NuGet Bug in Artifactory 3.0.3

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

NuGet Bug in Artifactory 3.0.3

drohm
Hi,
We've confirmed a bug in the way Artifactory is handling requests from NuGet.  Here is what's happening.  During our build process, we're creating our own NuGet packages and then adding them to our Artifactory repository with the Artifactory TeamCity plugin.  We're using TeamCity 8.0.1.  These steps work fine, no problems.  The problem occurs when another project has a NuGet dependency on one of our NuGet packages that resides in Artifactory.

During the build, NuGet's restore feature makes a call to get a specific version of a package via the nuget.exe command-line exe:

NuGet.exe install "C:\Development\PortalLayoutUI\src\PortalLayoutUI\packages.config" -Verbosity detailed -NonInteractive  -solutionDir "C:\Development\PortalLayoutUI\"

The GET url it generates and uses is:

http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='PortalUIService',Version='1.0.0.720')

What returns from this request is what's confusing NuGet and its not pulling down our NuGet package.  The response returns all the packages in the repository instead of the one that is requested.  NuGet is expecting either 1 entry returned, 0, or an error.  Instead, Artifactory returns an entry for every package in the repository.  NuGet, I'm guessing because its confused, simply installs the first one in the list that's returned, which is NOT what we requested.  Here is a sample output from the GET request above:

<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom" xml:base="http://dml:8081/artifactory/api/nuget/nuget-repo/">
  <title type="text">Packages</title>
  <id>http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='PortalUIService',Version='1.0.0.720')</id>
  <updated>2013-08-28T19:44:23Z</updated>
  <link rel="self" title="Packages" href="Packages"/>
  <entry>
    <id>http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='ClinicalDocumentRepository',Version='1.0.0.143')</id>
    <title type="text">ClinicalDocumentRepository</title>
    <summary type="text">The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</summary>
    <updated>2013-08-28T15:21:56Z</updated>
    <author>
      <name>NaviNet</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='ClinicalDocumentRepository',Version='1.0.0.143')"/>
    <category term="NuGetGallery.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="http://dml:8081/artifactory/api/nuget/nuget-repo/Download/ClinicalDocumentRepository/1.0.0.143"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:Version>1.0.0.143</d:Version>
      <d:Copyright>Copyright 2013 - MyCompany, Inc.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2013-08-28T15:42:11</d:Created>
      <d:Dependencies>NaviNet.Commons.Logging:[1.0.0, 1.0.1)|CouchbaseNetClient:[1.2.6]|Newtonsoft.Json:[5.0, 5.1)|Castle.Windsor-NLog:[3.2, 3.3)</d:Dependencies>
      <d:Description>The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</d:Description>
      <d:DownloadCount m:type="Edm.Int32">0</d:DownloadCount>
      <d:GalleryDetailsUrl></d:GalleryDetailsUrl>
      <d:IconUrl></d:IconUrl>
      <d:IsLatestVersion m:type="Edm.Boolean">false</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">false</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language></d:Language>
      <d:Published m:type="Edm.DateTime">2013-08-28T15:42:11</d:Published>
      <d:LicenseUrl></d:LicenseUrl>
      <d:PackageHash>LWQOl4hhW2jWtO7rqoxuGwW0CLhApEec9M2v2mmEhz7yKpeZ/44zuWsPp+xQWflnY1Q28FNYG/yzYOF6ZJHhWA==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">18391</d:PackageSize>
      <d:ProjectUrl>http://git/git/?p=ClinicalDocumentRepository.git;a=summary</d:ProjectUrl>
      <d:ReportAbuseUrl></d:ReportAbuseUrl>
      <d:ReleaseNotes></d:ReleaseNotes>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>ClinicalDocumentRepository CDR Clinical Document Repository</d:Tags>
      <d:Title>ClinicalDocumentRepository</d:Title>
      <d:VersionDownloadCount m:type="Edm.Int32">0</d:VersionDownloadCount>
      <d:MinClientVersion></d:MinClientVersion>
    </m:properties>
  </entry>
  <entry>
    <id>http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='ClinicalDocumentRepository',Version='1.0.0.144')</id>
    <title type="text">ClinicalDocumentRepository</title>
    <summary type="text">The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</summary>
    <updated>2013-08-28T15:21:58Z</updated>
    <author>
      <name>NaviNet</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='ClinicalDocumentRepository',Version='1.0.0.144')"/>
    <category term="NuGetGallery.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="http://dml:8081/artifactory/api/nuget/nuget-repo/Download/ClinicalDocumentRepository/1.0.0.144"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:Version>1.0.0.144</d:Version>
      <d:Copyright>Copyright 2013 - MyCompany, Inc.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2013-08-28T15:42:11</d:Created>
      <d:Dependencies>NaviNet.Commons.Logging:[1.0.0, 1.0.1)|CouchbaseNetClient:[1.2.6]|Newtonsoft.Json:[5.0, 5.1)|Castle.Windsor-NLog:[3.2, 3.3)</d:Dependencies>
      <d:Description>The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</d:Description>
      <d:DownloadCount m:type="Edm.Int32">0</d:DownloadCount>
      <d:GalleryDetailsUrl></d:GalleryDetailsUrl>
      <d:IconUrl></d:IconUrl>
      <d:IsLatestVersion m:type="Edm.Boolean">false</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">false</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language></d:Language>
      <d:Published m:type="Edm.DateTime">2013-08-28T15:42:11</d:Published>
      <d:LicenseUrl></d:LicenseUrl>
      <d:PackageHash>IbN8ROEJ9azodJe0k/P51o9eP0AKH0GLTMtWHGKeB/U9eDtFc5WFNbsIc0kaO4HpYEo7w/aAB9GYXkjpm8M/Gg==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">18395</d:PackageSize>
      <d:ProjectUrl>http://git/git/?p=ClinicalDocumentRepository.git;a=summary</d:ProjectUrl>
      <d:ReportAbuseUrl></d:ReportAbuseUrl>
      <d:ReleaseNotes></d:ReleaseNotes>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>ClinicalDocumentRepository CDR Clinical Document Repository</d:Tags>
      <d:Title>ClinicalDocumentRepository</d:Title>
      <d:VersionDownloadCount m:type="Edm.Int32">0</d:VersionDownloadCount>
      <d:MinClientVersion></d:MinClientVersion>
    </m:properties>
  </entry>
  ...
  ...
  ...

You can see that the request for PortalUIService 1.0.0.720 is not what gets returned and NuGet instead installs the first entry - ClinicalDocumentRepository 1.0.0.143.

Has anyone else experienced this bug or know whats going on?  We're currently at a stand-still with no solution to this problem.  Any help would be great.

Doug
Reply | Threaded
Open this post in threaded view
|

Re: NuGet Bug in Artifactory 3.0.3

shayb
Hi,

It seems that you are using an old nuget client that sends request URL that is not supported with Artifactory.
I tried the same with out client, and the request URL that sent is slight different and works.

For example, I added 'EntityFramework' version '6.0.0-beta1' to my packages.config file, and the request seems to be different:

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="EntityFramework" version="6.0.0-beta1" targetFramework="net45" />
</packages>

nuget install "C:\ClassLibrary114\ClassLibrary114\packages.config" -Verbosity detailed -NonInteractive -solutionDir "C:\ClassLibrary114"
Installing 'EntityFramework 6.0.0-beta1'.
Successfully installed 'EntityFramework 6.0.0-beta1'.

Can you try it with one of the latest nuget clients? (I tested it with 2.6, however, there are plenty of other users that using it with older versions)
In addition, which version of nuget command line are you working with?

Shay.


On Thu, Aug 29, 2013 at 3:20 PM, drohm [via Artifactory] <[hidden email]> wrote:
Hi,
We've confirmed a bug in the way Artifactory is handling requests from NuGet.  Here is what's happening.  During our build process, we're creating our own NuGet packages and then adding them to our Artifactory repository with the Artifactory TeamCity plugin.  We're using TeamCity 8.0.1.  These steps work fine, no problems.  The problem occurs when another project has a NuGet dependency on one of our NuGet packages that resides in Artifactory.

