Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.NET Core - strong name assemblies #124

Closed
jeremymeng opened this issue Jan 4, 2016 · 8 comments
Closed

.NET Core - strong name assemblies #124

jeremymeng opened this issue Jan 4, 2016 · 8 comments
Milestone
v4.0

Comments

@jeremymeng
Copy link
Contributor

@jonorossi what do you think about having both signed and unsigned nupkgs so that people can choose what they want?

For illustration I added a signed project in https://github.com/castleproject/Core/compare/netcore...jeremymeng:signed?expand=1. (This requires RC1 and later.) The project would generate Castle.Core.Signed.3.3.4.nupkg with the following contents

Archive:  e:/github/jeremymeng/Core/src/Castle.Core.Signed/bin/Release/Castle.Core.Signed.3.3.4.nupkg
  Length     Date   Time    Name
 --------    ----   ----    ----
      286  01-04-16 11:34   _rels/.rels
     5273  01-04-16 11:34   Castle.Core.Signed.nuspec
   417280  01-04-16 11:34   lib/net35/Castle.Core.Signed.dll
   321708  01-04-16 11:34   lib/net35/Castle.Core.Signed.xml
   421376  01-04-16 11:34   lib/net40/Castle.Core.Signed.dll
   322077  01-04-16 11:34   lib/net40/Castle.Core.Signed.xml
   421888  01-04-16 11:34   lib/net45/Castle.Core.Signed.dll
   322077  01-04-16 11:34   lib/net45/Castle.Core.Signed.xml
   420352  01-04-16 11:34   lib/net46/Castle.Core.Signed.dll
   322077  01-04-16 11:34   lib/net46/Castle.Core.Signed.xml
   258560  01-04-16 11:34   lib/dotnet5.5/Castle.Core.Signed.dll
   298678  01-04-16 11:34   lib/dotnet5.5/Castle.Core.Signed.xml
      409  01-04-16 11:34   [Content_Types].xml
 --------                   -------
  3532041                   13 files

or name it Castle.Core.StrongName.3.3.4.nupkg if that sounds better.
@jonorossi
Copy link
Member

I think we should park the strong naming topic until we've got everything else sorted out. If we provide a strong named package we won't be able to provide our Serilog integration (unless serilog/serilog#589 happens), however it also blocks us from ever using JSON.NET.

I didn't get the response I was after to: #118 (comment).

@nblumhardt
Copy link

Just a heads-up, Serilog is moving to (and will stick with) strong naming on .NET Core. PR is ready to merge on the Serilog side, will be out in the next v2 beta build.

@jonorossi
Copy link
Member

@nblumhardt thanks Nick.

@jeremymeng
Copy link
Contributor Author

I didn't get the response I was after to: #118 (comment).

@jonorossi I had thought that @Eilon has answered the question in #118 (comment). Are there more information that you are expecting? Would you mind list them again?

I was thinking about providing two projects: one unsigned and the other signed. Users can choose what they need.

@jonorossi
Copy link
Member

Microsoft has decided that strong names are staying with .NET Core so lets get this sorted. Can you send through a PR adding the strong name key into the project.json file, we only want a single package having two is the worst option, this would at least align with what we've done for the last decade and keep the identity the same between netfx and netcore.

@jonorossi jonorossi changed the title Add a signed configuration for netcore .NET Core - strong name assemblies Feb 25, 2016
@jonorossi jonorossi added this to the v4.0 milestone Feb 25, 2016
@Eilon
Copy link

Eilon commented Feb 25, 2016

BTW projects such as ASP.NET Core have strong-name signing enabled, and the private keys are checked into the public repo. E.g. for ASP.NET Core MVC the private key (generated with sn.exe) is here: https://github.com/aspnet/Mvc/tree/dev/tools

@jeremymeng
Copy link
Contributor Author

@jonorossi My sincere condolences at your loss. I am glad to see you back! i will add the key back. One question: do you also want all the targeted frameworks (net35, net40, etc.) in the project.json like in https://github.com/jeremymeng/Core/blob/769871799be8ed798f74911bf903ef3489741998/src/Castle.Core.Signed/project.json?

@jonorossi
Copy link
Member

@Eilon yep, our strong name private key has been committed to our repo since day one.

@jeremymeng thanks, it means a lot. Hopefully I'm back, I'm going to try directing people to do things more and stay hands off the code for a bit to see how that goes.

Just do the strong name key for now, let's discuss the project.json file in #134.

@jeremymeng jeremymeng mentioned this issue Feb 26, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v4.0
Development

No branches or pull requests
4 participants
@jonorossi @Eilon @nblumhardt @jeremymeng