Archiva
  1. Archiva
  2. MRM-789

Archiva may delete you app server installation

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0.2
    • Fix Version/s: 1.1
    • Component/s: repository interface
    • Labels:
      None
    • Environment:
      linux, jdk 1.6, tomcat 6
    • Number of attachments :
      0

      Description

      I installed the WAR version of Archiva into my tomcat instance... no problem so far.
      I then attempted to delete the default "internal" repository. I hit the delete config and contents button.

      At that moment I noticed that the repository directory was the tomcat home directory.

      Archiva managed to completely delete my Tomcat installation.

      To reproduce this, install it as a war, point a repo dir at your app server home, and hit the delete button (make sure you have a backup).

        Issue Links

          Activity

          Hide
          Maria Odea Ching added a comment -

          Ok, I'll remove the checks against the system properties. I guess this (the default was ensured of not pointing at an important place) is already covered because the default config has the 'data' subdirectory. It's this (for values the user enters on their own for new/editing repositories, I would ask for confirmation before accepting one that already exists) that still needs to be addressed.

          Thanks Brett!

          Show
          Maria Odea Ching added a comment - Ok, I'll remove the checks against the system properties. I guess this (the default was ensured of not pointing at an important place) is already covered because the default config has the 'data' subdirectory. It's this (for values the user enters on their own for new/editing repositories, I would ask for confirmation before accepting one that already exists) that still needs to be addressed. Thanks Brett!
          Hide
          Maria Odea Ching added a comment -

          Added confirmation page before saving a repo config (whether new or update) if the repo location already exists in trunk -r663788.

          This is the new flow:
          1. Add

          • Add a managed repo.
          • If the repo location set already exists, then user will be directed to the confirmation page.
          • If user clicks Save, then repo will be added. Otherwise, user will be redirected back to the repositories page.
            2. Edit
          • Edit a managed repo config.
          • If the repo location has been changed, then the new location would be checked if it already exists. If it does, then user will be directed to the confirmation page.
          • If user clicks Save, then the repo config will be updated. Otherwise, user will be redirected back to the repositories page.

          Please verify if the fix is sufficient for this issue. Thanks..

          Show
          Maria Odea Ching added a comment - Added confirmation page before saving a repo config (whether new or update) if the repo location already exists in trunk -r663788. This is the new flow: 1. Add Add a managed repo. If the repo location set already exists, then user will be directed to the confirmation page. If user clicks Save, then repo will be added. Otherwise, user will be redirected back to the repositories page. 2. Edit Edit a managed repo config. If the repo location has been changed, then the new location would be checked if it already exists. If it does, then user will be directed to the confirmation page. If user clicks Save, then the repo config will be updated. Otherwise, user will be redirected back to the repositories page. Please verify if the fix is sufficient for this issue. Thanks..
          Hide
          Brill Pappin added a comment -

          Thanks for the work Maria... but the issue was actually that the repository was somehow set to my tomcat root and when i deleted it, it deleted the entire tomcat deployment

          The set to root thing was a default install of the war version (so it would not have made any difference adding a new repo).

          So, your change will help, but I think more importantly make sure on install that the directory doesn't exist.

          Show
          Brill Pappin added a comment - Thanks for the work Maria... but the issue was actually that the repository was somehow set to my tomcat root and when i deleted it, it deleted the entire tomcat deployment The set to root thing was a default install of the war version (so it would not have made any difference adding a new repo). So, your change will help, but I think more importantly make sure on install that the directory doesn't exist.
          Hide
          Maria Odea Ching added a comment -

          I tried replicating the problem you encountered, but the location of the internal & snapshots repositories did not default to the Tomcat installation for me.. it was data/repository/internal & data/repository/snapshots. Anyway, I'll see if I can put some checks during startup regarding this. Thanks

          Show
          Maria Odea Ching added a comment - I tried replicating the problem you encountered, but the location of the internal & snapshots repositories did not default to the Tomcat installation for me.. it was data/repository/internal & data/repository/snapshots. Anyway, I'll see if I can put some checks during startup regarding this. Thanks
          Hide
          Maria Odea Ching added a comment -

          Fixed in trunk -r670114:

          • added an additional check in ArchivaConfiguration to append 'data/repositories/[repo_id]' in the repo location if the location already exists & does not end with 'data/repositories/[repo_id]' when loaded from the default config (from default-archiva.xml)
          • added test
          Show
          Maria Odea Ching added a comment - Fixed in trunk -r670114: added an additional check in ArchivaConfiguration to append 'data/repositories/ [repo_id] ' in the repo location if the location already exists & does not end with 'data/repositories/ [repo_id] ' when loaded from the default config (from default-archiva.xml) added test

            People

            • Assignee:
              Maria Odea Ching
              Reporter:
              Brill Pappin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: