dnu publish does not honor RIDs

[analogrelay]

When using dnu publish, we do not scan the correct section in the lock file and as a result we miss most of the runtime.[rid].[assemblyname] packages. This causes problems with runtime-specific packages that are not embedded in DNX (for example System.Data.SqlClient and System.Net.Security)

/cc @DamianEdwards @muratg @Eilon

[moozzyk]

This also breaks when trying to publish for arm. Even though in my project.lock.json I have the "DNXCore,Version=v5.0/win10-arm": { target if I publish with --framework dnxcore50 the published project.lock.json file contains only targets for "DNXCore,Version=v5.0/win7-x86": { and "DNXCore,Version=v5.0/win7-x64":

[analogrelay]

There may still be an issue there we can look at. RC1 doesn't officially support arm, so the timing is a little less rushed :)

[guardrex]

@anurse I just lost my access to System.Net.Security -23405 ...

The -23405 package was working for me (RC1) while you're working on a perm fix (for RC2?). Is there any way I can get access to that -23405 package back?

[guardrex]

@anurse Nevermind ... I found it in one of my project's VS publish output folders, moved a copy of it back to .dnx\packages, and was able to reference it again. Whew! ... that was close. I'm going to put that -23405 package on CraigsList ... I'll split the take with you.

[guardrex]

@anurse Rats! 🐀 🐀 🐀

... can I force acceptance of that package?

[analogrelay]

We have a fix and we're working on getting it out ASAP, so you won't have to wait for RC2. As long as 23405 is either in your local cache or on one of your feeds, the direct reference shouldn't ever bump you up. That warning, in fact, is designed to tell you that it was forced to bump you up because it couldn't find the exact match.

[guardrex]

@anurse Strange ... I have the package (the -23405 one) in .dnx\packages. It's still pulling -23409 on a manual package restore. Is there something else I need to do besides just dropping it into the folder?

[benaadams]

@guardrex where's your CraigsList item? Though I can probably hold out on a week :)

[guardrex]

@benadams I put it here (and hoping not to violate any licenses by doing so!): https://github.com/GuardRex/System-Net-Security-23405

[guardrex]

I'm good ... "System.Net.Security": "4.0.0-beta-23225", works in place of -23405 ... at least insofar as SslStream is concerned. However, I sent a request to the NuGet owners asking to put -23405 back up.

[guardrex]

@ericstj states ...

23409 won’t work for Luke since that has our cross-platform split which is specifically hitting the bug in DNU publish.

23405 is still available there: https://www.myget.org/F/dotnet-core-rel/api/v3/index.json

Specifically: https://www.myget.org/F/dotnet-core-rel/api/v2/package/System.Net.Security/4.0.0-beta-23405

Also, for Andrew’s fix you can get the latest DNX with the fix here: https://www.myget.org/F/aspnetrc1/api/v2

You should be able to upgrade by doing
set DNX_FEED=https://www.myget.org/F/aspnetrc1/api/v2
dnvm upgrade

... and thanks to @joshfree for letting me know that -23405 isn't available on the NuGet feed but at the feed shown above. That explains why I lost it for a sec.

[analogrelay]

Be very careful with using the aspnetrc1 feed. There's nothing terribly wrong with it, but it is purely designed for internal testing, so we often replace packages there without changing the version. Also, the released version may end up with the same version number.

I'd suggest deleting any 1.0.0-rc1-update1 runtimes you got from there and instead use the https://www.myget.org/F/aspnetcirelease/api/v2 feed if you want the latest builds of the fix. The latest build there is identical to the one you got from aspnetrc1 but has a build number in the version and should upgrade safely to the released version when it is released.

[guardrex]

@anurse @ericstj After mulling things over a bit and trying to settle on something simple but effective to get me to RC2, I think I'll just give -23225 a go. It's on the NuGet release feed, and dnx isn't trying to upgrade it to anything else (e.g., -23409). I only need SslStream, and it seems to be working well out of -23225. Unless you guys think I'm going to break, I'll go forward this way.

[benaadams]

@anurse its this resolved; or do we need to use the work around used by @guardrex ?

[analogrelay]

For now, the workaround. There is an update to RC1 with a fix being released soon. You can also use the aspnetcirelease feed in DNVM if you want early access to the fixed DNX build.

[benaadams]

Ah, if I'm using the unstable RC2 should it be in that also?

[analogrelay]

Yes, it should be in the latest RC2 builds. I merged to dev last week. If not, let me know! I might have missed something :)

[benaadams]

Excellent, thank you!

[benaadams]

Is working great, thank you 👍

[guardrex]

Confirmed fixed with runtime rc1-update1. Thanks @anurse and @ericstj 🍻