RE: pgutil: Projects in .slnx are not found

Hi @caterina,

Good catch! We'll get that fix merged in.

Thanks,
Rich

Hi @windowsteam_8276,

Thanks for bringing this to our attention. We just pushed Otter 2025.1 that includes a fix, Ot-522, for that issue. Please upgrade to that version and let us know if that resolves the issue. Thanks!

Thanks,
Rich

Hi @inedo_1308,

I have just published a new CI build that should fix your issue. If you upgrade your Docker container to ProGet 25.0.8-ci.3, that should fix the problem with your feed usage instructions.

Thanks,
Rich

Hi @layfield_8963,

I'm having trouble recreating this error. I just stood up a clean install of ProGet 2025.7, created an asset directory, and uploaded a file to it. I then ran the command you sent and this is what I see:

pgutil.exe assets metadata set custom --path=test.txt --feed=test-import-data --key=test123 --value=12345
Setting test123 = 12345 on test.txt...
Metadata set.

Can you please navigate to Administration -> Software Info and copy and paste the contents of that here? If you feel more comfortable, you can email it to support@inedo.com with the subject [QA-2790] Database Information. If you email it, please let us know when you do so we can look for it in that mailbox. The only thing I can think of is that your database schema did not update properly on upgrade.

Thanks,
Rich

Hi @inedo_1308,

@inedo_1308 said in ProGet bug - Duplicate custom Feed Usage Instructions for Debian feeds:

Actually this feature (signed-by) is quite old. It just was badly documented for a long time (See this question) and therefore nobody used it.

Thanks for the additional details!

@inedo_1308 said in ProGet bug - Duplicate custom Feed Usage Instructions for Debian feeds:

I would appreciate that very much :-)

No problem, I'll reply back as soon I as I have a build ready.

Thanks,
Rich

Hi @layfield_8963,

Just to verify, is your instance using SQL Server or PostgreSQL? Also, can you please provide me the command you are using to recreate that issue? That will allow us to more quickly identify the issue.

Thanks,
Rich

Hi @inedo_1308,

I updated the name on that ticket. It will also cause other issues with other feed types as well. It is an issue with how it creates usage instructions that have the same name as other usage instructions (both built-in and custom). As part of that ticket, we will handle fixing the editing and deleting of instructions that were created incorrectly. The display issue will most likely need to be fixed by manually deleting the duplicates and recreating them (post fix).

I will also fix the Debian usage instructions as well. Since I'll be touching the code where the built-in instruction is stored, I was planning to just include them in that ticket, but I can create a new ticket for that as well. When we wrote our documentation for Debian, signed-by was not a feature yet. In the latest updates for the updated Debian feed, most customers were still using the legacy way for adding ProGet as a source. It has really only been in this latest major of apt that signed-by has worked consistently for us.

I plan to work on these early this week. If you want, I can provide you with a CI release as soon as these are ready if you want to test them early.

Thanks,
Rich

Hi @inedo_1308,

Thanks for sending this over to us. I created a ticket, PG-3069, to fix the exception with editing. I'll also get the feed usage instruction and our documentation updated with the signed by parameter.

Thanks,
Rich

Hi @jfullmer_7346,

Thanks for sending this over to us. This looks to be related to an issue with a stored procedure only used by this specific Asset metadata API. I have fixed this as part of PG-3062 and it will release this Friday in ProGet 2025.6.

Thanks,
Rich

Hi @caterina,

That looks to be an issue with the UI. Your feed policy will only ovewrite the specific license you marked as compliant and the remaining non-compliant licenses will still mark packages with those licenses as non-compliant. For example, any package AGPL-1.0 will still be non-compliant. On the second feed, it should be using the Global policy for that package. Can you share which feed features are enabled under the Feed Properties tab (Manage Feed in ProGet 2024) on the feed you promoted the package to?

Thanks,
Rich

Hi @kc_2466,

I just wanted to clarify Dan's comment a bit. The tz environment variable sets the timezone used in the container and time zone in the user config will only set the time zone to use in the UI, not the format of the date. Setting LC_TIME will change the locale within the Docker container and format it at the OS level, it doesn't look like that will be picked up in the .NET side of things. This is something I will need to discuss with the team internally. We have a team meeting on Monday (EST) of next week and I should have an update for you on the following Tuesday.

Thanks,
Rich

Hi @mhelp_5176,

When hosting via the Integrated Web Server, you will need to update the account the service is running as. As long as the GMSA is a db_owner on your database, then "Integrated Security=true;" in your connection string will use that account. As for installs through the InedoHub with "Integrated Security=true;" , it will use the account of the person running InedoHub when connecting to SQL Server during the install, so that account will need DBO on the ProGet database as well.

Thanks,
Rich

Hi @mwatt_5816,

Thanks for all of the detail. I have fixed the code, BM-3982, for this template and it will be released in the next maintenance of BuildMaster 2024.0.7 on Friday.

Thanks,
Rich

Hi @jfullmer_7346,

Thanks for the detailed recreation steps on this! I was able to recreate the issue and created a ticket, PG-3018, to track the fix. This is expected to be fixed in ProGet 2025.2 on Friday of this week.

Thanks,
Rich

Hi @petter-jacobsen_7171,

Just an update. It looks like I have found some issues with our policies. I have created tickets PG-3015 and PG-3016 to track the fix. These are expected to be released in ProGet 2025.2 at the end of the week.

Thanks,
Rich

Hi @stefan-hakansson_8938,

In ProGet 2024, we added support to enable enhanced database mode, which requires database owner, as an opt-in feature to prepare for ProGet 2025. Beginning in ProGet 2025, ProGet requires database owner on the ProGet database in SQL Server. Once you add DBO to your SQL user, this will unblock the upgrade to ProGet 2025. You can see more information in you [SQL Server & Inedo Products](In ProGet 2024, we added support to enable enhanced database mode
) documentation.

Thanks,
Rich

Hi @lukas-christel_6718,

Sorry for the delay on this. We just pushed an updated pgutil that will now skip over any invalid versions.

Thanks,
Rich

Hi @petter-jacobsen_7171,

I took a look through these and I have some more answers for you:

1. Looks like you added the package string to the license. You will need to navigate to Reporting & SCA -> Licenses -> manager license types & rules, then find that license, edit it, and remove the package string under the PUrls tab.

2. This looks to have been fixed in ProGet 2025.1 that released last night.

3. You can block a specific package on the Set Package Status page.

4. There does look to be an issue in policies, but I will need to dig into this further to determine exactly what the issue is. I will be looking into this more tomorrow.

5. I was unable to recreate this issue. It may have been fixed in 2025.1 or it may have been related to something else. Please note that if the package is in a connector, then the package will show in your feed once you delete it as a remote package.

6. This may be related to the issue in 4, I will update on this once i have dug in further.

7. Again, this looks to be related to an issue in policies.

8. I addressed this in my previous comment, but just wanted to call it out for completeness sake.

I should have an update tomorrow for you with more specifics around the blocking issues. Please let me know if you have any questions regarding my responses!

Thanks,
Rich

Hi @rel_0477,

I just happen to check right when this came in. Glad to hear it is working again! Was it the local cache? Cargo has a pretty aggressive cache for both good and bad packages.

Thanks,
Rich

Hi @rel_0477,

I apologize for not responding sooner. Can you please navigate to Manage Feed -> Storage & Retention and run the re-index operation? That should fix any packages that were pushed with the invalid JSON header.

Thanks,
Rich

Hi @darren-sloper_5044,

Great! Glad to hear you are up and running again!

Thanks,
Rich

Hi @petter-jacobsen_7171,

Thanks for submitting all this detail. I just wanted to let you know we are currently reviewing these items and will have an update later today.

I did want to make not that rollback is only supported when you upgrade from 2024 to 2025, then you will be able to downgrade back to 2024. With that said, that connector error may go away by simply restarting the ProGet services. If not, you can also try to uninstall 2024 and then reinstall it again and point to the existing database. That will force the schema update to rerun and should add back that missing stored proceedure.

Hi @kc_2466,

I'm having trouble recreating this issue. Are you using the built-in/unmodified publish packages task or did you create a custom one? If you created a custom one, please make sure all that all your options can be scoped to a feed (denoted by the "F").

Thanks,
Rich

Hi Darren,

We pushed a new installer last night and you should be able to use that to upgrade now.

Thanks,
Rich

Hi @darren-sloper_5044,

Thanks for all of the information! Installer issues take a bit to debug through, but we are looking into this now. Please hang tight and should have an update later today or early tomorrow morning on this.

Thanks,
Rich

Hi @matthias-reitinger_3646,

Good catch and thanks for sending over an example! I took a quick look and you are correct that bin was not included in the metadata for that package. I have created a ticket, PG-3000, to track the fix for this. Unfortunately it is too late to get this fixed in today's ProGet release, but it should be fixed in the next maintenance release of ProGet, 2024.39, which is expected in two weeks.

Thanks,
Rich

Hi @rel_0477,

Thanks for sending over the reproduction case. I was able to identify the issue, PG-2993, and have it ready to go in the next maintenance release of ProGet.

