Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-29246

artifact versions uploaded using /service/local/artifact/maven/content may not get added to existing GA maven-metadata.xml if metadata contains some unexpected versions

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Parked
    • Affects Version/s: 2.14.20
    • Fix Version/s: None
    • Component/s: Maven
    • Labels:
      None
    • Notability:
      3

      Description

      Problem

      If a GA level release version maven-metadata.xml <versions> list contains an invalid formatted artifact version, such as a version with a leading dash ( ie. -RELEASE ), then uploads of new artifact versions using the POST upload to nexus/service/local/artifact/maven/content with VALID versions may not be automatically added to the maven-metadata.xml versions list maintained by Repository, or will get removed from the existing list upon subsequent uploads of other versions.

      Important: Normally Maven rebuilds maven-metadata.xml files - this bug only affects the exceptional case where Repository is responsible for metadata rebuild.

      The resulting incomplete versions list in the GA level maven-metadata.xml can fail builds.

      Workaround

      Delete ( and optionally re-version the invalid versioned artifacts by re-upload) the improperly versioned artifact from the hosted repository.

      Since Maven versioning treats characters such as space and dash as special when performing comparisons, such as when doing sorting, leading an artifact version with these characters is not advised.

      Reproduce

      This is one way to reproduce the problem that exercises the code in repository manager with the issue:
      1. Create a Maven 2 hosted Releases version policy repository called "Nexus_PROD".
      2. Deploy a versioned artifact with version: D-899.0.0-400

      curl -k -v -F r=Nexus_PROD -F hasPom=false -F c=distrib -F g=Nexus_PROD -F a=example -F v=D-899.0.0-400 -F p=zip -F e=zip -F file=@1.zip -u admin:admin123 http://localhost:8081/nexus/service/local/artifact/maven/content
      

      3. Deploy another version of the artifact: 899.0.0-400

      curl -k -v -F r=Nexus_PROD -F hasPom=false -F c=distrib -F g=Nexus_PROD -F a=example -F v=899.0.0-400 -F p=zip -F e=zip -F file=@1.zip -u usr:pwd http://localhost:8081/nexus/service/local/artifact/maven/content
      

      4. Delete using Browse Storage UI this node:
      Nexus_PROD/CI02506825_DevOps_Lab/D-899.0.0-400
      Notice Repository rebuilds the maven-metadata.xml, removing the version from metadata as expected.

      jvm 1    | 2021-10-08 15:30:07,670-0300 INFO  [qtp291004009-155] admin org.sonatype.nexus.proxy.maven.maven2.M2Repository - Recreating Maven2 metadata in hosted repository M2Repository(id=Nexus_PROD) from path='/Nexus_PROD/example'
      jvm 1    | 2021-10-08 15:30:07,719-0300 INFO  [qtp291004009-155] admin org.sonatype.nexus.rest.repositories.RepositoryContentPlexusResource - Storage item(s) on path "/Nexus_PROD/example/D-899.0.0-400" (and below) were deleted from repository [Nexus_PROD]
      

      5. Manually put the attached maven-metadata.xml into storage at sonatype-work/nexus/storage/Nexus_PROD/Nexus_PROD/example/maven-metadata.xml
      6. Then upload again the D-899.0.0-400 version.

      curl -k -v -F r=Nexus_PROD -F hasPom=false -F c=distrib \
        -F g=Nexus_PROD -F a=example -F v=D-899.0.0-400 -F p=zip -F e=zip \
        -F file=@1.zip -u admin:admin123 \ 
        http://localhost:8081/nexus/service/local/artifact/maven/content
      

      7. BUG Download the GA maven-metadata.xml file and check that it contains the uploaded version - it doesn't:

      curl -s -u admin:admin123 http://localhost:8081/nexus/content/repositories/Nexus_PROD/Nexus_PROD/example/maven-metadata.xml | rg '899.0.0-400'
      
      <latest>899.0.0-400</latest>
      <release>899.0.0-400</release>
      <version>899.0.0-400</version>
      

      The expected output there should have been:

      <latest>D-899.0.0-400</latest>
      <release>D-899.0.0-400</release>
      <version>D-899.0.0-400</version>
      <version>899.0.0-400</version>
      

      Expected

      Normal new Maven artifact versions should always be immediately added to the GA level maven-metadata.xml when using the POST upload method of components.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title