Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-34045

"Cross Repository Blob Mount" for Docker not recognised

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0, 3.40.1
    • Fix Version/s: None
    • Component/s: Docker
    • Labels:
    • Notability:
      3

      Description

      Repo 3 does not appear to support "Cross Repository Blob Mount" functionality as documented in the Docker v2 spec (https://docs.docker.com/registry/spec/api/).

      The spec states:

      ----------------

      A blob may be mounted from another repository that the client has read access to, removing the need to upload a blob already known to the registry. To issue a blob mount instead of an upload, a POST request should be issued in the following format:

      POST /v2/<name>/blobs/uploads/?mount=<digest>&from=<repository name> Content-Length: 0

      If the blob is successfully mounted, the client will receive a 201 Created response:

       201 Created Location: /v2/<name>/blobs/<digest> Content-Length: 0 Docker-Content-Digest: <digest>

      The Location header will contain the registry URL to access the accepted layer file. The Docker-Content-Digest header returns the canonical digest of the uploaded blob which may differ from the provided digest. Most clients may ignore the value but if it is used, the client should verify the value against the uploaded blob data.

      If a mount fails due to invalid repository or digest arguments, the registry will fall back to the standard upload behavior and return a 202 Accepted with the upload URL in the Location header:

      202 Accepted Location: /v2/<name>/blobs/uploads/<uuid> Range: bytes=0-<offset> Content-Length: 0 Docker-Upload-UUID: <uuid>

      This behavior is consistent with older versions of the registry, which do not recognize the repository mount query parameters.

      --------------------

      In testing, it is observed that Repo 3 returns a 202 for such a request indicating it does indeed not recognise/support the mount param:

      192.168.0.35 - admin [08/Jul/2022:10:17:55 +0100] "POST /v2/coolapp/blobs/uploads/?from=coolapp-arm-linux&mount=sha256%3Afeb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412 HTTP/1.1" 202 0 0 3 "Docker-Client/20.10.11 (darwin)" [qtp985821695-644]

       

      Test against Repo 3:

      1. Create a Docker hosted repo.
      2. Docker client, side run:
      docker login <docker_hosted_repo> 
      docker pull hello-world 
      docker tag hello-world <docker_hosted_repo>/coolapp-arm-linux:v1 
      docker push <docker_hosted_repo>/coolapp-arm-linux:v1 
      docker manifest create <docker_hosted_repo>/coolapp:v1 <docker_hosted_repo>/coolapp-arm-linux:v1 --insecure --amend 
      docker manifest push <docker_hosted_repo>/coolapp:v1 --insecure 
      • For the last push, observe in the Repo 3 request.log that a 202 is returned for:
      POST /v2/coolapp/blobs/uploads/?from=coolapp-arm-linux&mount=sha256%3Afeb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412

       And the push fails with:

      error mounting coolapp-arm-linux@sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412 to <docker_hosted_repo>/coolapp:v1 

       

      Repeat same test against the official Docker registry:

      docker run -d -p 5000:5000 --name registry registry:2
      docker tag hello-world 127.0.0.1:5000/coolapp-arm-linux:v1
      docker push 127.0.0.1:5000/coolapp-arm-linux:v1
      docker manifest create 127.0.0.1:5000/coolapp:v1 127.0.0.1:5000/coolapp-arm-linux:v1 --insecure --amend
      docker manifest push 127.0.0.1:5000/coolapp:v1 --insecure

      Observe the last push succeeds.

       

      Expected:

      Repo 3 supports mount params and its behaviour is inline with docker spec/official docker registry.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            hardeepn Hardeep Nagra
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Team:
            NXRM - Mad Max
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title