Thanks,
Rich

Hi @caterina,

Thanks for bringing this to our attention. I have created a ticket, PG-2990, to track the fix and it should be released in the next maintenance release on June 13th.

Thanks,
Rich

Hi @steviecoaster,

Thanks for the find. We'll get this fixed in the next maintenance release.

Thanks,
Rich

Hi @michal-roszak_0767,

Can you please post what the fix was?

Thanks,
Rich

Hi @michal-roszak_0767,

I took a look at the code and the only line that could throw that error during the configuration is when it goes to download the federation metadata. Typically that error message indicates the ProGet server was shutting down will it was attempting to create a new HttpClient. I would try to reboot your ProGet server and see if it happens again.

Thanks,
Rich

Hi @Nils-Nilsson,

Glad to hear it's working for you! Also, thanks for the feedback on adding that to our docs, I'll work on getting that added soon.

Thanks,
Rich

Hi @udi-moshe_0021,

If you could please share all of the output, that would be helpful.

Thanks,
Rich

Hi @Nils-Nilsson,

At this point, I would suggest using our debug endpoint to see what the SAML response sent to us is and how we interpret it. You can do that by change the callback URL in your SAML provider to https://«PROGET_HOST»/saml-acs-callback-debug then attempt to login to ProGet using your SAML provider. You will then be redirected to a debug page that shows you the SAML details. That should be able to help you identify what is missing. If you need help, you can email us the contents of that page to support@inedo.com with a subject of [QA-2681] SAML and then reply to this letting us know you sent it.

Thanks,
Rich

Hi @udi-moshe_0021,

Thanks for the information and I appreciate the background. Did you try the method of referencing the certificate by it's thumbprint while using the Windows Store? The only logs we have is if you run the IWS in a console instead of as a Windows service. This will allow you to see the console output from .NET when we register the certificate. You can do that with the following command:

"C:\Program Files\ProGet\Service\ProGet.Service.exe" run webonly

Based on the error you originally provided though, that error almost always means that the Service Account doesn't have access to the certificate and it's private keys. Can you tell me a little more about your setup?

1. Are you binding only the port (Urls="http://*:80;https://*:443" in the config file ) or did you configure it for port sharing?
2. Is there a proxy in front of your site?
3. What account are you running your IWS service as, Network Service, local domain account, etc....?

Thanks,
Rich

Hi @udi-moshe_0021,

Certificate configurations can be a bit tricky to resolve due to the many different types of certificates that can be generated. To start, are you using the integrated web server or IIS on your installation?

The first thing to check is that your certificate with either IWS or IIS is making sure that your certificate contains the private keys. That is required for any certificate problems. If you are on Windows, the easiest way to use the certificate is using the Windows Certificate Store. Once you have imported it into your certificate store, check that your have permissions to manage private keys.

If you are still haveing issues getting teh certificate to load, then you may want to switch to referencing your certificate using it's thumbprint.

If you are trying to link directly to the certificate instead of using the windows certificate store, you will still need to make sure the certificate has the private keys included, but you may need to convert your certificate to a ".pfx" or a ".pem" file. Although we have had success using a .crt and a .key file, we find it can be a bit finicky in comparison. Although I don't have the exact command to run, you should be able to easily find openssl commands to convert the certificate. Similar to this command:

openssl pkcs12 -export -out output.pfx -inkey private_key.key -in certificate.crt

It's hard to give an exact command since I don't know all the details on your certificate and key files. We also have some notes on how to convert PKI generated certificates to a ".pem" file in our in our HTTPS Binding to a Port (Advanced) docs. Just scroll down to the Update Configuration file and look at the commands we have there to convert the certificate.

This should be a pretty good starting point for this, but please let me know what works and what doesn't and then we can go from there.

Thanks,
Rich

Hi @Nils-Nilsson,

In order to use SAML with Active Directory, you will need to make sure your SAML claims are returning a Subject's NameID that matches the samAccountName in Active Directory excluding the domain suffix. Then if it finds that username in Active Directory, it will use it's permissions. If it does not find it, it will then create a user in the Built-In User Directory.

The Subject's NameID is a bit confusing because it looks like each service uses a different term for this. For example, EntraID's (Azure AD) SAML claims name it nameidentifier. Really it is whatever claim value is set in the SAML envelope under saml2p:Response/saml2:Assertion/saml2:Subject/saml2:NameID.

As for the callback URL; it is specified in the configuration wizard when setting up EntraID (Azure AD) and PingID, but not for other SAML providers. It also looks like this got removed from our documentation page, which I'll add back now. The callback URL should be https://«PROGET_HOST»/saml-acs-callback .

