-
Notifications
You must be signed in to change notification settings - Fork 908
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nexus has deprecated some NuGet v2 optimizations that Chocolatey CLI uses #3506
Comments
I can confirm this issue. We are also running in to problems to install software with Nexus as a repository, since we updated to the new version of the repository. chocolatey cli version: 2.3.0 the workaroud metioned above is working
A fix for the chocolatey cli would be awesome. |
Chocolatey CLI is not 'broken', so there is nothing to fix. Nexus deprecated some features that Chocolatey CLI used. Disabling package optimizations works around the changes made. |
Recently ported my Nexus from 3.70.3 with an OrientDB, to an H2 DB, then the "latest" docker image. |
Is there any information on whether a new release of Chocolatey is planned that no longer relies on the deprecated parts of the NuGet v2 API? We are facing issues with our Nexus repository, which follows Microsoft's guidance on this matter. More information can be found in this link. According to Sonatype's documentation: The supported subset of the legacy NuGet v2 protocol in H2 and PostgreSQL environments is the same as that supported by Microsoft's NuGet Gallery, nuget.org. Use cases that rely on deprecated parts of the NuGet v2 API are not supported, including many common Chocolatey use cases and some custom OData queries. It seems likely that more NuGet repositories will adopt this approach, making the reliance on deprecated API parts increasingly problematic. While the workaround choco feature disable --name='usePackageRepositoryOptimizations' can mitigate the issue, it’s not ideal as it requires specific client-side settings. Would it be possible to get an update on this? |
Chocolatey CLI version 2.0.0 introduced NuGet v3 API support 18 months ago. Can you be more specific?
To be fair, it requires a single command to be run to disable the feature. If you are a Chocolatey for Business user you can make that change through a single Deployment Step. Open-source users can add the command to the method they used for deployment.
To be very clear, Chocolatey CLI does not rely on NuGet v2. It supports it. It will happily work with NuGet v3. Chocolatey CLI will continue to support NuGet v2 for some time as many community members and customers still rely on it, despite repository managers removing support. |
Issue SummaryWhen using a Nexus-hosted repository as a NuGet source, it should serve packages via either v2 or v3 protocols, depending on the URL configuration. However, inconsistencies are observed when performing different operations ( Steps to Reproduce
Observed Behavior
|
@pauby thanks in advance, Martijn. |
Do the dependencies have a version number declared? If they do not, then this is a bug in Nexus that we identified and which they are aware of. Unfortunately, I can't point you to any public facing issue, as Sonatype no longer has that facility. You can look at the requests going back and forth between Chocolatey CLI and Nexus (use something like Fiddler). You will see Nexus not returning the dependency chain when no version number is present. |
NuGet v3 support for Chocolatey CLI was added in version 2.x, released last year. That's a small blip in the lifespan of the product (which was original released in 2011). So it is going to take time for the guides to be updated, blog posts written, etc.
This is simply because of historical reasons and nothing more. There is a plan in place to add v3 support to the Chocolatey Community Repository. As there are no plans to remove NuGet v2 support from Chocolatey CLI, and the Chocolatey Community Repository supports Chocolatey CLI, there is no rush on this.
Chocolatey CLI doesn't phone home, so we have no data that I can point to that tells me how widely used NuGet v3 repositories are. I can tell you that we have customers who are using it. How many, how widely and in what way I don't have information on. |
@pauby thank you for the response. Regarding the dependencies, no I am not declaring version numbers at the moment. Since there is in fact no version dependency within my dependency chain this would be undesirable. Turn on optimizations for reducing bandwidth with repository queries during package install/upgrade/outdated operations. Should generally be left enabled, unless a repository needs to support older methods of query. When disabled, this makes queries similar to the way they were done in Chocolatey v0.10.11 and before. Could you elaborate on this? What is exactly changed in the behavior when having it Disabled v/s Enabled? thanks again, Martijn. |
That is one of the purposes of this issue. But to be clear, this is a bug in Sonatype Nexus with a fix / workaround and I want to be careful that we are not simply documenting issues in, and providing support for, a third-party product. There is a balance to be struck for open-source products.
Disabling the feature will likely see an increase in the number of queries being made to the Sonatype Nexus repository to gather the same information. I say likely as every environment is unique. |
@pauby can you point to a github issue or ticketnr inside Sonatype about this issue. So we can ask there for more information. I have a issue open there for this issue so I can point to this. |
Unfortunately not. Sonatype removed public access to their bug tracker. |
Sonatype does have a public issue tracker for Nexus here: https://github.com/sonatype/nexus-public/issues |
Sonatype had an internal bug tracker that had public read access. My understanding is that it still exists but public access for non-customers was removed. I was aware the GitHub repository existed for open-source. My understanding may be outdated and perhaps they exclusively use GitHub now. |
@pauby I have the following issue with Nexus version 3.76.0-03 (fresh install) whilst using the following choco CLI command (version 2.4.1).
The following error is returned from the CLI
Below is the Nexus repo settings used. Using the following command has not effect in bypassing the Nexus v2 issue mentioned above.
How do I force choco CLI to use the v3 repo? The aim here is to host the package locally. The command has worked in previous versions of Nexus with no problems. |
@git-day I'm on mobile so please forgive the brevity. The URL in Nexus doesn't exactly match the source you're using in the command. |
@pauby I have masked the URL's from public view, so yes, they might look different. OR are you trying to say that the /index.json is missing? If so, this does not work either. |
@git-day I don't want to go too off-topic on this issue. I did mean the I didn't notice that you are proxying the community repository. I am as sure as I can be that Nexus will not let you proxy a v2 feed on a v3 feed. It won't let you mix and match. They are very different 'protocols'. So I feel this is a Nexus issue. As this is the weekend I'm not able to confirm with colleagues. My suggestion is to go to the Community Hub on Discord (https://ch0.co/community) for help or confirmation on this. |
@pauby thanks. Perhaps the recent changes in Nexus have enforced this. Running this command in earlier versions did work. I'll revert to using v2 under the later versions of Nexus. |
Perhaps @corbob or @steviecoaster can shed some light on that. It was my understanding that a v3 feed could not proxy a v2 one. But I'm conscious we're polluting this issue. Are you on or Community Discord Hub so we can pick it up there? |
@pauby, yep, let me start a thread there, thank you! |
I wanted to provide a synopsis of the Discord thread that @git-day created.
@git-day if there is anything more to add here, please add it to the Discord thread and I'll update the above comment if necessary. This keeps this issue as clean as it can be. |
I think problem is on choco side. According nexus documentation https://help.sonatype.com/en/nuget-repositories.html when all group members are NuGet v3 whole group starts running v3, otherwise it defaults to v2.
It finds new version 1.3.7, but not installing. Disabling package repository optimization in choco fixes this problem.
|
NOTE: This issue is a work in progress and will be updated as we have additional information and experiences from customers and community members.
In version 3.71.0 of Sonatype Nexus Repository, Sonatype deprecated some NuGet v2 optimizations that Chocolatey CLI uses:
As part of the deprecation, Nexus still advertises that it supports NuGet v2 search for it's NuGet v3 repository, which Chocolatey CLI will fall back to using and tries to optimize. This may lead to issues.
Sonatype Nexus Repository NuGet v3 Search Issues
If you are having issues during search of a NuGet v3 repository in Sonatype Nexus Repository, please disable
usePackageRepositoryOptimizations
by runningchoco feature disable --name='usePackageRepositoryOptimizations'
. This will stop Chocolatey CLI from optimizing queries to the NuGet v2 search endpoint, but may lead to more queries being made and therefore longer search times.Further Help
See the Sonatype Nexus Repository documentation:
Customer Support
If you are a customer with Support and Maintenance, and require further help, please reach out to the Chocolatey Support team. You will find the options available to you by running
choco support
from the command line.Community Support
If you are using the open-source edition of Chocolatey CLI, please reach out on our Community Hub.
Related Issues and Discussions
The text was updated successfully, but these errors were encountered: