dotnet tool install have trouble installing when an private feed is in nuget.config #9555
Comments
|
@wli3 can you take a look at this. @DerAlbertCom Can you confirm my understanding... Is the global tool in an authenticated feed? Will,
|
|
global tools with the current implementation run |
|
@nkolev92 is this a slightly different manifestation of the problem we were discussing yesterday? |
|
@KathleenDollard @DerAlbertCom @wli3, I think this can be duped out to NuGet/Home#6486 |
|
closing per above comment |
|
i think that NuGet/Home#6486 should solve the issue in general. But @KathleenDollard the global tool is on nuget.org. So the presense of the auth feed blocks the installation, so a fix for that before 2.1.400 would be nice. e.g. ignoriring the auth feed (with a warning instead of an stopping error). So that the tool will be installed. |
|
We tied to NuGet early on, so I don't see a solution without their fix. We pass through to them, and are deliberately transparent about passing their errors through to you. I suspect the problem is made worse by our treating feeds as additive. Thus, you can't remove a feed just by specifying another feed. I'd like clarification on why you can't specify an alternate NuGet.config: I agree it is a pain, but it seems a decent workaround until we get the problem solved in 2.1.400 We added this because we thought most folks would not want two NuGet configs, but that on occasion, you really, really would, and we anticipated fine tuning your feeds in a nuget config file would be easier than on the command line. Comments on all that thinking would be welcome. |
|
This issue is still present in the current .NET Core 3.0 Preview2 SDK (3.0.100.10184). When I try to install the dotnet-format tool, an authenticated private feed in > dotnet tool install -g dotnet-format --version 3.1.0-beta1-19080-04 --add-source https://dotnet.myget.org/F/roslyn/api/v3/index.json
C:\Program Files\dotnet\sdk\3.0.100-preview-010184\NuGet.targets(114,5): error : Failed to retrieve information about 'dotnet-format' from remote source '[private feed redacted]'. [C:\Users\Thomas\AppData\Local\Temp\loo5v2r3.idl\restore.csproj]
C:\Program Files\dotnet\sdk\3.0.100-preview-010184\NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized). [C:\Users\Thomas\AppData\Local\Temp\loo5v2r3.idl\restore.csproj] |
|
This issue is not fixed as I can't install any global tool with SDK 2.2.104 and a private feed in the nuget.config. |
|
@zuckerthoben this fix is in 3.0.100 preview and later |
|
Note that if you have the credentials in the config file, then it should already work. |
|
Really? A Workaround? Why not just fix this. dotnet cli with authenticated feeds is a mess.
I'm really tired of this problems around the authenticated nuget feeds. For this reason we can not use Hosted Build Agents in Azure DevOps. We have to use a own Build Agent with CLEARTEXT Credentials in the config file. We cannot use dotnet cli correctly from the command line on the dev machine without put the cleartext credentials in the dev machines. Yes, for all this problems are issues filed, mostly with no information when it will be fixed, or zero reaction. |
ok, thanks. If you tag closed issues with the version that its fixed in people can understand better. |
|
@KathleenDollard I think there is a feed with name "[private feed redacted]" (and it is not dotnet-format's myget feed) that cannot be accessed. And it causes the whole operation fail. dotnet-format's myget does not need authentication. |
|
@wli3 I missed that. Thanks |
|
My workaround because I also run in this issue on Azure DevOps (current VS2017 and VS2019 and Ubuntu with NuGet 4.9.4 and 5.0.0): Create a single <?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</packageSources>
</configuration>Now I am able to install via Run dotnet tool install --global GitVersion.Tool --version 5.0.0-beta2-65 --configfile NuGet-OfficialOnly.config |
|
Does not seem to be fixed in 3.0.100.
|
|
+1 for wanting this fixed and being irritated working with dotnet cli and authenticated feeds |
|
@joergmaier seems like there is invalid characters in your nuget config. @winstonhenke and @joergmaier if you just want to skip these unauthorized feed, you could use If further discussion is needed, please create a new issue. |
|
@wli3 I tried |
|
@winstonhenke could you create a new issue with the error and repro specific to you? There are several errors in this thread, and I don't think they have the same root cause. |
|
There is a new credential provider tool which I believe helps address this issue, Azure Artifacts Credential Provider. I created a .NET Core 3.1 global tool which I then published to an Azure DevOps private artifact feed, but was initially unable to install elsewhere due to authentication issues. However after using the new credential tool it worked as expected... My solution, in an elevated PowerShell terminal copy/paste/execute the below to install the Credentials Provider; $url = "https://raw.githubusercontent.com/microsoft/artifacts-credprovider/master/helpers/installcredprovider.ps1"
$output = "installcredprovider.ps1"
Invoke-WebRequest -Uri $url -OutFile $output
./installcredprovider.ps1Note: when the above script completes/stops, ensure you hit [enter] as the first time I thought the script had hung and did ctrl+c which obviously didn't complete the authentication process. Next you can install your .NET Global Tool using the --add-source option as you would expect. Note the --interactive option which effectively means that you first auth with your azure devops account/feed via a browser+code. $ToolName = "mytool"
$Organisation = "myorganisation"
$Project = "myproject"
$FeedName = "myfeedname"
dotnet tool install -g $ToolName --add-source
https://pkgs.dev.azure.com/$Organisation/$Project/_packaging/$FeedName/nuget/v3/index.json --interactiveNote the above example is for a project-scoped artifact feed, you can remove the $Project variable if it's an organisation-scoped feed. Hope this helps! |
|
I thought the credential provider fixed my problem, but the publish action had the same error again. The "test" action seems to be working. |
|
Does this bug fixed? I found that still exist .net core sdk |
|
This is still broken with .NET Core 6.0.200 and Nuget 6.0.0.280. .NET CLI keeps referencing private feeds first when trying to install/update a tool. Can we please re-open this? With --ignore-failed-sources, yes it works but it makes it so ugly to look at the console, full of warnings about private feeds. |
|
I'm getting sick of getting people commenting that this is still an issue and the devs continuing to ignore it. I opened another issue to see if that gets more traction. #24140 |
|
@KathleenDollard @wli3 This was reported in 2018. Now it is 2022(with .NET 6) and it sill gives an error if there are private feeds! Isn't there any capable developer at MS that can fix this? Do we have to wait for Musk to first do a Mars landing and then maybe you take this bug seriously? |
@RwSgxx the problem is that it was closed as "fixed" when it most definitely wasn't. |
|
This is STILL an issue. We're using an Azure DevOps private feed and it consistently gets in the way of using nuget, even within Visual Studio where the feed is configured sometimes! Currently the only workaround that consistently works is to just disable the feed in visual studio, run the CLI command and then re-enable the feed in Visual Studio. |
|
This is not fixed The command I keep having to add |
|
SOLUTION And that config file only has NuGet.org as a source: |
Thanks @javierdlg - but will this config file not be overwritten when .NET SDK is upgraded/reinstalled or when Visual Studio is upgraded/reinstalled? And please confirm that you are asking to replace the nuget targets file here "C:\Program Files\dotnet\sdk\6.0.202\NuGet.targets". Also, how will this play when discovering custom feeds from within Visual Studio? Thanks, |
|
@sabrite It's a file you create that lives outside of the .NET SDK, so it wont get replaced when you update .NET. |
This works for me when I installed 'csharpier' 🎉 |
This is not a solution, it's a workaround at best. I shouldn't have to tiptoe around |
|
Should at least have a |
|
Still an issue in .NET 7 The presence of a private feed blocks the install of a tool if auth fails. Adding
|
|
Its 2023 and this is still an issue in
|
|
I'm on .NET 7.0, SDK Version 7.0.203 and I just stumbled upon this issue. I can't follow a Microsoft Learn exercises as I have private feeds and the CLI command fails on the above issue when executing 'dotnet add package'. |
|
July 2023: Faced the same problem. Installed EF Core Tools by command |
|
I now have the opposite error when using the .NET 8 SDK. I'm trying to install a tool from a private repository. I have setup a nuget.config just for the There is only one feed in the repository - my private one. The nuget.config is correctly setup to clear any sources, and I've added packageSourceMapping into the bargain. But still It almost looks to me that the fix to the problem reported here is to got to nuget.org regardless. If I run this with .NET 7 SDK or earlier it works. .NET 8 on the other hand and it is broken. Actually I've now found that the most recent .NET 8 SDK build has the fix, looks like it was done here: #33835 Unfortunately my TeamCity build agents don't have this yet. |
|
.NET SDK 8.0.100 here. I found another workaround: Waiting until this gets fixed, but at least it's more of a minor inconvenience now rather than a blocker. ETA: |
|
What is Microsoft doing? I just came upon that problem right now and discover this has been reported for ages as always ! |
|
end of march 2024 - still not fixed. |
I think the best is to make a patch by ourselves and make a PR (that will take forever to be included).... It looks like they just don't care. |
|
Just ran into this as well. Used the work arounds provided. Would like to see this fixed. I shouldn't have to google around for a solution because I have a private NuGet server and want a tool installed. |
|
Bumping to maybe get this issue re-opened. |
|
Hey folks, I'd file new issues if you're seeing problems. For anyone using AzDO feeds, make sure https://github.com/microsoft/artifacts-credprovider is installed before filing an issue. |
|
This is not fixed. We should not need to use a credential provider for public tool packages on nuget.org just because we also use a private feed for other packages. The issue is that |
|
My workaround was about to run dotnet install from different directory than default $(Build.SourcesDirectory) where the repository is checkouted with nuget.config containing private feed leading to Devops Artifacts feed.
|
I knew something like this should work but I kept googling cause I thought having to do this was too moronic, especially after all the complaints for years. Using Microsoft's devtools is equivalent to questioning your sanity everyday. |
and others
@DerAlbertCom commented on Fri Jun 29 2018
Issue Title
dotnet tool install -g foobar does not install any tool if private nuget feed is in the nuget.config which requires authentication.
General
I tried 'dotnet tool install -g sourcelink', and have in the the global nuget.config the company nuget feed from vsts.
If i comment out the private feed out in then nuget.config, then the tool get's installed.
nuget restore has not problem with the nuget feed. dotnet restore (which should not be used with VSTS because you have to store a Cleartext PAT in the nuget.config) clearly has the same problem like dotnet tool
Possible Workaround
See #9555 (comment) in this issue discussing
--ignore-failed-sources.The text was updated successfully, but these errors were encountered: