Details
Major Description
The content validation added via ---NEXUS-16242--- uses the ETag header.
Dockerhub always returns ETag in the "algorithm:checksum" format. But in general the format of the Etag header cannot be relied on, it's just a generic identifier. This causes our validation to break when the ETag is in a format which is not compatible with Docker digests:
Example received header:
2018-11-01 18:24:37,850+0000 DEBUG [qtp639366847-55651] example org.apache.http.headers - http-outgoing-42 << ETag: b558e108382f75d3cb440cec3bdaca8fa4bbfe30
The exception caused by this in a Docker proxy repository:
2018-11-01 18:24:37,861+0000 WARN [qtp639366847-55651] example org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/build/asap/manifests/latest
java.lang.IllegalArgumentException: Digest must be formed as 'alg:hex': b558e108382f75d3cb440cec3bdaca8fa4bbfe30
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:210)
at org.sonatype.nexus.repository.docker.internal.DockerDigest.parse(DockerDigest.java:71)
at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl.fetchTagDigestByContentDigest(DockerProxyFacetImpl.java:916)
FWIW, it seems the Docker-Content-Digest's format can be relied on:
https://docs.docker.com/registry/spec/api/#content-digests
2018-11-01 18:24:37,851+0000 DEBUG [qtp639366847-55651] example org.apache.http.headers - http-outgoing-42 << Docker-Content-Digest: sha256:9030d11b2bf8181a39b010c27359a7557c753c7f5272211ca2c12ec02656a25b
Note that this problem causes a Docker proxy which has Artifactory as its remote to fail, since Artifactory does not use the "algorithm:checksum" format in its ETag headers.
