Search Unity

  1. Unity 2019.2 is now released.
    Dismiss Notice

Setup for scoped registries (private registries)

Discussion in 'Package Manager' started by rizu, Oct 25, 2018.

  1. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    281
    Undestood!

    Is there any template for unity packages? What I mean is, I want to create a package, where should be the package.json? Can I include the manifest.json of this package to merge it with the container app?
     
  2. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    In 2019.3, we are adding a feature to create a new package from the Package Manager UI. This may be improved to offer templates for the common package types. TBD.

    In the meantime, I suggest you read the *Custom Packages* section of our user manual to get a full grasp of a package constitution: https://docs.unity3d.com/Manual/CustomPackages.html

    Regards,

    Pascal
     
  3. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    281
    Great, it worked.

    I've a question about how packages can collide each other, for example:

    - com.companyA.Product downloads a library and has an AndroidManifest.xml
    - com.companyB.Product also downloads a library with an AndroidManifest.xml

    Are those AndroidManifest considered when compiling? I ask this because there are a lot of Plugins that modifies things and when you want to use two plugins you have to start doing nasty things to make it work.
     
  4. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    281
    And another question, If my com.company.PackageA has as dependency of com.company.PackageB, should I put that dependency in the package.json?
     
  5. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    Reading the documentation, it looks like Unity is managing this complexity for you (i.e. merging all Android manifests into one): https://docs.unity3d.com/Manual/android-manifest.html

    But I'm not an Android platform user/developer so I don't know if there are potential merge risks or if there are any caveats!

    Pascal
     
  6. mgiliazov

    mgiliazov

    Joined:
    Sep 11, 2019
    Posts:
    2
    Hi, in this forum thread it's said that at the moment it's not possible to aim Package Manager to a private npm registry. What I need is the npm registry with restricted access (so only our company employees have access to load packages), but still available for Unity Package Manager. Is this the same as "private registry" or it is a different thing and possible to reach?

    In this manual https://medium.com/@markushofer/run-your-own-unity-package-server-b4fe9995704e it's said that we can register users on our npm server, then login locally and that's it - Unity will be able to grab our packages + we've restricted the access to the registry.

    What am I missing? Will this work? Is this enough for my needs?
    Thanks!
     
  7. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    Hi @mgiliazov ,

    To configure a private registry (we say scoped registry in Unity Package Manager jargon), please refer to this documentation to complement the blog post you shared.

    Sadly, the Package Manager does not support authenticated request for the moment. This is something we have on our roadmap. I believe, the authentication process mentioned in the blog you posted relates to publishing packages, not consuming them via the Package Manager.

    Regards,

    Pascal
     
  8. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    687
    How far is it? It's really critical for organizations because we can't expose all our codebase over the internet.

    I would also want to know how are you going to implement it.

    In my case I'm using verdaccio and it has multiple authentication types.

    https://verdaccio.org/docs/en/authentification

    https://verdaccio.org/docs/en/plugins#authorization-plugins

    In my ideal situation I would want to configure in Verdaccio two modes:
    - LDAP: organization internal.
    - htpasswd (or similar): for external users.

    I would want to know where this settings would be configured and stored on Unity side.
     
  9. dzamani

    dzamani

    Joined:
    Feb 25, 2014
    Posts:
    89
    It doesn't seems like it's coming out soon enough for your needs (I suppose it would be somewhere in 2020 Q3).
    In the meanwhile if you really want to protect your codebase, you have the option of putting it on a local network in your organization or on a Google Cloud and then whitelist ip address you want.
    That's the closest option you have at the moment for package authentication.
     
  10. mgiliazov

    mgiliazov

    Joined:
    Sep 11, 2019
    Posts:
    2
    Hi, thanks for the answer, sad to hear, but at least now it's clear. So I guess we'll go with the git-repo approach for now, as it supports ssh-keys we already have configured on our machines. The only disadvantage is the need to set each package manually in the manifest.json, but it's minor in comparison with the security issues with the npm-way.
     
  11. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    To fix this problem is also on our roadmap :)
     
  12. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    687
    You were at today's package manager talk, weren't you? Me too! I see from the questions you asked that we suffered the same problems.
     
  13. adam_helios

    adam_helios

    Joined:
    Jan 24, 2018
    Posts:
    2
    Hi Pascal, Just wondering if there is any update on when we might expect support for authentication? Really excited to start leveraging the UPM for our internal packages, but blocked by the lack of authentication.

    Thanks!
     
    Last edited: Oct 1, 2019
  14. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    Hi @adam_helios,

    You are not the only one reporting this feature as a blocker to introduce the Package Manager in your company. Support for authentication is very high on our list. Our goal is to have this available for 2020.1 (2020 LTS).

    Regards,

    Pascal
     
    Last edited: Oct 3, 2019
  15. Gunvald

    Gunvald

    Joined:
    Oct 9, 2018
    Posts:
    1
    Hi,

    Pleas prioritize adding the support for authentication. Will it be available in the beta release? Thanks!
     
  16. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    582
    @Gunvald, Yes, if we make this feature in time for 20.1, it will be available in 20.1 beta releases.
     
  17. scott_unity837

    scott_unity837

    Joined:
    Jul 5, 2018
    Posts:
    1
    We are very excited at the prospect of having authenticated npm registries be supported. We have explored several options from LAN hosted npm to doing perforce imports for packages to large composite package drops. We're not equipped due to the rather unique situation we're in to reasonably do a VPN solution for everyone and imports come with their own complications.

    We're very much hoping that this will be included in the 2020.1 release and will be anxious to begin testing with it as soon as possible!