Details
Description
NXRM Proxy repos should continue to serve packages even if they go missing upstream. However, since we proxy the metadata listing from upstream we're vulnerable to effectively propagating upstream deletions.
- Create a yum hosted repo with two RPMs in it.
- Wait for the hosted repository to generate the metadata (this defaults to 60 seconds)
- Create a yum proxy of the hosted repo.
- Fetch the metadata through the proxy, specifically repomd.xml which will automatically fetch primary.xml.gz.
- Fetch both the RPMs through the proxy so that they are cached.
- Delete one of the RPMs from the hosted repo and wait for the metadata to be regenerated. The primary.xml.gz file in the hosted repository should now only list one RPM.
- Invalidate the cache on the proxy and then fetch the repomd.xml again.
- The primary.xml.gz file in the proxy will now only list one RPM but both RPMs will be available in the repository.
(Note another way to reproduce this would using a Centos 6 Docker image and a Centos 7 Docker image and then to point a proxy at a centos 6 remote http://mirror.centos.org/centos-6/6.9/os/x86_64/ install some packages, change the remote url to centos 7 install some packages http://mirror.centos.org/centos-7/7/os/x86_64/ the go back and try and install the 6 packages, which will fail)
This issue is the Yum version of the NPM-specific NEXUS-15714.
Attachments
Issue Links
- relates
-
NEXUS-15714 Continue to serve locally cached proxied npm packages that are unpublished on the remote
-
- Closed
-
-
NEXUS-19502
SPIKE Retain metadata of proxied yum packages that are unpublished on the remote
-
- Closed
-
