-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filter IsLatestVersion
returns invalid response for package Microsoft.PowerShell.PSResourceGet
#273
Comments
It should be noted that this blocks anyone using JFrog Artifactory from installing (or updating) PSResourceGet. The misbehavior only occurring when the filter string is exactly |
Adding a touch more context (I thought I had posted this elsewhere, but maybe not) - we only started seeing this behavior after PSResourceGet v1.0.4.1 was released. All other versions before/after this release (including prereleases) were SemVer-compliant, but 4-number versions are not. My suspicion is that whatever Gallery is doing with the filter |
|
I think this falls into the case where any filter-string that is not the exact string |
@alerickson @SydneyhSmith Could someone from your team take a look at what's happening with this package? The default package manager being unable to update/install itself from the default package management service (albeit through a mirror, however with parameters the package manager has specified) is a pretty frustrating blocker to our internal rollout of PSRG. Our plan was to provide devices with a bootstrap copy of PSResourceGet over the network, then use that bootstrap copy to fetch the latest version via PSGallery (through Artifactory, as this is an isolated network). The aforementioned bug with Gallery blocks us from doing this. |
@sean-r-williams apologies for the delay in response on this-- had some high pri things come up this week and I was away at Build-- have this flagged for the team to review at triage on Tuesday |
@sean-r-williams thanks for the detailed issue and suggestions. We're going to look into the Gallery codebase to see what is happening and if we can't safely make the change there then we'll open a fix client side. Thanks for also checking @cmkb3 |
@anamnavi @SydneyhSmith has your team been able to make any headway here? It's been over a week and I haven't seen any changes to the status page on this repo or in the behavior of Gallery itself. |
@sean-r-williams we took a look into this into and it's a bit tricky. We initially thought things were broken for |
@sean-r-williams this issue seems to be a very niche issue that happens when a stable release of a lower version is published after the preview another. We tested a few scenarios and this is the only scenario where we were able to repro the issue. It seems like this issue has existed for a long time since there haven't been any changes made to sections that touch this code in many, many years. |
@alerickson We are indeed using The key scenario-wise difference is that we're proxying PSGallery through Artifactory (via a remote-proxy repo) as this is an isolated environment without Internet access for client machines. PSResourceGet talks to Artifactory, which then talks to Gallery. Artifactory transparently passes params on calls like For example, when PSRG directly queries Gallery for the PSRG package, the API call looks something like this:
When PSRG queries Artifactory, the call looks like this:
Artifactory, when forwarding that call upstream, makes the following request:
You can see how the You mention that there hasn't been changes to this part of the Gallery codebase in many years - did PowerShellGet have any sort of provider-specific configuration/quirk flags like PSResourceGet does? Is it possible that the introduction of quirk flags in PSResourceGet made this issue more readily-apparent to Gallery (and PSResourceGet) users? JFrog made it pretty clear that the transparent proxying of requests to Gallery was intentional behavior (and I agree with them - there's no way they could comprehensively solve this for every NuGet workflow) so it's not clear what the next steps are. Is this something resolvable within Gallery, or does a fix need to be shipped to PSResourceGet for the scenario of Gallery-by-proxy? |
Thanks @sean-r-williams we are going to try a client side fix for this and plan to pass along the build for you to test |
@alerickson @SydneyhSmith FWIW I can now repro this with other packages as well, such as JiraPS (API call here) JiraPS didn't perform the same stable->prerelease sequence PSResourceGet did. All that occurred recently was the prerelease of a higher version - no stable release. This API call was working prior to them minting a prerelease. Once again, munging the This seems to be a far easier case to hit. Can your team confirm whether this is the same issue? |
Prerequisites
Steps to reproduce
FindPackagesById()
for packageJiraPS
via the PSGallery NuGet v2 API - example API call:https://www.powershellgallery.com/api/v2/FindPackagesById()?id=%27JiraPS%27&$filter=IsLatestVersion
Microsoft.PowerShell.PSResourceGet
- example call:https://www.powershellgallery.com/api/v2/FindPackagesById()?id=%27Microsoft.PowerShell.PSResourceGet%27&$filter=IsLatestVersion
Microsoft.PowerShell.PSResourceGet
, but this time add a space to the front of the filter string:https://www.powershellgallery.com/api/v2/FindPackagesById()?id=%27Microsoft.PowerShell.PSResourceGet%27&$filter=%20IsLatestVersion
Expected behavior
All 3 API calls return one and only one package (with the latest version) for their respective package IDs
Actual behavior
API call #2 returns invalid NuGet XML response, but calls 1 and 3 work as expected
Error details
N/A
Environment data
N/A
Version
N/A
Visuals
XML response from API call number 2 is:
Of particular interest is:
<m:count>1</m:count>
suggests one<entry>
should be present, but there are none.<author>
should be under an<entry>
, not the<feed>
. (It's also null for some reason?)The text was updated successfully, but these errors were encountered: