Adobe Experience Manager Sites & More

sina1819 · 6/20/20

Hi,

Issue with unzip AEM backup.Please note that the zip file is valid when we unzip it in laptop (MAC OS ) its works.

We are taking backup from our gitlab scheduler

Here is the part of Script:

backup_file="/home/aem/backups/backup-$timestamp.zip"
- curl -s -L -i -u ${AEM_BACKUP_NAME}:${AEM_BACKUP_PASS} -F "target=$backup_file" -F "delay=1" http://${AUTH_ADDRESS1}:${AUTH_PORT}/libs/granite/backup/content/createBackup/content/items/backupform.html >& curl.out

Here is the error , i am getting when try to unzip in the server.

[root@backup auth-prod]# unzip backup-20200619-0420.zip

Archive: backup-20200619-0420.zip inflating: cq-author-p4502.jar

error: invalid zip file with overlapped components (possible zip bomb)

[root@backup auth-prod]#

System details: Red Hat Enterprise Linux Server release 7.6 (Maipo)

Linux backup.prod 3.10.0-957.21.3.el7.x86_64 #1 SMP Fri Jun 14 02:54:29 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux

Tried install the below rpm as well but did not work.

unzip-6.0-21.el7.x86_64.rpm

Any suggestion ?

Thanks

Sina

Theo_Pendle · 6/25/20

@sina1819,

Firstly, I've never seen this curl command before and I couldn't find any reference to it in documentation Can you maybe try to backup via the JMX console? This is decribed in the Backup and Restore documentation for AEM 6.3 here.

The command using curl looks like this:

curl -u admin:admin -X POST http://localhost:4502/system/console/jmx/com.adobe.granite:type=Repository/op/startBackup/java.lang.String?target=backup.zip

However, remaining on the subject of your particular use-case: A zip bomb is an archive that contains nested archives (usually repeated to a very deep level) which is very small but that when unzipped, will be so large that likely crashes your system. Since the ZIP you are creating contains the quickstart JAR (which itself contains nested JARs and ZIPs), it's not entirely surprising this might trigger a warning in the unzib lib for your RHEL7 system.

If I were you I would try:

Backup via JMX instead, see if that changes anything
If not, ticket to RedHat
Else, you can try backing up to a folder as opposed to a zip maybe?
1. Eg: "aem_backup.zip" backs up up to a ZIP file, "aem_backup/" backs up to a directory.
2. Then use a different archiving lib.

View solution in original post

Theo_Pendle · 6/25/20

@sina1819,

Firstly, I've never seen this curl command before and I couldn't find any reference to it in documentation Can you maybe try to backup via the JMX console? This is decribed in the Backup and Restore documentation for AEM 6.3 here.

The command using curl looks like this:

curl -u admin:admin -X POST http://localhost:4502/system/console/jmx/com.adobe.granite:type=Repository/op/startBackup/java.lang.String?target=backup.zip

However, remaining on the subject of your particular use-case: A zip bomb is an archive that contains nested archives (usually repeated to a very deep level) which is very small but that when unzipped, will be so large that likely crashes your system. Since the ZIP you are creating contains the quickstart JAR (which itself contains nested JARs and ZIPs), it's not entirely surprising this might trigger a warning in the unzib lib for your RHEL7 system.

If I were you I would try:

Backup via JMX instead, see if that changes anything
If not, ticket to RedHat
Else, you can try backing up to a folder as opposed to a zip maybe?
1. Eg: "aem_backup.zip" backs up up to a ZIP file, "aem_backup/" backs up to a directory.
2. Then use a different archiving lib.

sina1819 · 8/17/20

Thanks @Theo_Pendle for all the suggestions .We have downgraded the unzip version and that worked.

Adobe Experience Manager Sites & More

Issue with unzip AEM backup

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe