Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26642

a removed docker tag at a remote will cause an already cached docker tag to be removed from a proxy repository when component age expires



    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.29.2
    • Fix Version/s: None
    • Component/s: Docker
    • Labels:
    • Notability:


      "Components" in repository manager Docker format are Docker image manifests that have Docker tags.

      A general format convention for repository manager is if a remote removes a component that was already cached locally in a proxy repository, then repository manager should not automatically remove the already cached component.

      Docker tagged manifests will come and go (deleted or otherwise unavailable) at a remote.

      It is believed to be less common to replace an existing tag with are reference to a different manifest ( tag update ) - allow technically possible.

      Repository manager has facilities to clean up docker components which are not accessed after a period of time.

      When a docker tag from a remote registry is removed, this currently results in the tag no longer being available in the proxy when the proxy makes an outbound request confirming that the remote does not contain the tag

      Example Reproduce

      1. Two Nexus instance. On one instance create a hosted docker repository, on the other create a proxy docker repository to the hosted repo.
      2. Upload an image to the hosted repo.
      3. Pull the image via the proxy repo.
      4. Delete the tag (asset) on the hosted repo.
      5. Invalidate the cache on the proxy repo.
      6. Request/access the tag asset via the proxy.

      The proxy request returns a 404 with:

      {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown"...}

      However the tag asset is still listed in the browse UI.


      Do not automatically remove a cached tag when the remote reports it as not available. Instead it will be expected that cleanup policies/tasks will be used to cleanup stale docker tags in the proxy repository.




          Issue Links



              Unassigned Unassigned
              hardeepn Hardeep Nagra
              Last Updated By:
              Michael Oliverio Michael Oliverio
              3 Vote for this issue
              6 Start watching this issue


                Date of First Response: