nexus-public: Nexus failing to find gems via Bundler when using a group repo
Originally reported in forum post Nexus failing to find Gems as a Bundler source but which exist in the Nexus UI
What problem are you trying to solve?
When running Bundler, Nexus reports the following error:
Resolving dependencies…
Your bundle is locked to GEM_NAME (GEM_VERSION) from rubygems repository https://nexus.example.com/repository/rubygems/ or installed locally, but that version can no longer be found in that source.
That means the author of GEM_NAME (GEM_VERSION) has removed it. You’ll need to update your bundle to a version other than GEM_NAME (GEM_VERSION) that hasn’t been removed in order to install.
where GEM_NAME and GEM_VERSION refer to some internal or public gem. Exactly which gem fails depends on what needs updating on a particular machine. It has also been seen to work then fail if the gem is removed and bundle install is run again.
- The gem referenced is clearly available in Nexus when browsing via the UI
- In the case of public gems, the gem and specified version are available on rubygems.org
- There is no evidence in Nexus logs of what is happening (errors, warning or informational)
Do you have a workaround you are using at present?
Taking the group out of the picture seems to work, however this completely defeats the purpose of using a repo group and means updating many projects.
# source '.../rubygems
source '.../rubygems-proxy'
source '.../rubygems-hosted' do
# Internal gems
end
# Public gems
What feature or behavior is this required for?
Installing project dependencies
How could we solve this issue? (Not knowing is okay!)
Without any diagnostic information, we have no idea why this is occurring.
Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?
- Reproduced with Nexus OSS 3.53.0, 3.53.1 and 3.54.1-01
- Operating system is Ubuntu 18.04 installed with the unix package. No database is specified.
- We are using a standard group setup with a hosted rubygems repo for internal gems and proxy for public gems
- Our install has been working fine for years and no configuration changes were made since an upgrade 6-7 months before this started happening
Anything else?
Nope
About this issue
- Original URL
- State: closed
- Created a year ago
- Reactions: 1
- Comments: 22 (4 by maintainers)
@niventc @dan-drew I do want to highlight something in the release notes for 3.63 that may improve the situation. At the bottom you’ll noticed that we fixed a few issues related to the ruby ecosystem that affected a small percentage of gems.
Testing with the latest (actually a pre-release of 3.64 due Jan 9, but I expect no changes to ruby from 3.63), I’m able to proxy the concurrent-ruby-1.1.10 gem listed here by @niventc through both proxy and group repositories.
The didja_rails component mentioned I’m having a harder time. It appears that package is no longer present in rubygems.org? See the log extract below, executed from the ruby:3.1 docker image:
We have this same issue. It appears to be related to a change on the rubygems API (https://help.sonatype.com/repomanager3/product-information/release-notes/2023-release-notes/sonatype-nexus-repository-3.53.0---3.53.1-release-notes?_ga=2.123942926.505566307.1693925851-922094735.1685002131#SonatypeNexusRepository3.53.03.53.1ReleaseNotes-ruby).
Running the command
gem install concurrent-ruby -v 1.1.10 --verboseagainst the proxy source and the group source we see the following.A successful request directly to our proxy shows this in the logs
Whereas the same request to our group shows
From the nexus logs we can see that the request gets forwarded to rubygems which then returns a 404
In summary it appears the
/api/v1/dependenciesnow correctly returns 404 for proxy repos, however continues to return 200 for group repos.