Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56249

userContent *zip* (all files in zip) stopped working at 2.164

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
      Windows 2008 R2 Enterprise, Jenkins 2.164+
    • Similar Issues:

      Description

      When using the (all files in zip) functionality starting at 2.164, either from the UI or URL (https:/myjenkins/userContent/*zip*/image.zip), the resulting image.zip has no content. 

      This has silently broken our builds, which utilize this functionality to retrieve certain content. Downgrading jenkins.war to 2.163 restores the functionality.

        Attachments

          Activity

          Hide
          jvz Matt Sicker added a comment -

          Here is what I can reproduce which sound related to your problem:

          1. I run Jenkins with the -Dhudson.model.DirectoryBrowserSupport.allowSymlinkEscape=true flag set. (Or I modify it in the script console)
          2. In my userContent directory, I have one symbolic link to a file or directory outside of userContent such as ../../jobs/TestJob/lastSuccess/archive/
          3. I download the zip generated by the directory browser and find that it did not include those files despite using the flag.

          When I use Jenkins 2.163, the zip contains the data that I can also see in the browser. When I use Jenkins 2.164 or the latest release, the zip does not contain the files, though I can view the files in the browser still.

          Show
          jvz Matt Sicker added a comment - Here is what I can reproduce which sound related to your problem: I run Jenkins with the -Dhudson.model.DirectoryBrowserSupport.allowSymlinkEscape=true flag set. (Or I modify it in the script console) In my userContent directory, I have one symbolic link to a file or directory outside of userContent such as ../../jobs/TestJob/lastSuccess/archive/ I download the zip generated by the directory browser and find that it did not include those files despite using the flag. When I use Jenkins 2.163, the zip contains the data that I can also see in the browser. When I use Jenkins 2.164 or the latest release, the zip does not contain the files, though I can view the files in the browser still.
          Hide
          jvz Matt Sicker added a comment -

          Oh, and don't be confused by the double symbolic link thing going on there. This is still reproducible by simply linking to ../../config.xml

          Show
          jvz Matt Sicker added a comment - Oh, and don't be confused by the double symbolic link thing going on there. This is still reproducible by simply linking to ../../config.xml
          Hide
          kansasmann Glenn Herbert added a comment -

          Thanks Matt Sicker for verification.

          Show
          kansasmann Glenn Herbert added a comment - Thanks Matt Sicker for verification.
          Hide
          jvz Matt Sicker added a comment -

          Me or one of my teammates will be following up on this ticket to fix the problem. I believe I've been able to isolate the issue down to a difference in behavior when using the escape hatch where you can view files that are links from outside userContent or are themselves descendants of a link, but the same files are skipped in the zip file output regardless of the escape hatch.

          Show
          jvz Matt Sicker added a comment - Me or one of my teammates will be following up on this ticket to fix the problem. I believe I've been able to isolate the issue down to a difference in behavior when using the escape hatch where you can view files that are links from outside userContent or are themselves descendants of a link, but the same files are skipped in the zip file output regardless of the escape hatch.
          Hide
          arjo_poldervaart Arjo Poldervaart added a comment -

          Same issue here, we use symlinks a lot and are not able to upgrade at the moment to the latest LTS because of this issue. Is there a temporary workaround that can be made on a local Jenkins install? 

          Show
          arjo_poldervaart Arjo Poldervaart added a comment - Same issue here, we use symlinks a lot and are not able to upgrade at the moment to the latest LTS because of this issue. Is there a temporary workaround that can be made on a local Jenkins install? 

            People

            • Assignee:
              Unassigned
              Reporter:
              kansasmann Glenn Herbert
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: