Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strong name signed version #1076

Open
9 of 12 tasks
Tasteful opened this issue Dec 15, 2017 · 12 comments
Open
9 of 12 tasks

Strong name signed version #1076

Tasteful opened this issue Dec 15, 2017 · 12 comments

Comments

@Tasteful
Copy link

Working today with an ecommerce platfor and looking into if we can use Hangfire for scheduled jobs. The only problem that I see today is that we need to ship all our assemblies strong name signed and can't make a reference to Hangfire because of the lack of strong name signed assemblies.

From aspnet/DataProtection#245 (comment) that davidfowl write

Package authors realistically all need to be strong named and we (Microsoft) need to fix the .NET Framework to not require binding redirects to truly solve the problems that people hit (I'm fighting for this, again 😄).

Is there any possibility that atleast the "core" package (this repro) can be strong name signed?


I found the following issued about strong naming signing

And if we check the thirdparty that are used and if the support strong naming for this repo

Dependencies that is placing source into Hangfire is not relevant to be strong name signed

  • LibLog
  • MoreLinq.Source.MoreEnumerable.Pairwise
  • StackTraceFormatter.Source
  • StackTraceParser.Source
@thoemmi
Copy link

thoemmi commented Dec 15, 2017

For MahApps.Metro we decided against strong naming, see StrongName signed assembly? Hey, it's 2017...:

Strong-named assemblies are only useful in some rare scenarios. If you need strong-named assembly then you can compile the source by yourself ore use the Strong Namer from Daniel Plaisted @dsplaisted or Strong-Name Signer from Werner van Deventer @brutaldev.

More informations about the reason of this decision can be found here:

@Tasteful
Copy link
Author

@thoemmi It is possible for use to do either strong name signing by our self or use the Strong-Name Signer, but if we do that we need to distribute the signed version out to all our partner developers that are using the platform and in that case it's a question if we will violate the license terms to publish another version of hangfire that is strong name signed. We also need to put maintenance time to update that version with all changes from the this repo that not is needed if the orignal assembly is strong name signed or that the project automatic (conditions is proj-file) is building two different versions and distribute with every release.

Strong-Name Signer is working great for package consumers but not for package authors.

@sandorfr
Copy link
Contributor

sandorfr commented Dec 16, 2017

@thoemmi I don't find the article you linked very relevant. It's based on a lot of assumptions. I remember that the runtime can optimize some runtime check on the full framework when it's signed. And here is the best comment on the matter : aspnet/DataProtection#245 (comment)

But besides that point, the current Hangfire.Redis.Pro references the unsigned version of StackExchange.Redis where the Microsoft.AspNetCore.All is using the strong named version and they conflict.

@milindk0404
Copy link

milindk0404 commented Jan 4, 2018

Hi All,
I am using Hangfire.Redis.StackExchange with Hangfire.(.net core 2.0)
As "ConnectionMultiplexer" exists in both StackExchange.Redis.StrongName(in .net core) and StackExchange.Redis(in Hangfire.Redis.StackExchange as dependent dll), I am not able to build the project. Could you guide me to resolve this?

Error:
The type 'ConnectionMultiplexer' exists in both 'StackExchange.Redis.StrongName, Version=1.2.4.0, Culture=neutral, PublicKeyToken=c219ff1ca8c2ce46' and 'StackExchange.Redis, Version=1.2.6.0, Culture=neutral, PublicKeyToken=null'

Tired this trick also(Did not solve):
[https://stackoverflow.com/questions/46047718/stackexchange-redis-strongname-is-refrenced-but-not-included-as-package?rq=1]

Milind

@luizfbicalho
Copy link

Any news about this?

There is no downside to sign, and it would help the use in other projects.

I don't understand the deal, it's clear to me that it is better to sign

@augustoproiete
Copy link
Contributor

Hey @odinserj, any plans to merge and release #1177 to resolve this issue?

@achimismaili
Copy link

Workaround:
I found the following nuget package very useful, that takes care of signing every reference of a project during build. A build target for singing all reference is added automatically since the most recent version. For me, it worked with Hangfire. It also works when called from console.

Nuget
https://www.nuget.org/packages/Brutal.Dev.StrongNameSigner/

Project
https://github.com/brutaldev/StrongNameSigner

@augustoproiete
Copy link
Contributor

@achimismaili Unfortunately the workaround has issues in some cases

@Tasteful
Copy link
Author

Tasteful commented Apr 8, 2020

@achimismaili did you read the above comments? As I pointed out in an early comment the self signed version is working great in solutions, but now when you deliver packages that someone else is using.

@achimismaili
Copy link

I agree with you, @caioproiete & @Tasteful. Yes, this is not a solution, just a workaround for some scenarios.
I found this issue when looking for a solution to my problem and the title and initial description well fit to my problem, so I documented the solution I found.
When re-reading the comments of this issue again in detail now, I see that you got already past the self signing and that the nuget package I was referring to was even already mentioned by @thoemmi before.
Sorry for that.

@luizfbicalho
Copy link

Any updates on this question?

@augustoproiete
Copy link
Contributor

@odinserj @quinvit I'd be happy to submit a PR for this one. LMK

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

7 participants