Capistrano deployment detected as shellshock - capistrano

We upgraded firewall firmware on servers, and the firmware update contains shellshock protection.
Suddenly whenever we do deploy with Capistrano the firewall block our office so we get "Blocked because of IPS attack" from firewall.
I bundle update Capistrano and all dependencies to latest version and same result. Anyone had and know fix for this issue ?
my versions
capistrano (3.2.1 8290d3f)
capistrano-bundler (1.1.3)
capistrano-rails (1.1.2)
capistrano-rbenv (2.0.2)

The problem was me being too stupid. Few weeks ago I installed extension to my browser for specifying custom headers. I created some custom malicious headers and was trying to crack my page to see what will happen. Of course I forget to turn it of.
each time I was doing deployment I checked it with the web-browser (with faulty extension) therefore locking my access and blaming it on deployment.
more info here https://github.com/capistrano/capistrano/issues/1176#issuecomment-62020915

Related

Web Deployment runs with error, but does nothing

I'm running a CI pipeline on Azure DevOps. Part of the release pipeline is deploying a website to our web server (running IIS).
We changed hardware recently and did a fresh install of Windows. Of course I also installed the WebDeploy handlers and everything. But since then, the deployment runs without error, but it doesn't actually update any files. If I publish the website from VS2019, everything is fine.
How would I troubleshoot this?
I forgot to include the new server into the deployment group. Only noticed it when we finally turned off the old server and got the error message that the target was offline.

PCFDEV: Pivotal Network returned: 451 Unavailable For Legal Reasons

This is an informational post about a recent problem I encountered when installing PCFDEV for use in development and testing.
On Ubuntu-16.04 server core, when I was starting PCFDEV as follows ...
cf dev start
... I was getting the error "Pivotal Network returned: 451 Unavailable For Legal Reasons".
I was using this within the proper terms and conditions (local development and/or integration testing) and my email and password are correct. Why was I getting this error?
Possible Reasons and/or Solutions:
Make Sure to Download the most recent version of PCFDEV (https://stackoverflow.com/a/44029486/1669464).
Logging into the Pivotal.io website with the credentials being used may resolve the issue (https://stackoverflow.com/a/44094847/1669464).
I had exactly the same problem just recently. I logged in at pivotal's network and the issue was resolved.
For me, this problem was caused by an outdated version of PCFDEV I had downloaded a month ago.
Downloading a fresh copy and running the plugin installer will upgrade the plugin to the most recent version. The error went away after this.

Service Fabric Test-ServiceFabricApplicationPackage powershell crash

After upgrade to sdk 2.5.216 and runtime 5.5.216 Test-ServiceFabricApplicationPackage command works only for complete package. In case of partial app upgrade (some Pkg are removed) it results in "Windows PowerShell has stopped working". I have tested on several computers and several apps. to reproduce:
create test app with 2 services and deploy.
change app version and particular service version.
create package and remove Pkg folder from it for the service without modifications.
connect to Service Fabric and test like Test-ServiceFabricApplicationPackage -ApplicationPackagePath "..path" -ImageStoreConnectionString "fabric:ImageStore"
Maybe somebody was able to overcome this issue? or at least has similar behavior so I'm not alone in Universe.
Thanks!
Alex
Take a look at https://github.com/Azure/service-fabric-issues/issues/259
This is a bug in our code. It happens when a compressed package was uploaded and provisioned in the cluster. Testing a new version of the application fails because settings file was not found in the provisioned version.
We fixed the issue and it will become available in one of our next releases.
Meanwhile, you can skip compression or test the version 2 application package without passing in the image store connection string.
Apologies for the inconvenience!

Why Eclipse p2site is asking for credentials?

I have a p2site hosted on my server to provide Eclipse Update Site. The server is running an IIS 7.5
I have the same p2site content stored and provided both in my production environment and in my staging environment (two separate servers, with identical characteristics).
From a couple of days, if I connect with my staging environment p2site from an Eclipse Indigo instance, I'm required to enter credentials, which has never happened before.
Moreover, if I manually download the zip archive and install my plugin from this local archive, I'm asked the credentials too.
I can guess, but I'm not sure, that the problem can be related to the following: in the last days we have added HTTPS enablement for our web site, and installed our certificate in the root certificates of Windows Server 2008 R2.
Anyone knows why Eclipse (Indigo, haven't tested the other platforms yet) is behaving in this way?
And how can I prepare my local zip archive / p2site to overcome this issue?
Thank you very much
cghersi
Just for the sake of completeness, I found the solution on my own: the problem was that for some reasons (that I cannot still recognize...) there was a DENY rule in the .NetAuthorization section for the verbs OPTION,HEAD.
It seems that Eclipse send exactly these kind of requests when looking for p2site and so these requests were rejected and Eclipse was asking for credentials for these requests.
Hope is can be useful in the future for other people.
cghersi

Wix: The service cannot be started during installation

I'm having a problem with Wix Service as the service cannot be started during install progress. It throws the error:
Error 1053: The service did not respond to the start or control request in a timely fashion
I've tried with both [WIX_ACCOUNT_LOCALSYSTEM] and [WIX_ACCOUNT_LOCALSERVICE] but no one of them work.
But there is weird here as I have an installer which using ClickOne, it includes the same service component as the one I have been using in Wix. The ClickOne installs service just fine (using InstallUtil.exe), so it proves the account has right to start a service.
Then, I uninstall the software (installed by ClickOne), and running the Wix installer again, the service starts well now. I don't know the reason why?
I'd like to put some flows for more clearly:
1- On a fresh machine
2- Running Wix software installer --> the service cannot be started and throwing error message --> Cancel install
3- Running ClickOne software installer --> service starts well --> Uninstalling software
4- Running Wix software installer --> service starts well
Also note that, I've tried 2 times on 2 fresh machines but it's the same. Anyone can shed some light on this weird behavior? Or anything I should verify against?
Thanks in advance,
Thank you #Stephen Connolly, #Alexey Ivanov, #Cosmin Pirvu for your comments.
I'd like to add your comments above as the answer.
Using CheckAsm, a great tool to verify the assembly dependencies
Looking at the log information in Event Viewer for anything could stop the service starting (i.e. timeout, services dependency ...)
Verifying all stuffs would be needed for service operations. They should be available once installation completed (i.e. configuration, registry, working folder ...)
If the installer is installing files to the GAC using the Windows Installer tables, the dependencies won't be available when the installer runs the StartServices action