Support

• S

  Package Latest Version not showing in All Versions
  • scott.wright_8356  

  2
  0
  Votes
  2
  Posts
  12
  Views

  

  Hi @scott-wright_8356 , This is unfortunately the consequence/downside with frequently-updated packages (like 2-3x daily updates of electron-to-chromium) and metadata caching. The underlying issue is that different metadata queries have different cache expirations, so the search queries (e.g. "electron-" or "electron-to" or "chromium", etc) will not line up with index queries (e.g. "list electron-to-chromium versions"). There is no solution to this, aside from changing durations or disabling caching. In general, we very strongly advise against developers "always using the latest version of packages they see", since that's a major attack vector for software supply chains. It also makes build reproducibility basically impossible and gives testing a headache. Instead, we encourage a package approval process where only approved packages are consumable by build servers, as opposed to whatever's the latest version on the net Best, Alana
• 

  Wrong debian apt documentation (web and app)
  • Scati  

  4
  0
  Votes
  4
  Posts
  26
  Views

  

  Hi @daniel-scati , Thanks for catching that! I have updated the documentation. Thanks, Rich
• 

  Incorrect packages count in Feeds page
  packages feeds • • Scati  

  4
  0
  Votes
  4
  Posts
  21
  Views

  

  Just to give you a heads up. I'm already on version 2023.32 and it works like a charm. Thank you.
• V

  Error during upgrade
  • v.makkenze_6348  

  3
  0
  Votes
  3
  Posts
  7
  Views

  

  Hi @v-makkenze_6348 , This error can happen if you made certain changes to IIS configuration; in this case, you changed the name of the ProGet site in IIS to something else. That is not supported, so you will get this error. In general, we recommend moving away from IIS; this is because Microsoft no longer recommends using IIS for modern applications (.NET). And there is weird behavior like this. They only recommend it as a proxy server and legacy application server (Classic ASP, .NET Framework, etc).
• A

  An error occurred while retrieving rows.
  • akillen_5633  

  5
  0
  Votes
  5
  Posts
  23
  Views

  A

  @atripp The sp_updatestats stored procedure resolved the issue for us. Really appreciate the assistance.
• J

  What is the general design philosophy regarding permissions and visibility in ProGet?
  • jw  

  8
  0
  Votes
  8
  Posts
  42
  Views

  

  Hi @jw , let's move some of these to a new thread, since this is sort of getting a bit long / off topic. I'll reply here then lock the thread, but feel free to reply as a new thread for any one of these topics. First, if you haven't already, I'd submit your database so we can test using your database. I don't know what has/hasn't been tested yet, but that's what we plan to do this week. Internal Ids --- we will likely not include internal Ids in the /sca endpoints; those are only exposed in the native API (which we don't recommend using). We really don't you to use the Native API since it arbitrarily changes. Docs -- the docs are going to be a little behind, but those will come out shortly after; note that our primary API will become a CLI, so the API docs will favor examples for pgutil. This will actually make building out new APIs a lot easier, since we can just point to GitHub code to show how it works, etc. SCA Events -- these will also trigger when you upload a noncompliant package and one is discovered in an overnight scan (either of packages or builds). This is our starting point from zero, so we'll see what feedback we have and adjust accordingly.
• V

  Ability to bulk delete SBOMs
  • v.makkenze_6348  

  4
  0
  Votes
  4
  Posts
  12
  Views

  

  @v-makkenze_6348 thanks for clarifying - that's not how we intended to use the feature, but hopefully the ProGet 2024 model will work better. In ProGet 2024, they are called Builds, and Builds have a Release Number. They are also auto-archived, and have a kind of Build Stage. Sorry but I don't yet have screenshots, but there is some documentation: https://docs.inedo.com/docs/proget-sca-builds
• V

  Small spelling error in image Usage Instructions
  • v.makkenze_6348  

  2
  0
  Votes
  2
  Posts
  7
  Views

  

  @v-makkenze_6348 Thanks, we'll add this to our "final touches" in PG2024 :)
• V

  Unknown licenses that are known
  • v.makkenze_6348  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  Hello @v-makkenze_6348 , We're aware of this issue, and it's related to NuGet packages with four-part versions that end in zero, and the way the package is handled behind the scenes. It's a fairly involved/complex issue that we need to fix in a major version -- and we've already done that, in ProGet 2024 :) We expect it to release soon. You'll need to delete the cached package then re-add it. We've tested this exact scenario w/ SCA Builds/Releases. Thanks Alana
• J

  ProGet feature request: Dedicated permission for marking packages as deprecated
  • jw  

  3
  0
  Votes
  3
  Posts
  21
  Views

  J

  I'm afraid this is a bit too granular for us now, but it's something we can consider re-evaluating down the line, especially as we will likely want to add specialize permissions for projects, policies, etc. We expect that will happen later in the year, after ProGet 2024's new features get more adoption. We'll see if anyone else requests package-level permissions, etc. Thanks for the feedback, let's see if there is more demand. As for the Advanced, I put a note in ProGet 2024's final touches to address that. Honestly I thought those were only on Debug builds only, but clearly not... thanks for reporting! Glad to hear it is just an UI issue, I was worried users could mess with metadata. Cheers
• A

  Proget as registry proxy
  • aharalambopoulos_3520  

  2
  0
  Votes
  2
  Posts
  13
  Views

  

  Hi @aharalambopoulos_3520 , ProGet works as a "Private Docker Registry" which seems to be different than a "Docker Hub Mirror". Last time we researched Docker Hub Mirrors, they seemed to be primarily intended to provide image to certain geographic regions (like China) where Docker Hub content would otherwise be restricted. They could also be used to set up a "local mirror" of Docker Hub, but in all cases, it seemed to basically just redirect traffic from the default docker.io URL (or whatever) - so it wasn't intended to be used as "Private Docker Registries". In any case, Mirrors don't seem to be a good fit for ProGet; instead, if you wish to use nginx, we would advise to "privatizing" and "lock" images using sematic tag, so that you can be assured that corp.local/images/nginx is a tested/safe image with tags you control. Best, Steve
• P

  ProGet SAML group mapping
  • proget+markus.koban_7308  

  5
  0
  Votes
  5
  Posts
  26
  Views

  P

  Thank you very much for the information, we will get in touch with our account manager. We would greatly appreciate having this implemented as we need to manage over 150 users via SAML authentication.
• F

  apt Package file malformatted
  • frei_zs  

  7
  0
  Votes
  7
  Posts
  28
  Views

  F

  Thank you for taking time to sort this out with me! I greatly appreciate your efforts and will be happy, if this works out well. :)
• U

  proget 2023 - topology
  • udi.moshe_0021  

  5
  0
  Votes
  5
  Posts
  13
  Views

  U

  Hi @atripp , thank you very much.
• U

  proget 2023 - iis vs internal web
  • udi.moshe_0021  

  3
  0
  Votes
  3
  Posts
  8
  Views

  U

  Hi Alana, thank you very much. will do.
• P

  [BM] /!\ Proget Integration broken - given key was not present
  proget buildmaster • • philippe.camelio_3885  

  8
  0
  Votes
  8
  Posts
  22
  Views

  P

  @atripp Thanks for the fast reply and the bypass. Best regards PhilippeC.
• P

  Sync BM from OT
  buildmaster otter • • philippe.camelio_3885  

  9
  0
  Votes
  9
  Posts
  23
  Views

  

  Hi @philippe-camelio_3885 , We haven't investigated or changed this code in very many years (especially within the last year), so I wouldn't expect a changed result. Can you try the same troubleshooting steps as above? To find out where the invalid JSON is? Maybe it's comma again? FYI - we use Newtonsoft.Json for both serializing and deserializing (as you can see from error). It's really odd to be generating invalid JSON, but that's what the message is It could be related to an obscure bug, etc. We just have no idea and haven't investigated in past year. Thanks, Alana
• L

  Unable to upload Debian Package.
  • luke_1024  

  15
  0
  Votes
  15
  Posts
  56
  Views

  

  @frei_zs I'm also replied to your ticket (EDO-10276), but wanted to reply here as well. I'm going to lock this thread after, since it's a different issue. Unfortunately "tar" files are more of a convention than a standard, and not all libraries can read files created with different libraries. We are using one of the most "forgiving" tar libraries (we use four different ones!) in this particular scenario, but maybe aptly conventions aren't forgiving enough? FYI - here is what we're doing with the library public byte[] ReadControlBytes() { using var control = TarReader.Open(this.Control); while (control.MoveToNextEntry()) { if (control.Entry.Key == "./control") { var bytes = new byte[control.Entry.Size]; using var entry = control.OpenEntryStream(); ReadBlock(entry, bytes); return bytes; } } throw new InvalidPackageException("Package does not have a control file."); } We will need to inspect the file and see if we can determine what's wrong, and if it's an easy fix, we'll do it.
• H

  Download/ upload a NuGet package using cmd with ProGet Key or Username/ password
  • hashim.abu-gellban_3562  

  7
  0
  Votes
  7
  Posts
  26
  Views

  

  @hashim-abu-gellban_3562 nice find, correct that was a typo :)
• V

  Unable to add license to package
  • v.makkenze_6348  

  4
  0
  Votes
  4
  Posts
  14
  Views

  

  Hi @v-makkenze_6348, It's hard to say for sure, but there's clearly some kind of database timeout problem here when running Projects_GetReleaseAnalyzerData . I suppose you could try running that directly, and see if it takes a long time? I suspect the issue is that you have too many active releases. This is a major issue with ProGet 2023's feature -- it was designed with the assumption that users would archive releases, but we've seen thousands in the field. If you have a lot of active releases, this cause some big performance issues. ProGet 2024 auto-archives builds (the new word for releases). Cheers, Alana