NXRM Proxy repos should continue to serve packages even if they go missing upstream. However, since we proxy the metadata listing from upstream we're vulnerable to effectively propagating upstream deletions.
- Create a yum hosted repo with two RPMs in it.
- Wait for the hosted repository to generate the metadata (this defaults to 60 seconds)
- Create a yum proxy of the hosted repo.
- Fetch the metadata through the proxy, specifically repomd.xml which will automatically fetch primary.xml.gz.
- Fetch both the RPMs through the proxy so that they are cached.
- Delete one of the RPMs from the hosted repo and wait for the metadata to be regenerated. The primary.xml.gz file in the hosted repository should now only list one RPM.
- Invalidate the cache on the proxy and then fetch the repomd.xml again.
- The primary.xml.gz file in the proxy will now only list one RPM but both RPMs will be available in the repository.
(Note another way to reproduce this would using a Centos 6 Docker image and a Centos 7 Docker image and then to point a proxy at a centos 6 remote http://mirror.centos.org/centos-6/6.9/os/x86_64/ install some packages, change the remote url to centos 7 install some packages http://mirror.centos.org/centos-7/7/os/x86_64/ the go back and try and install the 6 packages, which will fail)
This issue is the Yum version of the NPM-specific