- 19 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Getting Started with pgutil
- Updated on 19 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
We're still working on finishing up the documentation for ProGet 2024 and this article is on our TODO list. It's pretty rough outline/draft, but we figured it'd be better than nothing.
pgutil
is an open-source (github.com), cross-platform command line tool that's easy to download and install.
Installation & Configuration
- talk about installation methods
- mention/link sources
- configuration file?
Commands & Usage
- easiest way to discover available commands are just to run
pgutil
to see a list of "command sets"- typing in
pgutil packages
will show you all the commands under that set - to see all options available for a command, run
pgutil packages download --help
- typing in
- api documentation is organized around these command sets
- we anticipate adding commands and arguments
- unlikely to remove them, unless it's in a major version with plenty of notice
- this is why best to look in your version of pgutil for latest
$> pgutil
.--. --. ..- - .. .-..
pgutil v1.0.0
.--. --. ..- - .. .-..
Description:
Perform operations against a ProGet server.
Usage:
pgutil [command] [options]
Options:
-?, --help Show help and usage information
Commands:
sources Manages the list of sources located in the configuration file located at
C:\Users\sdennis\AppData\Roaming\pgutil\pgutil.config
packages Work with packages on a ProGet server
vulns Audit packages and assess vulnerabilities
builds Manage SCA builds and SBOM documents
licenses Manage license definitions and audit package licenses
Working with Sources
To help manage urls, feeds, and credentials (API keys), you can register one or more "sources" with pgutil
. These sources are stored in the configuration file located at %appdata%\pgutil\pgutil.config
(Windows) and ~/.config/pgutil/pgutil.config
(Mac/Linux).
Adding Sources to pgutil
The sources add
command is used to add a source to the configuration file.
At a minimum, a source requires a name (e.g. Default
) and a ProGet server url (e.g. https://proget.corp.local/
), but you you'll likely also want to add an API key (e.g. abc12345
).
pgutil sources add --name=Default --url=https://proget.corp.local/ --api-key=abc12345
Instead of specifying --api-key
, you can specify a username and password (e.g.
--username devbuilds --password myP@ssw0rd
). However, API keys are generally recommended, especially since sources are persisted in configuration files.
"Default" source
A source named "Default" has special behavior. When a source name is not specified in other commands, then "Default" will be used. This means that, when there is a "Default" source, then that will be used on all commands unless --source
is specified instead.
Passwords and Encryption
Unless you specify the --plain-text
option, Passwords and API Keys will not be stored in plain text. Instead, they will be obscured from casual consumption using a Data Protection scheme . However, note that anyone with pgutil
will be able to read and decode the password or API key.
Test Sources Added to pgutil
The sources test
command is used to test the connections to your sources.
$: pgutil sources test
[Default] Successfully contacted ProGet 24.0.0
[MyOtherServer] Successfully contacted ProGet 23.0.32
[MyBadSource] Error contacting ProGet: invalid host name
If you specify the --name
option, then only that source will be tested.
Note that any non-successful test will report a nonzero exit code.
Listing Sources
The sources list
command will list all sources located in the configuration file.
$> pgutil sources list
1. Default
https://api@proget.corp.local/
2. MyPackages (unapproved-nuget feed)
https://devbuilds@othersource.somewhere.dev/
The sources list
command does not require any arguments.
Removing Sources
The sources remove
command will remove a source from the configuration file.
$> pgutil sources remove --name=MyPackages
Removed MyPackages source.
Note that you must specify the --name
when removing a source, even for the "Default" source.