Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-32040

Partial OCI encrypted images support

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Docker
    • Labels:

      Description

      For hosted Docker repositories attempts to push OCI Encrypted images fails.

      buildah push --tls-verify=false --encryption-key jwe:./mykey.pub.pem alpine localhost:5000/encryption-test:encrypted
      
      Getting image source signatures
      Copying blob 4fc242d58285 done
      WARN[0000] failed, retrying in 2s ... (1/3). Error: writing blob: uploading layer to http://localhost:5000/v2/encryption-test/blobs/uploads/25de9eb9-5c25-4357-9d0f-e0fd3ada0ad3?digest=sha256%3A10faaf9ef1bce6d487a74d5698682fb21b52d3c619d083d1524dfb117da633fe: blob upload invalid: blob upload invalid
      

      Logs:

      2022-05-06 15:42:05,123+0000 WARN  [qtp1070801164-595]  admin org.sonatype.nexus.repository.storage.StorageTxImpl - An exception occurred determining the content type of asset v2/-/blobs/sha256:10faaf9ef1bce6d487a74d5698682fb21b52d3c619d083d1524dfb117da633fe in repository docker
      2022-05-06 15:42:05,125+0000 WARN  [qtp1070801164-595]  admin org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: PUT /v2/encryption-test/blobs/uploads/25de9eb9-5c25-4357-9d0f-e0fd3ada0ad3: 400 - Content type could not be determined: v2/-/blobs/sha256:10faaf9ef1bce6d487a74d5698682fb21b52d3c619d083d1524dfb117da633fe
      

       

      As a workaround I disabled the "strict content type validation" option and was succeeded to push and pull encripted image. But it doesn't look clear.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            psmolkin Pavel Smolkin
            Last Updated By:
            Matthew Piggott Matthew Piggott
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title