[release/6.0] Bring back System.Security.AccessControl package #57816
Conversation
|
Tagging subscribers to this area: @Anipik, @safern, @ViktorHofer Issue DetailsFixes #54341 @ericstj as we don't want this in main (7.0), I'm not back porting anything but directly targeting 6.0-rc1. What bar do we apply to this change? Is this something for Tactics or M2 approval?
|
ViktorHofer
changed the title
ViktorHofer
changed the title
ViktorHofer
requested review from
eiriktsarpalis,
layomia and
steveharter
as code owners
You might want some of this in main. The parts that get
For RC1 we need tactics approval, for RC2 it's M2 approval. Apply the bug bar from @jeffhandley's mail. Make sure to add the template to the PR. |
|
RC1 bar high now. Probably if you back port it would be to RC2. Would need template. |
Yes, absolutely. I plan to re-target to RC2 when the change is ready. |
ViktorHofer
force-pushed
the
AddBackSystemThreadingAccessControlPkg
branch
from
7197ed8 to
c0d5e95
Compare
ViktorHofer
requested review from
SamMonoRT,
imhameed,
lambdageek and
vargaz
as code owners
ViktorHofer
changed the title
ViktorHofer
force-pushed
the
AddBackSystemThreadingAccessControlPkg
branch
from
c0d5e95 to
18efc63
Compare
|
|
||
| <PropertyGroup> | ||
| <TargetFrameworks>$(NetCoreAppCurrent);net461</TargetFrameworks> | ||
| <TargetFrameworks>$(NetCoreAppCurrent);net461-windows</TargetFrameworks> |
There was a problem hiding this comment.
Can you explain the logic behind the changes on netfx configurations and why we are adding OS to some of them? Is the one here due to the package reference to a windows-only package?
There was a problem hiding this comment.
Libraries which projectreference rid-specific libraries need to be rid-specific as well. In this case, all the libraries that I annotated incorrectly referenced the netstandard2.0 asset instead of the net461-windows asset. The technical reason behind that is that net461 can't reference net461-windows, so netstandard2.0 wins.
I discovered that when bringing back System.Security.AccessControl and had to make changes to use it as a live reference.
There was a problem hiding this comment.
I see, this seems like a very fragile system when trying to get them correct. Should we instead do one of the following:
- Transform all net461 configs to instead be net461-windows, that way all configurations are referencing the right live libs.
- Add some build checks that check P2Ps when building netfx libs, and ensuring that we are not incorrectly getting a NS2.0 asset when the P2P also has a net461-windows asset.
Of course we don't have to fix it here, but I thought of bringing the suggestions here anyway
There was a problem hiding this comment.
I see, this seems like a very fragile system when trying to get them correct. Should we instead do one of the following:
Agree with this being a fragile design. It predates me, it existed for several years and apparently it worked just fine. Even though this is hard to get right without understanding RID compatibility rules, it's the closest / best implementation based on the rid graph.
Transform all net461 configs to instead be net461-windows, that way all configurations are referencing the right live libs.
Reason why we didn't do this yet is because of these two major downsides:
- Making a tfm rid specific without also building a rid agnostic tfm of the same TargetFrameworkIdentifier results in packages having duplicated assets in the i.e. lib/net461/ and runtimes/win/lib/net461/ folders. For more information see
Lines 104 to 108 in c94b75f
- net461-windows is a tfm alias that nuget doesn't understand and the
-windowspart needs to be stripped from the target framework alias: https://github.com/dotnet/arcade/blob/761d2e6545a31d2ebf9cb60443ed2a9c2f8268b5/src/Microsoft.DotNet.Build.Tasks.TargetFramework.Sdk/src/build/Microsoft.DotNet.Build.Tasks.TargetFramework.Sdk.props#L21-L22. Adding the-windowsrid to every .NETFramework tfm results in this hack being applied in many more places and more NuGet.config files being necessary to disable VS's restore which can't handle restoring them:
Add some build checks that check P2Ps when building netfx libs, and ensuring that we are not incorrectly getting a NS2.0 asset when the P2P also has a net461-windows asset.
Correct me if I'm wrong but I believe the ProjectReference protocol doesn't expose the necessary information to implement such a check. Of course you could always implement custom targets and MSBuild calls but that won't work with static graph build which we want to leverage.
