How to package .NET applications in Linux distributions?

[omajid]

A number of Linux distributions (and other OSs) are now using and packaging .NET (via source-build) into their distributions. With .NET available in the distro, users are looking to build on top of it. For example, someone was recently looking for guidance on how to package https://github.com/GitCredentialManager/git-credential-manager into Fedora. That led to some conversation in a Fedora context that I think is general enough that it would apply to most other distros as well.

You can see the original discussion here: https://pagure.io/packaging-committee/issue/1193.

I talked about this with @crummel who suggested starting a discussion here.

Before digging into specific, is this - packaging software built on top of .NET into distros - something we want to encourage and support?

If so, there's quite a few challenges that we need to solve. The challenges are similar to what we encounter in source-build: we need to build everything from source without access to the internet. Here's what I see as the big ones:

• Given an application that a user wants to introduce into the distro, we need to trace the entire dependency graph of the application and find some way to build it all from source, offline. What if there are cycles?
• Given a (dependency library's) nuget package, how do we find where the source code is and build it with the same configuration used by the nuget package author to create the nuget package?
• Given that foundational libraries like Newtonsoft.Json would be used by a huge percentage of .NET applications, it seems like it would fit in best with the distro policies if we packaged it up once and then applications or higher-level libraries could use that without having to maintain or build this code.
• If we are building these foundational libraries as nuget packages the distro, where should distros place these packages? How should applications consume these libraries at build time?
• What sort of build configuration/flags should we recommend? Should we tell users to use framework-dependent publishing or self-contained?
• Even framework-dependent deployments of .NET applications contain embedded third-party dlls. What do we do about this duplication on disk? There's also the issue that if a security issue is fixed in a library like Newtonsoft.Json, we would need to find a way to rebuild everything that consumes Newtonsoft.Json. Is there a way for an application to use a dynamic-linking or dlopen-style or LoadLibrary-style approach to load the packaged copy of Newtonsoft.Json.dll?
• What sort of paths do we recommend for applications and packagers to install .nupkg, .dll files that are meant to be used by other applications? Where should standalone applications live? (This can only be a very rough recommendation, because every distro has its own policies on paths and install locations).

This is also related to dotnet/core#7443

cc @dotnet/distro-maintainers @leecow @richlander @tmds

[jkotas]

Given a (dependency library's) nuget package, how do we find where the source code is and build it with the same configuration used by the nuget package author to create the nuget package?

The closest thing we have for this today is https://github.com/dotnet/designs/blob/main/accepted/2020/reproducible-builds.md . The basic idea is that the PDB of the binary in nuget package contains list of sources and compiler command line used to build the package that should be enough to allow re-creating the binary.

where should distros place these packages?
How should applications consume these libraries at build time?
What sort of build configuration/flags should we recommend?

How is this done for Java or Python? We should be able to follow the same plan.

[omajid]

Java is probably closest to .NET. The Java guidelines for packaging things in Fedora, for example, live here: https://docs.fedoraproject.org/en-US/packaging-guidelines/Java/

To answer the specific parts:

• Java libraries are placed at /usr/share/java/library-name.jar or /usr/lib/java/library-name.jar depending of whether it's architecture-neutral or architecture specific (path varies across distros, of course)
• Fedora includes a customized version of the java build tool maven called xmvn. This customized version works mostly like the standard tool except it knows to do a couple of distro specific things, like use /usr/share/java as java package repository to find libraries instead of Maven Central.
• Java doesn't really have Debug vs Configuration option. Self-contained also didn't really exist when the Java packaging systems for distros were being designed.

Python guidelines are here: https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/

[richlander]

I like this general idea. It's a question of how to achieve it. While the reproducible builds are a good suggestion, it's definitely not productized and unlikely to be successful w/o cooperation from the library owner.

I propose some complementary ideas:

• Define prescriptive capabilities/requirements for source-buildable apps (and their dependencies).
• Work with common NuGet authors to play nicely with these capabilities/requirements.
• Gate inclusion on being source-buildable per above. This may require cutting off some functionality (IFDEF bad dependencies) to get included in a distro.

I'll be the first to admit that this is hand-wavy. Also, for such a system to work, there needs to be circular influence/feedback. This has the potential to be a big lift. Folks would need to really want this for it to work, including distros, app authors, and library authors. Certainly, it could work.

[mmitche]

@richlander We might be saying the same thing. Basically, if we took a look at the packages on NuGet, which ones are likely to be interesting to our partners, and what are their qualities? For instance, Newtonsoft.Json is interesting because it's an extremely common dependency in the .NET ecosystem. It contains multiple TFMs.

[ericstj]

Removing frameworks and RIDs can change the behavior of the package so it's not always "safe" to do. Back in the 1.0 days we had a switch that let source-build have "partial" packages where any removed configurations were replaced with placeholders - so that it would break the build rather than give someone the "wrong" asset. For example - imagine removing the netstandard2.0 asset but leaving a net45 asset - nuget would fallback to use the net45 asset. Another case would be removing netcoreapp2.0 but leaving netstandard2.0 and net6.0 -> a project targeting netcoreapp2.0 - net5.0 would start to get the netstandard2.0 asset instead of a netcoreapp2.0 asset which it might need. We have projects targeting all different frameworks throughout the stack (even in source build) so we'll need to decide how to handle this.

Technically it's not hard to build for different TFMs in source-build, it's just additional work. We can represent the TFMs with reference packs and the tools used to build them are purely managed. RIDS on the other hand are a different story since the managed components can (and do today) build on any platform, but the native assets require platform specific toolchains. So "worst case" I think we just overbuild the managed side.

I think the "best case" here is we standardize the entire stack on LatestTFM + netstandard2.0 - then we can remove all the other TFMs and not worry about behavior changes as a result. For RIDs we can also drop the assets specific to the RIDs we aren't building - similarly keeping in mind the heirarchy -- for example we might want to keep both linux and rhel when building for rhel.

It'd be nice if we could do this without forcing everyone to adopt changes to their projects. @ViktorHofer might have some ideas since this is similar to tricks we play in the runtime's TargetFramework SDK.

[mmitche]

@ericstj That's interesting insight. Any idea what happened with the placeholder approach?

[ericstj]

I believe it worked well enough, but over time we found so much of the product relied on building for so many different frameworks that we eventually just turned most of the build back on.

[tmds]

RIDs will require special care from the package maintainer as the native assets will either need to be source-build, or the managed library will need to be built so it uses the system provided libraries (for example: make libgit2sharp use system libgit2 instead of libgit2sharp.nativebinaries).

[tmds]

This is also related to dotnet/core#7443

@omajid what is the difference is with that issue? Can we keep a single issue?

[omajid]

I think dotnet/core#7443 is a subset. That issue that talks only about building applications from source/offline. That's a large chunk of this issue, but I wanted to capture the rest of the things that need to be done to onboard .NET applications into linux distros as well.

I am happy to merge this (though I don't know how to) if you think that we should only have one place tracking everything.

[tmds]

For me, the MVP here looks like:

Given a .NET project/solution, fetch all sources of its dependencies, and generate a build script to build the dependencies into a folder of nupkg that I can use to build the project/solution.

The sources and build script can then be used by a package maintainer to package up the app further.

[richlander]

That's a good MVP. As @jkotas suggested, we could use the PDB for that purpose. That seems kinda hard and also very indirect to me. It requires restoring the dependencies of the whole app first and then inspecting the PDBs in the nupkgs. Instead, it would be ideal if there was a top-level list of packages w/a link to the source repo.

It occurs to me that Central Package Management is super close to what we want. If we can add a Source property for each package and ask msbuild for that, then we have what we need. Yes?

https://devblogs.microsoft.com/nuget/introducing-central-package-management/

[tmds]

Each nupkg should have a reference to its source repo, ref, and maybe other metadata that describes how the package got built (e.g. .NET project path in the repo).

These sources will need to be downloaded for all dependencies, and the distro package maintainer will include them in the 'src package' that corresponds to the 'app package' he/she is building.

It's important to have the local sources resemble the upstream source repositories to facilitate patching.

The Central Package Management could be used to switch from using 'binary' packages from nuget.org to packages built from source locally.

[ayakael]

Has best practice evolved on this? I packaged powershell for Alpine Linux a year ago, and the newer versions now include more dependencies that are not trivial to build from source. An issue was opened with the upstream team: PowerShell/PowerShell#20143 but indeed I'm not sure how to proceed.

[Conan-Kudo]

We're also running into this with trying to bring Jellyfin into Fedora (rhbz#2238840). It'd be great to see some progress on this front.

cc: @mooninite

[dviererbe]

I mentioned in the last .NET security partners meeting that I am investigating how to solve this issue for Ubuntu. @omajid wrote me an email if I can share ideas or strategies. I thought to answer here in case someone else is interested/want's to provide feedback.

I do not yet have a final solution for this problem. There are still open questions. I tried to organize my random collection of notes and thoughts here:

Overview

My broad idea/plan is to:

1. package some rudimentary NuGet packages that we already built to allow packaging simple .NET apps/libraries

2. create a dotnet-defaults package (similar to other toolchains in Ubuntu).

   This package would provide the following binary packages:

   • dotnet: installs dotnet-sdk-${dotnet:Version}
   • dotnet-sdk: installs dotnet-sdk-${dotnet:Version}
   • dotnet-runtime: installs aspnetcore-runtime-${dotnet:Version}
   • aspnetcore-runtime: installs aspnetcore-runtime-${dotnet:Version}

   These would most likely point to the latest LTS version in the archive, and similar to other toolchains in the archive this would allow building most apps with the recommended version of the distro. Maintainers still have the ability to select a specific version in the archive by simply depending on dotnet-sdk-${version they choose} instead of dotnet-sdk.

3. create a spec for how to package a .NET app/library for Ubuntu, to avoid ending up with multiple competing installation layouts (https://xkcd.com/927/)

4. create a debhelper(7) buildsystem plugin/extension to automate common packaging tasks

5. onboard and maintain a few more essential .NET libraries like Newtonsoft.Json, xUnit, Humanizer, Castle, NUnit, Moq, Poly, etc.

Note

To avoid false expectations. There is no official commitment from Canonical that we actually do that!

Rudimentary NuGet packages we already built

In Ubuntu we have the package dotnet-sdk-X.X-source-built-artifacts (AFAICT a similar package should also exist for RHEL and Fedora). This contains NuGet packages from the previous .NET SDK built and is usually just used for bootstrapping a .NET SDK build.

Currently, the Ubuntu package contains a tarball, which contains the NuGet packages and is installed at /usr/lib/dotnet/source-built-artifacts/.

For example, here is the content of the latest .NET 9 tarball (/usr/lib/dotnet/source-built-artifacts/Private.SourceBuilt.Artifacts.9.0.104-servicing.25113.1.ubuntu.24.04-x64.tar.gz):

