Currently, the Docker Orphan Layer cleanup job is responsible for cleaning up layers that do not have a reference in the manifest. For certain artifacts, like .json or .sig files that are not referenced in the manifest, this job may try to clean up these artifacts causing mysterious deletions.
In the docker debug logging, we might see similar log lines like below:
2024-10-03T20:29:04.577Z [jfrt ] [DEBUG] [9f32658fca8b175 ] [.v.h.DockerTagBlobsCleaner:105] [b175|art-exec-366764] - Started unreferenced blobs cleanup from ... 2024-10-03T20:29:04.579Z [jfrt ] [DEBUG] [9f32658fca8b175 ] [.v.h.DockerTagBlobsCleaner:120] [b175|art-exec-366764] - Found 1 unreferenced blobs at ... 2024-10-03T20:29:04.579Z [jfrt ] [DEBUG] [9f32658fca8b175 ] [.v.h.DockerTagBlobsCleaner:125] [b175|art-exec-366764] - Removing unreferenced blob .../manifest.json.sig'
In order to control this behavior, we can set the below Artifactory system property located in $JFROG_HOME/etc/artifactory/artifactory.system.properties
artifactory.docker.orphan.layers.cleanup.exclude.extension.list=sig,json
Please note: This feature is included starting from Artifactory Self Hosted version 7.77.X and above.
After adding it to the artifactory.system.properties file, a restart of Artifactory is required for the property to be consumed.
This property will now block the mentioned file extensions (sig,json) from being candidates for deletion by the Docker Orphan Layer cleanup.