[NEXUS-10148] docker V2 pull requests may return V1 manifests unexpectedly resulting in missing signature key error - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.0.1
Component/s: Docker
Labels:
- supportant

Sprint:
Sprint 68 - Föhn

Description

A docker pull command may fail against a Nexus repository. The error message reported to the client includes a message such as

"Error response from daemon: missing signature key"

Cause

Nexus is improperly downgrading the manifest to V1 due to a bug parsing the "Accept" header values received from the docker client. The docker client is expecting a V2 manifest style response containing a signature attribute.

We have seen this happen primarily when docker client requests sent through a reverse proxy in front of Nexus which is terminating SSL. We believe this to be because multiple Accept headers sent by the docker client may be collapsed into a single Accept header to Nexus, triggering the bug.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

nexus-repository-docker-3.0.0-03.jar
332 kB
04/27/16 08:44 PM

Issue Links

duplicates

NEXUS-10160 docker 1.10.3 on openshift manifest differences

Closed

Activity

People

Assignee:: Joe Tom

Reporter:: Peter Lynch

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 04/27/16 08:38 PM

Updated:: 11/23/16 08:18 PM

Resolved:: 11/23/16 08:18 PM

Date of First Response:: 27/Apr/16 9:08 PM

Details

Description

Cause

Attachments

Attachments

Issue Links

Activity

People

Dates

tigCommentSecurity.panel-title