Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Hi @jerome-jolidon_1453 ,
If you navigate to the connector's overview page, you should see a link called configure filtering to the right of the Package Filters heading. That will show you your filtering level. I agree with your comments on our filtering documentation. I have also contacted our products team to do a rewrite of this documentation.
Thanks,
Rich
Thanks for all of the information, this is very helpful. I will make sure we can get these addressed. Can you tell me what your filtering level is on your connector?
Thanks,
Rich
Can you share what npm connector filters you are using? I can verify that @microsoft/* works on NPM filters. I tested using a block of * and allow @microsoft/*. That allowed only @microsoft packages to be downloaded. I will add that if an npm package has already been cached, the download is still allowed. These filters only work if the package is remote and has not been cached.
I will note that I have found a UI bug that will not show the download button blocked for NPM packages, but if you attempt to download the package you will get a 404 error.
Thanks,
Rich
Hi @Stephen-Schaff,
This should not affect anything. If you are using a single domain (did not use multiple domains in the domains to search input), the domain does not need to be appended to the username. So your existing command-line tools should not be affected.
If you also need to be able to prepend your domain (ex: domain\user), I can send you some documentation on how to configure it. The previous login formats of username and username@domain.local will still work, but it adds the ability for domain\username. A small disclaimer though, the domain\user functionality is still in testing.
Thanks,
Rich
Hi @brett-polivka,
It looks like there was a mix-up in one of our branches. I just pushed an updated image with the ParallelEnumerable removed. Can you please give the proget.inedo.com/productimages/inedo/proget:5.3.23-ci.5 image a try?
Thanks,
Rich
Hi @Stephen-Schaff,
Thanks for confirming the extension version for me.
As for the user directory question, if you navigate to Administration -> Change User Directory Did you configure and select Active Directory (LDAP)? We previously had a configuration for a user directory called LDAP or Single Domain Active Directory (now called LDAP or Single Domain Active Directory (Legacy)). I wanted to verify you are not using an old LDAP implementation.
Thanks,
Rich
Hi @Stephen-Schaff,
The Publish Packages task should actually trump View & Download. When I test your steps, it shows me that the user has no effective permissions on the Base feed. To accomplish what you would like to do you should do the following:
Publish Only and give it the Add Package attribute.That should give you the publish restriction you are looking for. Can you please give that a try and let me know if that works?
Thanks,
Rich
Hi @saurulau,
It looks like your colleague submitted a support ticket with us. Is it OK to continue with that ticket, or would you like me also to work with you through this forum's post?
Thanks,
Rich
Hi @Stephen-Schaff,
I'm having a bit of trouble recreating this issue. Can you answer a few questions for me?
Publish Packages task?
and clike on thePublish Packages` task.Thanks,
Rich
Hi @Stephen-Schaff,
@atripp is correct. There was an issue previously that would ignore the specified type of a principal and favor a group, but that has been fixed for a bit now.
One thing that can still happen is accidentally selecting a group versus a user when adding a permission or restriction to a task. Currently, we just present the list of users and groups in the order they are returned from the domain. If a user and a group are using the same name, it may be difficult to decipher which one you are selecting.
Can you please tell us what version of the InedoCore extensions is installed? Also, can you please verify that you are using the Active Directory (LDAP) user directory?
Thanks,
Rich
Hi @scroak_6473,
ProGet automatically handles creating a temporary API key for use with clair. When ProGet integrates with clair, it generates a temporary key to use to check layers for vulnerabilities then deletes it when the process completes. So there is nothing you have to do to authenticate clair to ProGet. If the key is still there after running the scan, my guess is an error occurred while trying to clean it up.
As for the other error you are seeing, are you able to pull an image with that layer attached to it? I can probably create a SQL query for you to link a layer to the image if needed.
Thanks,
Rich
Hi Joshua,
It looks like the exception is missing the actual error message. I have added some code to improve that error. Could you install Get 1.10.2-CI.1 and see if we can get a better error message relating to what issue you are seeing?
You can manually install this extension by:
Extensions.ExtensionsPath in Administration -> Advanced Settings)Thanks,
Rich
Hi @Joshua_1353,
That all sounds correct. Can you please send a screenshot of your root folders in your Git branch? I'm thinking that maybe there is a folder conflict.
Thanks,
Rich
Hi @Joshua_1353,
I'm having a bit of trouble recreating this issue. I have a few questions for you to help get me started.
This should help me try to recreate the error.
Thanks,
Rich
Hi @Jeff-West_5638,
Do you see the error in your Diagnostics Center under Administration? Could you please post that error stack trace here?
Thanks,
Rich
Hi Jeff,
The anonymous user has been moved to a built-in account in ProGet now, so it will not show up under the Users tab now. But, you should still be able to add Anonymous to tasks on the Tasks tab. I would recommend removing the anonymous permission you had set up on any task previously and re-add them. When you start to type Anonymous, you should see it pop up as an available user to select. Can you try that?
Thanks,
Rich
Hi Jeff,
Could you please provide a screenshot of what you are referring to with the Anonymous user no longer shows up under Users? Anonymous should be a built-in account and you should be able to add it to any task. Although being a free user, you do not have the ability to have feed level support. In that case, if you set anonymous globally, then all feeds will have anonymous access.
What version were you using in your lab that worked previously?
Thanks,
Rich
BuildMaster only supports Visual Studio Test (formerly MSTest), nUnit, and jUnit out of the box. I'm not very familiar with SOAP UI, but I think your best bet would be to use Soap UI's jUnit integration and then run the jUnit tests to track them in BuildMaster. If not, you would probably need to build a custom BuildMaster extension to support this. Please see our unit test documentation for more information.
Thanks,
Rich
Hi @markus4830,
I definitely recommend changing your NuGet.org connector to the V3 endpoint simply for the fact that NuGet.org is deprecating portions of their V2 API. The V3 endpoint on NuGet.org is also much faster than the V2 endpoint and the V2 endpoint on NuGet.org currently throttles package connections.
On the same note, I recommend the same thing for connecting to ProGet as well. Your error message above shows that your build server is connecting to the V2 endpoint for your ProGet NuGet feed. The V3 API is much more efficient in both database connections and overall SQL execution.
If your NuGet feed in ProGet is still showing a V2 endpoint address, you will need to go to your feed's Manage Feed page by clicking the Manage Feed button and change the supported API to include JSON-LD (v3) . Your feed will still support V2 connections, but you should migrate all your builds to access it over the V3 endpoint.
I feel the combination of those two pieces should help bring down the number of concurrent connections to SQL server.
Thanks,
Rich
Hi @markus4830,
Thanks for sending that over. The Close Database Connections Early value was removed because we enabled that for everyone which helped this issue initially. Can you remind me, are you using the Docker version of ProGet or do you have it installed on Windows?
For the (big) build, is it multiple builds triggering at the same time, or is it just a single massive build with a lot of packages associated with it? I'm also noticing that you are using the NuGet v2 endpoint. Is it possible to switch your build to use the NuGet v3 version of your endpoint?
Thanks,
Rich
Hi @markus4830,
I think the first thing to check is if you are actually running out of connections or not. Can you please run the following SQL next time you see ProGet experiencing this problem? Can you also run it under normal load when everything is running normally?
SELECT DB_NAME(dbid) as DBName, COUNT(dbid) as NumberOfConnections --, loginame as LoginName
FROM sys.sysprocesses
WHERE dbid > 0 AND DB_NAME(dbid) = 'ProGet'
GROUP BY dbid --, loginame
I commented out the loginName, but you can uncomment that if you want to verify the connections are coming from ProGet versus other users connected to SQL server.
What is the number of connections you are seeing when you run that?
Thanks,
Rich
Hi @jn_7742,
This fix will be released in ProGet 5.3.21 which is due out January 22, 2021. When you upgrade and test this, can you please reply back and let us know if this worked for you?
Thanks,
Rich
Hi @viceice,
I took a look at this and it looks like the issue is that the GitHub repository is not returning the published date. I have put a fix in, PG-1871, which will release in ProGet 5.3.21.
Thanks,
Rich
Hi @viceice,
This typically happens because the NuGet package metadata has an invalid format. Does this error happen for all packages or just one?
We run into similar issues when connecting to Azure DevOps registries because they do not always follow NuGet's API spec. Are you able to send over the package registration metadata for a package with the issue? The index.json may also help with this. If you do not feel comfortable submitting this via the forums, you can email it to support@inedo.com. Just please let me know when you send it so I know to look in that mailbox for it.
Thanks,
Rich
Hi @Crimrose,
Thanks for posting a follow-up solution for this! I'll keep this in our notes incase this comes up again in the future!
Thanks,
Rich
Thanks for sending that over. This confirmed my thoughts. It looks like they only include the SearchQueryService/3.0.0-beta, not the SearchQueryService, which is why the v3 connector does not work. I'm going to talk this over with the internal team and see how we want to approach it. ProGet currently does not implement the 3.0.0-beta API endpoint because it is still likely to change, which increases the likelihood of it breaking in ProGet.
I'll discuss this internally and figure out the best way to proceed.
Thanks for sending this over!
Thanks,
Rich
Would you be able to post the JSON from your v3 API? It looks like AzureDevOps is missing the URL for the SearchQueryService. If you navigate to https://proget.inedo.com/nuget/NuGetLibraries/v3/index.json You'll see the very first service API URL is for SearchQueryService. I'm wondering if Azure DevOps is implementing a weird version of it, if at all. If you don't feel comfortable posting it here, you can email it to support@inedo.com, let me know, and I can pull it from there.
I'm sorry for the confusion. Since you originally posted the values from the registrations-gz, I made the assumption you were using the v3 API. The fix I added was for the V3 API JSON. I'll have to see what I can do with the V2 version because it parsed a little differently than the v3 version.
Thanks,
Rich
Thanks for the updated information. This is most likely not a configuration issue with the connector. The only thing that could be affected by the connector setup is if you are using a v2 API NuGet feed instead of a v3 on from Azure DevOps, but I believe you already confirmed above that it was the v3 API from Azure DevOps.
Let me look into this a bit further. It looks that I must have changed the code that the UI uses, but not what the nuget.exe uses. I'm not sure how that is possible, but let me take another look.
Thanks,
Rich
Hi Simon,
Unfortunately hitting the URL in the browser will not show the underlying error because the Docker client is a relatively chatty client. It will hit a number of different API endpoints to perform the login. You would need to use a tool like Wireshark or Fiddler to proxy requests to the server to see which URL has the problem.
Are you using nginx as a reverse-proxy to ProGet? Is it possible to bypass it to try to use docker login directly on the ProGet server to rule out any header manipulation issues?
Thanks,
Rich
You should not need to do anything to the connector. Can you try and open the package in the ProGet UI? Does that package/version load? Also, can you download it within the ProGet UI?
Thanks,
Rich
Hi @scroak_6473,
We have fixed the issue with creating new AD User Directories and vulnerability sources in .NET 5. It is set to release in ProGet 5.3.19 which is due out December 18, 2020.
Thanks,
Rich
No problem. Thanks for moving the comment over here! I will delete it from the other topic.
I can confirm the fix I made was released and is currently in the code. Do you see any errors in the Diagnostic Center in ProGet?
Thanks,
Rich
Hi @scroak_6473,
For the add new User Directory and add new Vulnerability source, we have identified the issue and we are currently investigating the cause of it. It has to do with changes in .NET 5 for parsing types from strings. I will update this when we have a bit more information on it.
As for the AD stuff. That is definitely the issue, the LDAPS certificate is not being viewed as a valid certificate. I think we will need to investigate this further on how to bypass certificate validation. I would prefer you to open a new thread to discuss this issue with LDAPS in Docker. To answer your question, our code for connecting to Active Directory exists on GitHub in the inedox-InedoCore extension. It also includes a windows application for testing AD connections, including LDAPS. The library we are using on .NET 5 is Novell.Directory.Ldap.NETStandard. For the .NET 4.5.2 target, we use the typical System.DirectoryServices. We always encourage Pull Requests with fixes for this also!
Hope this helps!
Thanks,
Rich
Glad to hear the workaround works. We are still currently working on the issue to fix the Add New functionality in .NET 5. To the best of my knowledge, LDAPS is currently working and we have users that are using it currently. Can you please tell me what issue you are having with LDAPS?
Thanks,
Rich
Hi @scroak_6473,
I was able to recreate your issue. I think this may be an issue with the .NET 5 version of ProGet and creating a new Active Directory (LDAP) user directory. If one is already created, I do not have any issues editing it.
As a workaround, I would suggest changing over to the progetmono image and create the new user directory, then change back to the proget image to configure it.
I will reply back when I have an update on a proper fix for this.
Thanks,
Rich
Hi @shijiyong_6709,
I just wanted to confirm that you are using docker login -u admin https://proget.company.com and not docker login -u admin. Is that correct?
The first thing we need to figure out is if the problem exists in your ProGet configuration or in your nginx configuration. Can you start with temporarily allowing anonymous access to your Docker registry in ProGet, does Docker pull work then?
Thanks,
Rich
Hi @arozanski_1087,
That's great! I'm sorry it took this long to get this working. Thanks for working with me to figure this out! I'm going to make a change to the documentation right now to include the requirement of naming the extension file. I will also get a full release of this extension out today so it will lock in that version with the ProGet release tomorrow.
Thanks,
Rich
Hi @arozanski_1087,
Glad a reboot of the OS fixed it. Can you try renaming the downloaded version to InedoCore.upack. I noticed ProGet gave me some issues installing the extension manually when leaving the version number on there.
Thanks,
Rich
Hi @arozanski_1087,
You can also try flipping back to the Built-in User Directory by reseting the base admin account. You won't lose any AD users you have setup, it just simply switches ProGet to use the Built-in directory and resets the Admin password back to Admin.
