RE: Error using HTTP Request

Mea culpa :)

Fixed!

Regards,
Michal

Even more.
I added directly Anonymous access to this feed.

Still error!

curl -v --header "X-ApiKey: <api key>" https://proget.<host>/endpoints/qual-t-raw/dir

......
Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.

???????

@atripp

No typo!

curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" https://proget.<host>/endpoints/qual-t-raw/dir/
curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --data @feed.json https://proget.<host>/api/json/Feeds_GetFeed | jq

feed.json:
{"Feed_Name": "qualt-t-raw"}

The same request template. Different endpoint.

Cheers,
Michal

@atripp

This Log is mess!

I'm trying to list log for particular Key
/administration/api-keys/access-logs?apiKeyId=27

and list is.... I don't know from what!

This is list of all requests. Looks familiar?

Cheers,
Michal

Hi,

Developer gets 403 during package upload.

Permissions are OK.

Where can I find server side log for this event?

Regards,
Michal

Hi,

I'm trying to list asset folders content:
https://docs.inedo.com/docs/proget/api/assets/folders/list

curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request GET https://proget.*****/endpoints/qual-t-raw/dir/audit-report

All requests ends with:

Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.

If I use the same API Key to get feed properties:

curl --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request POST --data @feed.json https://proget.******/api/json/Feeds_GetFeed | jq

feed.json:
{"Feed_Name": "qualt-t-maven"}

{
  "FeedType": 22,
  "FeedConfiguration": {
    "HideFeedTips": 0,
    "HasRepackaged": false,
    "PackageStatisticsEnabled": true,
    "RestrictPackageStatistics": false,
    "LayoutConfig": null,
    "DeploymentRecordsEnabled": true,
    "UsageRecordsEnabled": true,
    "PromoteToFeedId": null,
    "HiddenUsageInstructionNames": null,
    "HiddenPackageInstallInstructionNames": null,
    "VulnerabilitiesEnabled": true,
    "LicensesEnabled": true,
    "UseWithProjects": true,
    "DisableReleaseAnalysis": false,
    "Migration23Skipped": null,
    "MigratedTo23": null,
    "RetentionRulesEnabled": false,
    "DeletionRecordRetentionPeriod": null
  },
  "Active_Indicator": true,
  "AllowNoncompliant_Indicator": null,
  "AllowUnassessedVulnerabilities_Indicator": null,
  "AllowUnknownLicenses_Indicator": true,
  "Cache_Connectors_Indicator": true,
  "DropPath_Text": null,
  "Feed_Description": null,
  "Feed_Id": 35,
  "Feed_Name": "qualt-t-maven",
  "FeedConfiguration_Xml": "<Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig Assembly=\"ProGetCoreEx\"><Properties AllowNonStandardFiles=\"True\" AllowInvalidVersions=\"True\" HideFeedTips=\"0\" HasRepackaged=\"False\" PackageStatisticsEnabled=\"True\" RestrictPackageStatistics=\"False\" DeploymentRecordsEnabled=\"True\" UsageRecordsEnabled=\"True\" VulnerabilitiesEnabled=\"True\" LicensesEnabled=\"True\" UseWithProjects=\"True\" DisableReleaseAnalysis=\"False\" RetentionRulesEnabled=\"False\" /></Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig>",
  "FeedGroup_Id": 2,
  "FeedPathOverride_Text": null,
  "FeedState_Number": 45,
  "FeedType_Name": "Maven2",
  "LastPackageUpdate_Date": "2025-05-19T10:25:15.287Z",
  "LastPolicyUpdate_Date": "2025-05-29T22:49:57.29Z",
  "LastSync_Date": null,
  "PackageStoreConfiguration_Xml": null,
  "ReplicationConfiguration_Xml": null
}

pgutil response (the same api key)

pgutil assets list --feed=qualt-t-raw --path=audit-report
clients                                                     <DIR>

What's wrong?

Regards,
Michal

Hi,

How can I check which key is which?

In Access Log I can see only this:

Regards,
Michal

@dean-houston said in Pull Maven artifacts - invalid version:

Hi @michal-roszak_0767,

After looking into this further, I'm afraid we simply can't support this artifact/package at this time. I don't really see a good path for supporting this without adding significant complexity and risk of breaking proper artifacts / versions.

The problem is that this version breaks the basic rules that Maven repositories need to follow:

1. Artifact Names / Groups cannot start with a digit
2. Versions must start with a digit

These rules resolve the ambiguity of determining what /com/google/javascript/closure-compiler/v20250407 means. For example, is it:

• Files for version v20250407 of com.google.javascript.closure-compiler artifact?
• All versions of the com.google.javascript.closure-compiler.v20250407 artifact?

