Guys, I think we should calm down a bit on this one.
There are lots of us on this list who are professional
developers. We
all have to face our own problems and work within the
parameters of our
own organizations. So we will all come up with different
solutions to
things.
If people are free to present their ideas without fear of
denigration
then we are all free to learn from them, or to reject them
as suits our
own requirements. Using emotionally charged language serves
only IMHO
to inhibit members from posting, and that potentially
impoverishes the
list.
Let's stick to cool-headed, reasoned discussions about
things, please.
If we do, then good arguments will prevail over poor ones
and sound
advice over bad advice. This enriches the list for
everyone.
Remember, as Perl hackers have it, TMTOWTDI.
Just my 2c. YMMV.
Peter
-----Original Message-----
From: Discussion of development on the .NET platform using
any managed
language [mailto OTNET-CL
R DISCUSS.DEVELOP.COM] On Behalf Of Daniel
Petersson
Sent: 17 May 2006 12:12
To: DOTNET-CLRDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Henkk, you are right about the hashcheck, it only verifies
the
content of the loaded file and not the reference, my bad.
However, I still argue that a proper dev process with
delayed
signing and disabled strongname verifications is the best
solution.
But your point about testing issues during
development/release is true,
when I encounter this problem I normally move the entire
test
to my dev-machine, repeat it - fix it (with the strongname
verification disabled), then I run the entire test all over
again.
(this takes time, but there is no shortcut worth the cost if
there are other issues that are missed due to patched tests)
Regarding someones statement that developing with strongname
disabled should increase the risk of missing issues due to
strongname failures that may occur
"out-in-the-wild";
THAT IS JUST PLAIN STUPID!!!
The only way you will end up with such issues are if you
have
broken the fusion algorithm and invented your own ...
(and that isn't a nice path to walk down...)
... and if you do you have tons of other issues to deal
with.
Fusion contains everything you need, but to make it work you
have to understand it!
Best regards,
Daniel Petersson
Daniel.Peterssoncefalo.se
http://codefeed.blogspot
.com
-----Original Message-----
From: Discussion of development on the .NET platform using
any managed
language on behalf of henkk
Sent: Wed 5/17/2006 12:36 PM
To: DOTNET-CLRDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Before you write your blog post, please check your statement
about
fusion verifying the hash itself  . AFAIK
fusion will only check if
the crypted hash matches the content of the assembly (iow if
you had
access to the private key).
If you want to stop a load based on a hash change, include a
linkdemand
(although even that wouldn't be too easy; but there's hash
evidence
which you could map onto a permission that you can
linkdemand -- or
write your own permission of course).
As of delayed signing, I have very mixed feelings about
that. I guess it
depends on your build environment. In larger scale projects
we typically
use different builds (e.g. there's a central build process
that has 'the
key'). For local builds we usually all have our own sweet
key pair (the
implication of which is we can only do local testing, but
again there's
a different test environment that has the full build where
stuff can be
tested in integration).
-- Henkk
-----Oorspronkelijk bericht-----
Van: Discussion of development on the .NET platform using
any managed
language [mailtoOTNET-CL
RDISCUSS.DEVELOP.COM] Namens Daniel Petersson
Verzonden: Wednesday, May 17, 2006 11:20 AM
Aan: DOTNET-CLRDISCUSS.DEVELOP.COM
Onderwerp: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Hi, All
Simply stopping the automatic version no change doesn't
solve the
strongname loading issue; fusion also checks the hashcode
as part of pre-load checks of a strongnamed reference.
(fusion = MS common name for PE file loading algorithms)
The version no shall always contain build no information,
otherwise it is impossible to backtrack issues due to mixed
versions.
The correct way is to set up a dev process that is based
on delayed signing and strongname disabling on the developer
machines!!! I'll write a blog about it later today, see
link
below!
-- Daniel
Daniel.Peterssoncefalo.se
http://codefeed.blogspot
.com
-----Original Message-----
From: Discussion of development on the .NET platform using
any managed
language on behalf of Bradley, Peter
Sent: Wed 5/17/2006 10:59 AM
To: DOTNET-CLRDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Henkk is correct.
If you look in the project's AssemblyInfo.cs file (assuming
you're using
cs), you'll see this default entry:
//
// Version information for an assembly consists of the
following four
values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the
Revision and
Build Numbers
// by using the '*' as shown below:
[assembly: AssemblyVersion("1.0.*")]
The vb version is the same to all intents and purposes.
If we take the format to mean
major_version.minor_version.build, then
the * in the build field is an instruction to VS to
increment the build
at each compile.
If you want to compile to a specific release, replace the
1.0.* with the
release number that you want - without any *s in it! E.g.
1.0.0, or
whatever conforms to your versioning conventions.
The first thing I do in anything other than simple test
projects is to
fix the version number by replacing the 1.0.* with something
relevant to
us. This is especially important for us, because we use
signed
assemblies exclusively.
HTH
Peter (another one)
-----Original Message-----
From: Discussion of development on the .NET platform using
any managed
language [mailtoOTNET-CL
RDISCUSS.DEVELOP.COM] On Behalf Of henkk
Sent: 17 May 2006 09:48
To: DOTNET-CLRDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Hi Peter,
If I understand correctly, you are under the impression that
version
numbers are automatically updated on each build. This is
definitely not
the case. You can explicitly control the version with an
attribute
(AssemblyVersionAttribute), or if you're doing VS2005 even
in the UI
(project properties).
Only if you explicitly tell the build environment (by having
*'s in your
version number) it will auto-increment the number for you.
When you put
a fully qualified version in (like
AssemblyVersion("2.2.0.2")) it will
always build that number.
I always explicitly set versions, because I am in control of
what breaks
and what doesn't old clients, not my compiler.
HTH,
-- Henkk
________________________________
From: Discussion of development on the .NET platform using
any managed
language on behalf of Peter van der Weerd
Sent: Wed 5/17/2006 8:06 AM
To: DOTNET-CLRDISCUSS.DEVELOP.COM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
LoadFrom (It wasn't me who recommended that) will not work
since I 'm
using
a reference and don't load the assembly myself. However, if
one was
loading
the dll, yes, it could be an option.
Why would I want loading a signed dll with its partial name?
Well, I think strong names are too strong. Each time you
build an
assembly
its version (well, part of) is incremented, making it
nescessary to
rebuild
all your depending assemblies.
Since years we have the discipline to always keep dlls
backward
compatible,
and if not: just rename the dll (happens almost never).
Also: during the
nightly build the version numbers will be incremented,
leaving a dll
which
is perfectly usable by previous compiled applications, but
they cannot
be
loaded any more because of the strong name.
I can live with the versioning crab for dll's living in the
gac. It is
designed that way. But now I deal with a dll which is
unfortunately
signed
because the owner wanted to have the possibility to put it
in the gac.
Well,
I don't want to deploy parts of this application in the
gac, and choose
to
deploy the application the "normal way". And the
normal way of probing
will
check if the dll can be found in the application's
directory, and
reference
it with a partial name.
In IL I am able to do so (just leave out the .ver), but
VS2005 always
takes
the strong name if the assembly was signed. So the remaining
question
is: is
there an option in VS2005 to force a reference with a
partial name when
referencing signed assemblies?
However, you're probably right: doing things slightly
different than
microsoft designed is most of the time a bad idea.
P
----- Original Message -----
From: "Daniel Petersson"
<daniel.peterssonCEFALO.SE>
To: <DOTNET-CLRDISCUSS.DEVELOP.COM>
Sent: Wednesday, May 17, 2006 7:10 AM
Subject: Re: [DOTNET-CLR] Partial referencing strong named
assembly
Hi, First of all would I like to state, WHY?
- if it is strongnamed, then it has a strongname and you
shouldn't mess around with the probing/loading scheme.
(it will only cause you problems in the end)
- you can do a version redirect through the .config file,
and this is probably what you should do if you are looking
to solve a patch/update scenario.
- even though Peter van der Weerd recomended you to use
LoadFrom( ... ) don't! use Load( ... ) and make sure that
you still follow the fusion load rules. Use fuslogvw.exe
to locate any loading issues.
Best Regards
Daniel Petersson
codefeed.blogspot.com
> -----Original Message-----
> From: Discussion of development on the .NET platform
using
> any managed language [mailtoOTNET-CL
RDISCUSS.DEVELOP.COM]
> On Behalf Of Jim Miller (.NET)
> Sent: Wednesday, May 17, 2006 6:12 AM
> To: DOTNET-CLRDISCUSS.DEVELOP.COM
> Subject: Re: [DOTNET-CLR] Partial referencing strong
named assembly
>
> Don't try to load it using the assembly name, use the
file
> name where you've stored it, using LoadFrom.
>
> -----Original Message-----
> From: Discussion of development on the .NET platform
using
> any managed language [mailtoOTNET-CL
RDISCUSS.DEVELOP.COM]
> On Behalf Of Peter van der Weerd
> Sent: Tuesday, May 16, 2006 8:52 AM
> To: DOTNET-CLRDISCUSS.DEVELOP.COM
> Subject: [DOTNET-CLR] Partial referencing strong named
assembly
>
> Hi All,
>
> I have a signed assembly A, *not* residing in the GAC.
>
> Now I want to build an assembly B (C# project in
VS2005)
> using this A, but with a *partial reference*: only
using the
> aseembly name without version information.
>
> How do I do that? I tried to set the "specific
version"
> property of the reference to false, but whatever I try,
the B
> is always linked to a the fully specified A.
>
> Any hints?
>
> Kind regards,
> Peewee
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentor(r) http://www.develop.com
View archives and manage your subscription(s) at
http://discuss.develop.com
===================================
This list is hosted by DevelopMentorŪ http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
|