2

Nuget 5.7+ Ignores Nuspec Csproj Replacement Tokens - And Other Weird Behaviors...

 2 years ago
source link: https://www.softwaremeadows.com/posts/nuget_5_7+_ignores_nuspec_replacement_tokens_-_and_other_weird_behavio/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

I submitted this issue in on 2020-08-28. It's had some comments and confirmations, but the moderators are having trouble reproducing it. I'm hoping this will help.

Source Code: ClassLibrary1.zip

Title

Here's the link to the issue.

NuGet again throwing exceptions "authors is required" "description is required", ignoring csproj/nuspec replacement tokens · Issue #9954

Environment

Windows 10 Pro
Visual Studio 2019
.NET Framework 4.8

More Info

There are multiple failures being reported below. The fundamental one is that NuGet 5.7 and above ignore token replacements in .nuspec files from .NET Framework project .csproj files.

Steps to Reproduce

Pre-setup

Check the Windows PATH environment variables (System Properties > Advanced > Environment Variables) at the user and system levels and be sure that no version of nuget.exe is on the path. One way to verify is to open a new command window and type nuget. If there's output, nuget is on the path.

A reboot may be required for the computer to recognize the path change. Normally, it only takes closing completely out of the System Properties editor.

Remember to open a new command window after PATH changes so the environment variable is reloaded.

Steps

  1. In Visual Studio, create a new .NET Framework Console Application.
  1. Open Properties\AssemblyInfo.cs add the values that are substituted for $description and $author:
    [assembly: AssemblyDescription("Desc")]
    [assembly: AssemblyConfiguration("")]
    [assembly: AssemblyCompany("Name")]
    
  2. Download NuGet 5.7 https://www.nuget.org/downloads
  3. Copy to the project folder
  4. Rename to nuget.exe.

It's important that the file be named nuget.exe.

  1. In the ClassLibrary1.csproj project folder, run

    nuget spec
    
  2. Reduce the resulting ClassLibrary1.nuspec file to the minimum required properties

    <?xml version="1.0" encoding="utf-8"?>
    <package >
      <metadata>
        <id>$id$</id>
        <version>$version$</version>
        <authors>$author$</authors>
        <description>$description$</description>
      </metadata>
    </package>
    
  3. Build the project or solution.

  4. In project folder, run nuget pack

Expected: Successful build of new package

Actual: Error that Author and Description are missing:

Attempting to build package from 'ClassLibrary1.csproj'.
MSBuild auto-detection: using msbuild version '16.8.2.56705' from 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin'.
Packing files from 'C:\Users\charl\source\repos\ClassLibrary1\ClassLibrary1\bin\Debug'.
Using 'ClassLibrary1.nuspec' for metadata.
Authors is required.
Description is required.

NuGet 5.6 Behavior

  1. In the above environment, replace the nuget.exe version 5.7 with version 5.6.

    It's important that the file be named nuget.exe.

  2. Run nuget pack

The pack succeeds.

Attempting to build package from 'ClassLibrary1.csproj'.
MSBuild auto-detection: using msbuild version '16.8.2.56705' from 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin'.
Packing files from 'C:\Users\charl\source\repos\ClassLibrary1\ClassLibrary1\bin\Debug'.
Using 'ClassLibrary1.nuspec' for metadata.
Successfully created package 'C:\Users\charl\source\repos\ClassLibrary1\ClassLibrary1\ClassLibrary1.1.0.0.nupkg'.
WARNING: NU5128: Some target frameworks declared in the dependencies group of the nuspec and the lib/ref folder do not have exact matches in the other location. Consult the list of actions below:
- Add a dependency group for .NETFramework4.8 to the nuspec

NuGet 5.8 and 5.9 preview Behaviors

Both versions exhibit the same bug as 5.7.

Behavior When Renaming nuget.exe

  1. Copy version 5.6 into the project folder
  2. Rename it nugetx.exe (It doesn't matter what it's renamed to, as long as it isn't nuget.exe)
  3. Run nugetx.exe pack

Unlike when named nuget.exe, version 5.6 pack fails with the unexpected error!

Attempting to build package from 'ClassLibrary1.csproj'.
MSBuild auto-detection: using msbuild version '16.8.2.56705' from 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin'.
Packing files from 'C:\Users\charl\source\repos\ClassLibrary1\ClassLibrary1\bin\Debug'.
Using 'ClassLibrary1.nuspec' for metadata.
Authors is required.
Description is required.

Behavior When Two NuGet files in Path

  1. Copy version 5.6 into the project folder and rename to nuget.exe
  2. Copy version 5.6 again into the project folder and rename to nugetx.exe
  3. Run nuget pack
  4. Run nugetx pack

In both cases, the pack succeeds.

Real World Concerns

Many organizations will, in a continuous deployment environment, use a known path to the latest NuGet package and expect it to be named nuget.exe. As seen above, those organizations will suddenly find themselves with failing package steps.

In order to continue, they must either stay on version 5.6 and accept the potential security issues there, or rework their pipeline.


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK