Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-22770

Change in stored PyPI proxy package paths creates duplicate assets and breaks browse node creation

    XMLWordPrintable

    Details

    • Notability:
      2

      Description

      As part of Nexus 3.20, NEXUS-20705 introduced a change in the stored package path for pypi artifacts to ensure that the remote location was preserved. For example:

      3.19:

      packages/8f/b7/f329cfdc75f3d28d12c65980e4469e2fa373f1953f5df6e370e84ea2e875/decorator-4.4.1-py2.py3-none-any.whl

      3.20:

      files.pythonhosted.org/https/packages/8f/b7/f329cfdc75f3d28d12c65980e4469e2fa373f1953f5df6e370e84ea2e875/decorator-4.4.1-py2.py3-none-any.whl

      Unfortunately, existing packages were not migrated (perhaps due to a lack of existing information) and when an existing package is re-downloaded from the remote there will now be two assets for the same component - the original asset with the old path and a new asset with the updated path.

      This causes the browse node rebuilding to fail, and possibly other problems as only a single asset is expected.

      To recreate:

      1) In Nexus 3.19, create a pypi proxy and download any package (ie. requests)

      2) Upgrade Nexus to 3.20

      3) Expire the caches on the pypi proxy and redownload the package.

      There should now be two assets visible for the package when searching in the UI and the browse nodes task will fail.

        Attachments

          Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-20705 pypi proxy remote simple indexes with absolute URLs are not rewritten correctly causing the pip client to bypass nxrm

          • Major - Major loss of function.
          • Closed
          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-23417 During upgrade of PyPI proxy in 3.22, browse nodes are rebuilt too quickly.

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-18117 PyPI ignoring python_requires metadata

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              mpiggott Matthew Piggott
              Reporter:
              mkearns Michael Kearns
              Last Updated By:
              Michael Prescott Michael Prescott
              Team:
              NXRM - Groot
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title