Vscode: endless loop while updating extension

On our extension, our users are seeing this problem as well - https://github.com/IBM-Blockchain/blockchain-vscode-extension/issues/2349

We published a VSIX yesterday, so I'm guessing something is wrong with the marketplace. I'm hoping publishing a new version of our VSIX sorts the problem 🤞

Publishing [email protected]...
 ERROR  TF10216: Azure DevOps services are currently unavailable. Try again later. Activity Id: 27ab2aeb-cf42-430c-bae4-867cf103ce27

Looks like the marketplace is having issues.

This issue is causing fan in MacPro spin at highest rate

For Ubuntu 18.04 as well. I was updating from 1.0.28 which was working fine. Even tried a clean install of VS Code. No luck.

I have a temporary fix/workaround.

The attempt to install 1.0.30 left this in ~/.vscode/extensions

.ibmblockchain.ibm-blockchain-platform-1.0.28

So

$ cd .vscode/extensions/

Copy it out

$ cp -r .ibmblockchain.ibm-blockchain-platform-1.0.28/ ibmblockchain.ibm-blockchain-platform-1.0.28

$ cd ibmblockchain.ibm-blockchain-platform-1.0.28/

$ npm install

After that completes, start up VS Code. It will take a while rebuild environments, etc., but everything seemed come back. Also, you might think about stopping automatic upgrades/updates/whatever in preferences.

Also, you might think about stopping automatic upgrades/updates/whatever in preferences.

+1 to this!

@joaomoreno

The problem seems to be how vscode is handling the api results from the marketplace

When version lens is not installed the json results from https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery shows

v1.0.0 and flags=verified (screenshots from fiddler)

Once version lens is installed then the json shows v1.0.4 with flags=none

This is when I see

In the marketplace

After publishing the extension since v1.0.0 I see this error (screenshot from 2 days ago):

The error popup says this:

The extension 'vscode-versionlens' from 'pflannery' contains an entry which is unsafe for extraction.

I get a log file emailed to me and that shows the same high level message.

To add I have'nt actually included anything unsafe, in fact since v1.0.0 I've reduced the amount of production node_modules to less than half the file size.

There are 0 security issues reported by npm audit and github, so god knows what marketplace is falling over on.

When running vscode/vsce it packages and publishes to marketplace with no errors.

I emailed marketplace support 2 days ago and I'm just waiting to get more information about what the problem is.

The short term workaround is to install manually from the generated releases -> https://github.com/vscode-contrib/vscode-versionlens/releases

The issue is also being tracked at https://github.com/vscode-contrib/vscode-versionlens/issues/211

Analysis

The valid version available for installing this extension is 1.0.0 and it seems Marketplace also has a non validated version 1.0.4 of this extension.

VS Code is not excluding non validated extensions while querying market place for latest versions but excluding while installing. Hence an update to 1.0.4 is seen always but while trying to install, it installs 1.0.0 version and this is going in auto update loop.

@sandy081 Do u have any idea why versionlens is failing validation ?

Seeing as microsoft/vscode-vsce is happy to publish to the marketplace I have no clue what is wrong.

Im guessing the validation logic on marketplace has been updated recently which hasn't been applied to microsoft/vscode-vsce yet.

I am sorry that I do not know about how validation is being done.

CCing @fiveisprime @joaomoreno

Over at https://github.com/IBM-Blockchain/blockchain-vscode-extension, we published a new version of our extension earlier and all seems to be working now. @pflannery

Over at https://github.com/IBM-Blockchain/blockchain-vscode-extension, we published a new version of our extension earlier and all seems to be working now. @pflannery

@Jakeeyturner sounds good.

I see there have been changes since your first failure which makes me wonder if any of those changes got around the validation issue on marketplace or its actually fixed on their side.

I want to push another update but I've already accumulated over 18+ million installs thanks to this bug so I really dont want to push until I know:

1. it's fixed or why its failing; and
2. vscode has released a loop fix

@pflannery I would recommend to publish a new version so that users will not see this endless loop.

TBH we count installs than downloads.

Over at https://github.com/IBM-Blockchain/blockchain-vscode-extension, we published a new version of our extension earlier and all seems to be working now. @pflannery

@Jakeeyturner sounds good.

I see there have been changes since your first failure which makes me wonder if any of those changes got around the validation issue on marketplace or its actually fixed on their side.

I want to push another update but I've already accumulated over 18+ million installs thanks to this bug so I really dont want to push until I know:

1. it's fixed or why its failing; and
2. vscode has released a loop fix

We initially released v1.0.29 on Thursday which was when we first saw the update loop problem.

Tried again with v1.0.30, which had a small change, on Friday quite quickly after everything was reported to be working fine here - https://status.dev.azure.com/_event/189079011
I suspect we did it too soon and that there was a backlog or something.

Then tried v1.0.31 (same as v1.0.30, minus a change to our changelog) which worked earlier.

I'm thinking this has something to do with #98375, which was mitigated last night. I'll reach out to the marketplace team.

Removing the candidate tag as there is a new valid version of Version Lens extension is published and available in Marketplace which fixes existing clients.

I got a response from the marketplace today

I don't know what the new check was but it's been disabled.
Would love to get a heads up in future if new validation checks are going to be added.

Removing the candidate tag as there is a new valid version of Version Lens extension is published and available in Marketplace which fixes existing clients.

I published1.0.6 with no issues from marketplace.

Based on users comments and that I can no repro with latest insiders adding verified label.

@isidorn , I see the fix in 667142d is to filter the extensions provided by the Marketplace to prevent getting unvalidated extensions. It's a great mitigation, but consider this: servers have bugs, so can you really trust them? If the Marketplace starts sending unvalidated extension versions again we will be in the same situation. I recommend an additional fix, that will make the client resilient to server bugs. For example, if an auto-update fails, don't try again for X minutes.

//cc @fiveisprime , @xavierdecoster

@skofman1 Valid argument. Since we cannot implement fall backs for all server errors which can be any we might add some general protective measures which can also benefit VS Code. For eg: we are planning to enable VSIX caching on VS Code (which we already support for VS Code Dev Containers) - https://github.com/microsoft/vscode/issues/99674. This is a first good step to not to reach Marketplace continuously.

@sandy081, can you please explain how VSIX caching will prevent and endless loop in the auto-update scenario? If I understand correctly, the root cause was that the server responded to a query with a latest version of an extension that wasn't actually available for download. This caused an endless loop of retires. How can we prevent this next time the server returns a latest version that's not available for download?

//cc @kieferrm

If I understand correctly, the root cause was that the server responded to a query with a latest version of an extension that wasn't actually available for download.

@skofman1 I think root cause is because VS Code is using different queries to check for updates and to install an extension. See below:

• VS Code has an extension with version (say 1.0) is installed
• VS Code (Version check logic) asks Marketplace to get the latest version (missing a filter to skip invalid extensions)
• Marketplace returned a version (say 2.0) that is invalid
• Since there is a newer version, VS Code triggers auto update
• VS Code (Install logic) asks Marketplace to get the latest version with proper filters
• Marketplace returns valid version (1.0)
• VS Code (Install logic) asks Marketplace to download this version
  And this loops.

But I see your point that VS Code might loop if the auto update failed for any reason - https://github.com/microsoft/vscode/issues/99734