Comments (30)
source "http://nuget.org/api/v2"
nuget "Castle.Windsor-log4net" "~> 3.2"
source "http://nuget.org/api/v3"
nuget "Rx-Main" "~> 2.0"
will result in something like
NUGET
remote: http://nuget.org/api/v2
specs:
Castle.Windsor (2.1)
Castle.Windsor-log4net (3.3)
Castle.Windsor (>= 2.0)
log4net (>= 1.0)
log (1.2)
log4net (1.1)
log (>= 1.0)
remote: http://nuget.org/api/v3
specs:
Rx-Core (2.1)
Rx-Main (2.0)
Rx-Core (>= 2.1)
So if we start from on source we keep it.
from paket.
And should it be able to?
from paket.
do you mean indirect dependencies? then no it cannot.
from paket.
I think it can be fairly dangerous (and tricky) to support cross-source dependencies. What if the same package appears in both? How to scope this (if even more than 2 sources exist)? How to deal with transitive dependencies from the dependency of the 2nd source?
Even if all the above questions were answered, one would need to think about the benefits of such a feature. I have no advantage at hand for this. I would recommend to stick with single-sourced scope.
from paket.
@ilkerde Did you consider that there might be a lot of TeamCity and/or MyGet repositories that have dependencies on packages from nuget.org? Or is it something else you talk about?
from paket.
@agross I thought we were talking about indirect dependencies (dependencies of dependencies) that are subject to be resolved in a different repository than the dependency?
The case you draw is that a package (application/library) has dependencies (direct dependencies to be precise) from other (or even different) sources. This is all fine by me.
However, it is indeed quite hard for my limited brain to find a consistent and simple way to support the case that a package (i.e. library A) might have dependencies on other sources, which themselves have dependencies (indirect dependencies of A) on yet other sources (maybe even the originating one).
I actually can imagine a solution by supporting multiple sources to be resolved in order (the famous "aggregated source" from nuget comse into mind). However, I fear that there are practical corner cases which are not so easy to deal with.
What do you think?
from paket.
I thought we were talking about indirect dependencies (dependencies of dependencies) that are subject to be resolved in a different repository than the dependency?
From paket's point of view right now, everything that is not specified in packages.fsx
is an indirect dependency. So considering dep A from TeamCity (defined in packages.fsx
) requires B from nuget.org, we better resolve B. (I built such packages in the past.)
I think that indeed we will need to have the aggregate source you talk about. The order in which the user specifies them should then be the order theses sources are searched for B (for consistency, first one with a matching package version wins). This would also lift the requirement to mix source
and nuget
to have the nuget
use the correct source
.
For reference, the package.fsx
from my current project:
source "http://nuget.org/api/v2"
nuget "Castle.Windsor-log4net" "!>= 0"
nuget "Metrics.NET-net40" "~> 0.0"
nuget "Nancy.Hosting.Self" "~> 0.23.2"
nuget "Nancy.Bootstrappers.Windsor" "!~> 0.23"
nuget "Nancy.Serialization.JsonNet" "~> 0.23"
nuget "RestSharp" "~> 104.0"
nuget "Rx-Main" "!~> 2.2"
nuget "FakeItEasy" "~> 1.15"
nuget "NUnit.Runners" "~> 2.6"
nuget "SpecFlow.NUnit" "~> 1.1"
source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc"
nuget "Microsoft.Rtc.Collaboration-2010" "~> 4.0"
nuget "Microsoft.Rtc.Collaboration-2013" "~> 5.0"
from paket.
@agross is completely correct about the scenario which brought this to mind - internally private nuget feeds that reference dependencies from nuget.org (or from each other). In @agross example above, the packages in the teamcity feed might well have external dependencies.
I'm not sure about "The order in which the user specifies them should then be the order theses sources are searched for B (for consistency, first one with a matching package version wins)" - surely the most appropriate version available from any repository should win? If the internal feed has a patched version of (say) log4net with a higher version number I'd like that to be picked, whilst if NUnit have released a newer version on nuget.org than the one we're using internally that should be picked as well.
from paket.
@mavnn re: Ordering. Right, the best match should be picked from any source.
from paket.
Is this what you want:
source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc"
source "http://nuget.org/api/v2" // fallback
nuget "Microsoft.Rtc.Collaboration-2010" "~> 4.0"
nuget "Microsoft.Rtc.Collaboration-2013" "~> 5.0"
which would specify only the direct dependencies. These packages might have dependencies to other packages. We would check both sources - in order?
from paket.
Technically we would need to change https://github.com/fsprojects/Paket/blob/master/src/Paket/BasicTypes.fs#L42 into a string list
from paket.
Unfortunately I think to get sane results you have to look for every package and dependency in every source, and then pick the best match. Annoyingly slow, but I can't see any other way of knowing if you're actually following the resolution strategy you've chosen.
from paket.
Mhm, fair point.
On Sep 5, 2014 12:59 PM, "Michael Newton" [email protected] wrote:
Unfortunately I think to get sane results you have to look for every
package and dependency in every source, and then pick the best match.
Annoyingly slow, but I can't see any other way of knowing if you're
actually following the resolution strategy you've chosen.β
Reply to this email directly or view it on GitHub
#48 (comment).
from paket.
π
from paket.
needs a testing
from paket.
Analyzing Dependencies
FakeItEasy >= 1.15 < 2.0
Presence-2013 1.6.5
Couldn't get package details for package Presence-2013 on [Nuget "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc";
Nuget "http://nuget.org/api/v2"]
Using Fiddler I see paket is requesting information from TeamCity (HTTP status 200), but then also from nuget.org with 404.
from paket.
I tested again with another package from TeamCity that has no dependencies itself.
Analyzing Dependencies
FakeItEasy >= 1.15 < 2.0
ManagedUC.Legacy-2010 3.0.7
Lockfile written to D:\Users\agross\Downloads\Dependencies.lock
FakeItEasy 1.24.0 already downloaded
Downloading ManagedUC.Legacy-2010 3.0.7 to C:\Users\agross\AppData\Local\NuGet\Cache\ManagedUC.Legacy-2010.3.0.7.nupkg
FakeItEasy 1.24.0 unzipped to D:\Users\agross\Downloads\packages\FakeItEasy
ManagedUC.Legacy-2010 3.0.7 unzipped to D:\Users\agross\Downloads\packages\ManagedUC.Legacy-2010
The input sequence was empty.
Parameter name: source
from paket.
I fiddled with the dependencies of the package on TeamCity:
source "http://nuget.org/api/v2"
nuget "FakeItEasy" "~> 1.15"
source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc"
nuget "Presence" "1.6.7"
Analyzing Dependencies
FakeItEasy >= 1.15 < 2.0
Presence 1.6.7
No package found which matches Presence "1.6.7" on [Nuget "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc";
Nuget "http://nuget.org/api/v2"].
Version available:
>nuget install Presence-2013 -version 1.6.7
Attempting to resolve dependency 'Castle.Windsor (= 3.2.1)'.
Attempting to resolve dependency 'Castle.Core (= 3.2.0)'.
...
Installing 'Newtonsoft.Json 6.0.5'.
Successfully installed 'Newtonsoft.Json 6.0.5'.
Installing 'Presence-2013 1.6.7'.
Successfully installed 'Presence-2013 1.6.7'.
from paket.
source "http://nuget.org/api/v2"
nuget "FakeItEasy" "~> 1.15"
source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc"
nuget "Presence" "1.6.7"
talks about "Presence" but in the manual nuget call you said "Presence-2013"
from paket.
source "http://nuget.org/api/v2"
nuget "FakeItEasy" "~> 1.15"
source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc"
nuget "msu.Addins" "03.00.44"
works fine on my machine.
from paket.
Does msu.Addins have dependencies on packages from nuget.org?
Alex
Alexander GroΓ
Tiny phone, tiny mail
On Tue, Sep 9, 2014 at 5:19 PM, Steffen Forkmann [email protected]
wrote:
source "http://nuget.org/api/v2" nuget "FakeItEasy" "~> 1.15" source "http://teamcity/guestAuth/app/nuget/v1/FeedService.svc" nuget "msu.Addins" "03.00.44"
works fine on my machine.
Reply to this email directly or view it on GitHub:
#48 (comment)
from paket.
nope.
not sure how I can test this
from paket.
I'll try and have a go at it tomorrow.
