RE: How to use Package/Container Usage in ProGet/Otter

Hi, thanks for the info.

We find this feature very interesting because packages can be tracked using Proget and Otter.
This allows users to check whether the packages they use have already been updated with the latest security updates.

But it’s not a big deal if the feature is no longer supported soon.

It appears to be just a JSON interface that is used between Proget and Otter.

Btw. Offtopic

Can you take a look here again, I find it better to continue this thread instead of opening a new thread with the same topic:
https://forums.inedo.com/topic/5635/support-for-notautomatic-butautomaticupgrades-headers-in-debian-feed-release-files?_=1775537208917

Thank you very much

Additional Information:

proget[1916719]: Scan using Otter at http://otter/ failed: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

Dear Supporters,

we are trying to get Package/Container Usage work.

Our Testenvironment in containers:

• ProGet 2025.24(Build 5)
• MSSQL
• Otter 2025.3 (Build 1)

The problem is, as soon as a server has been assigned into a role, for executing checkconfiguration with activated "Configuration drift:", the package/container scanner inside of ProGet will get the following error while scanning. And there is no information about package usage have been transfered from otter to proget.

Have any clue, why is this happening?

Scan using Otter at http://otter/ failed: Invalid name.

System.ArgumentException: Invalid name.
   at Inedo.UPack.UniversalPackageId.Parse(String s)
   at Inedo.ProGet.Extensions.PackageContainerScanners.OtterScanner.OtterPackageData..ctor(String server, FeedType type, JObject obj) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E648765\Src\src\ProGet\Extensions\PackageContainerScanners\OtterScanner.cs:line 147
   at Inedo.ProGet.Extensions.PackageContainerScanners.OtterScanner.<>c__DisplayClass12_0.<ReadPackages>b__0(JObject p) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E648765\Src\src\ProGet\Extensions\PackageContainerScanners\OtterScanner.cs:line 128
   at System.Linq.Enumerable.ConcatIterator`1.MoveNext()
   at Inedo.ProGet.Service.PackageContainerScannerRunner.GetPackageRecords(Context db, IEnumerable`1 packages)+MoveNext() in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E648765\Src\src\ProGet\Service\TaskRunners\PackageContainerScannerRunner.cs:line 71
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Inedo.ProGet.Service.PackageContainerScannerRunner.ScanAsync(TaskRunnerSubtask`1 subtask, PackageContainerScanner scanner) in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp\_E648765\Src\src\ProGet\Service\TaskRunners\PackageContainerScannerRunner.cs:line 46

::PackageContainerScannerRunner Error on 04/01/2026 10:12:11::

Thank you.
Best regards

I have a small issue to report. Btw. adding the headers works perfectly. However, the fields don't allow spaces. Like here to see. "Debian Backports"
Can you make the fields compatible for values with spaces?

proget:25.0.22-ci.4 seems to work.

The CPU consumption stays steady while ProGet is not under heavy load. The Debian connectors does not grow infitely. So for the third day this is the output:

root@xxxxxxxxxxxxxx:/usr/share/ProGet/LocalStorage/Connectors# du -chs * | grep G
2.6G    total

I'll get back to you on this in a week.
Thank you for the support.

Hi,

we had the same issue.

For Debian Trixie, there is a negative effect with sqv (Seqouia Verification Tool) using the universal signing key. When verifying the signing key, a message with (... --not-after ...) and exit status 1 is displayed. It is necessary to check whether the time has been synchronized correctly!!!

Here is what you need to check:

timedatectl
 ...
 System clock synchronized: yes # It should be yes, if your environment is using ntp-server.
 ...

@gdivis Thank you very much. We will do the test. Stay tuned for my feedback.

Thank you for your response. We also have a Proget test environment where we can test this. We would like to test it.

Here is another example of this behavior. These are only Debian connectors:

root@xxxxxxxxxxxxxx:/usr/share/ProGet/LocalStorage/Connectors# du -chs * | grep G
2.4G    C104
2.5G    C105
2.5G    C106
62G     C117
13G     C266
9.2G    C268
15G     C281
3.1G    C63
119G    total

Hi,

some Debian feeds, especially for kali-rolling, are very slow after a day since the connector was renewed. I have to repeatedly reset or renew the connector in order to be able to work with it.

If not, an “apt update” takes several minutes or it is going to be stucked up. The index.sqlite files grow to up to 50 GB. In addition, index.sqilte3-shm and -wal also grow to almost the same size. And CPU consumption increases proportionally to these problems. And if the connectors are not renewed, the sqlite database consumes all the available storage space in the partition where the volumes for packages are located.

Additional Information:

Upstream link that we are testing and using:
http://mirror.netcologne.de/kali/
http://http.kali.org/kali

ProGet version: 2025.20(Build 23) with external database (MSSQL), both in containers

Connector configuration: Index poll frequency is already set to triple digits in minutes.

Further Information I've already researched:

• https://forums.inedo.com/topic/5467/proget-2024-dealing-with-large-debian-package-connectors
• https://forums.inedo.com/topic/5410/debian-feed-mirror-performance/2

Please investigate this behavior. In addition to RPM repos, we also use a lot of Debian repos.
If the cause is known, can you implement additional clean measures in addition to “Index poll frequency”?

Can the problem perhaps be avoided by using a proxy?

Update:

And we found some images like busybox:1.37 which is directly pulled from upstream dockerhub. This is the same case. The ProGet-Layer-Scanner is not able to find any packages in there.