During the build, NuGet's restore feature makes a call to get a specific version of a package via the nuget.exe command-line exe:

NuGet.exe install "C:\Development\PortalLayoutUI\src\PortalLayoutUI\packages.config" -Verbosity detailed -NonInteractive  -solutionDir "C:\Development\PortalLayoutUI\"

The GET url it generates and uses is:

<a href="http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id=&#39;PortalUIService&#39;,Version=&#39;1.0.0.720&#39;" rel="nofollow" link="external" target="_blank">http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='PortalUIService',Version='1.0.0.720')

What returns from this request is what's confusing NuGet and its not pulling down our NuGet package.  The response returns all the packages in the repository instead of the one that is requested.  NuGet is expecting either 1 entry returned, 0, or an error.  Instead, Artifactory returns an entry for every package in the repository.  NuGet, I'm guessing because its confused, simply installs the first one in the list that's returned, which is NOT what we requested.  Here is a sample output from the GET request above:

<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom" xml:base="http://dml:8081/artifactory/api/nuget/nuget-repo/">
  <title type="text">Packages</title>
  <id><a href="http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id=&#39;PortalUIService&#39;,Version=&#39;1.0.0.720&#39;" rel="nofollow" link="external" target="_blank">http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='PortalUIService',Version='1.0.0.720')</id>
  <updated>2013-08-28T19:44:23Z</updated>
  <link rel="self" title="Packages" href="Packages"/>
  <entry>
    <id><a href="http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id=&#39;ClinicalDocumentRepository&#39;,Version=&#39;1.0.0.143&#39;" rel="nofollow" link="external" target="_blank">http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='ClinicalDocumentRepository',Version='1.0.0.143')</id>
    <title type="text">ClinicalDocumentRepository</title>
    <summary type="text">The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</summary>
    <updated>2013-08-28T15:21:56Z</updated>
    <author>
      <name>NaviNet</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='ClinicalDocumentRepository',Version='1.0.0.143')"/>
    <category term="NuGetGallery.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="http://dml:8081/artifactory/api/nuget/nuget-repo/Download/ClinicalDocumentRepository/1.0.0.143"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:Version>1.0.0.143</d:Version>
      <d:Copyright>Copyright 2013 - MyCompany, Inc.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2013-08-28T15:42:11</d:Created>
      <d:Dependencies>NaviNet.Commons.Logging:[1.0.0, 1.0.1)|CouchbaseNetClient:[1.2.6]|Newtonsoft.Json:[5.0, 5.1)|Castle.Windsor-NLog:[3.2, 3.3)</d:Dependencies>
      <d:Description>The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</d:Description>
      <d:DownloadCount m:type="Edm.Int32">0</d:DownloadCount>
      <d:GalleryDetailsUrl></d:GalleryDetailsUrl>
      <d:IconUrl></d:IconUrl>
      <d:IsLatestVersion m:type="Edm.Boolean">false</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">false</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language></d:Language>
      <d:Published m:type="Edm.DateTime">2013-08-28T15:42:11</d:Published>
      <d:LicenseUrl></d:LicenseUrl>
      <d:PackageHash>LWQOl4hhW2jWtO7rqoxuGwW0CLhApEec9M2v2mmEhz7yKpeZ/44zuWsPp+xQWflnY1Q28FNYG/yzYOF6ZJHhWA==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">18391</d:PackageSize>
      <d:ProjectUrl>http://git/git/?p=ClinicalDocumentRepository.git;a=summary</d:ProjectUrl>
      <d:ReportAbuseUrl></d:ReportAbuseUrl>
      <d:ReleaseNotes></d:ReleaseNotes>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>ClinicalDocumentRepository CDR Clinical Document Repository</d:Tags>
      <d:Title>ClinicalDocumentRepository</d:Title>
      <d:VersionDownloadCount m:type="Edm.Int32">0</d:VersionDownloadCount>
      <d:MinClientVersion></d:MinClientVersion>
    </m:properties>
  </entry>
  <entry>
    <id><a href="http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id=&#39;ClinicalDocumentRepository&#39;,Version=&#39;1.0.0.144&#39;" rel="nofollow" link="external" target="_blank">http://dml:8081/artifactory/api/nuget/nuget-repo/Packages(Id='ClinicalDocumentRepository',Version='1.0.0.144')</id>
    <title type="text">ClinicalDocumentRepository</title>
    <summary type="text">The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</summary>
    <updated>2013-08-28T15:21:58Z</updated>
    <author>
      <name>NaviNet</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='ClinicalDocumentRepository',Version='1.0.0.144')"/>
    <category term="NuGetGallery.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="http://dml:8081/artifactory/api/nuget/nuget-repo/Download/ClinicalDocumentRepository/1.0.0.144"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:Version>1.0.0.144</d:Version>
      <d:Copyright>Copyright 2013 - MyCompany, Inc.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2013-08-28T15:42:11</d:Created>
      <d:Dependencies>NaviNet.Commons.Logging:[1.0.0, 1.0.1)|CouchbaseNetClient:[1.2.6]|Newtonsoft.Json:[5.0, 5.1)|Castle.Windsor-NLog:[3.2, 3.3)</d:Dependencies>
      <d:Description>The Clinical Document Repository is responsible for handling the CRUD operations for Couchbase.</d:Description>
      <d:DownloadCount m:type="Edm.Int32">0</d:DownloadCount>
      <d:GalleryDetailsUrl></d:GalleryDetailsUrl>
      <d:IconUrl></d:IconUrl>
      <d:IsLatestVersion m:type="Edm.Boolean">false</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">false</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language></d:Language>
      <d:Published m:type="Edm.DateTime">2013-08-28T15:42:11</d:Published>
      <d:LicenseUrl></d:LicenseUrl>
      <d:PackageHash>IbN8ROEJ9azodJe0k/P51o9eP0AKH0GLTMtWHGKeB/U9eDtFc5WFNbsIc0kaO4HpYEo7w/aAB9GYXkjpm8M/Gg==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">18395</d:PackageSize>
      <d:ProjectUrl>http://git/git/?p=ClinicalDocumentRepository.git;a=summary</d:ProjectUrl>
      <d:ReportAbuseUrl></d:ReportAbuseUrl>
      <d:ReleaseNotes></d:ReleaseNotes>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>ClinicalDocumentRepository CDR Clinical Document Repository</d:Tags>
      <d:Title>ClinicalDocumentRepository</d:Title>
      <d:VersionDownloadCount m:type="Edm.Int32">0</d:VersionDownloadCount>
      <d:MinClientVersion></d:MinClientVersion>
    </m:properties>
  </entry>
  ...
  ...
  ...

You can see that the request for PortalUIService 1.0.0.720 is not what gets returned and NuGet instead installs the first entry - ClinicalDocumentRepository 1.0.0.143.

Has anyone else experienced this bug or know whats going on?  We're currently at a stand-still with no solution to this problem.  Any help would be great.

Doug



If you reply to this email, your message will be added to the discussion below:
http://forums.jfrog.org/NuGet-Bug-in-Artifactory-3-0-3-tp7579032.html
To start a new topic under Artifactory - Users, email [hidden email]
To unsubscribe from Artifactory, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: NuGet Bug in Artifactory 3.0.3

drohm
We use the latest version every time we build.  During the build, the "DownloadNuget" targets fires, which downloads the exe.  My first, I just checked it, is NuGet Version: 2.7.40808.167.  This is the latest version.  Maybe something changed in 2.7 in how it generates the request URL's?  Could you check with version 2.7 and see if its similar to ours?  I'll try to downgrade to 2.6 and see what we get.
Reply | Threaded
Open this post in threaded view
|

Re: NuGet Bug in Artifactory 3.0.3

drohm
I just confirmed that once I downgraded my version of the nuget command-line exe from 2.7 to 2.6 my problems went away.  The GET request format matched the format that you displayed above.  I would assume at this point you guys need to update how Artifactory handles the new request format?  I double-checked the NuGet 2.7 release notes and there was no mention of the change to the URL request format.
Reply | Threaded
Open this post in threaded view
|

Re: NuGet Bug in Artifactory 3.0.3

itamarb
Hi Doug,

We have opened a Jira ticket to check compatibility with NuGet 2.7.
https://www.jfrog.com/jira/browse/RTFACT-5953

Regards,
Itamar.