On 9 Sep 2014 18:16, "Steffen Forkmann" [email protected] wrote:
nope.
not sure how I can test thisβ
Reply to this email directly or view it on GitHub
#48 (comment).
from paket.
@forki You were absolutely right about my typo in the package name. But even when corrected to Presence-2013
it still fails w/ the same message.
from paket.
@forki My package has a dependency on Castle stuff from NuGet. You should be able to test it easily w/ #69 merged.
from paket.
Seems like this is due to a parser error when Paket retrieves information from TeamCity.
at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at Paket.SemVer.parse(String version) in D:\Users\agross\Downloads\Paket\src\Paket\SemVer.fs:line 121
at Paket.Nuget.parseVersionRange(String text) in D:\Users\agross\Downloads\Paket\src\Paket\Nuget.fs:line 81
at [email protected](Tuple`2 tupledArg) in D:\Users\agross\Downloads\Paket\src\Paket\Nuget.fs:line 138
at [email protected](String _arg1) in D:\Users\agross\Downloads\Paket\src\Paket\Nuget.fs:line 137
at [email protected](a a)
We probably need to check for WebException in Nuget.fs, line 260 and let it crash otherwise (and not trying remaining sources).
from paket.
OK, I think I got it.
TeamCity returns the following XML for my package's dependencies (formatted manually):
<d:Dependencies>
Castle.Windsor:[3.2.1]|
Castle.Windsor-log4net:[3.2.0]|
Rx-Main:[2.2.5]|
Newtonsoft.Json:[6.0.5.0]|
Microsoft.Rtc.Collaboration-2013:null
</d:Dependencies>
The last entry is converted to a string with a value of "null"
(String.Equals(parsed, "null") == true
) which passes the null check at the beginning of Nuget.parseVersionRange
and fails later when it's parsed with Minimum(SemVer.parse text)
(Nuget.fs, line 81).
from paket.
Ah yes, null versions. A lovely feature of nuget :(
On 9 Sep 2014 21:50, "Alexander GroΓ" [email protected] wrote:
OK, I think I got it.
TeamCity returns the following XML for my package's dependencies
(formatted manually):<d:Dependencies>
Castle.Windsor:[3.2.1]|
Castle.Windsor-log4net:[3.2.0]|
Rx-Main:[2.2.5]|
Newtonsoft.Json:[6.0.5.0]|
Microsoft.Rtc.Collaboration-2013:null
/d:DependenciesThe last entry is converted to a string with a value of "null" (String.Equals(parsed,
"null") == true) which passes the null check at the beginning of
Nuget.parseVersionRange and fails later when it's parsed with Minimum(SemVer.parse
text)(Nuget.fs, line 81).β
Reply to this email directly or view it on GitHub
#48 (comment).
from paket.
I think this is fixed. Please open a new specific issue if there are still problems.
from paket.
Still having issues with #48 (comment).
from paket.
Related Issues (20)
- CVE-2018-8292 : System.Net.Http [referenced by Steeltoe.Management.CloudFoundryCore(3.2.3)]
- Dependency wrongly parsed
- dotnet pack --symbols fails with error about Compile entry not containing Update or Include attribute
- Paket Restore Targets doesn't work with .NET 6+ HOT 3
- .Net-Framework 4.8.1 not selectable
- Paket does not respect compatible versions of .Net Standard when adding references
- References to delisted versions of Nuget.Packaging
- Paket failing when trying to install dependencies `OpenSslCryptographicException` HOT 2
- Allow updating a transitive dependency HOT 1
- feat!(Paket.restore.targets): Support `dotnet restore` without `paket restore`; avoid null git diffs
- Empty response is not trusted?
- Paket Simplify Removing FSharp.Core from paket.references
- improve use case of `restore` that would not restore anything due to framework restriction and project being with wrong/lower framework version HOT 3
- plans for .NET 9 HOT 1
- Could not detect any platforms warning HOT 2
- concurrent package restores sometimes fail
- Visual studio not restoring packages for projects that target net8.0-windows
- find-packages command fails when using UNC paths
- Install.sh fails on macos with 'could not find a paket source on nuget.org'
- Paket pack fails when building/creating packages for Windows on Linux (docker), even using --build-platform flag HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from paket.