There was a problem hiding this comment.
I see, this seems like a very fragile system when trying to get them correct.
I believe at one point package validation would catch any mistake here and would actually drive folks to do the right thing / teach them about the RID specific asset being preferred. Not sure if that's still the case.
There was a problem hiding this comment.
I believe at one point package validation would catch any mistake here
@ericstj can you please elaborate on "at one point ... would catch any mistakes here"? Do you mean that the new PackageValidation infrastructure will eventually catch this in the future, did you refer the the old pkgproj system or to the runtime repo specific testPackages infra (which creates wrapper projects and restores the package)?
There was a problem hiding this comment.
For the sake of this discussion, I filed #58495 to simplify .NETFramework tfms.
There was a problem hiding this comment.
I'm talking about package testing that we run that consumes the nuget packages we build in a project. We would run that with RIDs on .NETFramework, so it would see duplicate runtime types in the case someone forgot to include a RID specific asset, and would see duplicate reference types if someone forgot the RID-less asset. I think we may still catch this today if we use the runtimeTargets on .NETFramework.
Previously we would also sometimes catch this in package build itself if the assembly versions differed (as is the case in servicing).
I added a comment to the issue about making sure we have test coverage of this scenario.
src/libraries/Microsoft.VisualBasic.Core/tests/Microsoft.VisualBasic.Core.Tests.csproj
Show resolved
Hide resolved
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> | ||
| <Suppression> | ||
| <DiagnosticId>CP0001</DiagnosticId> |
There was a problem hiding this comment.
NIT: It might be good to test at least locally with the new PackageValidation logic how the diff looks like since this specific suppression will go away and instead you'll get the actual diffs after following type forwards.
src/libraries/System.Security.AccessControl/src/ILLink/ILLink.Descriptors.xml
Show resolved
Hide resolved
|
Approved for release/6.0: significant regression since 5.0 of footprint of aspnet shared framework. Per discussion offline, we've tested as best we can. Please address any feedback. also verify the result when it reaches aspnetcore repo (perhaps that will happen first in main) |
|
@ViktorHofer with this, we'll be able to remove our previous workarounds for RC2❔ Should we eliminate our Microsoft.Win32.SystemEvents, System.Drawing.Common, System.Security.Permissions, or System.Windows.Extensions references going forward❔ We reference them mainly to ensure they do not end up in Microsoft.AspNetCore.App.* nor our targeting packs. Separately, should we expect (and allow) System.Security.AccessControl to land in our targeting packs again❔ If yes, will we need Microsoft.Win32.Registry and System.Security.Principal.Windows again too❔ (We use 5.0.0 versions of the later two elsewhere and I expect that'll continue, right❔) |
ericstj
left a comment
ericstj
left a comment
There was a problem hiding this comment.
LGTM. It might make sense to review a package diff for any project touched here just to make sure you understand the changes and they are what you'd expect. You can also do a diff of S.S.ACL with the last version before the removal, so that it gets the same treatment as other pkgproj->csproj conversions.
|
For the linker issue: I think we should just not try to trim these generated not-supported assemblies. While we're probably going to fix this particular issue in the linker, there are other potential issues with these type of assemblies (as pointed out in dotnet/linker#2238 (comment)). |
If we are going to request nuspec / package diffs for any change that we might make in the future to packages we should invest in tooling that helps with that. At the moment this is a very manual process and takes time. I would imagine that PackageValidation could generate a nuspec diff based on the baseline version vs the just build package.
I compared the packages (including content and nuspec diffs) but didn't upload a diff (as mentioned, there's no automation available). Let me know if you want me to upload one, which I can most definitely do.
