Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25793

PyPI proxy repository returns 404 for a package that exists upstream

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.27.0, 3.28.1, 3.29.2
    • Fix Version/s: None
    • Component/s: PyPI
    • Labels:
    • Environment:
      Ubuntu 18.04
    • Notability:
      3

      Description

      I have just recently upgraded an installation of Nexus OSS  3.20.0-04 to 3.28.1-01 (on Ubuntu 18.04).

      Since the upgrade, the Nexus PyPi proxy repository has been returning 404 for a specific package that exists on the upstream server: pkg_resources. It seems to work fine for every other package I have tested.

      We first noticed the issue when various CI pipelines began to fail when creating Python virtual environments:

      Collecting pkg_resources
      Exception:
      Traceback (most recent call last):
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/basecommand.py", line 215, in main
          status = self.run(options, args)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/commands/install.py", line 353, in run
          wb.build(autobuilding=True)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/wheel.py", line 749, in build
          self.requirement_set.prepare_files(self.finder)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/req/req_set.py", line 380, in prepare_files
          ignore_dependencies=self.ignore_dependencies))
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/req/req_set.py", line 554, in _prepare_file
          require_hashes
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/req/req_install.py", line 278, in populate_link
          self.link = finder.find_requirement(self, upgrade)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/index.py", line 465, in find_requirement
          all_candidates = self.find_all_candidates(req.name)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/index.py", line 423, in find_all_candidates
          for page in self._get_pages(url_locations, project_name):
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/index.py", line 568, in _get_pages
          page = self._get_page(location)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/index.py", line 683, in _get_page
          return HTMLPage.get_page(link, session=self.session)
        File "/usr/share/python-wheels/pip-9.0.1-py2.py3-none-any.whl/pip/index.py", line 795, in get_page
          resp.raise_for_status()
        File "/scratch/ben/nexus_test/test/share/python-wheels/requests-2.18.4-py2.py3-none-any.whl/requests/models.py", line 935, in raise_for_status
          raise HTTPError(http_error_msg, response=self)
      HTTPError: 404 Client Error: Not Found for url: https://nexus/repository/pypi-proxy/simple/pkg-resources/

      I tried a bunch of things to attempt to resolve this but had no luck:

      • Invalidating the cache for the pypi-proxy repo
      • Disabling negative caching for the pypi-proxy repo
      • Deleting and recreating the pypi-proxy repo
      • Clearing /opt/sonatype-work/cache and /opt/sonatype-work/tmp and restarting Nexus
      • Probably more that I forgot

      I captured the attached log from our production Nexus server. This shows the client request to Nexus, Nexus making a request to https://pypi.org (which is successful, and receives a 200 status code) and the the resulting 404 sent back to the client.

      I have been forced to rollback the update in order to circumvent this issue.

       

      I have been able to reproduce this issue in a test environment with a fresh installation of 3.28.1-01. It works fine with a fresh installation of 3.20.0-04.

      Steps to reproduce: 
      1. Fresh install of Nexus OSS and clear any existing data directory (/opt/sonatype-work)

      2. Create a PyPi proxy repo in the web UI

      Settings:
       Name: pypi-proxy
       Online: yes
       Remote Storage: https://pypi.org/
       Use the Nexus truststore: no
       Blocked: no
       Auto blocking: yes
       Max component age: 1440
       Max metadata age: 1440
       Blob store: default
       Strict Content Type Validation: yes
       Routing table: none
       Not found cache enable: yes
       Not found cache TTL: 1440
       Cleanup policies: none
       HTTP Authentication: no
       HTTP request settings: none

      3. Request simple/pkg-resources

      $ curl http://localhost:8081/repository/pypi-proxy/simple/pkg-resources

      On Nexus OSS 3.20.0-04 this works as expected:

      $ curl http://localhost:8081/repository/pypi-proxy/simple/pkg-resources
       <html lang="en">
       <head><title>Links for pkg-resources</title>
       <meta name="api-version" value="2"/>
       </head>
       <body><h1>Links for pkg-resources</h1>
       </body>
       </html>

      This mostly matches what I get from the upstream server

      $ curl https://pypi.org/simple/pkg-resources/
       <!DOCTYPE html>
       <html>
       <head>
       <title>Links for pkg-resources</title>
       </head>
       <body>
       <h1>Links for pkg-resources</h1>
       </body>
       </html>

      However, on Nexus OSS 3.28.1-01 I get a 404

      $ curl http://localhost:8081/repository/pypi-proxy/simple/pkg-resources
       <!DOCTYPE html>
       <html lang="en">
       <head>
       <title>404 - Nexus Repository Manager</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
      <!--[if lt IE 9]>
       <script>(new Image).src="http://endepv001:8081/favicon.ico?3.28.1-01"</script>
       <![endif]-->
       <link rel="icon" type="image/png" href="http://endepv001:8081/favicon-32x32.png?3.28.1-01" sizes="32x32">
       <link rel="mask-icon" href="http://endepv001:8081/safari-pinned-tab.svg?3.28.1-01" color="#5bbad5">
       <link rel="icon" type="image/png" href="http://endepv001:8081/favicon-16x16.png?3.28.1-01" sizes="16x16">
       <link rel="shortcut icon" href="http://endepv001:8081/favicon.ico?3.28.1-01">
       <meta name="msapplication-TileImage" content="http://endepv001:8081/mstile-144x144.png?3.28.1-01">
       <meta name="msapplication-TileColor" content="#00a300">
      <link rel="stylesheet" type="text/css" href="http://endepv001:8081/static/css/nexus-content.css?3.28.1-01"/>
       </head>
       <body>
       <div class="nexus-header">
       <a href="http://endepv001:8081">
       <div class="product-logo">
       <img src="http://endepv001:8081/static/rapture/resources/icons/x32/nexus-white.png?3.28.1-01" alt="Product logo"/>
       </div>
       <div class="product-id">
       <div class="product-id__line-1">
       <span class="product-name">Nexus Repository Manager</span>
       </div>
       <div class="product-id__line-2">
       <span class="product-spec">OSS 3.28.1-01</span>
       </div>
       </div>
       </a>
       </div>
      <div class="nexus-body">
       <div class="content-header">
       <img src="http://endepv001:8081/static/rapture/resources/icons/x32/exclamation.png?3.28.1-01" alt="Exclamation point" aria-role="presentation"/>
       <span class="title">Error 404</span>
       <span class="description">Not Found</span>
       </div>
       <div class="content-body">
       <div class="content-section">
       Not Found
       </div>
       </div>
       </div>
       </body>
       </html>
      

      While pypi.org returns what is essentially an empty page, the Python virtualenv module seem to expect it to be available (I have no idea what purpose this serves). In any case, this appears to be a regression in Nexus.

      Please let me know if you need any more information from me.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            bcrisp Ben Crisp
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            3 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title