RE: Proget PGScan - How does this work with Dotnet SPA and NPM?

Hi @arozanski_1087,

I'll do my best to answer your questions:

1. When scanning an NPM project, the input parameter should be the path and name of the package.json (ex: \wwwroot\package.json). This will then parse the package-lock.json for dependencies in that same folder. If this is what you are already doing, then can you please send over the command you are using and the full error you are receiving?
2. We currently do not support yarn, but we are definitely interested in expanding our support to include it. Would you have any interest in working with us on implementing this feature?
3. Currently you will need to run the command twice; once for NuGet and once for NPM. The inspect command will work in an additive fashion and just append the new packages that were found into the ProGet project. This is something we are also looking to improve to add support to auto-scan both NuGet and NPM in one scan. As for the difference between inspect and publish
   • inspect is the new command for ProGet 2022 and higher. This will add the dependencies to a Project in ProGet's SCA feature and is an overall better way to see your dependencies and it will link them to packages, vulnerabilities, and licenses in all your feeds.
   • publish is the ProGet v6 and v7 command and it will only add the dependencies to a single feed at a time directly on the package itself. This command also requires the feed to be passed to record the results.
   • You can also view the implementation differences furthur in our pgscan GitHub repository, https://github.com/Inedo/pgscan, if you would like to see more details.

I hope this answers all of your questions, but please let us know if you have more or need clarification on anything. Also, if you are interested in working to help us add improved support for the new features I mentioned, let us know and we can work together to get these features implemented.

Thanks,
Dan

Hi @florian-haid_9440,

Can you tell me what version of Windows you are running your ProGet instance on? An SSL error like this will typically happen if your SSL/TLS requirements are not configured to allow the newer schemes by default. Newer OS versions handle these for you, but older Windows versions need specific registry values.

Thanks,
Dan

Hi @nselezneva_7646,

I'm not sure I completely understand what you are asking, but I think you are referring to our connector filters feature. If that is not what you are looking for, could you please explain your use case in a little more detail?

Thanks,
Dan

Hi @lm,

Thanks for this request. We currently support some ways of hosting a symbol server in ProGet, but in ProGet v2023 we are looking to expand this support, including source links. I will bring the request for adding a symbol server proxy to ProGet to the products team to evaluate further and let you know what we decide.

Thanks,
Dan

Hi @lm,

Thanks for the notes on our documentation for HTTPS. We are actually working on providing better guidance on our preferred method for configuring SSL with ProGet. Also, we are in the process of implementing a way to configure this in the UI from within ProGet as well. So our documentation for this will be changing in multiple ways, but I'll at least get the typos fixed that you found. Thanks!

Thanks,
Dan

Hi @lm,

We currently do not have a variable for the base URL. Unfortunately, this is not a trivial thing to implement either. The best solution is to hard code your base URL as you are currently doing in your webhook.

Thanks,
Dan

Hi @lm,

We do not currently have any way to be actively notified on new ProGet releases outside of the notification in ProGet. We do, however, perform regular releases of ProGet and we typically release them every 2 weeks. The best place to check for updates would be the https://my.inedo.com/dowloads page or the Offline Installers page.

Thanks,
Dan

Hi @lm,

Thanks for the feature request! I'll bring this up with the products team and let you know what they say.

Thanks,
Dan

Hi @p-pawlowski_8446,

I'm not super familiar with JumpCloud, but it looks like they have a very nice tutorial on how to use Chocolate with JumpCloud: https://university.jumpcloud.com/courses/tutorial-using-chocolatey-for-windows-and-jumpcloud

I think the main things that you will need to do with ProGet are:

1. Make sure that your ProGet instance is accessible to the machines that you are installing the chocolate packages on
2. In that tutorial, they showed the choco install command. You should replace that command with the one that shows in ProGet (ex: choco install 7zip --version 21.7 --source https://proget.yourserver.com/nuget/choco-demo-cached/):
   

Hope this helps!

Thanks,
Dan

Hi @boazyo_8097,

You are receiving this error because the URL you are using for NuGet to build your docker image is using a localhost URL. That means that the Docker client will try to connect to ProGet using the loopback address. You will most likely need to change out the URL to specify the server name instead of localhost (ex: http://proget-server.mydomain.local:8624/nuget/LocalNugetServer/v3/index.json).

Thanks,
Dan

Hi @rehanh_0834,

Do you have ProGet installed on Windows or in Docker? If you have it installed on Windows, are you using the integrated web server or IIS to host ProGet?

Thanks,
Dan

Hello @stijn-peeters-external_8202,

Unfortunately, symbol packages are a bit complicated - and don't work quite as intuitively as NuGet packages.

Some quick configuration details:

• We recommend a single package (using the "embedded symbols" approach)
• Push the package to the normal /nuget endpoint not /symbols
• ProGet can strip symbols automatically, this can be configure on the Manage Feed page

Our symbol documentation has some advice on how to configure and set all this up:
https://docs.inedo.com/docs/proget-feeds-nuget-symbol-and-source-server#creating-symbol-packages

Hope this helps!

Thanks,
Dan

Hi @proget_3280,

Can you please tell me what version of ProGet you are using?

Thanks,
Dan

Hi @tcochran_0018,

This looks to be related to a known bug, PG-2193, that is expected to be released this week in version 2022.7. These errors shouldn't affect the operation of anything, but please let us know if it does.

Thanks,
Dan

Hi @brett-polivka,

We are currently looking into this issue and we should have an update for you soon.

Thanks,
Dan

Hi @a-diessl,

Looking at your request/response, it looks like the cookie domain is still using the IWS URL. I believe what you will need to add is rules in IIS to replace the cookie domain also.

<rewrite>  
<outboundRules>    
<rule name="Add Domain" preCondition="Domain">
     <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
     <action type="Rewrite" value="{R:0}; domain=proget.example.com" />
     <conditions>
     </conditions>
    </rule>
    <preConditions>
     <preCondition name="Domain">
      <add input="{RESPONSE_Set_Cookie}" pattern="." />
      <add input="{RESPONSE_Set_Cookie}" pattern="; domain=.*"  negate="false"/>
     </preCondition>
    </preConditions>
  </outboundRules>

<inboundRules>    
<rule name="Add Domain" preCondition="InDomain">
     <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
     <action type="Rewrite" value="{R:0}; domain=proget.intranet" />
     <conditions>
     </conditions>
    </rule>
    <preConditions>
     <preCondition name="InDomain">
      <add input="{RESPONSE_Set_Cookie}" pattern="." />
      <add input="{RESPONSE_Set_Cookie}" pattern="; domain=.*" negate="false" />
     </preCondition>
    </preConditions>
  </inboundRules>
 </rewrite>

You may have to tweak this a bit to fit your site exactly, but this should be a good start.

Thanks,
Dan

Hi @pariv_0352,

I have a few questions to get us started.

• What version of ProGet are you using?
• When did this start happening?
• What is your Docker Hub connector URL
• Does it work if you try to pull using docker pull {our_proget_url}/{feed_name}/library/mongo:5.0 (please not the inclusion of the library namespace)?

Thanks,
Dan

Hi @inok_spb,

This error looks to be coming from SQL Server itself. I think the first thing to check would be your Index Fragmentation in SQL Server. We have some information about this in our SQL Server Implementations with Inedo Tools. If you run the following SQL, you should be able to identify any issues with index fragmentation.

SELECT dbschemas.[name] as 'Schema',
        dbtables.[name] as 'Table',
        dbindexes.[name] as 'Index',
        indexstats.avg_fragmentation_in_percent,
        indexstats.page_count
        FROM sys.dm_db_index_physical_stats (DB_ID(), NULL, NULL, NULL, NULL) AS indexstats
        INNER JOIN sys.tables dbtables on dbtables.[object_id] = indexstats.[object_id]
        INNER JOIN sys.schemas dbschemas on dbtables.[schema_id] = dbschemas.[schema_id]
        INNER JOIN sys.indexes AS dbindexes ON dbindexes.[object_id] = indexstats.[object_id]
        AND indexstats.index_id = dbindexes.index_id
        WHERE indexstats.database_id = DB_ID()
        ORDER BY indexstats.avg_fragmentation_in_percent desc

Once you have pinpointed where your potential problems are you can address them with SQL Server Management Studio, under Tables > select table > Indexes > select index > Right-click > select Reorganize. See the Remove fragmentation using SQL Server Management Studio to learn more.

Please let me know if you have any questions.

Thanks,
Dan

Hi @v-makkenze_6348,

Starting in ProGet 2022, we have removed the Web folder and the web application is now included in the Service directory. You will need to update IIS to point to the Service directory now. This is typically handled as part of the upgrade in Inedo Hub. Are you using a multi-site setup in IIS?

Thanks,
Dan

Hi @john-selkirk,

What version of ProGet are you using? Also, is it running on Windows or Linux/Docker?

Thanks,
Dan

Hi @chris-f_7319,

Can you please give this a try?

docker exec -it proget dotnet /usr/local/proget/service/ProGet.Service.dll resetadminpassword

I may be off on the folder path, but that should allow you to run resetadminpassword on the container.

Thanks,
Dan

Hi @pegogif654_4423,

We have some great blog posts about this for NuGet and you can apply the same concepts to UPACK and Docker.

• 5 Quick Tips for NuGet Versioning
• How to use CI/CD pipelines for your NuGet Packages

I believe you are looking to use our Repackaging feature and Package Promotion. Please note that in free editions of ProGet, you can only use the ProGet UI to repackage (for Docker it is Add Virtual Tag) and promote packages and containers. The APIs require a paid edition.

Hope this helps!

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for letting us know this is now resolved.

Thanks,
Dan

Hi @gurdip-sira_1271,

How were the files added to your Git repository? Were they initially added from Otter? When you navigate to Administration -> Raft Repositories and you click "browse" to the right of your Git raft, do you see any files that show there?

Thanks,
Dan

Hi @chris_5235,

Can you please tell us what version of ProGet you are running? Also just to make sure I understand this correctly, you have a private PowerShell repository and this error is happening when you call Install-Module in PowerShell?

Would you be able to to share how you configured PowerShell to use ProGet as your repository as well as an example of how you are calling Install-Module?

Thanks,
Dan

Hi @marc-ledent_9164,

The notification link is a little misleading. It redirects to the BuildMaster service page so you can manually run the "Server Checker" and see a live output. To see which servers are in an error state, you will need to hover over the gear icon and click on "Servers". Then you will be able to see which servers are in an error state. If you click on the server, you will also see a "Server Errors" section and the connection errors will show there.

Thanks,
Dan

Hi @naresh-busireddy_1974,

We do not currently have a specific BitBucket extension, but access to a repository should be done using the Git extension. The error you are seeing is that the operation is trying to use a secure resource named BitBucket, but one does not exist. Can you navigate to Administration -> Secure Resources and verify their is a secure resource that exists named BitBucket?

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for following up and letting everyone know that this fixed your issue!

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for following up and letting us know that fixed the issue. We are currently in the process of cleaning up our activation process in the v2022 versions of our products. This issue should be corrected in the next major version of our products.

Thanks,
Dan

Hi @marc-ledent_9164,

Each container will run a service and web server. The web application will connect to the service over tcp on that port specified (in this case 4242). We call this the Service Messenger. The container will also communicate to the other container's services in the cluster via that that port as well (4242 in your case). When you have BuildMaster configured as a cluster, it will not only provide high availability that way, but it also will distribute the background processes (like deployment plans) amongst all the services to orchestrate the communication to the Inedo Agents.

You can customize the connection on each container's service by clicking the [change] button on each service. Once that has been changed, it will then use the specific configuration instead of the global configuration.

With all of that being said, we have fond that certain rootless container systems (lik podman) will run into port conflicts if you have two containers trying to share the same port on the same server. I'm not sure if open shift has the same restriction, but that may be the reason you are seeing the communication error.

Hope this helps!

Thanks,
Dan

Hi @ales-bahnik_2824,

Your command looks correct. Have you noticed this happen with any other package you are attempting to delete? Does it work if you delete the package from the UI? Also, are you using a personal API Key or a global key?

Thanks,
Dan

Hi @dm-sidelnikov_5266,

I see the email, thanks for sending this over! Please give me some time to review and I'll let you know what I find.

@pieter-mertens_0372, your issue may be related. Although both products are owned by Microsoft, they still differ in their implementation. Does this happen for all packages or just a specific subset?

Thanks,
Dan

Hi @kichikawa_2913,

Glad to hear it is working now. I know the NuGet client does a lot of caching on it's side, so it is very possible that resetting the credentials for Visual Studio forced a reset of that, but I'm not positive. Either way, I'm happy it is working for you now! Please let us know if you find any other issues with it.

Thanks,
Dan

Hi @kichikawa_2913,

For managing the AD Credentials, that will be fixed in ProGet 6.0.11. Unfortunately, that was not caught in time for the release, but it is fixed in a current development branch.

So I just want to make sure I understand the current state.

• You have updated the AD Credentials to use a user that can query groups.
• When you test the permission in ProGet it shows view/download.
• When one of those users logs into the ProGet UI, they can view and download the packages fine.
• When they try to view and download from Visual Studio, it does not work.

Can you confirm that is correct?

When the user is using visual studio, are they logging in with their domain username and password? Or are they using an API key (username api the key as their password)? Can you try resetting the credentials used for visual studio? We have a walk through on how in our troubleshooting section of the how to add a repository to Visual Studio How To.

Thanks,
Dan

Hi @Russell-Kahler_4399,

If you open InedoHub you should see logs for the failed upgrade. Can you please look in there and tell us what database scripts failed to run?

Thanks,
Dan

Hi @mcascone,

Can you go to your Profile settings and tell me what your Homepage is set to?

Thanks,
Dan

Hi @mcascone,

Thanks for bringing this to our attention. It seems to default to support for me. Does it default as empty or Off Topic for you?

Thanks,
Dan

Hi @kichikawa_2913,

I would agree that does not look like a ProGet error. Please let us know what you find.

Thanks,
Dan

Hi @kichikawa_2913,

Do you happen to have multiple groups with the same name in different OUs? Your log output looks like it found the group, but then the search for the users is not returning any users. If you look at the last line of the debug statement you sent, it shows the group name and OUs it is using when searching. That starts at memberOf=CN=<Group_Name>,OU=.

Thanks,
Dan

Hi @dm-sidelnikov_5266,

This is most likely related to either something missing in the package's metadata or a feature missing in the Azure DevOps NuGet API. We have found that Azure DevOps can be a little loose when it comes to the NuGet API spec.

The easiest way for us to solve this would be to share access to your Azure DevOps registry, we can debug this and get a fix out pretty quickly for it. If that will not work for you, could you run Fiddler on your ProGet server and record the connector requests and send us the exported saz file to review? You can email these too us via support@inedo.com with a subject of "[QA-786] Azure DevOps Null Reference" and we can review it from there.

Thanks,
Dan

Also, I just reviewed the email you sent about the view effective privilege's and it looks like something is not linking up correctly for your users group. Would you be able to run the our AD Test tool 1.13.1 from a windows computer and see if your users show up when searching for members in that group? You will see a tab in that tool called "Get Group's Users". It will allow you to verify we are pulling those users back in that group.

Thanks,
Dan

Hi @kichikawa_2913,

When you are on the "Domains / User Directories" tab, you should see a link at the top that says "revert to single-directory mode". Steve is requesting that you click that link and see if the problems with the groups still exists.

Thanks,
Dan

Hi @marc-ledent_9164,

BuildMaster requires SQL Server to run and cannot be replaced with PostgreSQL. But, you can use BuildMaster to manage the change scripts for a PostgreSQL database. You will just need to install the PostgreSQL extension and create a PostgreSQL database connection. You can learn more by reviewing our CI/CD for Databases documentation.

Please let us know if you have any other questions!

Thanks,
Dan

Hi @kichikawa_2913,

Could you try two things for me?

1. Temporarily disable the Built-In directory and see if it works?
2. Re-enable Built-In and login with the user name in the format of "user@domail.local"?

Thanks,
Dan

Hi @kichikawa_2913,

I think I see what is happening. You currently have both the Built-in and the LDAD user directory enabled. I'm guessing you have users added to the Built-In directory with the same username and it is favoring them. Since those are not in the LDAP group, it is not accepting the permissions. Since you are currently only using the LDAP user directory, I would suggest disabling the Built-In directory.

The other options would be to remove those users from the built-in directory or add groups to the Built-In with the same name as the LDAP groups and give those groups permissions.

Thanks,
Dan

Hi @kichikawa_2913,

Thanks for sending that over. Could you also screenshot the "Domains / User Directories" tab and send that over? Your permissions look correct, I'm wondering if there is another setting that might be conflicting.

Thanks,
Dan

Hi @kichikawa_2913,

Thanks for checking that for me. Based on the fact that you cannot view/download the packages via the UI, this sounds like a permissions configuration issue. Is it possible to share a screen shot of your permissions configuration? You can send it to support@inedo.com with the subject of [QA-785] Permissions Configuration if you do not feel comfortable posting on the forums. This will give us a better idea of things to check for (we would also not post any AD group names directly in the forums either).

One last thing, can you confirm the version of ProGet you are using and the version of the InedoCore extension you have installed?

Thanks,
DAn

Hi @kichikawa_2913,

I believe Steve is suggesting for each user to create a personal API key and then use that to authenticate their NuGet feed. That would allow you to use api as the username and api key as the password. As for where this would be setup, you would create the personal API key in ProGet and use that in the NuGet config.

Just a couple of other questions.

• Are users downloading packages using Visual Studio or the NuGet cli?
  • Visual Studio will actually use the Credential Manager and you would have to change the credentials in there.
  • The NuGet.config is typically better used for the NuGet CLI
• Can the user log in to ProGet's UI and view/download the packages in the feed from the UI?
  • This would indicate that the permissions are configured correctly in ProGet.

Thanks,
Dan

Hi @kichikawa_2913,

Good catch! It looks like this is missing from our documentation. I'll work to get it updated this week!

Thanks,
Dan

Hi @kichikawa_2913,

Thank you for following up with us and letting us know it is working now. Also, thanks for clarifying the Docker network setup for me. This is related to how we changed the service messenger in ProGet v6.

I took a deeper look into the code and when setting the endpoint via the "change" link, it will override the configuration's shared value. Once that has been set, it will use the configuration associated with that node instead.

Based on your screenshot, it looks like it was using tcp://*:6001 as the shared configuration (even though you said not to), but failed to connect because it was trying to balance amongst the other nodes. If you were using a Docker network, this most likely would have worked because the individual nodes could have listened on 6001 as well.

After reviewing these changes, you would have to change the service messenger address on each service node in order to apply the configuration you are looking to use (which is what you did above).

Hopefully this gave a bit more context to this change.

Thanks,
Dan