Thanks,
Rich
Hi @arozanski_1087,
Did you restart IIS or the Integrated Web Server after copying the upack file back? Also, did your upack file have a version number in the name? Or was it just InedoCore.upack? I doubt this, but can you navigate directly to /administration/extensions? Could you also take a screen shot of the files in the Extensions folder?
Thanks,
Rich
Hi @Crimrose,
When you first start the ProGet container, our code will run a database schema update to make any missing changes. My guess is that in your Kubernetes cluster, you have a mix of 5.3.15 pods and 5.3.16 pods all trying to access the database at the same time, causing Kubernetes to stop and restart pods. I would stop all your ProGet pods and try starting just a 5.3.16 pod and see if that works.
If that does not work, you can manually update the database schema. To do this, you would need to download the manual install files from my.inedo.com and download inedosql from GitHub. Inedosql is a cross platform application, so you can run it directly on Linux using the .NET 5 CLI or downloading the specific Linux version or from a Windows machine. Then you can follow just the Run inedosql to update the database section of the manual install guide. The SQLScripts folder exists in the Manual Install files.
Hope this helps!
Thanks,
Rich
Hi @churst,
Sorry for the delay in my response, glad you were able to find it!
As for your account, if you can submit a ticket on my.inedo.com and include your license key, I can associate your email address with your my.inedo.com account.
Thanks,
Rich
Hi @arozanski_1087,
I think I may have finally tracked this issue down. Would you be able to manually install the Inedo Core 1.7.11-CI.1 extension and see if that fixes your issue? There is one spot that does not properly apply the user and group filter upon saving and I'm thinking I may have fixed it.
Thanks,
Rich
Hi @Crimrose and @hyt5036_7430,
I just made some tweaks to our 1.9 packages and released the ProGet 5.3.16 compatible extensions as -RC versions. If you change your Extensions.UpdateFeedUrl to https://proget.inedo.com/feeds/PrereleaseExtensions you can install the latest RC version of these extensions and they will work with the proget or progetmono image. Since the proget and progetmono images include the exact same features, you can switch between them without loss of data.
Thanks,
Rich
Hi @churst,
It looks like this may be related to KB#1758. Could you please take a look at this first and let me know if this fixes your issue?
Thanks,
Rich
Hi @anrey-ne_0903,
Is this a new Docker feed you have created? IF so, this may be related to this other post https://forums.inedo.com/topic/3081/a-500-error-occurred-in-d-could-not-find-a-part-of-the-path-var-proget-packages-docker-f1. We currently have a bug that throws an error when pushing to the first feed created in each package type when using the proget Docker image. This will be fixed in ProGet 5.3.17, but that forums post has a manual work around to fix that issue.
If this is not the issue, then my next question would be is this a recent upgrade of the proget docker image?
Thanks,
Rich
Hi @Crimrose,
Chocolatey feeds are a form of NuGet feed that uses the standard NuGet API, but we optimize ProGet's UI to present it in a slightly different fashion. You can see the differences listed in our Chocolatey documentation. This means that you can push chocolatey packages via the NuGet CLI push command. Since you are running this on Linux, you will need to use the .NET Core or .NET 5 based CLI to perform this push.
Alternatively, you can upload this manually in the ProGet UI.
Thanks,
Rich
Hi @Crimrose and @hyt5036_7430,
The difference in the proget.inedo.com/productimages/inedo/proget and the proget.inedo.com/productimages/inedo/progetmono is that the proget image is built using .Net Core 3.1 (it will be .NET 5 in ProGet 5.3.17) and progetmono uses the Mono framework with our code compiled to .NET Framework 4.5.2 as @Crimrose has mentioned above. We actually have a blog post on this.
The issue you are running into is that the Kubernetes extension did not add support for .Net Core until version 1.9.0-CI.5 of the Kubernetes extension. Do not use 1.9.0-CI.6 because that includes on .NET 5 in preparation of ProGet 5.3.17. To install 1.9.0-CI.5, you will need to follow the Extension Manual Install Guide and you will need to make sure to copy the extension to the Extensions.ExtensionsPath inside the container using docker exec -it <image name> sh using the shell or copy it to the folder the container is mapped to on the Docker host.
The Whitesource and Sonatype extensions have this same issue currently.
I hope this helps! Please let me know if you have any questions.
Thanks,
Rich
Hi @harald-s-hanssen_2554 and @viceice,
I was able to finally track down this issue. It seems to only affect ProGet running on Linux (Docker) when attempting to look for existing packages prior to adding a package or image. I have created a ticket, PG-1852, to track this fix. It will be released this Friday, November 20, 2020, in ProGet 5.3.17. Thanks for all the help in troubleshooting this!
Thanks,
Rich