Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10148

docker V2 pull requests may return V1 manifests unexpectedly resulting in missing signature key error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.1
    • Component/s: Docker
    • Labels:
    • Sprint:
      Sprint 68 - Föhn

      Description

      A docker pull command may fail against a Nexus repository. The error message reported to the client includes a message such as

      "Error response from daemon: missing signature key"

      Cause

      Nexus is improperly downgrading the manifest to V1 due to a bug parsing the "Accept" header values received from the docker client. The docker client is expecting a V2 manifest style response containing a signature attribute.

      We have seen this happen primarily when docker client requests sent through a reverse proxy in front of Nexus which is terminating SSL. We believe this to be because multiple Accept headers sent by the docker client may be collapsed into a single Accept header to Nexus, triggering the bug.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jtom Joe Tom
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title