Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-16306

JAR-artifacts that have been repackaged by Spring Boot are not recognized as application/java-archive and are not delivered from a proxy repository with default configuration

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.13
    • Fix Version/s: None
    • Component/s: Repository
    • Labels:
    • Environment:
      Nexus OSS 2.13.0-01 running on Ubuntu Linux 14.04.5 LTS

      Description

      Summary

      We have open source artifacts that we deploy to OSSRH. Some of these artifacts include Spring Boot repackaged applications. We have added OSSRH as a proxy repository in our in-house Nexus and included it in the group "public". For regular JAR-artifacts this works fine, but not for Spring Boot repackaged artifacts.

      After a couple of hours of investigating this we finally understood what was going on, and we feel that this might be a bug in Nexus. We finally found this in the nexus.log:

      2018-02-22 11:13:00,476+0100 INFO  [qtp1614440090-5422] ***userid*** org.sonatype.nexus.proxy.maven.MavenFileTypeValidator - StorageFileItem ossrh-snapshots:/se/mdh/driftavbrott/mdh-driftavbrott-service/1.1.0-SNAPSHOT/mdh-driftavbrott-service-1.1.0-20180222.095752-1.jar MIME-magic validation failed: expected MIME types: [application/java-archive], detected MIME types: [application/x-sh, text/plain, application/octet-stream]

      In request.log we see this:

      ***ip-number*** - ***userid*** [22/Feb/2018:11:13:00 +0100] "GET /nexus/content/groups/public/se/mdh/driftavbrott/mdh-driftavbrott-service/1.1.0-SNAPSHOT/mdh-driftavbrott-service-1.1.0-20180222.095752-1.jar HTTP/1.1" 404 1127 2147

      So in summary Nexus fails to deliver the file bacause it does not consider it to be a java-archive. In reality a repackaged Spring Boot file is both application/java-archive and a application/x-sh. You can run it with java -jar artifact.jar and it also possible to run it as a Linux service.

      Work-around

      We were able to work around this by changing the configuration of the ossrh-snapshots proxy repository in our Nexus by changing "File Content Validation" to "False".

      Wish 1

      We would like the logging level to be raised from INFO to at least WARN for these kinds of errors, since Nexus was not able to fulfill the request. It was difficult to find it in the logs because it was at INFO level.

      Wish 2

      It would be great if this could be documented somewhere, although we are not sure where. Googling only led us to a few issues in your JIRA. One place could be in the OSSRH documentation in a section about proxing ossrh-snapshots.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              dennisl Dennis Lundberg
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title