'dotnet publish --no-restore --runtime X' fails when multiple RuntimeIdentifers are listed in the project file #3383
Comments
|
@nkolev92 this happens exactly because of the issue we have been discussing regarding the implicit version for self-contained apps. When you have runtimeidentifiers and you publish with a rid, we still treat your project as a framework dependent app and so use M.NC.App as the .0 version, like 2.1.0. When you publish as a self-contained app (with runtime specified), you publish as a self-contained app and in that case we want you to be on the latest M.NC.App version possible, so you will be on 2.1.11, for example. With the technology we currently have in place, this is unavoidable. I am not sure of a way around it. |
|
Makes sense. Thanks @livarcocc I guess 3.0 won't have the problem initially cause PackageDownload sha validation does not happen. //cc @rrelyea |
|
Related: https://docs.microsoft.com/en-us/dotnet/core/deploying/runtime-patch-selection Namely there are things that can be done, they just move some responsibility to the app author. |
|
@nkolev92 / @rrelyea / @livarcocc - what's the state of this bug? Is there any rough timeline or line of sight on a fix? My team needs to use lock files for compliance and other reasons. We'd really like to support cross-platform development as well but are currently blocked by this. Given that lock files and the RuntimeIdentifiers property are both first-class citizens in modern .NET authoring, this feels like a higher-than-backlog priority to me (though I'm admittedly not familiar with other competing priorities). |
|
@bergbria not sure whether this will help your use case or not, but for my project I've declared The only "gotcha" with this is that if you also build generic (not self-contained) app, then it'll also require that runtime (or newer) for running it, and not just any 2.2.X. Not a problem at all if you're building only self-contained, and very little problem even if you don't, unless you want to explicitly support older runtimes with generic publish. Basically if you never intend to run your compiled app with older runtime than the one which compiled it, you can use this solution without any drawbacks, at least known to me. |
|
@nkolev92 / @rrelyea / @livarcocc - ping on my previous question about timeline/prioritization. @JustArchi - thanks for info on the workaround! I don't think it will be sufficient for my team, though. |
|
@nkolev92 / @rrelyea / @livarcocc - ping... What's the state of this bug? Is there any rough timeline or line of sight on a fix? |
|
This will likely not get addressed before 5.0. Have you tried @JustArchi suggestion above? |
|
@livarcocc / @JustArchi - just to confirm, will |
|
For now, it will be reliable. Though, for self-contained apps, you should actually want to get the latest of the latest for that patch. That's the only guaranteed way your app will be as secure as possible. |
|
That workaround will work for my team for now as long as the result is stable. Our nuget lock files need to remain valid unless some source state changes. |
|
@bergbria If the version of the SDK remains the same, yes, you're going to get reliable output, while newer SDK versions will appropriately bump the latest runtime patch up. |
….4 (dotnet#3383) - Microsoft.DotNet.Cli.Runtime - 3.1.100-preview2.19530.4
Repro
<RuntimeIdentifiers>(e.g.<RuntimeIdentifiers>osx-x64;win-x64</RuntimeIdentifiers>)dotnet restoredotnet publish --no-restore --runtime win-x64This will fail with
Automated repro
Download/unzip
publish_multi_rid.zip and run repro.bat
Additional context
--no-restorewill cause different package versions to be used than would be produced the by originaldotnet restore. While being icky in general, this also causes breaks when NuGet lock files are used (e.g. Lock files prevent publishing when <RuntimeIdentifiers> is set NuGet/Home#8287)The text was updated successfully, but these errors were encountered: