Hi,
Issue with unzip AEM backup.Please note that the zip file is valid when we unzip it in laptop (MAC OS ) its works.
We are taking backup from our gitlab scheduler
Here is the part of Script:
backup_file="/home/aem/backups/backup-$timestamp.zip"
- curl -s -L -i -u ${AEM_BACKUP_NAME}:${AEM_BACKUP_PASS} -F "target=$backup_file" -F "delay=1" http://${AUTH_ADDRESS1}:${AUTH_PORT}/libs/granite/backup/content/createBackup/content/items/backupform.html >& curl.out
Here is the error , i am getting when try to unzip in the server.
[root@backup auth-prod]# unzip backup-20200619-0420.zip
Archive: backup-20200619-0420.zip inflating: cq-author-p4502.jar
error: invalid zip file with overlapped components (possible zip bomb)
[root@backup auth-prod]#
System details: Red Hat Enterprise Linux Server release 7.6 (Maipo)
Linux backup.prod 3.10.0-957.21.3.el7.x86_64 #1 SMP Fri Jun 14 02:54:29 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux
Tried install the below rpm as well but did not work.
unzip-6.0-21.el7.x86_64.rpm
Any suggestion ?
Thanks
Sina
Solved! Go to Solution.
Views
Replies
Total Likes
Firstly, I've never seen this curl command before and I couldn't find any reference to it in documentation
The command using curl looks like this:
curl -u admin:admin -X POST http://localhost:4502/system/console/jmx/com.adobe.granite:type=Repository/op/startBackup/java.lang.String?target=backup.zip
However, remaining on the subject of your particular use-case: A zip bomb is an archive that contains nested archives (usually repeated to a very deep level) which is very small but that when unzipped, will be so large that likely crashes your system. Since the ZIP you are creating contains the quickstart JAR (which itself contains nested JARs and ZIPs), it's not entirely surprising this might trigger a warning in the unzib lib for your RHEL7 system.
If I were you I would try:
Firstly, I've never seen this curl command before and I couldn't find any reference to it in documentation
The command using curl looks like this:
curl -u admin:admin -X POST http://localhost:4502/system/console/jmx/com.adobe.granite:type=Repository/op/startBackup/java.lang.String?target=backup.zip
However, remaining on the subject of your particular use-case: A zip bomb is an archive that contains nested archives (usually repeated to a very deep level) which is very small but that when unzipped, will be so large that likely crashes your system. Since the ZIP you are creating contains the quickstart JAR (which itself contains nested JARs and ZIPs), it's not entirely surprising this might trigger a warning in the unzib lib for your RHEL7 system.
If I were you I would try:
Views
Replies
Total Likes
Views
Likes
Replies