Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10148

docker V2 pull requests may return V1 manifests unexpectedly resulting in missing signature key error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.1
    • Component/s: Docker
    • Labels:
    • Sprint:
      Sprint 68 - Föhn

      Description

      A docker pull command may fail against a Nexus repository. The error message reported to the client includes a message such as

      "Error response from daemon: missing signature key"

      Cause

      Nexus is improperly downgrading the manifest to V1 due to a bug parsing the "Accept" header values received from the docker client. The docker client is expecting a V2 manifest style response containing a signature attribute.

      We have seen this happen primarily when docker client requests sent through a reverse proxy in front of Nexus which is terminating SSL. We believe this to be because multiple Accept headers sent by the docker client may be collapsed into a single Accept header to Nexus, triggering the bug.

        Attachments

          Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. NEXUS-10160 docker 1.10.3 on openshift manifest differences

          • Major - Major loss of function.
          • Closed

            Activity

              People

              • Assignee:
                jtom Joe Tom
                Reporter:
                plynch Peter Lynch
                Last Updated By:
                Joe Tom
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: