Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Group Details Private
administrators
-
RE: Packages not found after upgrading to 2024.29posted in Support
Hi @v-makkenze_6348,
So this package is a wierd one for sure. NuGet has actually removed it entirely from NuGet.org because it violated their terms of use. I would highly recommend switching to a supported package for that. That being said, there is a great answer in this stack overflow article on it https://stackoverflow.com/questions/1186270/referencing-system-management-automation-dll-in-visual-studio and you can see the removal from NuGet.org here: https://www.nuget.org/packages/System.Management.Automation.dll/
Basically to view this in ProGet, you will have to navigate manually to it in your feed because it is no longer returned in NuGet.org's search queries. You can use the following URL as a template (just swap out host and feed):
https://«PROGET_HOST»/feeds/«PROGET_FEED»/System.Management.Automation.dll/versionsThanks,
Rich
-
RE: Maven Policy not blocking Noncompliant packagesposted in Support
Hi @parthu-reddy ,
If you can provide my with some step-by-step instructions (reproduction case), then I can see if if there's a bug in ProGet. However we can't really change the "license file is embedded in the package file" technical requirement.
That said... using custom licenses for blocking package is definitely inappropriate. Please do not do that. It will cause you headaches and probably business disruptions later. There are already tools to prevent users from downloading packages from ProGet, this is not how you want to do it.
The easiest solution here is to align the security team's understanding/expectations align with reality. You don't want to try to configure ProGet in unrealistic ways that will lead to actual problems/risks.
I suspect the security team is conflating "vulnerable packages" with "malware and viruses", so it'd be best to take this opportunity to educate them on how packages / ProGet works.
- ProGet can prevent users from downloading certain packages, but vulnerable packages are freely available on the internet for download.
- A vulnerable package is NOT some a "virus in a lab that can escape" and infect a system
- A package is just a library and cannot run on its own
- If a user has a copy of vulnerable package, they can't use it to "hack" a system with it nor will it cause any harm
- Vulnerable packages simply shouldn't be used as building blocks in your own applications
Thanks,
Alana
-
RE: (500) Server Error When editing description of a Universal Packageposted in Support
Thanks @daniel-pardo_5658 , I was able to reproduce it.
It seems to work when you have additional metadata fields. Anyway we'll get it fixed via PG-2935 in the next maintenance release. AS a work-around, you can just download the package, edit the upack.json, and reupload it.
Cheers,
Alana
-
RE: Need info on blocking packagesposted in Support
Hi @parthu-reddy ,
This hasn't changed; to "Set Package Status", you need to first Pull the Package to the feed. From there, you can a compliance rule override of Always Block or Always Allow Downloads.
Thanks,
Alana
-
RE: Otterscript: Usage of Success exit code or EXEC operation - clarificationsposted in Support
Hi @scusson_9923 ,
Thanks for clarifying. You're right, the result is not available as a variable. Instead, the Operation will fail, which means you'd want to handle this via a try/catch.
try { InedoCore::Exec ( FileName: pwsh, WorkingDirectory: C:\, Arguments: test.ps1, ErrorOutputLogLevel: Error, OutputLogLevel: Information, SuccessExitCode: == 0 ); ... operations for success... } catch { ... operations upon failure ... }Hope that helps,
Alana
-
RE: Maven Policy not blocking Noncompliant packagesposted in Support
Hi @parthu-reddy,
I'm not sure about the specifics of how you've configured this, but in general, the "first download not blocked behavior" is to be expected with certain types of license checking.
Depending on how the author configured the license, ProGet cannot detect a license without the package file... so until the package has been added to the feed in ProGet, (via caching) happens it's considered "Undetected". In your Policy, you have that as "Warn", so it won't be blocked.
It's not technically feasible to handle this any other way, as ProGet streams the file it's downloading from a remote source to the user while also adding it to the feed for caching.
Thanks,
Alana
-
RE: Otterscript: Usage of Success exit code or EXEC operation - clarificationsposted in Support
Hi @scusson_9923 ,
Can you clarify what update you're looking for?
Are you looking for help on how to capture a failure and test on it?
Thanks,
Alana
-
RE: ProGet: NullReferenceException in SharedConfig.cs after upgrade to v24.0.30posted in Support
Hi @arose_5538,
We just released ProGet 24.0.31 that has the fix included for this so you do not need to specify those extra environment variables.
Thanks,
Rich
-
RE: ProGet: NullReferenceException in SharedConfig.cs after upgrade to v24.0.30posted in Support
Hi @arose_5538,
There looks to be a bug in our Docker image for 24.0.30. To work around this, if you add the environment variables
PROGET_USE_HTTPS_REDIRECTION:falseandPROGET_INTEGRATED_AUTHENTICATION:falseto your Docker run command or Docker Compose file, that will get you passed the error for now. I have created a ticket, PG-2932, to track the fix going forward.Thanks,
Rich