New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

paket install fails when --keep-patch argument is used #2048

Closed
0x022b opened this Issue Nov 28, 2016 · 7 comments

Comments

Projects
None yet
3 participants
@0x022b

0x022b commented Nov 28, 2016

When using the latest Paket (3.30.2), if paket install --keep-patch --redirects --createnewbindingfiles --clean-redirects --force --verbose command is executed with paket.dependencies and paket.lock files that look like the simplified examples below, the command will fail with the following error:

  Trying to resolve Foobar.Service >= 1.2 < 1.2.1 (from C:\Work\Foobar\paket.dependencies)
  - fetching versions for Foobar.Service
Error while retrieving 'https://api.nuget.org/v3-flatcontainer/Foobar.Service/index.json': System.AggregateException: One or more errors occurred. ---> System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
   at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
   at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)<---

  Could not resolve package Foobar.Service:
   - Dependencies file requested package Foobar.Service: >= 1.2 < 1.2.1
   - Dependencies file requested package Foobar.Service: >= 1.1 < 2.0

For some reason Paket tries to download Foobar.Service from nuget.org even though according to paket.lock file it should be downloaded from myget.org. I was not able to test what happens if I remove nuget.org source as our private MyGet feed contains only our proprietary packages. I did however change the order of the sources in dependencies file with no effect. The latest version of Foobar.Service on MyGet at the time was 1.2.0-alpha1.

I was able to see from the log file that this was not the only instance where Paket tried to download our proprietary package from nuget.org, but in those intances it correctly used myget.org feed after nuget.org failed. To me it seems that there should be no reason why Paket would need to first check nuget.org if lock file says that the package came from another feed.

This might not be directly related to this issue but Paket doesn't seem to use https://api.nuget.org/v3/index.json source as defined but instead it uses http://www.nuget.org/api/v2 according to the log file.

paket.dependencies

redirects: on
framework: >= net461
copy_local: true

source https://api.nuget.org/v3/index.json
source https://www.myget.org/F/foobar/api/v3/index.json

nuget Foobar.Service ~> 1.1 prerelease
nuget Newtonsoft.Json ~> 9.0

paket.lock

REDIRECTS: ON
COPY-LOCAL: TRUE
FRAMEWORK: >= NET461
NUGET
  remote: http://api.nuget.org/v3/index.json
    Newtonsoft.Json (9.0.1)
  remote: https://www.myget.org/F/foobar
    Foobar.Service (1.2.0-alpha1)
@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Nov 28, 2016

Member

image

does the package actually exist?

Member

forki commented Nov 28, 2016

image

does the package actually exist?

@0x022b

This comment has been minimized.

Show comment
Hide comment
@0x022b

0x022b Nov 28, 2016

I used Foobar.Service (and https://www.myget.org/F/foobar) just as a placeholder because I didn't want to use the real package name as it would reveal information about our company's proprietary components. The package that causes this issue for us does exist and if the command is run without the --keep-patch argument Paket is able to fetch it without any issues.

0x022b commented Nov 28, 2016

I used Foobar.Service (and https://www.myget.org/F/foobar) just as a placeholder because I didn't want to use the real package name as it would reveal information about our company's proprietary components. The package that causes this issue for us does exist and if the command is run without the --keep-patch argument Paket is able to fetch it without any issues.

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Nov 28, 2016

Member

Ok but that makes it basically impossible for me to reproduce. Any other ideas how I could reproduce it?

Member

forki commented Nov 28, 2016

Ok but that makes it basically impossible for me to reproduce. Any other ideas how I could reproduce it?

Gonnagle added a commit to Gonnagle/paket-tests that referenced this issue Nov 29, 2016

Initialized the packages for another test
Reproducing issue fsprojects/Paket#2048

* Changed source
* Removed Microsoft.CodeAnalysis.Common
* Added e5r.krunt (only available in myget-feed) and Newtonsoft.Json
@Gonnagle

This comment has been minimized.

Show comment
Hide comment
@Gonnagle

Gonnagle Nov 29, 2016

Contributor

Here is a simple repro: https://github.com/Gonnagle/paket-multiple-sources-test/releases/tag/paket-isssue-2048-repro

Executing paket install --keep-patch --redirects --createnewbindingfiles --clean-redirects --force --verbose causes error, while plain paket install seems to work fine.

Edit: And paket install --keep-patch seems to be enough for the problem to appear

Contributor

Gonnagle commented Nov 29, 2016

Here is a simple repro: https://github.com/Gonnagle/paket-multiple-sources-test/releases/tag/paket-isssue-2048-repro

Executing paket install --keep-patch --redirects --createnewbindingfiles --clean-redirects --force --verbose causes error, while plain paket install seems to work fine.

Edit: And paket install --keep-patch seems to be enough for the problem to appear

@Gonnagle

This comment has been minimized.

Show comment
Hide comment
@Gonnagle

Gonnagle Nov 29, 2016

Contributor

I would guess that --keep-patch does not respect the prerelease flag in paket.dependencies and this fails as no released versions are available on any of the given feeds.

Shouldn't --keep-patch take the prerelease flag into account? Even if no, I would expect the install to stick with the locked version and source if no versions that could be updated to are found.

With another source and a nuget with only a released version + prerelease flag removed from the dependencies file the command seems to succeed: https://github.com/Gonnagle/paket-multiple-sources-test/releases/tag/paket-issue-2048-no-prerelease).

Contributor

Gonnagle commented Nov 29, 2016

I would guess that --keep-patch does not respect the prerelease flag in paket.dependencies and this fails as no released versions are available on any of the given feeds.

Shouldn't --keep-patch take the prerelease flag into account? Even if no, I would expect the install to stick with the locked version and source if no versions that could be updated to are found.

With another source and a nuget with only a released version + prerelease flag removed from the dependencies file the command seems to succeed: https://github.com/Gonnagle/paket-multiple-sources-test/releases/tag/paket-issue-2048-no-prerelease).

@forki forki closed this in eafe7e9 Nov 29, 2016

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Nov 29, 2016

Member

please give it another try with latest

Member

forki commented Nov 29, 2016

please give it another try with latest

@Gonnagle

This comment has been minimized.

Show comment
Hide comment
@Gonnagle

Gonnagle Nov 29, 2016

Contributor

The latest patch seems fix the issue. Thanks you for the quick response :)

Contributor

Gonnagle commented Nov 29, 2016

The latest patch seems fix the issue. Thanks you for the quick response :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment