Search Unity

Setup for scoped registries (private registries)

Discussion in 'Package Manager' started by rizu, Oct 25, 2018.

  1. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    282
    Undestood!

    Is there any template for unity packages? What I mean is, I want to create a package, where should be the package.json? Can I include the manifest.json of this package to merge it with the container app?
     
  2. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    In 2019.3, we are adding a feature to create a new package from the Package Manager UI. This may be improved to offer templates for the common package types. TBD.

    In the meantime, I suggest you read the *Custom Packages* section of our user manual to get a full grasp of a package constitution: https://docs.unity3d.com/Manual/CustomPackages.html

    Regards,

    Pascal
     
  3. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    282
    Great, it worked.

    I've a question about how packages can collide each other, for example:

    - com.companyA.Product downloads a library and has an AndroidManifest.xml
    - com.companyB.Product also downloads a library with an AndroidManifest.xml

    Are those AndroidManifest considered when compiling? I ask this because there are a lot of Plugins that modifies things and when you want to use two plugins you have to start doing nasty things to make it work.
     
  4. Martin_Gonzalez

    Martin_Gonzalez

    Joined:
    Mar 25, 2012
    Posts:
    282
    And another question, If my com.company.PackageA has as dependency of com.company.PackageB, should I put that dependency in the package.json?
     
  5. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    Reading the documentation, it looks like Unity is managing this complexity for you (i.e. merging all Android manifests into one): https://docs.unity3d.com/Manual/android-manifest.html

    But I'm not an Android platform user/developer so I don't know if there are potential merge risks or if there are any caveats!

    Pascal
     
  6. mgiliazov

    mgiliazov

    Joined:
    Sep 11, 2019
    Posts:
    2
    Hi, in this forum thread it's said that at the moment it's not possible to aim Package Manager to a private npm registry. What I need is the npm registry with restricted access (so only our company employees have access to load packages), but still available for Unity Package Manager. Is this the same as "private registry" or it is a different thing and possible to reach?

    In this manual https://medium.com/@markushofer/run-your-own-unity-package-server-b4fe9995704e it's said that we can register users on our npm server, then login locally and that's it - Unity will be able to grab our packages + we've restricted the access to the registry.

    What am I missing? Will this work? Is this enough for my needs?
    Thanks!
     
  7. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    Hi @mgiliazov ,

    To configure a private registry (we say scoped registry in Unity Package Manager jargon), please refer to this documentation to complement the blog post you shared.

    Sadly, the Package Manager does not support authenticated request for the moment. This is something we have on our roadmap. I believe, the authentication process mentioned in the blog you posted relates to publishing packages, not consuming them via the Package Manager.

    Regards,

    Pascal
     
  8. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    711
    How far is it? It's really critical for organizations because we can't expose all our codebase over the internet.

    I would also want to know how are you going to implement it.

    In my case I'm using verdaccio and it has multiple authentication types.

    https://verdaccio.org/docs/en/authentification

    https://verdaccio.org/docs/en/plugins#authorization-plugins

    In my ideal situation I would want to configure in Verdaccio two modes:
    - LDAP: organization internal.
    - htpasswd (or similar): for external users.

    I would want to know where this settings would be configured and stored on Unity side.
     
  9. dzamani

    dzamani

    Joined:
    Feb 25, 2014
    Posts:
    106
    It doesn't seems like it's coming out soon enough for your needs (I suppose it would be somewhere in 2020 Q3).
    In the meanwhile if you really want to protect your codebase, you have the option of putting it on a local network in your organization or on a Google Cloud and then whitelist ip address you want.
    That's the closest option you have at the moment for package authentication.
     
  10. mgiliazov

    mgiliazov

    Joined:
    Sep 11, 2019
    Posts:
    2
    Hi, thanks for the answer, sad to hear, but at least now it's clear. So I guess we'll go with the git-repo approach for now, as it supports ssh-keys we already have configured on our machines. The only disadvantage is the need to set each package manually in the manifest.json, but it's minor in comparison with the security issues with the npm-way.
     
  11. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    To fix this problem is also on our roadmap :)
     
  12. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    711
    You were at today's package manager talk, weren't you? Me too! I see from the questions you asked that we suffered the same problems.
     
  13. adam_helios

    adam_helios

    Joined:
    Jan 24, 2018
    Posts:
    3
    Hi Pascal, Just wondering if there is any update on when we might expect support for authentication? Really excited to start leveraging the UPM for our internal packages, but blocked by the lack of authentication.

    Thanks!
     
    Last edited: Oct 1, 2019
  14. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    Hi @adam_helios,

    You are not the only one reporting this feature as a blocker to introduce the Package Manager in your company. Support for authentication is very high on our list. Our goal is to have this available for 2020.1 (2020 LTS).

    Regards,

    Pascal
     
    Last edited: Oct 3, 2019
  15. Gunvald

    Gunvald

    Joined:
    Oct 9, 2018
    Posts:
    9
    Hi,

    Pleas prioritize adding the support for authentication. Will it be available in the beta release? Thanks!
     
  16. okcompute_unity

    okcompute_unity

    Unity Technologies

    Joined:
    Jan 16, 2017
    Posts:
    609
    @Gunvald, Yes, if we make this feature in time for 20.1, it will be available in 20.1 beta releases.
     
  17. sbinter_levelex

    sbinter_levelex

    Joined:
    Jul 5, 2018
    Posts:
    1
    We are very excited at the prospect of having authenticated npm registries be supported. We have explored several options from LAN hosted npm to doing perforce imports for packages to large composite package drops. We're not equipped due to the rather unique situation we're in to reasonably do a VPN solution for everyone and imports come with their own complications.

    We're very much hoping that this will be included in the 2020.1 release and will be anxious to begin testing with it as soon as possible!
     
  18. Kaz-Luska

    Kaz-Luska

    Joined:
    Jul 8, 2019
    Posts:
    1
    I just wanted to second the request for auth on the package manager. We would also love this feature to be back-ported to 2018 and 2019 LTS versions if possible. We want to switch to sharing our internal code and tools through package manager as well as allow some of them to be accessible to third parties but in order to do so we need to have authentication support in package manager.

    Is there any way for us to have visibility on the progress of the auth implementation feature ?
    We would love to jump on it as soon as it's available for testing.
     
  19. auchaper

    auchaper

    Joined:
    Jul 25, 2018
    Posts:
    5
    Same here,
    I am working for a big company with a lot of security issues.
    Definetely, using authentication for the package manager is mandatory for us.
    It will be much apreciated if it is compatible with 2018.LTS and 2019.LTS because all our developpement in terme of application are based on LTS version. Right now we are still using the 2017.4 because of some trouble with HoloLens even if we are targeting 2018.4 for our next releases.
    We definetely need it for 2018.4 LTS.

    If you have any beta or demo version, i would be interested.
     
  20. adam_helios

    adam_helios

    Joined:
    Jan 24, 2018
    Posts:
    3
    Great news!
     
  21. auchaper

    auchaper

    Joined:
    Jul 25, 2018
    Posts:
    5
    By the way, I forgot to mention that our Devops pipeline is using Artifactory.
    So we set an npm repository public on it to make packages available.
    After discussing with the Artifactory team, we noticed that the /-/all command was remove from artifactory because it's deprecated by NPM.

    Any chance to change the listing of the packages on UPM using the search function of NPM instead of the /-/all ?

    More personnaly, I did not succeed to retrieve my package internally as it appears that unity does not take into account my custom cacert.pem file.
    I followed the instruction based on Network Issues on the documentation but at the end, it did not work.
    Any chance to have help with this ?
     
  22. daschatten

    daschatten

    Joined:
    Jul 16, 2015
    Posts:
    163
    I successfully installed verdaccio and the /-/all command works in my browser. Though my test package "com.mypackages.testpackage" is not shown in the package manager ui. Manual installation via manifest.json works fine. Any hints what could be wrong?

    Scoped registry entry:

    Code (CSharp):
    1. "scopedRegistries": [
    2.     {
    3.       "name": "mypackages",
    4.       "url": "http://192.168.1.50:4873/",
    5.       "scopes": [
    6.         "com.mypackages"
    7.       ]
    8.     }
    9.   ],
     
    wcoastsands likes this.
  23. samuelb_unity

    samuelb_unity

    Unity Technologies

    Joined:
    Nov 13, 2017
    Posts:
    72
    Hi @Kaz-Luska & @auchaper
    I can update you that this feature is currently being worked on. In terms of having visibility, do you have an account manager at Unity? If not, I'm afraid we cannot provide such a level of support on the public forums.

    We are looking into a backport for 2019 LTS but a 2018 LTS backport is unlikely. If you would like to push the priority of this request, please go through your account manager.

    Yes our search is being updated to support the npm /-/v1/search route as you rightly pointed out the /-/all route is now deprecated.

    Would you mind creating a new forum post about this? It would be easier to track that way.

    Hi @daschatten,

    This appears to be a regression, thanks for reporting. The UI should display packages fetched from the /-/all endpoint. I have notified the UI team about this.
     
  24. daschatten

    daschatten

    Joined:
    Jul 16, 2015
    Posts:
    163
    Any hint when this gets fixed?
     
  25. 3dmax2u3d

    3dmax2u3d

    Joined:
    Jan 23, 2015
    Posts:
    2
    is there any version of unity support this feature?
     
  26. daschatten

    daschatten

    Joined:
    Jul 16, 2015
    Posts:
    163
    @samuelb_unity

    Currently i'm building several packages and publish them to verdaccio which is registered as private registry in my unity projects. This works fine except for big packages. There seems to be a node.js limit of 2GB when using npm publish. Npm build works fine. Do you know a solution for that? How do you handle this internally?