├── csc.Symbols.4.12.0-3.25105.5.nupkg
├── csi.Symbols.4.12.0-3.25105.5.nupkg
├── dotnet-dev-certs.9.0.3-servicing.25112.20.nupkg
├── dotnet-sourcelink.9.0.0-beta.24617.1.nupkg
├── dotnet-user-jwts.9.0.3-servicing.25112.20.nupkg
├── dotnet-user-secrets.9.0.3-servicing.25112.20.nupkg
├── FSharp.NET.Sdk.1.0.4-bundled-0100.nupkg
├── Humanizer.Core.2.14.1.nupkg
├── Microsoft.ApplicationInsights.2.22.0.nupkg
├── Microsoft.Arcade.Common.9.0.0-beta.25077.4.nupkg
├── Microsoft.AspNetCore.Analyzers.9.0.3-servicing.25112.20.nupkg
├── Microsoft.AspNetCore.App.Ref.9.0.3.nupkg
├── Microsoft.AspNetCore.App.Runtime.ubuntu.24.04-x64.9.0.3.nupkg
├── Microsoft.AspNetCore.Authorization.9.0.3.nupkg
├── Microsoft.AspNetCore.Components.9.0.3.nupkg
├── Microsoft.AspNetCore.Components.Analyzers.9.0.3.nupkg
├── Microsoft.AspNetCore.Components.Authorization.9.0.3.nupkg
├── Microsoft.AspNetCore.Components.Forms.9.0.3.nupkg
├── Microsoft.AspNetCore.Components.SdkAnalyzers.9.0.3-servicing.25112.20.nupkg
├── Microsoft.AspNetCore.Components.Web.9.0.3.nupkg
├── Microsoft.AspNetCore.Connections.Abstractions.9.0.3.nupkg
├── Microsoft.AspNetCore.Cryptography.Internal.9.0.3.nupkg
├── Microsoft.AspNetCore.Cryptography.KeyDerivation.9.0.3.nupkg
├── Microsoft.AspNetCore.DataProtection.9.0.3.nupkg
├── Microsoft.AspNetCore.DataProtection.Abstractions.9.0.3.nupkg
├── Microsoft.AspNetCore.DataProtection.Extensions.9.0.3.nupkg
├── Microsoft.AspNetCore.DeveloperCertificates.XPlat.9.0.3-servicing.25112.20.nupkg
├── Microsoft.AspNetCore.Http.Connections.Common.9.0.3.nupkg
├── Microsoft.AspNetCore.Metadata.9.0.3.nupkg
├── Microsoft.AspNetCore.Mvc.Analyzers.9.0.3-servicing.25112.20.nupkg
├── Microsoft.AspNetCore.Mvc.Api.Analyzers.9.0.3-servicing.25112.20.nupkg
├── Microsoft.AspNetCore.Mvc.Razor.Extensions.Tooling.Internal.9.0.0-preview.25104.3.nupkg
├── Microsoft.AspNetCore.SignalR.Common.9.0.3.nupkg
├── Microsoft.AspNetCore.SignalR.Protocols.Json.9.0.3.nupkg
├── Microsoft.AspNetCore.WebUtilities.9.0.3.nupkg
├── Microsoft.Bcl.AsyncInterfaces.9.0.3.nupkg
├── Microsoft.Bcl.Cryptography.9.0.3.nupkg
├── Microsoft.Bcl.Memory.9.0.3.nupkg
├── Microsoft.Bcl.Numerics.9.0.3.nupkg
├── Microsoft.Bcl.TimeProvider.9.0.3.nupkg
├── Microsoft.Build.17.12.27.nupkg
├── Microsoft.Build.Framework.17.12.27.nupkg
├── Microsoft.Build.Localization.17.12.27-preview-25106-01.nupkg
├── Microsoft.Build.Locator.1.6.10.nupkg
├── Microsoft.Build.NuGetSdkResolver.6.12.2-rc.32767.nupkg
├── Microsoft.Build.Runtime.17.12.27.nupkg
├── Microsoft.Build.StandardCI.9.0.0-beta.24617.1.nupkg
├── Microsoft.Build.Tasks.Core.17.12.27.nupkg
├── Microsoft.Build.Tasks.Git.9.0.0-beta.24617.1.nupkg
├── Microsoft.Build.Utilities.Core.17.12.27.nupkg
├── Microsoft.CodeAnalysis.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Analyzers.3.11.0-beta1.25076.3.nupkg
├── Microsoft.CodeAnalysis.AnalyzerUtilities.3.11.0-beta1.25076.3.nupkg
├── Microsoft.CodeAnalysis.Build.Tasks.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CodeStyle.Fixes.Symbols.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CodeStyle.Symbols.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Common.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.CodeStyle.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.CodeStyle.Symbols.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.Features.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.Scripting.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.CSharp.Workspaces.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.ExternalAccess.AspNetCore.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.ExternalAccess.OmniSharp.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.ExternalAccess.OmniSharp.CSharp.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.ExternalAccess.RazorCompiler.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Features.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.NetAnalyzers.9.0.0-preview.25076.3.nupkg
├── Microsoft.CodeAnalysis.Razor.Tooling.Internal.9.0.0-preview.25104.3.nupkg
├── Microsoft.CodeAnalysis.Scripting.Common.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.VisualBasic.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.VisualBasic.CodeStyle.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.VisualBasic.CodeStyle.Symbols.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.VisualBasic.Features.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.VisualBasic.Workspaces.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Workspaces.Common.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Workspaces.MSBuild.4.12.0-3.25105.5.nupkg
├── Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.Symbols.4.12.0-3.25105.5.nupkg
├── Microsoft.Css.Parser.1.0.0-20230414.1.nupkg
├── Microsoft.Deployment.DotNet.Releases.2.0.0-rtm.1.25059.4.nupkg
├── Microsoft.Diagnostics.NETCore.Client.0.2.0-preview.24416.1.nupkg
├── Microsoft.DiaSymReader.2.2.0-beta.24327.2.nupkg
├── Microsoft.DotNet.ApiCompat.Task.9.0.104.nupkg
├── Microsoft.DotNet.Arcade.Sdk.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Archives.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Feed.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Installers.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Packaging.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.TargetFramework.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Templating.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Build.Tasks.Workloads.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Cecil.0.11.5-alpha.25102.5.nupkg
├── Microsoft.DotNet.Cli.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.Cli.Sln.Internal.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.Cli.Utils.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.CMake.Sdk.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.CodeAnalysis.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Common.ItemTemplates.9.0.104.nupkg
├── Microsoft.DotNet.Common.ProjectTemplates.9.0.9.0.104.nupkg
├── Microsoft.DotNet.Configurer.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.GenFacades.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.ILCompiler.9.0.3.nupkg
├── Microsoft.DotNet.InternalAbstractions.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.MSBuildSdkResolver.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.NuGetRepack.Tasks.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.PackageTesting.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.ScenarioTests.SdkTemplateTests.9.0.0-preview.25102.1.nupkg
├── Microsoft.DotNet.SharedFramework.Sdk.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.SignTool.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.SourceBuild.Tasks.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Tar.9.0.0-beta.25077.4.nupkg
├── microsoft.dotnet.templateLocator.9.0.104-servicing.25113.1.nupkg
├── Microsoft.DotNet.Test.ProjectTemplates.9.0.1.1.0-rtm.24606.1.nupkg
├── Microsoft.DotNet.VersionTools.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.VersionTools.Cli.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.VersionTools.Tasks.9.0.0-beta.25077.4.nupkg
├── Microsoft.DotNet.Web.Client.ItemTemplates.9.0.3.nupkg
├── Microsoft.DotNet.Web.ItemTemplates.9.0.9.0.3.nupkg
├── Microsoft.DotNet.Web.ProjectTemplates.9.0.9.0.3.nupkg
├── Microsoft.DotNet.XliffTasks.9.0.0-beta.25077.4.nupkg
├── Microsoft.Extensions.Caching.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Caching.Memory.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.Binder.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.CommandLine.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.EnvironmentVariables.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.FileExtensions.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.Ini.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.Json.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.KeyPerFile.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.UserSecrets.9.0.3.nupkg
├── Microsoft.Extensions.Configuration.Xml.9.0.3.nupkg
├── Microsoft.Extensions.DependencyInjection.9.0.3.nupkg
├── Microsoft.Extensions.DependencyInjection.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.DependencyModel.9.0.3.nupkg
├── Microsoft.Extensions.Diagnostics.9.0.3.nupkg
├── Microsoft.Extensions.Diagnostics.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Diagnostics.HealthChecks.9.0.3.nupkg
├── Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Features.9.0.3.nupkg
├── Microsoft.Extensions.FileProviders.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.FileProviders.Composite.9.0.3.nupkg
├── Microsoft.Extensions.FileProviders.Embedded.9.0.3.nupkg
├── Microsoft.Extensions.FileProviders.Physical.9.0.3.nupkg
├── Microsoft.Extensions.FileSystemGlobbing.9.0.3.nupkg
├── Microsoft.Extensions.HostFactoryResolver.Sources.9.0.3-servicing.25111.13.nupkg
├── Microsoft.Extensions.Hosting.9.0.3.nupkg
├── Microsoft.Extensions.Hosting.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Hosting.Systemd.9.0.3.nupkg
├── Microsoft.Extensions.Hosting.WindowsServices.9.0.3.nupkg
├── Microsoft.Extensions.Http.9.0.3.nupkg
├── Microsoft.Extensions.Identity.Core.9.0.3.nupkg
├── Microsoft.Extensions.Identity.Stores.9.0.3.nupkg
├── Microsoft.Extensions.Localization.9.0.3.nupkg
├── Microsoft.Extensions.Localization.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Logging.9.0.3.nupkg
├── Microsoft.Extensions.Logging.Abstractions.9.0.3.nupkg
├── Microsoft.Extensions.Logging.Configuration.9.0.3.nupkg
├── Microsoft.Extensions.Logging.Console.9.0.3.nupkg
├── Microsoft.Extensions.Logging.Debug.9.0.3.nupkg
├── Microsoft.Extensions.Logging.EventLog.9.0.3.nupkg
├── Microsoft.Extensions.Logging.EventSource.9.0.3.nupkg
├── Microsoft.Extensions.Logging.TraceSource.9.0.3.nupkg
├── Microsoft.Extensions.ObjectPool.9.0.3.nupkg
├── Microsoft.Extensions.Options.9.0.3.nupkg
├── Microsoft.Extensions.Options.ConfigurationExtensions.9.0.3.nupkg
├── Microsoft.Extensions.Options.DataAnnotations.9.0.3.nupkg
├── Microsoft.Extensions.Primitives.9.0.3.nupkg
├── Microsoft.Extensions.WebEncoders.9.0.3.nupkg
├── Microsoft.FSharp.Compiler.12.9.101-beta.25070.7.nupkg
├── Microsoft.IdentityModel.Abstractions.8.0.1.nupkg
├── Microsoft.IdentityModel.JsonWebTokens.8.0.1.nupkg
├── Microsoft.IdentityModel.Logging.8.0.1.nupkg
├── Microsoft.IdentityModel.Tokens.8.0.1.nupkg
├── Microsoft.Internal.Runtime.AspNetCore.Transport.9.0.3-servicing.25111.13.nupkg
├── Microsoft.Internal.Runtime.DotNetApiDocs.Transport.9.0.3-servicing.25111.13.nupkg
├── Microsoft.Internal.Runtime.WindowsDesktop.Transport.9.0.3-servicing.25111.13.nupkg
├── Microsoft.JSInterop.9.0.3.nupkg
├── Microsoft.NET.Build.Containers.9.0.104.nupkg
├── Microsoft.NET.Build.Extensions.9.0.104-servicing.25113.1.nupkg
├── Microsoft.Net.Compilers.Toolset.4.12.0-3.25105.5.nupkg
├── Microsoft.NETCore.App.Crossgen2.ubuntu.24.04-x64.9.0.3.nupkg
├── Microsoft.NETCore.App.Host.ubuntu.24.04-x64.9.0.3.nupkg
├── Microsoft.NETCore.App.Ref.9.0.3.nupkg
├── Microsoft.NETCore.App.Runtime.ubuntu.24.04-x64.9.0.3.nupkg
├── Microsoft.NETCore.DotNetAppHost.9.0.3.nupkg
├── Microsoft.NETCore.ILAsm.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NETCore.ILDAsm.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NETCore.Platforms.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NETCore.TestHost.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NET.HostModel.9.0.3-servicing.25111.13.nupkg
├── Microsoft.Net.Http.Headers.9.0.3.nupkg
├── Microsoft.NET.ILLink.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NET.ILLink.Tasks.9.0.3.nupkg
├── Microsoft.NET.Sdk.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Aspire.Manifest-8.0.100.8.2.2.nupkg
├── Microsoft.NET.Sdk.BlazorWebAssembly.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.IL.9.0.3-servicing.25111.13.nupkg
├── Microsoft.NET.Sdk.Publish.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Razor.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Razor.SourceGenerators.Transport.9.0.0-preview.25104.3.nupkg
├── Microsoft.NET.Sdk.StaticWebAssets.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Web.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.WebAssembly.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Web.ProjectSystem.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.Worker.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.WorkloadManifestReader.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.Sdk.WorkloadMSBuildSdkResolver.9.0.104-servicing.25113.1.nupkg
├── Microsoft.NET.StringTools.17.12.27.nupkg
├── Microsoft.NET.WebAssembly.Threading.9.0.3.nupkg
├── Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport.9.0.3-servicing.25105.2.nupkg
├── Microsoft.NET.Workload.Emscripten.net6.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Emscripten.net7.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Emscripten.net8.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Mono.ToolChain.Current.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Mono.ToolChain.net6.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Mono.ToolChain.net7.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.NET.Workload.Mono.ToolChain.net8.Manifest-9.0.100.9.0.3.nupkg
├── Microsoft.SourceLink.AzureDevOpsServer.Git.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.AzureRepos.Git.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.Bitbucket.Git.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.Common.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.Gitea.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.Gitee.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.GitHub.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.GitLab.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.GitWeb.9.0.0-beta.24617.1.nupkg
├── Microsoft.SourceLink.Tools.9.0.0-beta.24617.1.nupkg
├── Microsoft.TemplateEngine.Abstractions.9.0.104.nupkg
├── Microsoft.TemplateEngine.Cli.9.0.104-servicing.25113.1.nupkg
├── Microsoft.TemplateEngine.Core.9.0.104.nupkg
├── Microsoft.TemplateEngine.Core.Contracts.9.0.104.nupkg
├── Microsoft.TemplateEngine.Edge.9.0.104.nupkg
├── Microsoft.TemplateEngine.IDE.9.0.104.nupkg
├── Microsoft.TemplateEngine.Orchestrator.RunnableProjects.9.0.104.nupkg
├── Microsoft.TemplateEngine.Samples.9.0.104.nupkg
├── Microsoft.TemplateEngine.Utils.9.0.104.nupkg
├── Microsoft.TemplateSearch.Common.9.0.104.nupkg
├── Microsoft.TestPlatform.Build.17.12.0-release-24508-01.nupkg
├── Microsoft.TestPlatform.CLI.17.12.0-release-24508-01.nupkg
├── Microsoft.VisualStudio.SolutionPersistence.1.0.28.nupkg
├── Microsoft.Web.Xdt.10.0.0-preview.24609.2.nupkg
├── Microsoft.Win32.Registry.AccessControl.9.0.3.nupkg
├── Microsoft.Win32.SystemEvents.9.0.3.nupkg
├── Microsoft.XmlSerializer.Generator.9.0.3.nupkg
├── Newtonsoft.Json.13.0.3.nupkg
├── NuGet.Build.Tasks.6.12.2-rc.32767.nupkg
├── NuGet.Build.Tasks.Console.6.12.2-rc.32767.nupkg
├── NuGet.Build.Tasks.Pack.6.12.2-rc.32767.nupkg
├── NuGet.CommandLine.XPlat.6.12.2-rc.32767.nupkg
├── NuGet.Commands.6.12.2-rc.32767.nupkg
├── NuGet.Common.6.12.2-rc.32767.nupkg
├── NuGet.Configuration.6.12.2-rc.32767.nupkg
├── NuGet.Credentials.6.12.2-rc.32767.nupkg
├── NuGet.DependencyResolver.Core.6.12.2-rc.32767.nupkg
├── NuGet.Frameworks.6.12.2-rc.32767.nupkg
├── NuGet.LibraryModel.6.12.2-rc.32767.nupkg
├── NuGet.PackageManagement.6.12.2-rc.32767.nupkg
├── NuGet.Packaging.6.12.2-rc.32767.nupkg
├── NuGet.ProjectModel.6.12.2-rc.32767.nupkg
├── NuGet.Protocol.6.12.2-rc.32767.nupkg
├── NuGet.Resolver.6.12.2-rc.32767.nupkg
├── NuGet.Versioning.6.12.2-rc.32767.nupkg
├── PackageVersions.props
├── Roslyn.Diagnostics.Analyzers.3.11.0-beta1.25076.3.nupkg
├── runtime.native.System.IO.Ports.9.0.3.nupkg
├── runtime.ubuntu.24.04-x64.Microsoft.DotNet.ILCompiler.9.0.3.nupkg
├── runtime.ubuntu.24.04-x64.Microsoft.NETCore.DotNetAppHost.9.0.3.nupkg
├── runtime.ubuntu.24.04-x64.Microsoft.NETCore.ILAsm.9.0.3-servicing.25111.13.nupkg
├── runtime.ubuntu.24.04-x64.Microsoft.NETCore.ILDAsm.9.0.3-servicing.25111.13.nupkg
├── runtime.ubuntu.24.04-x64.Microsoft.NETCore.TestHost.9.0.3-servicing.25111.13.nupkg
├── SourceBuildReferencePackages
│   ├── Humanizer.Core.2.2.0.nupkg
│   ├── MicroBuild.Core.0.3.0.nupkg
│   ├── Microsoft.AspNetCore.App.Ref.6.0.2.nupkg
│   ├── Microsoft.AspNetCore.App.Ref.8.0.0.nupkg
│   ├── Microsoft.Bcl.AsyncInterfaces.5.0.0.nupkg
│   ├── Microsoft.Bcl.AsyncInterfaces.6.0.0.nupkg
│   ├── Microsoft.Bcl.AsyncInterfaces.7.0.0.nupkg
│   ├── Microsoft.Bcl.AsyncInterfaces.8.0.0.nupkg
│   ├── Microsoft.Bcl.HashCode.1.1.1.nupkg
│   ├── Microsoft.Bcl.HashCode.6.0.0.nupkg
│   ├── Microsoft.Build.15.7.179.nupkg
│   ├── Microsoft.Build.17.3.4.nupkg
│   ├── Microsoft.Build.17.8.3.nupkg
│   ├── Microsoft.Build.Framework.15.7.179.nupkg
│   ├── Microsoft.Build.Framework.16.8.0.nupkg
│   ├── Microsoft.Build.Framework.17.3.4.nupkg
│   ├── Microsoft.Build.Framework.17.4.0.nupkg
│   ├── Microsoft.Build.Framework.17.8.3.nupkg
│   ├── Microsoft.Build.NoTargets.3.7.0.nupkg
│   ├── Microsoft.Build.Tasks.Core.16.8.0.nupkg
│   ├── Microsoft.Build.Tasks.Core.17.3.4.nupkg
│   ├── Microsoft.Build.Tasks.Core.17.4.0.nupkg
│   ├── Microsoft.Build.Tasks.Core.17.8.3.nupkg
│   ├── Microsoft.Build.Traversal.3.4.0.nupkg
│   ├── Microsoft.Build.Utilities.Core.15.7.179.nupkg
│   ├── Microsoft.Build.Utilities.Core.16.8.0.nupkg
│   ├── Microsoft.Build.Utilities.Core.17.3.4.nupkg
│   ├── Microsoft.Build.Utilities.Core.17.4.0.nupkg
│   ├── Microsoft.Build.Utilities.Core.17.8.3.nupkg
│   ├── Microsoft.CodeAnalysis.Collections.4.2.0-1.22102.8.nupkg
│   ├── Microsoft.CodeAnalysis.Common.3.11.0.nupkg
│   ├── Microsoft.CodeAnalysis.Common.4.0.1.nupkg
│   ├── Microsoft.CodeAnalysis.Common.4.1.0.nupkg
│   ├── Microsoft.CodeAnalysis.CSharp.3.11.0.nupkg
│   ├── Microsoft.CodeAnalysis.CSharp.4.0.1.nupkg
│   ├── Microsoft.CodeAnalysis.CSharp.Workspaces.3.11.0.nupkg
│   ├── Microsoft.CodeAnalysis.VisualBasic.3.11.0.nupkg
│   ├── Microsoft.CodeAnalysis.VisualBasic.4.0.1.nupkg
│   ├── Microsoft.CodeAnalysis.VisualBasic.Workspaces.3.11.0.nupkg
│   ├── Microsoft.CodeAnalysis.Workspaces.Common.3.11.0.nupkg
│   ├── Microsoft.CSharp.4.3.0.nupkg
│   ├── Microsoft.CSharp.4.7.0.nupkg
│   ├── Microsoft.Docker.Sdk.1.1.0.nupkg
│   ├── Microsoft.Extensions.CommandLineUtils.Sources.3.0.0-preview6.19253.5.nupkg
│   ├── Microsoft.Extensions.DependencyInjection.Abstractions.8.0.0.nupkg
│   ├── Microsoft.Extensions.DependencyModel.6.0.0.nupkg
│   ├── Microsoft.Extensions.FileProviders.Abstractions.6.0.0.nupkg
│   ├── Microsoft.Extensions.FileSystemGlobbing.6.0.0.nupkg
│   ├── Microsoft.Extensions.Logging.Abstractions.6.0.4.nupkg
│   ├── Microsoft.Extensions.Logging.Abstractions.8.0.0.nupkg
│   ├── Microsoft.Extensions.Primitives.6.0.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.3.0.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.3.1.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.5.0.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.6.0.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.6.0.2.nupkg
│   ├── Microsoft.NETCore.App.Ref.7.0.0.nupkg
│   ├── Microsoft.NETCore.App.Ref.8.0.0.nupkg
│   ├── Microsoft.NETCore.Platforms.1.0.1.nupkg
│   ├── Microsoft.NETCore.Platforms.1.1.0.nupkg
│   ├── Microsoft.NETCore.Platforms.1.1.1.nupkg
│   ├── Microsoft.NETCore.Platforms.3.1.0.nupkg
│   ├── Microsoft.NETCore.Platforms.3.1.4.nupkg
│   ├── Microsoft.NETCore.Platforms.5.0.0.nupkg
│   ├── Microsoft.NETCore.Targets.1.0.1.nupkg
│   ├── Microsoft.NETCore.Targets.1.1.0.nupkg
│   ├── Microsoft.NETCore.Targets.1.1.3.nupkg
│   ├── Microsoft.NETCore.Targets.2.1.0.nupkg
│   ├── Microsoft.NET.StringTools.17.3.4.nupkg
│   ├── Microsoft.NET.StringTools.17.4.0.nupkg
│   ├── Microsoft.NET.StringTools.17.8.3.nupkg
│   ├── Microsoft.Private.Intellisense.8.0.0-preview-20230918.1.nupkg
│   ├── Microsoft.Private.Intellisense.9.0.0-preview-20240830.1.nupkg
│   ├── Microsoft.Private.Intellisense.9.0.0-preview-20240916.1.nupkg
│   ├── Microsoft.Private.Intellisense.9.0.0-preview-20241010.1.nupkg
│   ├── Microsoft.VisualBasic.10.3.0.nupkg
│   ├── Microsoft.Win32.Primitives.4.3.0.nupkg
│   ├── Microsoft.Win32.Registry.4.0.0.nupkg
│   ├── Microsoft.Win32.Registry.4.3.0.nupkg
│   ├── Microsoft.Win32.Registry.5.0.0.nupkg
│   ├── Microsoft.Win32.SystemEvents.4.7.0.nupkg
│   ├── Microsoft.Win32.SystemEvents.6.0.0.nupkg
│   ├── Microsoft.Win32.SystemEvents.7.0.0.nupkg
│   ├── NETStandard.Library.1.6.1.nupkg
│   ├── NETStandard.Library.2.0.1.nupkg
│   ├── NETStandard.Library.2.0.3.nupkg
│   ├── NETStandard.Library.NETFramework.2.0.1-servicing-26011-01.nupkg
│   ├── NETStandard.Library.Ref.2.1.0.nupkg
│   ├── NuGet.Commands.6.11.0.nupkg
│   ├── NuGet.Common.6.11.0.nupkg
│   ├── NuGet.Common.6.8.1.nupkg
│   ├── NuGet.Configuration.6.11.0.nupkg
│   ├── NuGet.Configuration.6.8.1.nupkg
│   ├── NuGet.Credentials.6.11.0.nupkg
│   ├── NuGet.Credentials.6.8.1.nupkg
│   ├── NuGet.DependencyResolver.Core.6.11.0.nupkg
│   ├── NuGet.Frameworks.6.11.0.nupkg
│   ├── NuGet.Frameworks.6.8.1.nupkg
│   ├── NuGet.LibraryModel.6.11.0.nupkg
│   ├── NuGet.Packaging.6.11.0.nupkg
│   ├── NuGet.Packaging.6.8.1.nupkg
│   ├── NuGet.ProjectModel.6.11.0.nupkg
│   ├── NuGet.Protocol.6.11.0.nupkg
│   ├── NuGet.Protocol.6.8.1.nupkg
│   ├── NuGet.Versioning.6.11.0.nupkg
│   ├── NuGet.Versioning.6.8.1.nupkg
│   ├── System.AppContext.4.1.0.nupkg
│   ├── System.AppContext.4.3.0.nupkg
│   ├── System.Buffers.4.3.0.nupkg
│   ├── System.Buffers.4.4.0.nupkg
│   ├── System.Buffers.4.5.0.nupkg
│   ├── System.Buffers.4.5.1.nupkg
│   ├── System.Buffers.4.6.0.nupkg
│   ├── System.CodeDom.4.4.0.nupkg
│   ├── System.CodeDom.6.0.0.nupkg
│   ├── System.CodeDom.7.0.0.nupkg
│   ├── System.Collections.4.0.11.nupkg
│   ├── System.Collections.4.3.0.nupkg
│   ├── System.Collections.Concurrent.4.0.12.nupkg
│   ├── System.Collections.Concurrent.4.3.0.nupkg
│   ├── System.Collections.Immutable.1.2.0.nupkg
│   ├── System.Collections.Immutable.1.3.0.nupkg
│   ├── System.Collections.Immutable.1.3.1.nupkg
│   ├── System.Collections.Immutable.1.5.0.nupkg
│   ├── System.Collections.Immutable.5.0.0.nupkg
│   ├── System.Collections.Immutable.6.0.0.nupkg
│   ├── System.Collections.Immutable.7.0.0.nupkg
│   ├── System.Collections.Immutable.8.0.0.nupkg
│   ├── System.ComponentModel.4.3.0.nupkg
│   ├── System.ComponentModel.Annotations.5.0.0.nupkg
│   ├── System.Composition.AttributedModel.1.0.31.nupkg
│   ├── System.Composition.Convention.1.0.31.nupkg
│   ├── System.Composition.Hosting.1.0.31.nupkg
│   ├── System.Composition.Runtime.1.0.31.nupkg
│   ├── System.Composition.TypedParts.1.0.31.nupkg
│   ├── System.Configuration.ConfigurationManager.6.0.0.nupkg
│   ├── System.Configuration.ConfigurationManager.7.0.0.nupkg
│   ├── System.Console.4.3.0.nupkg
│   ├── System.Diagnostics.Debug.4.0.11.nupkg
│   ├── System.Diagnostics.Debug.4.3.0.nupkg
│   ├── System.Diagnostics.DiagnosticSource.4.3.0.nupkg
│   ├── System.Diagnostics.DiagnosticSource.5.0.0.nupkg
│   ├── System.Diagnostics.DiagnosticSource.8.0.0.nupkg
│   ├── System.Diagnostics.EventLog.5.0.0.nupkg
│   ├── System.Diagnostics.EventLog.7.0.0.nupkg
│   ├── System.Diagnostics.FileVersionInfo.4.3.0.nupkg
│   ├── System.Diagnostics.Tools.4.3.0.nupkg
│   ├── System.Diagnostics.TraceSource.4.0.0.nupkg
│   ├── System.Diagnostics.Tracing.4.1.0.nupkg
│   ├── System.Diagnostics.Tracing.4.3.0.nupkg
│   ├── System.Drawing.Common.4.7.2.nupkg
│   ├── System.Drawing.Common.6.0.0.nupkg
│   ├── System.Drawing.Common.7.0.0.nupkg
│   ├── System.Dynamic.Runtime.4.0.11.nupkg
│   ├── System.Dynamic.Runtime.4.3.0.nupkg
│   ├── System.Formats.Asn1.5.0.0.nupkg
│   ├── System.Formats.Asn1.6.0.1.nupkg
│   ├── System.Formats.Asn1.7.0.0.nupkg
│   ├── System.Formats.Asn1.8.0.0.nupkg
│   ├── System.Globalization.4.0.11.nupkg
│   ├── System.Globalization.4.3.0.nupkg
│   ├── System.Globalization.Calendars.4.3.0.nupkg
│   ├── System.IO.4.1.0.nupkg
│   ├── System.IO.4.3.0.nupkg
│   ├── System.IO.Compression.4.3.0.nupkg
│   ├── System.IO.Compression.ZipFile.4.3.0.nupkg
│   ├── System.IO.FileSystem.4.0.1.nupkg
│   ├── System.IO.FileSystem.4.3.0.nupkg
│   ├── System.IO.FileSystem.AccessControl.5.0.0.nupkg
│   ├── System.IO.FileSystem.Primitives.4.0.1.nupkg
│   ├── System.IO.FileSystem.Primitives.4.3.0.nupkg
│   ├── System.IO.Pipelines.5.0.1.nupkg
│   ├── System.Linq.4.1.0.nupkg
│   ├── System.Linq.4.3.0.nupkg
│   ├── System.Linq.Expressions.4.1.0.nupkg
│   ├── System.Linq.Expressions.4.3.0.nupkg
│   ├── System.Memory.4.5.3.nupkg
│   ├── System.Memory.4.5.4.nupkg
│   ├── System.Memory.4.5.5.nupkg
│   ├── System.Memory.4.6.0.nupkg
│   ├── System.Net.Http.4.3.0.nupkg
│   ├── System.Net.Primitives.4.3.0.nupkg
│   ├── System.Net.Sockets.4.3.0.nupkg
│   ├── System.Numerics.Vectors.4.4.0.nupkg
│   ├── System.Numerics.Vectors.4.5.0.nupkg
│   ├── System.Numerics.Vectors.4.6.0.nupkg
│   ├── System.ObjectModel.4.0.12.nupkg
│   ├── System.ObjectModel.4.3.0.nupkg
│   ├── System.Reflection.4.1.0.nupkg
│   ├── System.Reflection.4.3.0.nupkg
│   ├── System.Reflection.Emit.4.0.1.nupkg
│   ├── System.Reflection.Emit.4.3.0.nupkg
│   ├── System.Reflection.Emit.4.7.0.nupkg
│   ├── System.Reflection.Emit.ILGeneration.4.0.1.nupkg
│   ├── System.Reflection.Emit.ILGeneration.4.3.0.nupkg
│   ├── System.Reflection.Emit.ILGeneration.4.7.0.nupkg
│   ├── System.Reflection.Emit.Lightweight.4.0.1.nupkg
│   ├── System.Reflection.Emit.Lightweight.4.3.0.nupkg
│   ├── System.Reflection.Extensions.4.0.1.nupkg
│   ├── System.Reflection.Extensions.4.3.0.nupkg
│   ├── System.Reflection.Metadata.1.3.0.nupkg
│   ├── System.Reflection.Metadata.1.4.1.nupkg
│   ├── System.Reflection.Metadata.1.6.0.nupkg
│   ├── System.Reflection.Metadata.5.0.0.nupkg
│   ├── System.Reflection.Metadata.6.0.0.nupkg
│   ├── System.Reflection.Metadata.7.0.0.nupkg
│   ├── System.Reflection.Metadata.8.0.0.nupkg
│   ├── System.Reflection.MetadataLoadContext.6.0.0.nupkg
│   ├── System.Reflection.MetadataLoadContext.7.0.0.nupkg
│   ├── System.Reflection.Primitives.4.0.1.nupkg
│   ├── System.Reflection.Primitives.4.3.0.nupkg
│   ├── System.Reflection.TypeExtensions.4.1.0.nupkg
│   ├── System.Reflection.TypeExtensions.4.3.0.nupkg
│   ├── System.Resources.Extensions.4.6.0.nupkg
│   ├── System.Resources.Extensions.6.0.0.nupkg
│   ├── System.Resources.Extensions.7.0.0.nupkg
│   ├── System.Resources.ResourceManager.4.0.1.nupkg
│   ├── System.Resources.ResourceManager.4.3.0.nupkg
│   ├── System.Runtime.4.1.0.nupkg
│   ├── System.Runtime.4.3.0.nupkg
│   ├── System.Runtime.CompilerServices.Unsafe.4.5.2.nupkg
│   ├── System.Runtime.CompilerServices.Unsafe.4.5.3.nupkg
│   ├── System.Runtime.CompilerServices.Unsafe.5.0.0.nupkg
│   ├── System.Runtime.CompilerServices.Unsafe.6.0.0.nupkg
│   ├── System.Runtime.CompilerServices.Unsafe.6.1.0.nupkg
│   ├── System.Runtime.Extensions.4.1.0.nupkg
│   ├── System.Runtime.Extensions.4.3.0.nupkg
│   ├── System.Runtime.Handles.4.0.1.nupkg
│   ├── System.Runtime.Handles.4.3.0.nupkg
│   ├── System.Runtime.InteropServices.4.1.0.nupkg
│   ├── System.Runtime.InteropServices.4.3.0.nupkg
│   ├── System.Runtime.InteropServices.RuntimeInformation.4.0.0.nupkg
│   ├── System.Runtime.InteropServices.RuntimeInformation.4.3.0.nupkg
│   ├── System.Runtime.Loader.4.0.0.nupkg
│   ├── System.Runtime.Numerics.4.3.0.nupkg
│   ├── System.Runtime.Serialization.Primitives.4.1.1.nupkg
│   ├── System.Security.AccessControl.4.7.0.nupkg
│   ├── System.Security.AccessControl.5.0.0.nupkg
│   ├── System.Security.AccessControl.6.0.0.nupkg
│   ├── System.Security.Claims.4.3.0.nupkg
│   ├── System.Security.Cryptography.Algorithms.4.3.0.nupkg
│   ├── System.Security.Cryptography.Algorithms.4.3.1.nupkg
│   ├── System.Security.Cryptography.Cng.4.7.0.nupkg
│   ├── System.Security.Cryptography.Cng.5.0.0.nupkg
│   ├── System.Security.Cryptography.Encoding.4.3.0.nupkg
│   ├── System.Security.Cryptography.Pkcs.4.7.0.nupkg
│   ├── System.Security.Cryptography.Pkcs.6.0.1.nupkg
│   ├── System.Security.Cryptography.Pkcs.6.0.4.nupkg
│   ├── System.Security.Cryptography.Pkcs.7.0.0.nupkg
│   ├── System.Security.Cryptography.Pkcs.7.0.2.nupkg
│   ├── System.Security.Cryptography.Pkcs.8.0.0.nupkg
│   ├── System.Security.Cryptography.Primitives.4.3.0.nupkg
│   ├── System.Security.Cryptography.ProtectedData.4.4.0.nupkg
│   ├── System.Security.Cryptography.ProtectedData.6.0.0.nupkg
│   ├── System.Security.Cryptography.ProtectedData.7.0.0.nupkg
│   ├── System.Security.Cryptography.X509Certificates.4.3.0.nupkg
│   ├── System.Security.Cryptography.Xml.4.7.1.nupkg
│   ├── System.Security.Cryptography.Xml.6.0.1.nupkg
│   ├── System.Security.Cryptography.Xml.7.0.1.nupkg
│   ├── System.Security.Cryptography.Xml.8.0.0.nupkg
│   ├── System.Security.Permissions.4.7.0.nupkg
│   ├── System.Security.Permissions.6.0.0.nupkg
│   ├── System.Security.Permissions.7.0.0.nupkg
│   ├── System.Security.Principal.4.3.0.nupkg
│   ├── System.Security.Principal.Windows.4.7.0.nupkg
│   ├── System.Security.Principal.Windows.5.0.0.nupkg
│   ├── System.Text.Encoding.4.0.11.nupkg
│   ├── System.Text.Encoding.4.3.0.nupkg
│   ├── System.Text.Encoding.CodePages.4.0.1.nupkg
│   ├── System.Text.Encoding.CodePages.4.4.0.nupkg
│   ├── System.Text.Encoding.CodePages.4.5.1.nupkg
│   ├── System.Text.Encoding.CodePages.6.0.0.nupkg
│   ├── System.Text.Encoding.CodePages.7.0.0.nupkg
│   ├── System.Text.Encoding.Extensions.4.0.11.nupkg
│   ├── System.Text.Encoding.Extensions.4.3.0.nupkg
│   ├── System.Text.Encodings.Web.6.0.0.nupkg
│   ├── System.Text.Encodings.Web.7.0.0.nupkg
│   ├── System.Text.Encodings.Web.8.0.0.nupkg
│   ├── System.Text.Json.6.0.0.nupkg
│   ├── System.Text.Json.7.0.3.nupkg
│   ├── System.Text.Json.8.0.3.nupkg
│   ├── System.Text.Json.8.0.4.nupkg
│   ├── System.Text.Json.8.0.5.nupkg
│   ├── System.Text.RegularExpressions.4.3.0.nupkg
│   ├── System.Threading.4.0.11.nupkg
│   ├── System.Threading.4.3.0.nupkg
│   ├── System.Threading.Channels.7.0.0.nupkg
│   ├── System.Threading.Tasks.4.0.11.nupkg
│   ├── System.Threading.Tasks.4.3.0.nupkg
│   ├── System.Threading.Tasks.Dataflow.4.6.0.nupkg
│   ├── System.Threading.Tasks.Dataflow.4.9.0.nupkg
│   ├── System.Threading.Tasks.Dataflow.6.0.0.nupkg
│   ├── System.Threading.Tasks.Dataflow.7.0.0.nupkg
│   ├── System.Threading.Tasks.Extensions.4.3.0.nupkg
│   ├── System.Threading.Tasks.Extensions.4.5.4.nupkg
│   ├── System.Threading.Tasks.Extensions.4.6.0.nupkg
│   ├── System.Threading.Thread.4.0.0.nupkg
│   ├── System.Threading.Thread.4.3.0.nupkg
│   ├── System.Threading.Timer.4.3.0.nupkg
│   ├── System.Windows.Extensions.4.7.0.nupkg
│   ├── System.Windows.Extensions.6.0.0.nupkg
│   ├── System.Windows.Extensions.7.0.0.nupkg
│   ├── System.Xml.ReaderWriter.4.3.0.nupkg
│   ├── System.Xml.XDocument.4.3.0.nupkg
│   ├── Wcwidth.Sources.1.0.0.nupkg
│   └── Wcwidth.Sources.2.0.0.nupkg
├── Spectre.Console.0.48.0.nupkg
├── System.CodeDom.9.0.3.nupkg
├── System.Collections.Immutable.9.0.3.nupkg
├── System.CommandLine.2.0.0-beta4.24326.1.nupkg
├── System.CommandLine.DragonFruit.0.4.0-alpha.24326.1.nupkg
├── System.CommandLine.NamingConventionBinder.2.0.0-beta4.24326.1.nupkg
├── System.CommandLine.Rendering.0.4.0-alpha.24326.1.nupkg
├── System.ComponentModel.Composition.9.0.3.nupkg
├── System.ComponentModel.Composition.Registration.9.0.3.nupkg
├── System.Composition.9.0.3.nupkg
├── System.Composition.AttributedModel.9.0.3.nupkg
├── System.Composition.Convention.9.0.3.nupkg
├── System.Composition.Hosting.9.0.3.nupkg
├── System.Composition.Runtime.9.0.3.nupkg
├── System.Composition.TypedParts.9.0.3.nupkg
├── System.Configuration.ConfigurationManager.9.0.3.nupkg
├── System.Data.Odbc.9.0.3.nupkg
├── System.Data.OleDb.9.0.3.nupkg
├── System.Diagnostics.DiagnosticSource.9.0.3.nupkg
├── System.Diagnostics.EventLog.9.0.3.nupkg
├── System.Diagnostics.PerformanceCounter.9.0.3.nupkg
├── System.DirectoryServices.9.0.3.nupkg
├── System.DirectoryServices.AccountManagement.9.0.3.nupkg
├── System.DirectoryServices.Protocols.9.0.3.nupkg
├── System.Formats.Asn1.9.0.3.nupkg
├── System.Formats.Cbor.9.0.3.nupkg
├── System.Formats.Nrbf.9.0.3.nupkg
├── System.IdentityModel.Tokens.Jwt.8.0.1.nupkg
├── System.IO.Hashing.9.0.3.nupkg
├── System.IO.Packaging.9.0.3.nupkg
├── System.IO.Pipelines.9.0.3.nupkg
├── System.IO.Ports.9.0.3.nupkg
├── System.Management.9.0.3.nupkg
├── System.Memory.Data.9.0.3.nupkg
├── System.Net.Http.Json.9.0.3.nupkg
├── System.Net.Http.WinHttpHandler.9.0.3.nupkg
├── System.Net.ServerSentEvents.9.0.3.nupkg
├── System.Numerics.Tensors.9.0.3.nupkg
├── System.Reflection.Context.9.0.3.nupkg
├── System.Reflection.Metadata.9.0.3.nupkg
├── System.Reflection.MetadataLoadContext.9.0.3.nupkg
├── System.Resources.Extensions.9.0.3.nupkg
├── System.Runtime.Caching.9.0.3.nupkg
├── System.Runtime.Serialization.Formatters.9.0.3.nupkg
├── System.Runtime.Serialization.Schema.9.0.3.nupkg
├── System.Security.Cryptography.Cose.9.0.3.nupkg
├── System.Security.Cryptography.Pkcs.9.0.3.nupkg
├── System.Security.Cryptography.ProtectedData.9.0.3.nupkg
├── System.Security.Cryptography.Xml.9.0.3.nupkg
├── System.Security.Permissions.9.0.3.nupkg
├── System.ServiceModel.Syndication.9.0.3.nupkg
├── System.ServiceProcess.ServiceController.9.0.3.nupkg
├── System.Speech.9.0.3.nupkg
├── System.Text.Encoding.CodePages.9.0.3.nupkg
├── System.Text.Encodings.Web.9.0.3.nupkg
├── System.Text.Json.9.0.3.nupkg
├── System.Threading.AccessControl.9.0.3.nupkg
├── System.Threading.Channels.9.0.3.nupkg
├── System.Threading.RateLimiting.9.0.3.nupkg
├── System.Threading.Tasks.Dataflow.9.0.3.nupkg
├── System.Windows.Extensions.9.0.3.nupkg
├── Valleysoft.DockerCredsProvider.2.2.4.nupkg
├── VBCSCompiler.Symbols.4.12.0-3.25105.5.nupkg
├── vbc.Symbols.4.12.0-3.25105.5.nupkg
├── VerticalManifest.xml
├── xunit.abstractions.2.0.3.nupkg
├── xunit.core.2.4.2.nupkg
├── xunit.extensibility.core.2.4.2.nupkg
├── xunit.extensibility.execution.2.4.2.nupkg
└── xunit.runner.utility.2.4.2.nupkg

Some of these NuGet packages could be packaged into deb packages.
Not all should though. For example, it would probably make sense to package
xunit or Humanizer in a seperate source package. This would open up the
interesting possibility of getting rid of the vendorized
source-build-externals.
Maybe this would even safe a few minutes of build time for the .NET SDK/runtime
as these external dependencies do not necesserily have a new version with every
.NET release. On the other hand, maybe it would make initial bootstrapping
harder.

It would also probably make sense to bundle a few of these NuGet packages into
one deb package. If every NuGet package is packaged individually it would allow
finer granuality what should be installed, but a mainatainer would also need to
specify a lot more packages. Additionally extracting one deb package with many
small NuGet package may be faster than extracting many deb package with one
NuGet package.

Where to place the NuGet package

Where do we place the .nupkg files, so that it will be picked up when running
dotnet restore?

According to this documentation
we can place a NuGet config file at /etc/opt/NuGet/Config as a global config.

In this config file we can specify where we want to install the packages to.
To be compliant with the FHS
it has to be somewhere in /usr/lib. I am currently thinking of something like:

• /usr/lib/nuget
• /usr/lib/nuget/packages
• /usr/lib/nuget/shared
• /usr/lib/dotnet/nuget
• /usr/lib/dotnet/packages
• /usr/lib/dotnet/system-packages

Some of these locations could be used by future .NET versions, so we should
coordinate this with Microsoft to avoid potential conflicts.

An example config file could look like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="System Packages" value="/usr/lib/dotnet/system-packages" />
  </packageSources>
</configuration>

See this documentation
for a reference about NuGet config files.

Patching solution scoped NuGet config files

There are many projects that have a NuGet config files at the .NET solution file
level that clear the package sources.

<packageSources>
  <clear />
  <!-- approved sources by the project -->
</packageSources>

This aims to solve the "It works on my machine" problem where the developers of
the project may have different sources configured. Unfortunately this blocks our
global config file from beeing picked up.

Solution I can see here is

• patching out the <clear />
• patching in the system packagesSource
• restore with dotnet restore -s <packageSource>

Limited functionality

A local package source limits the functionality of the NuGet client compared to
the default "nuget.org" source.

For example, the following command will fail, because the NuGet client can not
query which versions of the package are available:

dotnet add package Microsoft.Extensions.Logging.Console

We have to add the available local version:

dotnet add package Microsoft.Extensions.Logging.Console --version 9.0.3

Maybe we could write a daemon that provides the v3 nuget protocol as a local nuget server via HTTP.

Providing runtime dependencies

Let's assume we have solved all the issues how to build the .NET app.
dotnet publish gives us an directory that contains all the dependencies.

This opens up a new question: What do we do with these dependencies?

1. Embed them in the deb package

Embedding the dependencies in the deb package is probably the easiest option.
We could either copy the .dll files or build with PublishSingleFile set to
true; see
single-file deployment.

BUT it is not really optimal. Every time there is an update to one of the
depenencies we may need to rebuild the app/library and it's reverse dependencies.
This is kind of the equivalent to static linking.

2. Setup symbolic links

We could put the dlls in a known location and simply create symbolics of them
next to the .NET app dll.

3. Use the runtime package store

There exists a feature in the .NET SDK/runtime that is pretty mush what we want.
The Runtime package store.

It allows us to store the dll files in a single place and tell the runtime to
use these dependencies when running a .NET application.
We can tell the .NET runtime the location of the packages by setting the
DOTNET_SHARED_STORE environment variable.

The documentation suggest placing this store at /usr/local/share/dotnet/store.

Additionally we can specify a manifest when publishing a .NET app and the SDK
will trim all dependencies that are already listed in the manifest.

A minimal example workflow to use this would be:

sudo dotnet store --manifest <CSPROJ-FILE> --runtime <RID> --framework <TARGET-FRAMEWORK> --output /usr/local/share/dotnet/store/ --skip-optimization
dotnet publish --manifest /usr/local/share/dotnet/store/<ARCH>/<TARGET-FRAMEWORK>/artifact.xml
DOTNET_SHARED_STORE=/usr/local/share/dotnet/store/ dotnet <App.dll>

We do not need to use the dotnet store command. We can simply put the dll's in the correct location.

Here is an example of a store folder structure:

/usr/local/share/dotnet/store/
└── x64
    └── net9.0
        ├── artifact.xml
        ├── microsoft.extensions.configuration
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Configuration.dll
        ├── microsoft.extensions.configuration.abstractions
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Configuration.Abstractions.dll
        ├── microsoft.extensions.configuration.binder
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Configuration.Binder.dll
        ├── microsoft.extensions.dependencyinjection
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.DependencyInjection.dll
        ├── microsoft.extensions.dependencyinjection.abstractions
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.DependencyInjection.Abstractions.dll
        ├── microsoft.extensions.logging
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Logging.dll
        ├── microsoft.extensions.logging.abstractions
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Logging.Abstractions.dll
        ├── microsoft.extensions.logging.configuration
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Logging.Configuration.dll
        ├── microsoft.extensions.logging.console
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Logging.Console.dll
        ├── microsoft.extensions.options
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Options.dll
        ├── microsoft.extensions.options.configurationextensions
        │   └── 9.0.3
        │       └── lib
        │           └── net9.0
        │               └── Microsoft.Extensions.Options.ConfigurationExtensions.dll
        └── microsoft.extensions.primitives
            └── 9.0.3
                └── lib
                    └── net9.0
                        └── Microsoft.Extensions.Primitives.dll

51 directories, 13 files

Where do we get the dll's from?

Note

This section is purely about the dll's of the .NET source built artifacts.
Getting the dll's of a .NET app/library is trivial.

Getting the NuGet packages was easy, but getting the dll's is a little bit more
involved. I see two options:

1. simpliy unzip the .nupkg. A .nupkg file is just a fancy zip archive.
2. get them from the source built artifacts folder. The .nupkg is was built
   from artifacts you should have on disk when your built of the .NET SDK/runtime
   finished

Self-contained apps

What sort of build configuration/flags should we recommend? Should we tell users to use framework-dependent publishing or self-contained?

I would not recommend to build self-contained .NET apps when packaging them for a distro.

1. Every time there is a security release for the .NET runtime, packaged .NET apps would need to be rebuild.
2. A self-contained app is larger than a framework dependent app due to the embedded .NET runtime. Imagining a future where a package archive contains many packaged .NET apps – this would noticeably increase the storage space needed to store the binary package (in the archive as well as the installed packages on the target system) and bandwidth needed to download these packages.

Challenges with packaging runtime NuGet packages

Note

This section is a bit deb packaging specific, but you may have similar issues
in your distro.

I spent a bit of time looking into how to package the runtime NuGet packages, e.g.

• Microsoft.AspNetCore.App.Runtime.ubuntu.24.04-x64.9.0.3.nupkg
• Microsoft.NETCore.App.Crossgen2.ubuntu.24.04-x64.9.0.3.nupkg
• Microsoft.NETCore.App.Host.ubuntu.24.04-x64.9.0.3.nupkg
• Microsoft.NETCore.App.Ref.9.0.3.nupkg
• Microsoft.NETCore.App.Runtime.ubuntu.24.04-x64.9.0.3.nupkg
• runtime.ubuntu.24.04-x64.Microsoft.DotNet.ILCompiler.9.0.3.nupkg
• runtime.ubuntu.24.04-x64.Microsoft.NETCore.DotNetAppHost.9.0.3.nupkg
• runtime.ubuntu.24.04-x64.Microsoft.NETCore.ILAsm.9.0.3-servicing.25111.13.nupkg
• runtime.ubuntu.24.04-x64.Microsoft.NETCore.ILDAsm.9.0.3-servicing.25111.13.nupkg
• runtime.ubuntu.24.04-x64.Microsoft.NETCore.TestHost.9.0.3-servicing.25111.13.nupkg

They need to be built on a specific architecture and os, but could be used on
all architectures (as far as I understamd these packages correctly).

There is no way that we can get the binaries from e.g. 22.04. There simply does
not exist an mechanism to share binaries. To be fair, why would there be one?

Can we get the runtime packages of another architecture. There are 2 options:

package the runtime packages as architecture independent packages (Architecture: all)

This is an unusual packaging scenario. Normally you have

• an architecture independent file (e.g. a script) that does not require a
  specific architecture to be packaged or
• you want to build an architecture dependent artifacts that needs the
  specific arcitecture to be built.

