Remove System.Security.Permissions from S.C.CM. #80347
Conversation
|
Note regarding the This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change. |
ghost
added
the
community-contribution
|
Tagging subscribers to this area: @dotnet/area-system-configuration Issue DetailsThis removes System.Security.Permissions from S.C.CM for non-.NET Framework targets. For .NET Framework targets nothing changes. This is because CAS is only implemented in .NET Framework and as such should only be used in .NET Framework to remove the chance that in .NET Core/5+ and .NET Standard that System.Drawing.Common is loaded outside of a windows environment which since .NET 6 is made to throw PNSE everywhere which is not desired for people using cross platform dependencies that just so happens to depend on S.C.CM. Contributes to #64592 Note: I consider changes in the internal namespace to be an implementation detail and any possibly breaking change being an acceptable change as it is marked After that, I do not see much of any codebases in dotnet/runtime using S.S.P anymore (outside of the .NET Framework targets for them).
|
This removes System.Security.Permissions from S.C.CM for non-.NET Framework targets. For .NET Framework targets nothing changes. This is because CAS is only implemented in .NET Framework and as such should only be used in .NET Framework to remove the chance that in .NET Core/5+ and .NET Standard that System.Drawing.Common is loaded outside of a windows environment which since .NET 6 is made to throw PNSE everywhere which is not desired for people using cross platform dependencies that just so happens to depend on S.C.CM. Fixes dotnet#64592
AraHaan
force-pushed
the
remove-s.s.p-from-s.c.cm
branch
from
68d3758 to
2c58013
Compare
AraHaan
force-pushed
the
remove-s.s.p-from-s.c.cm
branch
from
f440613 to
8b304b9
Compare
src/libraries/System.Configuration.ConfigurationManager/src/CompatibilitySuppressions.xml
Show resolved
Hide resolved
…mpatibilitySuppressions.xml
|
The suppressions I added seems to not be working for some reason. |
steveharter
added
the
breaking-change
ghost
added
the
needs-breaking-change-doc-created
|
Added When you commit this breaking change:
Tagging @dotnet/compat for awareness of the breaking change. |
|
@ericstj do you expect we'll be able to take a change of this sort? I have some interest in the issue (but not pushing on it) |
| #pragma warning disable SYSLIB0003 | ||
| public virtual void GetRestrictedPermissions(System.Configuration.Internal.IInternalConfigRecord configRecord, out System.Security.PermissionSet permissionSet, out bool isHostReady) { throw null; } | ||
| #pragma warning restore SYSLIB0003 |
There was a problem hiding this comment.
This removes the API from both .NETCoreApp assemblies and the netstandard2.0 assembly. Is the .NETStandard change intentional?
There was a problem hiding this comment.
Yes, we were exploring the intentional breaking change here. It was discussed as an option here: #64592 (comment)
| @@ -231,12 +231,12 @@ public virtual void RefreshConfigPaths() | |||
|
|
|||
| public virtual IDisposable Impersonate() => new DummyDisposable(); | |||
|
|
|||
| #pragma warning disable SYSLIB0003 // Obsolete: CAS | |||
| #if NETFRAMEWORK // Obsolete: CAS (.NET Framework only) | |||
There was a problem hiding this comment.
This source file should not be included for .NETFramework at all. .NETFramework should just be type-forwards. Same goes for all the src files. Just delete the implementation. Keep the test ifdef though.
I think we might, but it depends on usage. We don't typically remove API like this, since it's a binary breaking change, but this might be a case where the benefit is worth the risk (assuming we've measured the risk appropriately). Usually when we break things, we like to have a mitigation to fix someone who's broken and cannot recompile - I don't see how we can have that here so that's a higher risk. That said, we feel it may still be acceptable since the code that's being removed is very unlikely to be called since it hasn't done anything for years, using it would have already hit an obsolete warning, it's in an Internal namespace, and the architecture of All these qualifications make me feel like you won't find a ton of precedent here, @danmoseley, so if that's what you're interested in I don't expect we'll establish it. In any case I think we should make this change early and document it as breaking. We can give folks a chance to give us feedback. I'm supportive of this being polished and documented and going out in an early preview to .NET 8.0, assuming we have agreement from @dotnet/area-system-configuration. |
I don't have an opinion on breakingness/precedent, just that it's come up a internally as being an impediment to picking up MSRC's as you know. |
...m.Configuration.ConfigurationManager/src/System/Configuration/Internal/InternalConfigHost.cs
Outdated
Show resolved
Hide resolved
...m.Configuration.ConfigurationManager/src/System/Configuration/Internal/InternalConfigHost.cs
Outdated
Show resolved
Hide resolved
...Configuration.ConfigurationManager/src/System/Configuration/Internal/DelegatingConfigHost.cs
Outdated
Show resolved
Hide resolved
...Configuration.ConfigurationManager/src/System/Configuration/Internal/DelegatingConfigHost.cs
Outdated
Show resolved
Hide resolved
....Configuration.ConfigurationManager/src/System/Configuration/Internal/IInternalConfigHost.cs
Outdated
Show resolved
Hide resolved
....Configuration.ConfigurationManager/src/System/Configuration/Internal/IInternalConfigHost.cs
Outdated
Show resolved
Hide resolved
|
@AraHaan closing this PR since replaced by #82259. Thanks for your contribution here. It forced a deeper dive into this problem where we found that the S.S.P assembly does not actually reference S.C.CM since the PermissionSet class is in corelib, not S.C.CM (at least for non-netstandard) and allows the new PR to address the issue in a less-breaking way. |
ghost
locked as resolved and limited conversation to collaborators
This removes System.Security.Permissions from S.C.CM for non-.NET Framework targets. For .NET Framework targets nothing changes. This is because CAS is only implemented in .NET Framework and as such should only be used in .NET Framework to remove the chance that in .NET Core/5+ and .NET Standard that System.Drawing.Common is loaded outside of a windows environment which since .NET 6 is made to throw PNSE everywhere which is not desired for people using cross platform dependencies that just so happens to depend on S.C.CM.
Contributes to #64592
Note: I consider changes in the internal namespace to be an implementation detail and any possibly breaking change being an acceptable change as it is marked
internalin the name meaning that users outside of this repository should not be using it and if they are the namespace should imply that it can have breaking changes at any time. With that excluded in my mind from public ABI, I have determined this change (part of #64592) is trivial. For S.DS the change to remove S.S.P is non-trivial as it breaks public ABI and so needs to go through api-review (and approval) for that breaking change to land in .NET 8.After that, I do not see much of any codebases in dotnet/runtime using S.S.P anymore (outside of the .NET Framework targets for them).