Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20871

zero-byte layers uploaded using docker push fail strict content type validation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.16.1, 3.17.0
    • Fix Version/s: None
    • Component/s: Docker
    • Story Points:
      3
    • Sprint:
      NXRM Trinity Sprint 14, NXRM Trinity Sprint 15, NXRM Trinity Sprint 16, NXRM Trinity Sprint 17, NXRM Trinity Sprint 18
    • Notability:
      3

      Description

      Docker push may upload zero-byte layers - this is normal. This is allowed according to Docker API and a variation of which was allowed in NEXUS-9847.

      When NXRM has Strict Content Type Validation enabled for the hosted Docker repository, then the content type of the layer cannot be interpreted and therefore evaluated by NXRM. The docker push will fail on a zero byte layer and docker push will report an error.

      regular log levels reveal:

      2019-08-01 09:53:59,056+0200 WARN  [qtp1994670066-22108]  deployment org.sonatype.nexus.repository.storage.StorageTxImpl - An exception occurred determining the content type of asset v2/-/blobs/sha256:f803448ea1da14544cab107f8ca326a88dd21ce05550489c9d97fc74754a8439 in repository docker-private-snapshots
      2019-08-01 09:53:59,056+0200 WARN  [qtp1994670066-22108]  deployment org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: PUT /v2/example/example/blobs/uploads/f2b72013-550d-467a-a13f-17eaac663206: 400 - Invalid docker content v2/-/blobs/sha256:f803448ea1da14544cab107f8ca326a88dd21ce05550489c9d97fc74754a8439
      

      Failures at TRACE level logging reveals:

      2019-08-07 17:04:01,707+0200 TRACE [qtp1994670066-27948]  deployment org.sonatype.nexus.repository.docker.internal.DockerContentValidator - Invalid JSON file: v2/-/blobs/sha256:1b86268eaafd954d79fcabd3a66b4dcad424730ecc1d98e13f6ea38c4e7abbd4. Content will be written to disk for manual inspect at: D:\Repositories\nexus-3\tmp\docker-content-validation-failures6737706513019391325
      com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
       at [Source: (BufferedInputStream); line: 1, column: 0]
      	at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:59)
      	at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4133)
      	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3988)
      	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3065)
      

      The examined file in the tmp directory is zero-bytes and the Content-Length header for the docker push is also zero.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              iudovika Igor Udovika
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch
              Team:
              Original Nexus - Trinity - not for new tickets
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title