TypeLoadException when working with a local repository

Feb 15, 2011 at 12:20 PM

I'm trying to integrate NuGet.Core into a project so I can leverage it as a plugin API (similar to how Orchard works) but I'm getting the following exception:

System.TypeLoadException: Inheritance security rules violated while overriding member: 'NuGet.ManifestMetadata.Validate(System.ComponentModel.DataAnnotations.ValidationContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden.   at NuGet.ZipPackage.EnsureManifest()  
at NuGet.ZipPackage..ctor(Func`1 streamFactory) in C:\_Projects\hg01.codeplex.com\nuget\src\Core\Packages\ZipPackage.cs:line 35  
at NuGet.LocalPackageRepository.OpenPackage(String path) in C:\_Projects\hg01.codeplex.com\nuget\src\Core\Repositories\LocalPackageRepository.cs:line 111  
at NuGet.LocalPackageRepository.<GetPackages>d__0.MoveNext() in C:\_Projects\hg01.codeplex.com\nuget\src\Core\Repositories\LocalPackageRepository.cs:line 81  
at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()  
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)  
at System.Linq.OrderedEnumerable`1.<GetEnumerator>d__0.MoveNext()  
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)  
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)  
at NuGet.PackageRepositoryExtensions.FindPackage(IPackageRepository repository, String packageId, Version version) in C:\_Projects\hg01.codeplex.com\nuget\src\Core\Repositories\PackageRepositoryExtensions.cs:line 47  
at NuGet.PackageRepositoryExtensions.FindPackage(IPackageRepository repository, String packageId) in C:\_Projects\hg01.codeplex.com\nuget\src\Core\Repositories\PackageRepositoryExtensions.cs:line 28  
at ConsoleApplication1.Program.Main(String[] args) in C:\Users\slace\AppData\Local\Temporary Projects\ConsoleApplication1\Program.cs:line 21

As you can see I'm connected to a local clone of NuGet to get full debugging.
All of this has been done in a simple project which has the following in it:

            var repo = PackageRepositoryFactory.Default.CreateRepository(new PackageSource(@"C:\Users\slace\tmp\NuGet-Repo", "Default"));
            var package = repo.FindPackage("Package-Demo"); //exception thrown here

I can't work out what's missing from this very simple POC. I haven't modified the NuGet.Core assembly either.

Any thoughts?

Feb 16, 2011 at 12:16 AM

I couldn't repro this. Is your app running in partial trust? Even so, it should work. Can you give more details about the scenario that yields tis error?

Feb 16, 2011 at 12:38 AM

I haven't got any explicit trust level set.

Here's a mercurial repo which has the error in it: https://bitbucket.org/slace/nuget-error

Feb 16, 2011 at 1:32 AM

I talked to dfowler, who said that was a known issue in the System.ComponentModel.DataAnnotations assembly, which will be fixed on the next framework version.

Note that you should only hit this problem when you're debugging, and not when you're running without the debugger.

And there is a workaround: if you build nuget yourself, comment out the SecurityTransparent attribute in the AssemblyInfo.cs of NuGet.Core. 

Feb 16, 2011 at 1:45 AM

Woo framework bugs :P

Looks like I'll run a custom version of NuGet.Core while I'm working out just what I'm doing with the API.

May 10, 2011 at 2:25 PM

Okay, so I installed .Net framework 4 platform update 1, changed project settings, but this problem is still there! :(

May 10, 2011 at 5:22 PM

What issue? The security exception?

May 10, 2011 at 5:36 PM

Yes, the exception. It would be great if you fixed that attribute (it helps) and update the package on NuGet.

May 11, 2011 at 12:07 AM
Edited May 11, 2011 at 12:24 AM

This will be fixed in the next version of .NET. NuGet needs to be security transparent so that it works in medium trust, so we can't remove the attribute.

May 11, 2011 at 12:08 AM

Huh? Was that a question or a statement? Please try again. J

May 11, 2011 at 12:17 AM

I understand what he means. I think I'm used to his lack of punctuation. What he meant is "Can't. NuGet needs to be security transparent so that it works in medium trust." (There is a period after Can't)

Aug 31, 2011 at 10:53 PM

It seems recent versions of .Net have not fixed the problem. (You know, .NET 4.0 update (4.0.30319.225), the update rollup package, and the GDR or whatever.) Is anyone maintaining a debuggable NuGet.Core anywhere? I have the bad luck of not being able to access http://nuget.codeplex.com/SourceControl/list/changesets at the moment.

Aug 31, 2011 at 10:59 PM

That wasn't supposed to fix the problem. The next version of the framework isn't out yet.

Sep 1, 2011 at 12:00 AM

My workaround at the moment is to start without debugging and then Attach To Process.