I'm not even sure how this was uploaded to Maven central. I have no idea why the developers ignored the warnings that Maven spat out for legal version numbers. This has been a specification for like 20 years. Heck, here's a discussion from like 2008 on how the "must start with a digit" rules needed clarification: https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning

If you encounter other artifacts like this, maybe we can consider some kind of very limited exception, but until we figure something else out this artifact version is simply not supported in ProGet.

I can't imagine there are many other artifacts like this, but let us know if there are.

-- Dean

Next victim:
https://repo1.maven.org/maven2/org/springframework/data/spring-data-releasetrain/

Michal

@atripp

Can I make Feature Request regarding this topic?

Michal

@atripp

Yes. Something like that :)

My question is: Can Asset repository act like proxy to external RAW repository?
I don't see how to setup connector there.

Michal

@atripp

This is typical task for closed environments (no internet access). Works similar to any other type of repository.
All main providers (Sonatype, JFrog) have such functionality.

Michal

Hi,

How to create proxy to RAW repository?
Eg. https://mirrors.jenkins.io/plugins/

Michal

OK... I see. Asterisk is ignored.
Sad...

@dean-houston

Strange...
If I type "jaudio*" in search prompt I'll get:

What is this if not wildcard search?

Michal

Hi @dean-houston,

Thank you for you patience :)
Two more questions:

• it is possible to use wildcards searching artifacts. Can I search only in name (without description)?
• how to change License Assignment for an artifact?

Regards,
Michal

@dean-houston,

Where can I find file "maven-metadata.xml" in ProGet file structure?

Michal

@dean-houston

One more thing I've noticed.

I can download artifact manually:

wget https://proget.server/maven2/maven-maven-org/com/google/javascript/closure-compiler/v20250407/closure-compiler-v20250407.jar
--2025-05-09 10:10:50--  https://proget.server/maven2/maven-maven-org/com/google/javascript/closure-compiler/v20250407/closure-compiler-v20250407.jar
Resolving proget.server... *******
Connecting to proget.server|******|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://proget.server/maven2/maven-maven-org/com/google/javascript/closure-compiler/v20250407/closure-compiler-v20250407.jar/ [following]
--2025-05-09 10:10:51--  https://proget.server/maven2/maven-maven-org/com/google/javascript/closure-compiler/v20250407/closure-compiler-v20250407.jar/
Reusing existing connection to proget.server:443.
HTTP request sent, awaiting response... 200 OK
Length: 1727 (1,7K)
Saving to: ‘closure-compiler-v20250407.jar’

closure-compiler-v20250407.jar                      100%[=================================================================================================================>]   1,69K  --.-KB/s    in 0s

2025-05-09 10:10:51 (969 MB/s) - ‘closure-compiler-v20250407.jar’ saved [1727/1727]

But I still can't see this file in Web UI.
No cache.

Why?

Michal

@dean-houston

I think you right.
It might be a mistake.

And my bad that I didn't checked by myself, but it's a lot of going on here.
We just implement ProGet software in our company (payment in progress).

Thanks,
Michal

Hi,

@dean-houston,
@steviecoaster,
@rhessinger,

I have a proxy group with multiple connectors to external repositories.

Some artifacts can't be downloaded and I'm looking for a reason why.

The same artifact downloaded thru "single" proxy can be downloaded.

Similar settings on both feeds.

Is there any debug log to find cause of this behavior?
Diagnostic Center doesn't help.

Regards,

@dean-houston,
@steviecoaster

"If you go to Manage Feed Settings, you can enable invalid versions in the feed."
As you know, this setting doesn't work.
Either in GUI or command line uploads.

https://forums.inedo.com/topic/5387/proget-versioning-restrictions/5

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  5.911 s
[INFO] Finished at: 2025-05-08T16:35:55+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project CARE: Could not resolve dependencies for project eu.example:CARE:jar:0.5.1-SNAPSHOT
[ERROR] dependency: io.github.java-diff-utils:java-diff-utils:jar:4.16-SNAPSHOT (compile)
[ERROR]  Could not find artifact io.github.java-diff-utils:java-diff-utils:jar:4.16-SNAPSHOT

Cheers,
Michal

@dean-houston

Can you increase priority of this bug?
Developers can't work.

Michal

@dean-houston,

Thanks for the response.

Consider also versioning:

• jar:0.5.1-SNAPSHOT
• jar:4.16-SNAPSHOT

This doesn't work either.

Regards,
Michal

They publish all artifacts with version template: v****

And they are not alone :)
It's critical to be able to override semver2 restrictions.

Cheers,
Michal

This artifact is OK.
I can execute "Pull to ProGet".

Hi,

What am I doing wrong??

Repository with connector to maven.org.
When I try to Pull artifact to ProGet, GUI throws an error "Invalid version was specified".

Regards,
Michal

It doesn't help.

Hi,

Is there any versioning restrictions in ProGet?

Regards,
Michal

Hi, @rhessinger

Works like a charm :)
Thanks.

