[Issue]: Windows uninstaller deleted ALL files in the configuration files directory, deleting all media.

[IDisposable]

Please describe your bug

Reported to me by a friend

Decided to uninstall JellyFin today because Audiobookshelf solves my problem and discovered that the JellyFin uninstaller will delete every single file in the directory you chose to put the JellyFin configuration folders/files in. Which means it just deleted 600 GB of files of mine (which I had thankfully JUST backed up to an external drive, in fact that backup wasn't done and I lost some files but thankfully they weren't something I can't get back)

That shouldn't have been media files

Yeah I had accidentally chosen my Media drive when the installer asked "where to put files" (i.e. I misunderstood the ask) and the uninstaller was like: "I'll just delete every single thing in that folder you picked" no questions asked.

Which OS?

Windows.

The uninstaller actually specifically asked if I wanted to keep the configs and specifically called out "your media files will remain", under the assumption I had correctly put the configs in a folder specific to the app

Whatever the latest was (no longer have the install file) and when I did the installer the structure looked like this: E:\Media\Videos\tons of files and at the installer I chose E:\Media as the "where to put files" option. Which then put a bunch of folders there like config and data and plugins .

It seems like it would be wise if the installer found foreign files in the configuration directories at install time it should ask "are you sure". Also seems like the uninstall should be asking if we find non-config files in that directory.

Jellyfin Version

10.8.z

if other:

No response

Environment

- OS: Windows 
- Linux Kernel: N/A
- Virtualization: No
- Clients: N/A
- Browser: Chrome
- FFmpeg Version: (embedded)
- Playback Method: N/A
- Hardware Acceleration: N/A
- GPU Model: N/A
- Plugins:
- Reverse Proxy:
- Base URL:
- Networking:
- Storage:

Jellyfin logs

No response

FFmpeg logs

No response

Please attach any browser or client logs here

No response

Please attach any screenshots here

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[jaypeeZero]

I'm the friend who reported this. Chiming in so I'm available if any questions are needed.

[jaypeeZero]

It seems like it would be wise if the installer found foreign files in the configuration directories at install time it should ask "are you sure"

This actually wouldn't have stopped the problem and in fact it may have already done that. I would have said "Yes I'm sure" because the wording had me thinking the Jellyfin installer was asking where I put my Media files, not where would I be putting the configuration for Jellyfin.

I agree that the real solve here would be the Uninstaller only deleting known Jellyfin files.

[IDisposable]

The question here is should the fix be in the installer, the uninstaller, or both?

Installer

Warn if there are any files in the CONFIG directory that are not typical of a JellyFin install (e.g. more than things in config, etc. directories).

Pros:

• Will catch installing into someone's actual media directory/share
• Will catch installing into a previous installation of something else (e.g. Embry) that left files behind

Cons:

• Will warn on installing over old versions with different expectations
• Will NOT catch when files are added after the installation (e.g. someone putting ChannelsDVR metadata into the same place)

Uninstaller

Warn if there are any files in the CONFIG directory that are not typical of a JellyFin install (e.g. more than things in config, etc. directories).

Pros:

• Will catch if someone puts foreign metadata/files into the JellyFin directory after install
• Will more aggressively defend against version rollback issues.

Cons:

• Might make it harder to back out of a bad install
• Would introduce more coupling in the uninstaller (e.g. having to know the prior typical contents

[jaypeeZero]

Personally, an acceptable simple solution to me, would be the Uninstaller having a large obvious warning that it will delete every single file in that directory (maybe display the directory too) if I say "Yes" (actually it might have been a "No"?)

[IDisposable]

Would it be kinder to show at least a quick list of not expected files/directories?

[anthonylavado]

This is all mitigated by work planned for 10.9, where I have adapted an NSIS macro that builds a manifest of installed files, and removes only those files in the uninstaller.

Unfortunately that work isn't in the 10.8 branch, it would be a future version (probably November at the earliest, most likely December).

[anthonylavado]

Also - because I only just read more of the description - yes, it wouldn't remove post install files (so plugins), but I could remove that folder specifically. The larger point is that I already have work that moves away from doing just a straight rm/delete on the entire directory, and is much more targeted.

[IDisposable]

Excellent news... I'll just await the NSIS changes :)

While you're doing that... any chance we could get the exposure in the installer (and retention in an upgrade install) of the user id/password for the JellyFin service... just the other day I had a minor panic after upgrading to 10.8.11 because it didn't retain that run-as for the service and thus couldn't see the server's media...

[anthonylavado]

Exposure? I bet we could show the username on the service, but the password would be encrypted and of no use.

The better thing is to not replace the service on upgrade, which is a planned change as well. Unfortunately it will still break one more time with the 10.9 upgrade, as I plan to move away from NSSM for the service launcher, and using the tray app for that purpose.

[IDisposable]

Moving away from NSSM would be a huge bummer, as the Tray App starting things up wouldn't work for a server environment until someone logs in... that's not really where I hope this is headed.

[anthonylavado]

@IDisposable I should have explained further. The plan is to build a service mode in to the tray app that would behave the same way as NSSM, except, it would only handle Jellyfin.

[anthonylavado]

Looking at this again, many months later, I don't know that we can ever be sure to delete just config files. There's no way to enumerate all of them before hand. I can certainly delete just the program files (because we know what those are ahead of time), but config is a much trickier issue to solve.

At best for config, I can start by at least putting a big warning telling people "Are you sure? This will delete everything in . OK/Keep/Stop"