@dan-brown_0128,

The best way to handle this is to use the expiration feature on API keys or using a separate script (PowerShell, Shell, etc...) in a Scheduled Task or CRON Job to check your SAML or AD provider for access and then use our API to disable API keys. Although I have never set this up, I know many SAML providers offer Webhook subscriptions for when access is removed. That could be another option for disabling API keys in ProGet.

Thanks,
Rich

Hi @pooyan-zamanian_1706,

Sure thing! ProGet 2024.33 is scheduled to release on April 18th. If you need something earlier, we can create a pre-release build as soon as the fix is ready (it's currently going through testing at the moment).

Thanks,
Rich

Hi @pooyan-zamanian_1706,

I was able to recreate this issue and have created a new ticket, PG-2946, to track the fix. This should be released in the next maintenance release of ProGet 2024.33. If any thing changes, I will let you know.

Thanks,
Rich

Hi @pooyan-zamanian_1706,

Thanks for the additional information. This will take me a bit of time to work through. I should have an update for you tomorrow.

Thanks,
Rich

Hi @pooyan-zamanian_1706,

Thanks for sending this over to us. Just wanted to check, does the PGV-2129406 vulnerability have only a single assessment or is there an overridden assessment for that feed on that vulnerability? Also, are both of these packages in the same feed?

The log gives us a good starting point to attempt to recreate it, but I just wanted to make sure I have the base conditions set to recreate it.

Thanks,
Rich

Hi @udi-moshe_0021,

I tested using the following docker command: docker pull test-server-1:8624/qa-2652/geoserver:2.27.x

I have the connector configured with the following settings:

• Connector URL: https://docker.osgeo.org
• Authentication: anonymous
• Timeout: 10
• Attempt to search the container registry: checked
• Do not use library/ prefix for repositories without namespaces: checked

I was able to pull using the docker command above and I also was able to us "Pull Tag" in the interface. One thing I would try is to delete the cached image ProGet using the ProGet UI and then try to pull it again.

Also, could you provide your docker output? Sometimes we see more information in that output if nothing is showing in the diagnostics center.

Thanks,
Rich

Hi @udi-moshe_0021,

Do you see any errors logged in the diagnostics center in ProGet? I did a test of pulling the image using Docker and the Pull Tag button in ProGet and they both worked in my case. I'm thinking you might be rate limited by docker.osgeo.org in your ProGet instance.

Thanks,
Rich

Hi @v-makkenze_6348,

Glad to hear it!

Thanks,
Rich

Hi @v-makkenze_6348,

So this package is a wierd one for sure. NuGet has actually removed it entirely from NuGet.org because it violated their terms of use. I would highly recommend switching to a supported package for that. That being said, there is a great answer in this stack overflow article on it https://stackoverflow.com/questions/1186270/referencing-system-management-automation-dll-in-visual-studio and you can see the removal from NuGet.org here: https://www.nuget.org/packages/System.Management.Automation.dll/

Basically to view this in ProGet, you will have to navigate manually to it in your feed because it is no longer returned in NuGet.org's search queries. You can use the following URL as a template (just swap out host and feed): https://«PROGET_HOST»/feeds/«PROGET_FEED»/System.Management.Automation.dll/versions

Thanks,
Rich

Hi @arose_5538,

We just released ProGet 24.0.31 that has the fix included for this so you do not need to specify those extra environment variables.

Thanks,
Rich

Hi @arose_5538,

There looks to be a bug in our Docker image for 24.0.30. To work around this, if you add the environment variables PROGET_USE_HTTPS_REDIRECTION:false and PROGET_INTEGRATED_AUTHENTICATION:false to your Docker run command or Docker Compose file, that will get you passed the error for now. I have created a ticket, PG-2932, to track the fix going forward.

Thanks,
Rich

Hi @rel_0477,

Thanks for sending over the recreation steps! I was able to recreate the issue and have created a ticket, PG-2922, to track the fix. This should be released in the next maintenance version of ProGet, 2024.30.

Thanks,
Rich

Hi @rel_0477,

Would you be able to send us an example crate and the exact publish command you are using so we can test this issue with? Also, what version of cargo are you using? In my test cases, I'm able to run cargo publish and view them in ProGet.

Thanks,
Rich

Hi @pmsensi,

Thanks for bringing this to our attention. I believe I see what the issue is, but I would like to confirm the issue. Would you be able to run the following query to get me a list of created by names so I can test it locally?

SELECT DISTINCT [CreatedBy_User_Name]
  FROM [AssetItems]

If you do not feel comfortable posting it to the forums, you can email the output to support@inedo.com with the subject of [QA-2618] and just let me know when it was sent. This way I can confirm what is needed for the fix.

Thanks,
Rich