Hi @arose_5538 ,
Looks like this was indeed a regression in 2024.23 as a result of upgrading the JSON library we were using... I guess it's a lot more strict.
Of course, upack is also wrong, but for whatever reason it worked before. anyway it's an easy fix, and will be fixed in the next maintenance release (scheduled Feb 7) of ProGet via PG-2884.
In the meantime, you can just downgrade to 2024.22.
And I checked pgutil 2.1.0 will be released soon :)
Cheers,
Alana
Hi @kichikawa_2913 ,
PG-2290 was the regression fix, and it was included in ProGet 2022.22
Cheers,
Alana
Hi @rob-leadbeater_2457 ,
It sounds like you'll need to grant yourself (UserB) "sysadmin" access. You should probably also grant the local Administrators group access as well while you're at it :)
The easiest way to do this is with the SQL Server management tools, since it's all gui-driven. That's a free download/install from Microsoft, and I would recommend installing it on the server anyways. But it's also possible to do it with the command line/scripts.
Microsoft has some guidance on how to do this;
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/connect-to-sql-server-when-system-administrators-are-locked-out?view=sql-server-ver16
Once you've given yourself sysadmin, you should have no issues.
Alana
Hi @mahdy-merry_6333 ,
It's possible, and you can do this by creating a second feed that effectively proxies the first feed and uses disk storage. You could use a Connector on the two feeds or REplication.
Cheers,
Alana
Hi @kichikawa_2913,
You can ignore the Age field; it's just used internally by Visual Studio, along with the Id. Not sure why, but it's a strange value in PortablePDB files.
Here's more on what Age means if you're dying to read PE-COFF specifications 
Best,
Alana
Hi @mmaharjan_0067 ,
The pgutil assets list command is intended for interactive use and should not be parsed; it could change in future versions.
Instead, you can just call the endpoint directly, which will contain the details you're looking for:
https://docs.inedo.com/docs/proget/api/assets/folders/list
Cheers,
Alana
Hi @jim-borden_4965 ,
It looks like that isn't supported; but it should be relatively easy :)
I added a change (PG-2305) that we'll try to get in the next release (scheduled Mar 24).
Cheers,
Alana
Hi @h-morgenthaler_3015, we are currently investigating this. ,It sounds like an issue we fixed in ProGet 2022 already, but maybe it didn't get merged over. Please stay tuned.
Hi @scott-wright_8356 ,
Thanks; it sounds like the underlying issue is indeed Google Android connector you added. I don't have an information or idea on why that might be the case... some third-party repos (Maven, PyPi, NuGet, etc.) are just really slow and buggy.
ProGet is basically acting like a proxy server here, so "garbage in, garbage out" applies - if the connector is slow and error-prone, then you will experience slowness and errors.
Sometimes third-party repos will create packages that don't follow the specifications but just happen to work in certain versions of clients. That could be what's happening here. In cases like that, we can really only address those on a case-by-case basis, and we'd need to know exactly how to reproduce the error and investigate it later.
Best,
Alana
Thanks so much @martijn_9956; after researching the matter further, it seems that the MERGE can be a pretty buggy statement, and its behavior seems to vary based on the operating system, SQL Server SKU, patch version, and probably the phase of the moon.
We will rewrite this procedure to use a more straight-forward UPDATE/INSERT/DELETE (like you did) via PG-2437, which will ship in next maintenance release.
Hi @ssuenaga_1020 ,
Thanks for the detailed report; this seems easy enough to fix, so we'll get this addressed in the next maintenance release (2023.20) via PG-2499.
Cheers,
Alana
Hi @Justinvolved ,
You should be able to see some kind of error message on Windows Event Logs, but my guess is that the account doesn't have access to the BuildMaster SQL Server database .. you'll need to grant that.
Cheers,
Alana
And I'm sure you noticed but looks like this was released :)
Hi @mharen,
You can try to enable Windows Integrated Authentication in ProGet, and then use two sites in IIS (once with WIA, one without), but that will only work for NuGet packages. Other client (npm, docker) do not support WIA.
Otherwise, you can take a "DMZ" approach, and configure two instances of ProGet - one for Devs, one for CI systems - then use a connector. The two-instance approach also has the benefit of reducing load, though not quite as much as a load balancing configurating.
Cheers,
Alana
@itops_6398 glad that worked! I noticed same quirk in the UI and fixed it :)
Probably why we/no one noticed before... editing the connector just happened to fix it once the value was saved.
