Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Queries to NuGet sources should respect case-sensitivity
See original GitHub issueDescription
Paket 5.114.4 queries sources with package name lower-cased, resulting in lookup failure.
Package sources can be case-sensitive, and Paket should respect paket.dependencies case.
Repro steps
- Upload you camel-case named package (like “My.Secret.Package.SDK”) to case-sensitive source, e.g. Artifactory NuGet repository.
- Create
paket.dependencieswith your package name, may be direct and transitive at the same time, with constraint likeMy.Secret.Package.SDK ~> 1.2.3.4. - Call
paket update --no-install --forceto createpaket.lock.
Expected behavior
Queries to any sources shall respect the package name casing, either from paket.dependencies or as downloaded (e.g. from nuspec file/package metadata).
If there are multiple case versions detected for a package, warning or error should be produced, and in case of choosing a warning, sources should be queried for all the known alternatives.
Actual behavior
Observe the queries generated from STR: they will look like: http://nuget.local/artifactory/api/nuget/nugets/Packages(Id=‘my.secret.package.sdk’,Version=‘1.2.3.4’) and return 404 NotFound. And Paket will fail with `Conflict detected:
- Dependencies file requested package My.Secret.Package.SDK: == 1.2.3.4
- Available versions:
- (2.3.4.5, [http://nuget.local/artifactory/api/nuget/nugets])
- (1.2.3.4, [http://nuget.local/artifactory/api/nuget/nugets])
- (1.2.3.1, [http://nuget.local/artifactory/api/nuget/nugets])`.
Known workarounds
None, paket.dependencies and the package metadata already match the actual package file/name case, and our NuGet repository, Artifactory, is configured as case-sensitive outside of our control.
Issue Analytics
- State:
- Created 6 years ago
- Comments:14 (11 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
So this issue (or a very similar one) broke things for us, with paket having very weird behaviors since a few weeks ago (When we upgraded to a version with the lowercasing). Some changes to dependencies worked in
paket installbut others produced infinite loops.From a fiddler trace it seemed that Paket was trying to get the problematic package from our ProGet with the lowercase syntax and never trying the non-lowercase one.
Turns out it was a produced by the fact that one of our package source is a TeamCity feed cached by ProGet (
Paket -> ProGet -> TeamCity):On our side I solved this by going back to paket
5.85.0and I’ll look into removing TeamCity from the equation.But I suspect that TeamCity & Artifactory won’t be the only ones having that problem. They obviously need to be fixed but in the mean time paket lowercasing PackageId is creating problems with the existing servers.
If the official client is sending IDs as-is in this case (I didn’t test if they hit this exact URL) maybe doing the same is the most-compatible solution ?
nuget package names are case-insensitive. that is an artifactory bug. but we need to work around it