Details
Description
Problem
The Docker - Delete unused manifests and images task deletes layers and SHA manifests that are not reachable from tag manifests (e.g. “latest”).
A logic error was introduced in Nexus Repository 3.30 that caused it to disregard recently published and updated tags when determining if layers and SHA manifests count as used. This could lead to it incorrectly removing the layers
With the introduction of the offsetTime feature (to aid in not removing layers during deployment race conditions) a bug was introduced that could result in layers being removed incorrectly.
Any image manifest that has a lastUpdated timestamp that falls after the offsetTime window (which is defaulted to 24 hours) will not be queried to find if its layers are in use, thus, all of those layers are now up for removal (unless also in use by some other manifest, that was lastUpdated before the offsetTime window).
In addition, any image manifest referenced by digest (i.e. manifests/sha256:XXXXXX) that had been updated in the 24 hour window prior to the task running could also be flagged for removal
Advice
If running NXRM 3.30.0 or newer, Sonatype recommends disabling the scheduled task, until your instance is upgraded to a version containing a fix for this specific issue.
Attachments
Issue Links
- is caused by
-
NEXUS-26732 Race condition in "Docker - Delete unused manifests and images" can cause assets to be mistakenly deleted
-
- Closed
-
- is related to
-
NEXUS-28078 Docker - Delete unused manifests and images task may delete referenced layers if the database query to select components encounters limits
-
- Closed
-