Comments (6)
#156 has been merged. Thanks!
from ilpack.
@AArnott Thanks a lot for your feedback. Unfortunately, supporting the .NET Framework is not part of our ambition for this library, as it's just a replacement for something is actually available in .NET Framework. My own gut-feeling is that strong-naming .NET assemblies is a some extra friction for not much added value.
If you feel strongly about it, it could be done though, although, but we should start the bugs like #117 that (probably) prevent you from using ILPack in the first place.
from ilpack.
My own gut-feeling is that strong-naming .NET assemblies is a some extra friction for not much added value.
Strong naming is frictionless on .NET Core, and generally a good thing on .NET Framework too. See https://docs.microsoft.com/en-us/dotnet/standard/assembly/strong-named for more info.
supporting the .NET Framework is not part of our ambition for this library
Then why target .NET Standard in your library? Why not just target .NET Core and make it clear that folks who want to target .NET Framework shouldn't use it?
FWIW though, I own many libraries, all of which run on both runtimes and a few of which need to use Ref.Emit. I am looking for a way that works on either runtime to write out the dll to disk.
but we should start the bugs like #117 that (probably) prevent you from using ILPack in the first place.
Agreed. I am not sold on using this unless this and perhaps other issues I see filed against this project are resolved to the point where I'm convinced that I can rely on this.
from ilpack.
Then why target .NET Standard in your library? Why not just target .NET Core and make it clear that folks who want to target .NET Framework shouldn't use it?
Well, the .NET Standard support has been brought by a community contributor. I did not want to reject the PR on the sole basis of not supporting .NET Standard. However the in the first paragraph of the ReadMe.md
, it's .NET Core that is mentioned. Lokad does not have the resource to support the .NET Framework, but if some people wants to contribute in this area, I will try not to be in the way.
from ilpack.
@vermorel I'll try to summarize information about assembly stong naming here and will include it into a separate .md file if needed in the scope of the related PR.
- The strong naming provides an identity for assembly, allows to use in binding redirection, loading different versions side-by-side, using them in a 'signed' context, and placing them into the GAC.
- The strong name private/public key pair (a
.snk
file) is a source of this identity. We are unable to use different.snk
files for the development and release process because in this case, we will have different identities. - It will prevent users from using a modified version of assembly for debugging/testing without full application re-compilation.
- There is an option of "public sign" (or "OSS sign") that allows committing only the public key into the repo and marking output as fully signed just by adding this public key. In this case, we can use a proper private/public pair for CI/CD build but you have to manage this "full"
.snk
file somehow outside of the Git repo.
There are some useful links related to the previous list:
- Command-line options for the SN tool - how to create a new
.snk
file and export public key as a separate file - Open-source library guidance from Microsoft - Strong naming - see info about managing the
.snk
file - Public sign project file option for the dotnet SDK/MSBuild (can be used conditionally)
- Some ideas for using the non-committed
.snk
file in CI/CD pipeline.
from ilpack.
Strong naming is not about security:
A strong name signature does not guarantee the trustworthiness of the person who signed the assembly or indicate whether that person was a legitimate owner of the key; it indicates only that the owner of the key signed the assembly. Therefore, we do not recommend using a strong name signature as a security validator for trusting third-party code. Microsoft Authenticode is the recommended way to authenticate code.
Hiding the private key just adds complexity to the process and violates the spirit of OSS, since no one can actually reproduce their own build of the binary and expect it to work like the original. I suggest just checking in the full snk file, which is what I do in all my repos, OSS or not.
from ilpack.
Related Issues (20)
- ILVerification fails on delegate ctor of generated assembly HOT 2
- Generated assembly from a .NET 5 executable is ".NETFramework" instead of ".NETCore" HOT 2
- (with patch) Functions with 'void*' in params list HOT 3
- (with proposed patch), null dereference in TryGetRawMetadata after removed null check HOT 1
- Exported Net core lib is referencing System.Private.CorLib instead of System.Runtime HOT 8
- some proposal for perfomance opt (small patch)
- With Patch/Fix: Missing Generic Type arguments in OpCodes.Call(x) HOT 1
- Lokad.ILPack does not have a strong name
- Saved Dynamic Assembly Not showing in VS intellisense but ILSpy and VS Object Explorer Look correct HOT 2
- Unable to translate FieldBuilders with no declaring type HOT 6
- Unable to look up MethodDefinition for constructed generic method
- Fail to export referenced types in `System.Private.CoreLib` due to `DefaultInterpolatedStringHandler` HOT 4
- Type names containing special characters HOT 2
- Migration to .NET 6.0 causes test suite to hang HOT 1
- DeclareInterfacesAndCreateInterfaceMap conundrum HOT 8
- Support function pointers as arguments of function pointers
- Partially defined generic methods are not working
- Add equivalent of AssemblyBuilder.SetEntryPoint HOT 10
- Classes that implement interfaces with defaulted methods crash the dll generator. HOT 2
- Unexpected InvalidOperationException with .NET 8.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ilpack.