Windows curl command corrupts zip files on SFTP upload
When attempting to use a curl command in Jenkins pipelines for building artifacts (specifically .zip files) and transferring them via an SFTP server from Windows build nodes, you’ve encountered file integrity issues upon download. The uploaded archive is fine but becomes corrupted when extracted on your Mac using the same curl upload process which works seamlessly in other environments or with updated tools.
Here’s how to tackle this:
-
Update
curl- Ensure you’re running a recent version of Git Bash, as newer versions include improved features and bug fixes that can resolve issues related to file transfer integrity. For Windows specifically, consider installing cURL for Unix (like Cygwin) which is more up-to-date compared to the default curl in Command Prompt or PowerShell on your environment setup by IT. -
Review Transfer Settings - The flags used within the
curlcommand (--ftp-ssl-reqd,-k) indicate an SFTP (secure file transfer protocol) session that doesn’t verify SSL certificates, potentially leading to incomplete transfers or corruption if your connection is unstable:curl -T ./build_artifact.zip \ --ftp-ssl-reqd # this flag tells cURL not to require a trusted certificate for the server; may introduce vulnerabilities and transfer issues in some cases like yours, remove it or set up proper SSL validation if possible: -
SSL/TLS Verification - Attempting transfers over an unverified connection might be risky due to potential man-in-the-middle attacks; always ensure your server’s certificate is validated when transferring files, even with
-kdisabled if necessary:curl --ftp-sslv23 -T ./build_artifact.zip \ ftp://yourserver/path/tofile # for secure transfers without skipping SSL checks; adjust to use the correct FTPS version and server URL as required by your environment: -
Check Archive Integrity – Before attempting a download, perform an integrity check on artifacts directly from SFTP if possible (using
tar, or similar archiving tools). This ensures that any corruption occurs in the transfer process rather than being pre-existing within your build environment:tar -tzvf ./build_artifact.zip | head -n 10 # for a quick look at archive contents; ensure you can extract without errors on SFTP directly if possible as an integrity check before using `curl`: -
Jenkins Configuration – Review your Jenkins pipeline settings and the actions taken after building artifacts, ensuring that no pre-processing or conversion happens which could alter file structures:
- Sometimes pipelines may rename files during build steps; ensure this does not occur before transferring to SFTP using
curl.
- Sometimes pipelines may rename files during build steps; ensure this does not occur before transferring to SFTP using
-
Contact IT Department – Since your operations are managed by an IT department and involve system policies, they might have specific instructions or alternative ways of handling transfers that avoid these issues altogether:
- Ask for guidance on the use of tools like WinSCP (for file transfer) instead which can handle zip files directly. You may need to install it separately if not pre-installed in your environment and set up a script accordingly, often with added benefits such as direct error checking during upload/download processes:
winscp sftp://user@server//path -sync all # Sync entire directory ensuring full file integrity; replace placeholders according to actual server details or consider using WinSCP's scripting features for automation.
- Ask for guidance on the use of tools like WinSCP (for file transfer) instead which can handle zip files directly. You may need to install it separately if not pre-installed in your environment and set up a script accordingly, often with added benefits such as direct error checking during upload/download processes:
-
Alternative Tools – If cURL continues not working as expected, explore other available tools within your environment that might offer better reliability and ease of use when dealing with file transfers:
- Windows offers FileZilla or PowerShell’s
Copy-Itemcmdlets which can be more straightforward to configure for transferring files securely. Always ensure proper permissions are granted before copying, as cross-platform compatibility issues may arise here too (Windows/Mac):Copy-Item -Path ./build_artifact.* -Destination "\\yourserver\path" # Adjust destination path and source pattern to match your actual files: Ensure SSH keys or credentials are correctly set up in these tools for SFTP transfers.
- Windows offers FileZilla or PowerShell’s
By addressing each of the potential points above, you should be able either resolve issues related with transferring .zip artifacts via curl, using updated software versions and secure connections to maintain data integrity across your pipeline’s lifecycle from build through download on different platforms like Windows or Mac.