Hi @sbaeurle ,
That's definitely strange; there's really nothing in ProGet that would cause intermittent 403s.
If you aren't doing so already, I would suggest switching to using API Keys in ProGet instead of LDAP. Make sure they are not "Personal Keys" but Feed keys. That will eliminate any potential issue with LDAP queries returning inconsistent results.
Otherwise, you'd almost need to capture those bad requests and see how they're different. ProGet does not have a means of capturing HTTP traffic, so you'd have to use something like Fiddler or Wireshark.
Cheers,
Alana
Added to our PRoGet 2024 roadmap to ivnestigate/explore - it might be easier this time!
Hi @PhilipWhite ,
You're correct, this is a regression in the validation code...
if (!value.All(c => (char.IsLetterOrDigit(c) && char.IsLower(c)) || c == '.' || c == '_' || c == '-' || c == '/'))
return new ValidationResults(false, $"Docker Repository names may only contain lowercase letters, digits, periods, underscores, slashes, or dashes.");
I guess we recently added char.IsLower because UpperCase characters caused all sorts of problems.... easy fix, and easy work around.
blah in the Repository name field, Click SaveWe'll get this fixed for teh next maintenance release via BM-3932
Cheers,
Alana
Hi @m-karing_2439 ,
Unfortunately, this repository doesn't following PyPI repository conventions.
For example:
/simple listing (e.g. https://download.pytorch.org/whl/cu118/simple)I guess it "happens to work" in pip , or perhaps they install a plugin that allows it to work... but ProGet is designed around PyPi repository specs. which is why a non-confirming download site won't work very well.
I'll add a note to investigate this further, but for the time being you should just download the wheels and upload them to a feed in ProGet.
Cheers,
Alana
Hi @forbzie22_0253 ,
ProGet Free edition may be used in commercial use. There is no limit on the number of instances, but a ProGet Free instance may not connect/network to another ProGet instance -- they need to be stand-alone instances.
ProGet Free instances can be connected to NuGet.org, just not other instances of ProGet.
Best,
Alana
Hi @yogeshshines_9136 ,
This should be resolved by downloading the latest Inedo Hub from https://my.inedo.com/downloads
Thanks,
Alana
It's a bit hard to figure out how to help or troubleshoot with the information here, but a few key points:
To help on this, we'll need to know specifically where the issue is and have instructions on how to reproduce it on a new feed/instance of ProGet.
First, I would start by trying to download the .pom file and .jar files from Google (like that gradle one you found), then upload them to ProGet from the Web UI. If that doesn't work, then we know the POM file is probably bad, and we can investigate it.
Next, I would try to pull the pom/jar from a connector. If that doesn't work (but uploading it does), then maybe the "API" for that repository is incorrect. And we can investigate it.
Best,
Alana
Hi @Justinvolved ,
This is not uncommon with PowerShell; in general the processes will be closed, but there are enough scenarios with long-running/hanging PowerShell scripts where those processes will report termination but the process will not be terminated. So they can stick around
I'd recommend using the Inedo Agent instead, even if it's on the same sever. That gives better process isolation compared to the local agent, and you shouldn't see this behavior for too long. The local agent runs in-process.
Cheers,
Alana
Hi @forbzie22_0253 ,
Similar to the UI, packages are still returned in the API - they just have a flag set to indicate they are unlisted/deprecated. It's up to the client to determine what to do about that.
I don't believe the Find-Package cmdlet works with these properties; I think only Visual Studio will hide/warn about them.
Thanks,
Alana
When installing ProGet with the Inedo Hub, you can specify the SQL Server and Database Name. If it's an existing ProGet database, then it will be upgraded/downgraded as needed. I'm don't know what the errors were, but typically the installing users has a lack of db_owner permissions.
To upgrade ProGet in an HA set-up, you can just use the Inedo Hub to upgrade each node. Usually it takes 1-2 minutes per node, so you can do it manually pretty easily. There shouldn't be any errors.
Best,
Alana
This is usually due to a networking error; it may also be resolved by restarting. It's also just something you can ignore. The service messanger isn't very important in ProGet.
Best,
Alana
Hi @scott-wright_8356 ,
This error means that "something" that is taking an exclusive lock handle on files within your SMBShare. Unfortunately, the operating system does not provide information about what that "something" is, but it's typically an anti-virus, search-indexing, or back-up tool.
