies the artifact to a different location so we can download it at a later time (even if the workspace is cleared). The copy is done via a symlink created in the workspace by our build script (soft link on Linux) to a folder outside the workspace on disk.

          When we want to deploy the artifact we can simply download it via een link like: /view/assets/job/assets-BootstrapPortlet/ws/RELEASES/1.0.2/BootstrapPortletEAR.ear

          The _RELEASES_ folder __ is a symlink. So we basically use Jenkins as a file server just like Glenn.

           

          We do not use symlinks in the userContent folder, but we do use it in the job workspace.

          arjo_poldervaart Arjo Poldervaart added a comment - - edited Our use is similar to that of Glenn. To provide some context: If we want to release an artifact to production, we tag it in our SCM and let Jenkins build it, Jenkins then copies the artifact to a different location so we can download it at a later time (even if the workspace is cleared). The copy is done via a symlink created in the workspace by our build script (soft link on Linux) to a folder outside the workspace on disk. When we want to deploy the artifact we can simply download it via een link like: /view/assets/job/assets-BootstrapPortlet/ws/ RELEASES /1.0.2/BootstrapPortletEAR.ear The _ RELEASES _ folder __ is a symlink. So we basically use Jenkins as a file server just like Glenn.   We do not use symlinks in the userContent folder, but we do use it in the job workspace.
          jthompson Jeff Thompson added a comment -

          kansasmann and arjo_poldervaart, thanks for your responses on describing your use models. That helps clarify some things.

          Have you read the security advisory from last year at https://jenkins.io/security/advisory/2018-12-05/ ? Have you tried disabling that fix via the system property described there? It sounds like your use cases are some of the rare situations where that might make sense.

          jthompson Jeff Thompson added a comment - kansasmann and arjo_poldervaart , thanks for your responses on describing your use models. That helps clarify some things. Have you read the security advisory from last year at  https://jenkins.io/security/advisory/2018-12-05/  ? Have you tried disabling that fix via the system property described there? It sounds like your use cases are some of the rare situations where that might make sense.

          Hi Jeff,

          We have been running with "-Dhudson.model.DirectoryBrowserSupport.allowSymlinkEscape=true" for quite a while already. The setting does not resolve the current issue.

          arjo_poldervaart Arjo Poldervaart added a comment - Hi Jeff, We have been running with "-Dhudson.model.DirectoryBrowserSupport.allowSymlinkEscape=true" for quite a while already. The setting does not resolve the current issue.
          kansasmann Glenn Herbert added a comment -

          Same here, been running with SymlinkEscape=true for quite a while.

          kansasmann Glenn Herbert added a comment - Same here, been running with SymlinkEscape=true for quite a while.
          jthompson Jeff Thompson added a comment -

          I'm able to reproduce Matt's simple test case on Unix and Windows. Hopefully it's a reasonably good representation of the other problems people are experiencing. Looks like the `allowSymlinkEscape` property isn't working the way it was intended. I'll see if I can figure something out to make it work better. It may take a while to get that change put together.

          jthompson Jeff Thompson added a comment - I'm able to reproduce Matt's simple test case on Unix and Windows. Hopefully it's a reasonably good representation of the other problems people are experiencing. Looks like the `allowSymlinkEscape` property isn't working the way it was intended. I'll see if I can figure something out to make it work better. It may take a while to get that change put together.

          People

            Unassigned Unassigned
            kansasmann Glenn Herbert
            Votes:
            2 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: