Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unlisted packages are still installed via dotnet tool install without --version despite correctly not showing up in dotnet tool search #24037

Closed
zentron opened this issue Feb 21, 2022 · 5 comments · Fixed by #28951
Closed

Unlisted packages are still installed via dotnet tool install without --version despite correctly not showing up in dotnet tool search #24037

zentron opened this issue Feb 21, 2022 · 5 comments · Fixed by #28951
Assignees
@JiaqiWang18
Labels
Area-Tools good first issue Issues that would be a good fit for someone new to the repository. Narrow in scope, well-defined.
Milestone
Backlog

Comments

@zentron
Copy link

zentron commented Feb 21, 2022
edited

Describe the bug

A tool that was incorrectly versioned was pushed to NuGet.org and had to be unlisted.
The version is correctly hidden from searches both via nuget.org and via dotnet tool search but dotnet tool install seems to ignore this and just locate the version via the provided v3-flatcontainer list
image

I can vaguely get on board with argument that if there are dependencies on that version then it shouldn't break them by being completely inacessable, but shouldn't that really only apply in that case if that specific version is requested via --version rather than by default?
What's the point of hiding it in the search if its still the one that is installed by default, that feels a little unexpected for the end user and potentially less safe.

It's worth noting this also existed and since been fixed in NuGet.exe

To Reproduce

  1. Publish two versions of a tool to nuget.org
  2. Unlist the latest version
  3. Run dotnet tool search <TOOLNAME> and validate that the unlisted version does not show up
  4. run dotnet tool install --global <TOOLNAME>
    Result
    The later but, unlisted version is installed
    Expected
    The latest listed result is installed

Further technical details

This can be reproduced through the dotnet sdk container

> run --rm -it mcr.microsoft.com/dotnet/sdk:6.0 bash
> dotnet tool install --global Octopus.DotNet.Cli

using dotnet version 6.0.200

Update: 25 Feb I have since had to contact the NuGet team directly to get the package properly "deleted" so the specific package in this example is no longer a problem but the fundamental issue still remains.
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-Tools untriaged Request triage from a team member labels Feb 21, 2022
@baronfel baronfel removed the untriaged Request triage from a team member label Feb 23, 2022
@baronfel baronfel added this to the Backlog milestone Feb 23, 2022
@baronfel baronfel added the good first issue Issues that would be a good fit for someone new to the repository. Narrow in scope, well-defined. label Feb 23, 2022
@baronfel
Copy link
Member

baronfel commented Feb 23, 2022
edited

This is because we use NuGet restore to install the tool's associated NuGet package, and if no version is specified we use a range of *. This range opts NuGet into the latest stable version. We should probably do an actual NuGet query for the latest listed version, as you suggest, before performing the install. This version range assignment happens here.

@clairernovotny
Copy link
Member

We should ensure the semantics for this are the same as dotnet nuget add ...

@slewis74 slewis74 mentioned this issue Feb 26, 2022
Closed
@dylanlerch dylanlerch mentioned this issue Mar 1, 2022
Closed
@baronfel baronfel mentioned this issue Mar 11, 2022
Open
@JiaqiWang18
Copy link
Contributor

Hi everyone, my name is Jacky and I am a CS student at JHU. I would like to work on this issue if possible.

@elinor-fung
Copy link
Member

@JiaqiWang18 that sounds great - thanks! I have assigned the issue to you.

This was referenced Nov 8, 2022
Merged
Closed
@JiaqiWang18
Copy link
Contributor

PR is up for this issue: #28951

This was referenced Sep 25, 2023
Closed
Closed
@dsplaisted dsplaisted mentioned this issue Nov 2, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JiaqiWang18 JiaqiWang18

Labels
Area-Tools good first issue Issues that would be a good fit for someone new to the repository. Narrow in scope, well-defined.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

dotnet tool install skip unlisted version JiaqiWang18/sdk
5 participants
@baronfel @clairernovotny @zentron @JiaqiWang18 @elinor-fung