Regards,
Michal

Hi,

During SAML configuration, on the last step, creator throws an error:

There was an error configuring SAML authentication: Cannot access a disposed object. Object name: 'IServiceProvider'.

Application ID and App Federation Metadata URL are OK.

Display name, email and group attributes set to default.

ProGet 2024.35
Windows Server 2022

Regards,
Michal

If I use default endpoint eg. maven.org or pypi.org, creator completes successfully.
Error occurs with any other endpoint.

I tried with various Maven2 and PyPI.

Hi,

When I'm trying to create Feed connected to another feed (external maven repo) using wizard I'm getting error:

An error occurred in the web application: Object reference not set to an instance of an object.

URL: http://localhost:8624/feed/new/configure23?feedType=Maven2&connectToFeed=5&step=AnotherFeedName
Referrer: http://localhost:8624/feed/new/configure23?feedType=Maven2&connectToFeed=5&step=AnotherFeedName
User: *******
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Stack trace:    at Inedo.ProGet.WebApplication.Pages.Feeds.CreateNewFeedModalPage.<>c__DisplayClass15_5.<CreateChildControls>b__20()
   at Inedo.Web.Controls.ButtonLinks.PostBackButtonLink.Inedo.Web.Controls.ISimpleEventProcessor.ProcessEventAsync(String eventName, String eventArgument)
   at Inedo.Web.PageFree.SimplePageBase.ExecutePageLifeCycleAsync()
   at Inedo.Web.PageFree.SimplePageBase.ProcessRequestAsync(AhHttpContext context)
   at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)

::Web Error on 30.04.2025 08:53:55::

If I create Connector and Feed separately and "combine" them in config page it's OK.
ProGet 2024.34 Basic
MS SQL Express 2022
Windows Server 2019 Standard

@atripp

Hi Alana,

What about the requested functionality?
Is it possible to add this now?

Cheers,
Michal

@apxltd

Hi Alex,
Thank you for quick response.

Please add "maven2" to validator.
Now, there is prompt:

pgutil feeds create --name=PGMaven3Feed --type=maven2
--type=maven2 is invalid. Valid values are: NuGet, Chocolatey, npm, Bower, Maven, Universal, PowerShell, Docker, RubyGems, VSIX, Debian, PyPI, Helm, RPM, Conda, APK, CRAN, Asset
Creating maven2 feed: PGMaven3Feed...
Feed created.

But proper feed is created :)

Can you add "Other Settings" section editor?

Regards,
Michal

Hi,

Would be convenient if pgutil would have ability to create Assets Directories.

Regards,
Michal

Hi,

Would be convenient if pgutil would have ability to modify "Security" section.

Regards,
Michal

@atripp

Done: https://forums.inedo.com/topic/5347/feature-request-feed-other-settings-editor

Michal

Hi,

Would be convenient if pgutil would have ability to modify Feed "Other Settings" section.

Regards,
Michal

Hi,

I noticed that PGUtil creates only Maven (Classic) Feeds.
When will it be possible to create Maven (NEW) Feeds?

Regards,
Michal

Hi,

Do you plan further development of Jenkins plugin?
Lase release was very long time ago?

Michal

@atripp

Hi Alana,

Can I modify/set "Other Settings" section elements using pgutil?

In properties section I see only:

alternateNames=*not set*
feedType=maven2
active=true
dropPath=*not set*
endpointUrl=http://******/maven2/MyNewMavenFeed/
connectors=*not set*
canPublish=true
vulnerabilitiesEnabled=true

Cheers,
Michal

@atripp

Which API do you recommend? Where can I find documentation for it?

Thanks,
Michal

@atripp

Why you don't recommend using API?
I've seen a lot of forum threads on this topic and people seem to be using it.

Regards,
Michal

@atripp,

Thanks :)

I added ?bypassIntegrated=true to URL and it's OK.

Cheers,
Michal

"Fresh" installation on Windows server.
ProGet v.2024.32

I'm trying to make simple API request.
curl -v --header "X-ApiKey: ******* " http://******:8624/api/json/Security_GetPrivileges

Response:

• Trying ****:8624...
• Connected to ******* port 8624 (#0)

GET /api/json/Security_GetPrivileges HTTP/1.1
Host: *****:8624
User-Agent: curl/7.84.0
Accept: /
X-ApiKey: *******

• Mark bundle as not supporting multiuse
  < HTTP/1.1 401 Unauthorized

If I run ProGet on Linux (docker), the response on the same request is:
Connected to ********* port 8080 (#0)

GET /api/json/Security_GetPrivileges HTTP/1.1
Host: ******:8080
User-Agent: curl/7.84.0
Accept: /
X-ApiKey: ********

• Mark bundle as not supporting multiuse
  < HTTP/1.1 200 OK

Where is the problem?