ProGet uses shared read handles, but obviously needs a lock handle when writing. There are a few race conditions where this could occur, but they are extremely rare and require multiple requests on different servers in a cluster that attempt to add the same package at the same time.
However those are very rare, so I suspect "something else" is locking those files. Usually it's an anti-virus tool - since it "looks like" a zip file, it's being opened? You'd need to use a tool to monitor openarting system handles, like sysinternals procmon.
Best,
Alana
Hi @scott-wright_8356 ,
I'm not sure, but based on this URL:
https://maven.google.com/web/index.html#android.arch.core:common:1.1.1
I can see that the POM for android.arch.core.common 1.1.1 is located here:
https://dl.google.com/android/maven2/android/arch/core/common/1.1.1/common-1.1.1.pom
So the base URL would be:
https://dl.google.com/android/maven2
That should work, since maven works by convention. You will not see a listing of artifacts unfortunately, since Maven does not provide an index. You just need to know the articats by name, then append maven-metadata.xml.
As expected, the metadata file for that artifact is here:
https://dl.google.com/android/maven2/android/arch/core/common/maven-metadata.xml
Cheers,
Alana
Hi @scott-wright_8356 ,
Thanks; it's hard to say what the issue is, and unfortunately we don't really have any good troubleshooting tools here. That error is coming from within SQL Lite, and we can't reproduce it when we do a SMB share.
I wonder if you can follow some of the same troubleshooting steps? Specifcally like using ProcMon or mounting the network drive with SysInternals?
We just don't really have any means to troubleshoot this, so we'd need to go back to the drawing board to figure out why it doesn't work for you. You're welcome to keep exploring C#, but let me share the code that's closer to ProGet.
Here is the code that ProGet is running. It's kind of similar, but a little different. Note we are using System.Data.SQLite.Core-1.0.118 and .NET6.
private static SQLiteConnection OpenOrCreateDatabase(string fileName, out Dictionary<string, string> config)
{
var str = new SQLiteConnectionStringBuilder
{
DataSource = fileName,
FailIfMissing = false
}.ToString();
if (FileEx.Exists(fileName))
{
var conn = new SQLiteConnection(str);
try
{
conn.Open();
config = ReadConfig(conn);
if (config.TryGetValue("SchemaVersion", out var versionStr))
{
int version = int.Parse(versionStr);
if (version == 1)
{
using var cmd2 = new SQLiteCommand(GetScript("UpdateSchemaToV2"), conn);
cmd2.ExecuteNonQuery();
return conn;
}
else if (version == 2)
{
return conn;
}
}
}
catch
{
}
conn?.Dispose();
FileEx.Delete(fileName);
}
else
{
DirectoryEx.Create(PathEx.GetDirectoryName(fileName));
}
var conn2 = new SQLiteConnection(str);
conn2.Open();
using var cmd = new SQLiteCommand(GetScript("CreateSchema"), conn2);
cmd.ExecuteNonQuery();
cmd.CommandText = GetScript("UpdateSchemaToV2");
cmd.ExecuteNonQuery();
config = ReadConfig(conn2);
return conn2;
}
private static Dictionary<string, string> ReadConfig(SQLiteConnection conn)
{
using var cmd = new SQLiteCommand("SELECT Key_Name, Value_Text FROM OtherData", conn);
using var reader = cmd.ExecuteReader();
var res = new Dictionary<string, string>();
while (reader.Read())
{
var key = reader.GetString(0);
var value = reader.IsDBNull(1) ? null : reader.GetString(1);
res[key] = value;
}
return res;
}
Here is the CreateSchema script:
CREATE TABLE OtherData
(
Key_Name TEXT PRIMARY KEY NOT NULL,
Value_Text TEXT
);
INSERT INTO OtherData (Key_Name, Value_Text) VALUES ('SchemaVersion', '1');
CREATE TABLE FetchInfo
(
Subdir_Name TEXT PRIMARY KEY NOT NULL,
Modified_Date INTEGER,
Fetch_Date INTEGER NOT NULL
);
CREATE TABLE ChannelData
(
Package_Name TEXT PRIMARY KEY NOT NULL,
Flags_Value INTEGER NOT NULL,
Description_Text TEXT,
DevUrl_Text TEXT,
DocSourceUrl_Text TEXT,
DocUrl_Text TEXT,
Home_Text TEXT,
Icon_Hash TEXT,
Icon_Url TEXT,
License_Text TEXT,
RunExports_Json BLOB,
SourceGitUrl_Text TEXT,
SourceUrl_Text TEXT,
Summary_Text TEXT,
Timestamp_Value INTEGER,
Version_Text TEXT NOT NULL,
Subdirs_Csv TEXT NOT NULL
);
CREATE TABLE RepoData
(
Package_Name TEXT NOT NULL,
Subdir_Name TEXT NOT NULL,