The deb packaging tooling does not support this scenario.

In the Debian world there exists the XS-Build-Indep-Architecture field, but
it only allows to specify one architecture. Launchpad seems to ignore that field
or I have been using it wrong, BUT Launchpad also does not seem to care if
I skip building a deb package. So, if I specify in the debian/control file that
I want to build the libdemo-amd64 and libdemo-arm64 packages and only build
libdemo-amd64 on amd64 architecture and libdemo-arm64 on arm64 architecture,
then Launchpad does not complain. Also you need to make sure that there are other
packages in the debian/control file that trigger a build on arm64 and amd64.

If all binray packages simply specify Architecture: all, Launchpad will just
trigger builds on one architecture (most likely amd64).

Unfortunately this is not trivial. Skipping to build packages you specified in
the debian/control file either results in tons of warings or the usual tools
simply do not support it. I can handcraft a debian/rules file to get around
this, but using this strategy for the dotnetX packages would require a LOT
of refactoring :/

package the runtime packages as architecture dependent packages

We could package the *ubuntu.24.04-x64*.nupkg packages as amd64 binary packages.

This would make it increadibly difficult to cross build. APT as support for installing
packages from a different architecture, but that is not trivial to configure.

debhelper .NET buildsystem plugin/extension

Note

This section is a bit deb packaging specific, but you may want to translate
this issue/idea into the tooling of your distro.

To help maintainers make packaging .NET apps/libraries easy, we should write a
debhelper extension that makes debhelper aware of how to build and install .NET
apps/libraries.

This would involve hooking into the correct build events and executing

• dotnet clean
• dotnet restore
• dotnet build
• dotnet publish/pack
  at the right time.

Further we should write a dependency gathering tool similar to
dh_shlibdeps(1).

This would collect all dependencies used by the .NET app and figure out which
deb packages need to be installed. This enables maintainers that they do not
need to figure out how all the NuGet packages translate into deb packages.

Documentation for how to develop a debhelper buildsystem plugin/extension can
be found here: https://git.launchpad.net/ubuntu/+source/debhelper/tree/doc/PROGRAMMING.md

[tmds]

we can place a NuGet config file at /etc/opt/NuGet/Config as a global config.

To avoid having to make a system config setting, you can set some build props/environment variables during the package build like RestoreAdditionalProjectSources. See https://learn.microsoft.com/en-us/nuget/reference/msbuild-targets.

In this config file we can specify where we want to install the packages to.
To be compliant with the FHS
it has to be somewhere in /usr/lib. I am currently thinking of something like:

Yes, it makes sense to decide on a location where .nupkg are installed from where they can be used as build dependencies.

This location is meant for source-building distro packages. It is not meant to be a default location for distro end-users. The packages in this location may deviate from upstream packages (like support less target frameworks, have content removed due to license restrictions, ...).

it is not really optimal.

The simplest option is to provide the application as published. That is also what the upstream project is doing.

I wouldn't try to deviate unless you are sure it solves a real problem.

or build with PublishSingleFile set to true

I don't know why PublishSingleFile gets called out specifically?

I would not recommend to build self-contained .NET apps when packaging them for a distro.

I think this depends on the app and it is at the package maintainer's discretion. If you are building a small command-line tool you may prefer to have something that is NativeAOT and trimmed.

runtime NuGet packages

I am not familiar with Ubuntu packaging: is there a need to be able to cross-compile to packaged .NET apps? If a package can be built natively on the architecture, is that not enough?

As I mentioned in an earlier comment, I think the real challenge in packaging .NET apps is in handling the source code of dependencies.

[dviererbe]

@tmds

This location is meant for source-building distro packages. It is not meant to be a default location for distro end-users.

I totally agree that the primary purpose should be to enable source-building distro packages, but I would be delighted if some developers use the distro packages as a third-party NuGet package sources.

For example, in my experience it is not uncommon to use the python distro packages instead of pip on Ubuntu. To be fair, this is only possible, because there are so many maintained python packages.

I should have probably made this clearer in my post that this is one motivation for me.

we can place a NuGet config file at /etc/opt/NuGet/Config as a global config.

To avoid having to make a system config setting, you can set some build props/environment variables during the package build like RestoreAdditionalProjectSources.

That would work too. Thanks for mentioning RestoreAdditionalProjectSources :) I wasn't aware of this variable yet.

I also looked into this to make it also usable for end-users.

is there a need to be able to cross-compile to packaged .NET apps? If a package can be built natively on the architecture, is that not enough?

There is no need to be able to cross-compile.

Currently, I think that .nupkg files should generally be packaged as architecture independent distro packages. In cases where it matters, the architecture could be reflected in the name of the package. Maintainer can of course deviate if they have a special situation. I want to investigate this more to see if this strategy covers most cases.

Additionally this plays into making it usable for end-users. As an end-user I can also download packages like Microsoft.NETCore.App.Host.linux-arm64 from nuget.org independent of my host arch.

Bonus: This could reduce build resource utilization: assuming a maintainer wants to build a self-contained .NET app; they may build it for all architectures from one architecture instead of dispatching multiple build jobs. Of course there are many cases where you need to build on the target architecture.

I would not recommend to build self-contained .NET apps when packaging them for a distro.

I think this depends on the app and it is at the package maintainer's discretion. If you are building a small command-line tool you may prefer to have something that is NativeAOT and trimmed.

I wanted to express that by default we should not build self-contained .NET apps. It is common in distro packaging that certain defaults get applied, which deviate from the build properties of the upstream project. If there are significant performance benefits than the maintainers can always overwrite/disable the defaults.

This is a tradeoff between:

• maintenance of the distro package: the binary package needs to be re-build with every dependency update including with every update of the .NET runtime. As a maintainer I do not look forward to resolve a transition in the distro archive every month (due to monthly runtime releases).
• performance of the application: like you pointed out in your example
• storage space: Self-contained packages would bloat the storage space needed by the distro archive and end-user's system.
• reusability: A major point of distro packaging is to reuse dependencies.

There is also a difference between the kind of package upgrades an end-user would experience, but this is very dependent on the situation:

• a self-contained package just needs to upgrade one package compared to many smaller packages (non-self-contained + runtime + dependency packages)
• a self-contained package is larger
• non-self contained apps just need to upgrade the dependencies that changed

As I mentioned in an earlier comment, I think the real challenge in packaging .NET apps is in handling the source code of dependencies.

Please correct me if I understood it wrong: You want to get all the sources of all dependencies and then build them together with the .NET app we want to build. This sounds similar to go packaging. (note: I am not a go developer, so I hope that I got this comparison right).

From a deb packaging perspective, this sounds like a lot of extra packaging work with limitations. This is effectively static linking (with all it's consequences for maintainers) and does not allow (or at least makes it incredibility hard) to share dependencies. See for example: https://wiki.debian.org/StaticLinking#Go I want to share dependencies in Ubuntu and not rebuild them every time they are used. I don't know much about rpm packaging and RHEL/Fedora policies/recommendations. Is static linking much more common/preferred?

From the .NET build process perspective: This sounds incredibly hard to accomplish. Many .NET projects I have encountered have their own unique workflow how the artifacts get build and expectations for the build environment. Even the file layout of the repos are often different. Simply dumping the source code of all dependencies next to the app we want to build is not enough.
For this to work there would need to be a standardized .NET source layout and build script entry point and a majority of .NET authors would need to adopt it. This sounds unlikely to me.

---

A more concise version of what I want to do is:

• when installing the SDK we would add a global NuGet config and create the directory it points to as a package Source
• when installing the runtime we would create the runtime store directory
• package .nupkg packages and a manifest of the contained dlls as something like a libdotnet-<name>-dev distro package and install them in the system package source directory. Not sure yet where to place the manifest.
• package .dll dependency files as something like a libdotnet-<name> distro package and place them in the .NET runtime store
• package .pdb files as something like a libdotnet-<name>-dbg distro package and also place them in the .NET runtime store (I have still to test if the IDEs and tooling pick them up from there)
• when building a .NET project we can install the libdotnet-<name>-dev package and publish with the manifest which trimms the dependencies from the published output
• when installing the .NET app we can install the libdotnet-<name> package to get the dependencies we trimmed in the publishing step

[omajid]

I don't know much about rpm packaging and RHEL/Fedora policies/recommendations. Is static linking much more common/preferred?

We prefer dynamic linking too, but there might be more areas where people have realized that trying to get rid of static linking is like trying to boil the ocean and given up. For example, https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/ says "You can provide a package that uses nodejs, but you should bundle all the nodejs libraries that are needed".

[tmds]

Please correct me if I understood it wrong: You want to get all the sources of all dependencies and then build them together with the .NET app we want to build. This sounds similar to go packaging. (note: I am not a go developer, so I hope that I got this comparison right).

I think package maintainers want to have a .NET app packaged with the least amount of work on their end.

Dealing with these binary dependencies represents the bulk of the work. It's tedious, and it adds no value.

Rather than push this to package maintainers, I'd like the .NET tooling to be able to get the sources.

Unfortunately, I don't think the use-case is sufficiently important for upstream .NET to invest.

Anyway. You have some options, and as you try them you'll find out which work better.