← Back to team overview

dhis2-devs team mailing list archive

Re: Weird, large change in war file size for 2.24 on continuation server - virus payload?

 

The idea that this is caused by malicious code is a bit far fetched.

An educated guess:

All of our "bundled" apps are now developed outside of the core code
repository. They are then pulled in at build time and bundled into the
final distribution war-file.

In practice this means that it's possible for a distribution built from the
same code base but at different times to contain different (minor) versions
of the bundles app(s). This would reflect in the file size of the final
artifact (and the hashes would differ, of course).

That said, 20 or so megs is a lot, so not sure exactly what's been going on
there. Maybe someone from the frontend team (Mark, looking at you) could
shed some light (or disprove my theory).

On Mon, Oct 17, 2016 at 6:26 PM, Calle Hedberg <calle.hedberg@xxxxxxxxx>
wrote:

> Dan,
>
> Maybe - but then why is the 2.25 war file size much small again? It makes
> no sense to introduce a new set of libraries at the same time as 2.25 is
> releases WITHOUT the same libs.
>
> Let's hope somebody from the core team can throw some light on this when
> they sober up ;-)
>
> Regards
> Calle
>
> On 17 October 2016 at 18:24, Dan Cocos <dcocos@xxxxxxxxx> wrote:
>
>> This is the commit where it increased in size
>> https://github.com/dhis2/dhis2-core/commit/7f702badae3d701b8
>> 64b0938c728f5993fb1ecd0
>> 9d1eb33 is 136.4MB
>> 7f702ba is 164.7MB
>>
>> I don't see anything obvious but maybe a new set of libs were introduced?
>>
>>
>>
>> On Oct 17, 2016, at 12:14 PM, Calle Hedberg <calle.hedberg@xxxxxxxxx>
>> wrote:
>>
>> Dan
>>
>> OK, but that's really weird. The 2.24 build from 5 days ago was 138mb....
>>
>> Anybody from the core team have an explanation? I don't want to use the
>> new version before I know if there are nails in the soup....
>>
>> Regards
>> Calle
>>
>> On 17 October 2016 at 17:31, Dan Cocos <dcocos@xxxxxxxxx> wrote:
>>
>>> Our build shows the same, 2.24 latest is 164MB
>>>
>>> On Oct 16, 2016, at 9:59 AM, Calle Hedberg <calle.hedberg@xxxxxxxxx>
>>> wrote:
>>>
>>> Dan,
>>>
>>> The latest one, from this morning (see http://ci.dhis2.org/job/d
>>> his2-2.24/,   number #89)
>>>
>>> Regards
>>> Calle
>>>
>>> On 16 October 2016 at 15:34, Dan Cocos <dcocos@xxxxxxxxx> wrote:
>>>
>>>> Hi Calle,
>>>>
>>>> Is there a specific revision that I can look at? We  maintain our own
>>>> build server and I can compare.
>>>>
>>>> Thanks,
>>>> Dan
>>>>
>>>>
>>>> *Dan Cocos*
>>>> Principal, BAO Systems
>>>> dcocos@xxxxxxxxxxxxxx <nhobby@xxxxxxxxxxxxxx> | http:/
>>>> /www.baosystems.com |  2900 K Street, Suite 404, Washington D.C. 20007
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Oct 16, 2016, at 6:39 AM, Calle Hedberg <calle.hedberg@xxxxxxxxx>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I've downloaded the latest war files for 2.21 to 2.25 from the
>>>> continuation server, and I noticed some very strange and LARGE changes in
>>>> war file sizes compared to 2-3 days ago:
>>>>
>>>> - 2.21 and 2.22 are more or less as before.
>>>> - 2.23 have increased from 118mb to 119mb (should be OK).
>>>> BUT
>>>> - 2.24 have jumped from 136mb to 164mb (SUSPECT)
>>>> - 2.25 are more or less as before (144mb)
>>>>
>>>> Can somebody explain why 2.24 size has expanded like that, and verify
>>>> that it does not contain additional foreign malicious code?
>>>>
>>>> Regards
>>>> Calle
>>>>
>>>> *******************************************
>>>>
>>>> Calle Hedberg
>>>>
>>>> 46D Alma Road, 7700 Rosebank, SOUTH AFRICA
>>>>
>>>> Tel/fax (home): +27-21-685-6472
>>>>
>>>> Cell: +27-82-853-5352
>>>>
>>>> Iridium SatPhone: +8816-315-19119
>>>>
>>>> Email: calle.hedberg@xxxxxxxxx
>>>>
>>>> Skype: calle_hedberg
>>>>
>>>> *******************************************
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *******************************************
>>>
>>> Calle Hedberg
>>>
>>> 46D Alma Road, 7700 Rosebank, SOUTH AFRICA
>>>
>>> Tel/fax (home): +27-21-685-6472
>>>
>>> Cell: +27-82-853-5352
>>>
>>> Iridium SatPhone: +8816-315-19119
>>>
>>> Email: calle.hedberg@xxxxxxxxx
>>>
>>> Skype: calle_hedberg
>>>
>>> *******************************************
>>>
>>>
>>>
>>
>>
>> --
>>
>> *******************************************
>>
>> Calle Hedberg
>>
>> 46D Alma Road, 7700 Rosebank, SOUTH AFRICA
>>
>> Tel/fax (home): +27-21-685-6472
>>
>> Cell: +27-82-853-5352
>>
>> Iridium SatPhone: +8816-315-19119
>>
>> Email: calle.hedberg@xxxxxxxxx
>>
>> Skype: calle_hedberg
>>
>> *******************************************
>>
>>
>>
>
>
> --
>
> *******************************************
>
> Calle Hedberg
>
> 46D Alma Road, 7700 Rosebank, SOUTH AFRICA
>
> Tel/fax (home): +27-21-685-6472
>
> Cell: +27-82-853-5352
>
> Iridium SatPhone: +8816-315-19119
>
> Email: calle.hedberg@xxxxxxxxx
>
> Skype: calle_hedberg
>
> *******************************************
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Halvdan Hoem Grelland
Software developer, DHIS 2
University of Oslo
http://www.dhis2.org <https://www.dhis2.org/>

Follow ups

References