Version_Text TEXT NOT NULL,
Build_Text TEXT NOT NULL,
ArchiveType_Code INTEGER NOT NULL,
Build_Number INTEGER NOT NULL,
License_Text TEXT,
LicenseFamily_Text TEXT,
MD5_Hash BLOB,
SHA256_Hash BLOB,
Package_Size INTEGER NOT NULL,
Timestamp_Value INTEGER,
Dependencies_Json BLOB,
AppEntry_Text TEXT,
AppType_Text TEXT,
Type_Text TEXT,
Summary_Text TEXT,
Icon_Hash BLOB,
PRIMARY KEY (Package_Name, Version_Text, Subdir_Name, Build_Text, ArchiveType_Code)
);
Here is the UpdateSchemaToV2 script:
UPDATE OtherData
SET Value_Text = '2'
WHERE Key_Name = 'SchemaVersion';
ALTER TABLE RepoData
ADD Constraints_Json BLOB;
From there, it's just a bunch of inserts into those tables. The "unable to open database file" error would probably be occurring in the middle of those, but it's hard to say.
The race condition occurs when multiple threads run OpenOrCreateDatabase at same time. It's rare as I mentioned.
Alana
Hi @scott-wright_8356 ,
To set a package to blocked, first pull the package to ProGet, then use "Set Package Status". You can then set "Download allowed:" option.
do you intend to allow users to modify the vulnerability database
We do not intend to allow users to modify the database. There are several reasons for this.
Cheers,
Alana
Hi @akillen_5633 ,
Sorry on the slow response, but we're kinda stuck on this one; for some reason, the query to list packages is timing out. That's really unexpected, especially in 2023.31.
If it was related to heavy load, I would expect a lot more symptoms - like API calls, etc timing out. That doesn't seem to be the case.
The only thing that we can think of is that something is wrong with SQL Server, in so much as it needs some maintenance.:
exec sp_updatestatsWe've also seen some old/unpatched versions of SQL Server cause strange performance problems due to some obscure bugs in SQL Server. So that's another thing to consider.
If that doesn't do the trick, you may need to dig in a bit deeper to figure out what's going on, and see what SQL Server is doing behind-the-scenes. Ultimately this is just executing the Packages_GetPackages stored procedure, which is basically just doing a straight-forward select on FeedPackageVersions_ExtendedWithMaven view.
Best,
Alana
Hi @parthu-reddy ,
These are stored in the database and if you click "status" you can see the cached queries.
Does this metadata caching feature reduce the queries to fetch versions that you mentioned?
Yes, instead of going to NuGet.org, the database will be queried.
HOWEVER, this may actually reduce performance; NuGet.org is a static file system running on Azure Blob storage, and it might be quicker to download the query from Azure than to query your SQL Database.
You'd really need to expirement and see which is faster / more load.
Thanks,
Alana
@steviecoaster great news, glad you got it all working 
Hi @chris-cantrell_1211 ,
We do not support nor recommend this type of configuration for a couple reasons.
First, it doesn't change the attack surface, since the APIs are already the "weakest link". The Web Site use cryptographically-secured authentication tickets with anti-CRSF protection. The API just requires an API key to access.
Second, it's confusing to end-users who are trying to troubleshoot why some urls aren't accessible. The API may provide them with a link (for example to a vulnerability in a package), and then it will give some kind of error because the page is blocked. This causes everyone a headache.
Obviously you can use a lot of tools to block/allow access to URLs, just not using ProGet.
Cheers,
Alana
Hi Fritz,
Thanks for reporting this; the underlying with the Packages index file isn't so much the migration, but the code that generates the index file on the new feed.
Basically, the control files seem to be have an extra new line that isn't being trimmed. The old feed code must have removed them.
Anyways we will address this via PG-2985 in the next maintenance release or you can try the proget.inedo.com/productimages/inedo/proget:24.0.37-ci.2 container now.
Cheers,
Alana
Hi @kc_2466 ,
Understood, that was the same reason given before.
Our products' AD/LDAP integration works different than JIRA/TeamCity (live lookup vs sync) so it's just not that simple.
We're not willing to add complexity to work-around "dumb" organizational policies -- what you described is the whole point of AD/LDAP (centrally administered access).
It's possible to delegate group administration in AD, but if they don't want to do that... I guess they are okay with you just creating less-secure built-in users until they get around to completing their tickets ;)
Thanks,
Alana
hi @hammel_7023 ,
Thanks for letting us know, you are correct... this is indeed a regression from PG-2859.
What's happening is the upload stream is getting prematurely closed during the POM validation logic, which is what's causing this error to occur.
I've just patched it now via PG-2868, and it'll get in the next maintenance release.
Cheers,
Alana
Hi @MY_9476 ,
Thanks for the heads up! We will fix this via OT-514 in the next maintenance release.
As an FYI, this is the code that should have been run at the end of the database upgrade, to ensure that all procs and table-value params have appropriate permission:
DECLARE @SQL NVARCHAR(MAX) SET @SQL = ''
SELECT @SQL = @SQL + 'GRANT EXECUTE ON TYPE::' + QUOTENAME(name) + ' TO [OtterUser_Role] ' FROM sys.table_types
SELECT @SQL = @SQL + 'GRANT EXECUTE ON ' + QUOTENAME(name) + ' TO [OtterUser_Role] ' FROM sys.procedures
EXEC sp_executesql @SQL
The script you ran works too :)
Hi @daniel-pardo_5658 ,
Unfortunately I'm not able to reproduce the error; I think it has something to do with your upack.json file. Can you share that?
Thanks,
Alana
Hi @tames_0545 ,
Sorry, no idea -- there is definitely something wrong with your environment but aside from the advice I gave earlier, I don't have any other troubleshooting steps. You may want to try a different environment / Docker host.
As I mentioned, it could something wrong with your database mount (/opt/proget/database) -- maybe that is getting deleted? Or it could be your security configuration that is interfering with the running container. We have seen some hyper-aggressive security tools that make things so secure nothing runs.
Thanks,
Alana
Hi @jfullmer_7346 ,
I was able to reproduce this, and we will fix it in an upcoming maintenance release (PG-2920). This came from a regression in 2024.28, with some other NuGet feed changes.
Cheers,
Alana
Thanks @daniel-pardo_5658 , I was able to reproduce it.
It seems to work when you have additional metadata fields. Anyway we'll get it fixed via PG-2935 in the next maintenance release. AS a work-around, you can just download the package, edit the upack.json, and reupload it.
Cheers,
Alana
Hi @james-woods_8996 ,
I looked into this a little more, and it turns out that our cloud storage providers do in fact support chunking -- but the outgoing replication code is not taking advantage of that. We would like to fix that in ProGet 2026.
However, in the meantime, we can fix the incoming replication code (i.e. what's throwing the error) pretty easily via PG-3102 - hopefully we'll get that in the upcoming maintenance release.
Thanks,
Alana
Hi @m-lee_3921 ,
Thanks for the heads-up; we'll get this fixed via PG-3059 in the next maintenance release (scheduled for later today).
And you're right -- its basically the same issue. SQL Server silently truncates string values whereas PostgreSQL does not, hence these errors.
We decided to not auto-truncate, since it's better to know about these cases than not. In this case, it's a IPv6 address that was longer than the 20-character limit. We plan to refactor API key logging at some point, so we'll just continue to truncate v6 IPs.
Thanks,
Alana
@misael-esperanzate_5668 thanks for the reproduction details!
I was ablet to reproduce this very easily and fixed it via PG-3091 - it was an ordering problem
This will be in the upcoming maintenance release this Friday
@uli_2533 thanks for the additional info, great find in the source code too!!
On our end, I was looking at the PUT code, where a 301 kind of made sense. I think it must have been some kind of regression on the GET request? Not sure why it didn't get noticed before, but it's a trivial fix.
PG-3108 will be in the next maintenance release (Sep 19)... or if you want to try it now, it's in inedo/proget:25.0.10-ci.9 Docker image.
Thanks,
Alana
The "unexpected argument" running without quotes is expected, but it works fine when I run with quotes. I'm afraid I can't reproduce this.
I would check under Admin > Diagnostic Center to see if anythings logged. Alternatively, you may need to query the API by doing something like this:
curl http://server:8624/endpoints/Test/metadata/metadata-test/v1/1%20-%20Normal.txt
Thanks,
Alana