Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26642

a removed docker asset at a remote will cause an already cached docker asset to be removed from a proxy repository when component age expires


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.29.2, 3.31.1, 3.34.0
    • Fix Version/s: 3.35.0
    • Component/s: Docker
    • Labels:
    • Story Points:
    • Sprint:
      NXRM MadMax Sprint 17
    • Notability:


      A general format convention for repository manager is if a remote removes a component that was already cached locally in a proxy repository, then repository manager should not automatically remove the already cached component.

      Repository manager also has facilities to clean up docker components which are not accessed after a period of time.

      However currently, when a docker asset (tag or layer) from a remote registry is removed, this results in the asset no longer being available in the proxy when the proxy makes an outbound request confirming that the remote does not contain the asset.

      Example Reproduce with the removal of a Docker tag

      1. Two Nexus instance. On one instance create a hosted docker repository, on the other create a proxy docker repository to the hosted repo.
      2. Upload an image to the hosted repo.
      3. Pull the image via the proxy repo.
      4. Delete the tag (asset) on the hosted repo.
      5. Invalidate the cache on the proxy repo.
      6. Request/access the tag asset via the proxy.

      The proxy request returns a 404 with:

      {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown"...}

      However the tag asset is still listed in the browse UI.


      The same can be reproduced with a removal of a layer and in that case a 404 with the following response is returned:

      {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to registry"..}


      Do not automatically remove a cached asset when the remote reports it as not available. Instead it will be expected that cleanup policies/tasks will be used to cleanup stale docker assets in the proxy repository.



      Set the "Component Max Age" setting in the proxy repository config to -1. This will prevent Nexus from checking the remote for component changes/updates.



          Issue Links



              mpiggott Matthew Piggott
              hardeepn Hardeep Nagra
              Last Updated By:
              Joe Tom Joe Tom
              NXRM - Mad Max
              3 Vote for this issue
              8 Start watching this issue


                Date of First Response: