Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-22809

gems from proxy repos using outbound authentication can't be found if fetching them through a group repository

    XMLWordPrintable

    Details

    • Notability:
      3

      Description

      I have the following configuration:

      • sidekiqpro: rubygems repository, proxy type, for sidekiqpro, using HTTP authentication against theĀ remote storage (https://enterprise.contribsys.com/).
      • rubygems, railsassets: other rubygems repositories, proxy type, without HTTP authentication and without the gems I want to download: sidekiq-ent.
      • allrubies: A rubygems repository, type group, where I have all the repositories described above in. Sidekiqpro on the topĀ of the list.

      I have the following Gemfile:

      source 'http://nexus.host/repository/allrubies/'
      
      gem 'sidekiq-ent', '~>1.6.0'
      

      No Gemfile.lock in the begining, for testing purposes. Then I run

      $ bundle install
      Fetching gem metadata from http://nexus.host/repository/allrubies/..
      Could not find gem 'sidekiq-ent (~> 1.6.0)' in any of the gem sources listed in your Gemfile.

      I try then with this:

      $ bundle install --full-index
      Fetching source index from http://nexus.host/repository/allrubies/
      Resolving dependencies.....
      Using bundler 1.16.1
      Fetching concurrent-ruby 1.0.5
      Installing concurrent-ruby 1.0.5
      Fetching connection_pool 2.2.1
      Installing connection_pool 2.2.1
      Fetching rack 2.0.4
      Installing rack 2.0.4
      Fetching rack-protection 2.0.1
      Installing rack-protection 2.0.1
      Fetching redis 4.0.1
      Installing redis 4.0.1
      Fetching sidekiq 5.1.1
      Installing sidekiq 5.1.1
      Fetching sidekiq-pro 4.0.1
      Installing sidekiq-pro 4.0.1
      Fetching sidekiq-ent 1.6.1
      Installing sidekiq-ent 1.6.1
      Bundle complete! 1 Gemfile dependency, 9 gems now installed.
      Bundled gems are installed into `./vendor/bundle`
      

      It worked as expected.

      Now I have a valid Gemfile.lock:

      GEM
      remote: http://nexus.host/repository/allrubies/
      specs:
      concurrent-ruby (1.0.5)
      connection_pool (2.2.1)
      rack (2.0.4)
      rack-protection (2.0.1)
      rack
      redis (4.0.1)
      sidekiq (5.1.1)
      concurrent-ruby (~> 1.0)
      connection_pool (~> 2.2, >= 2.2.0)
      rack-protection (>= 1.5.0)
      redis (>= 3.3.5, < 5)
      sidekiq-ent (1.6.1)
      sidekiq (>= 4.2.9)
      sidekiq-pro (>= 3.5.0)
      sidekiq-pro (4.0.1)
      sidekiq (>= 5.0.5)
      
      PLATFORMS
      ruby
      
      DEPENDENCIES
      sidekiq-ent (~> 1.6.0)
      
      BUNDLED WITH
      1.16.1

      If I remove sidekiq-ent from the Gems directory and run again bundle install:

      $ bundle install
      Fetching gem metadata from http://nexus.host/repository/allrubies/...........
      Could not find sidekiq-ent-1.6.1 in any of the sources

      I can tell you that if I rerun it with --full-index it will work again.

      If I change the Gemfile to use sidekiqpro repository instead the group one

      $ bundle install
      Fetching gem metadata from http://nexus.host/repository/sidekiqpro/.
      
      
      Resolving dependencies...
      Using bundler 1.16.1
      Using concurrent-ruby 1.0.5
      Using connection_pool 2.2.1
      Using rack 2.0.4
      Using rack-protection 2.0.1
      Using redis 4.0.1
      Using sidekiq 5.1.1
      Using sidekiq-pro 4.0.1
      Fetching sidekiq-ent 1.6.1
      Installing sidekiq-ent 1.6.1
      Bundle complete! 1 Gemfile dependency, 9 gems now installed.
      Bundled gems are installed into `./vendor/bundle`
      

      It works.

      I think that running with --full-index is a workaround of another problem on Nexus side, but we should be able to get gems from authenticated repositories through group repositories.

      Possible Workarounds with their own Issues

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jhill Joshua Hill
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joshua Hill Joshua Hill
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title