Thanks Vitek. We have been trimming PNSEs for a quite a while now (as we don't differentiate between the "kind" of assembly) and we are close to shipping release/6.0. Do you think we should stop doing that even for 6.0? |
|
I don’t need to see the diffs personally, just suggesting to test this as it can be helpful when making these types of changes and it was something we did in the past, especially when we wanted to communicate the risk level of a large change. The mechanism we used to use for this was to just rename the intermediate nuspec folder, apply the change, then build packages again, and diff the folders. It was a low cost check that only took ~5 minutes and often helped quickly illustrate the amount of change to the shipping product. |
Let me share the process that I followed during the "pkgproj -> NuGet Pack task" migration. Let me say that generating and providing the diffs was actually what took the longest. When I touch a package I usually verify packaging changes by doing the following:
I personally use NuGet Package Explorer as it provides additional value i.e. checking for symbol files, sourcelink and compiler optimizations being present. The reason why I prefer a baseline package over a live build is that it lets me compare the applied change against the last shipped state. |
I don't think this is something we should try to play with in 6 - as you said - too late... |
|
@dougbu I think you can remove https://github.com/dotnet/aspnetcore/blob/6a65d74163f985b1c685335e7f3902f88cd9f3f7/src/Framework/App.Runtime/src/Microsoft.AspNetCore.App.Runtime.csproj#L123-L130 In release/6.0. You'll be able to do the same in main once main is able to pick up the System.Security.AccessControl package we're building 6.0. |
- see dotnet/runtime#57816 (comment) - undo much of 18a61fb
Do you mean this change has not been merged into 'main' in this repo❔ I don't see it there but want to make sure this isn't about dependency flow into dotnet/aspnetcore. |
|
For the effect of this change to occur in main we need to update our reference here To use the 6.0.0 System.Security.AccessControl package. @ViktorHofer can you file an issue for that if you don't have one? Not sure that will happen naturally. |
|
Actually, that makes me realize that this part might have been missed here. @ViktorHofer -- can you check that the crypto package that ASP.NET uses was updated to reference S.S.AcessControl instead of Permissions? |
- see dotnet/runtime#57816 (comment) - undo much of 18a61fb
- `cherry-pick` e58a6c2 - see dotnet/runtime#57816 (comment) - also reacting to dotnet/runtime#58731 - undo much of 18a61fb
- `cherry-pick` e58a6c2 - see dotnet/runtime#57816 (comment) - also reacting to dotnet/runtime#58731 - undo much of 18a61fb
* [main] React to dotnet/runtime#57816 (#36155) - `cherry-pick` e58a6c2 - see dotnet/runtime#57816 (comment) - also reacting to dotnet/runtime#58731 - undo much of 18a61fb * [main] Cleanup remaining SSP references (#36248) - `cherry-pick` 888e03a - remove references to System.Security.Permissions and its closure - only mentions are in eng/PackageOverrides.txt and eng/PlatformManifest.txt - those files will remain unused until we update them in the run-up to 6.0.1 - may see some package refs for SSP and its closure elsewhere but this does not impact targeting pack content - also remove duplication between `@(AspNetCoreReferenceAssemblyPath)` additions (for efficiency) nit: Only need to exclude System.Net.Quic from `@(_AvailableRuntimeRefAssemblies)` - Crypto.Pkcs is **not** present in the transport package - other disallowed entries aren't present in the transport package or our dependency closure
ghost
locked as resolved and limited conversation to collaborators
8 participants
Fixes #54341
This issue was discovered in dotnet/aspnetcore#33571 (comment) by @dougbu, @wtgodbe and @ericstj.
Note that this change won't be ported into main as the
System.Security.AccessControlpackage won't ship after 6.0 anymore as the library is now part of the shared framework. The reason why this package needs to be brought back for 6.0 is that aspnetcore depends on S.S.Cryptography.Xml which either depends on S.S.AccessControl or S.S.Permissions. As the latter is undesirable to reference, the former is chosen as a dependency. Going forward, S.S.Cryptography.Xml will continue to reference the last shipped 6.0.* version of S.S.AccessControl and doesn't require it to be built live.Customer Impact
Customers transitively reference System.Security.Permissions (Legacy) with its large closure of assemblies when consuming System.Security.Cryptography.Xml (non-legacy) or some of the AspNetCore packages which expose it. When referencing matching https://www.nuget.org/packages/Microsoft.AspNetCore.DataProtection/6.0.0-preview.7.21378.6 to what is in the shared framework, that assembly will be dropped, yet SSP and it’s closure will go app-local and increase the app's foot print.
Testing
Automated testing via a) the PackageTesting SDK component that checks if assets are compatible with each other and b) the repo local testPackages infrastructue that restore the generated packages on tfms and checks if the packages are consumable.
Manually tested as well by creating the package and validating its output.
Risk
Low - The package already existed before and the automated package testing covers the consumption of the package on the consumer's end.