Understanding version unification for dependencies of dependencies

Jun 14, 2011 at 10:59 PM

The NHibernate 2.1.2.4000 package has a dependency on the Antlr package, specifying version >= 3.1.1

Currently, there are two Antlr packages available: 3.1.1, and 3.1.3.42154 - both of which satisfy the >=3.1.1 requirement.

However, 3.1.3.42154 is *not* binary compatible with 3.1.1, so if you are using NHibernate 2.1.2.4000, you need 3.1.1.

I tried to solve this in my FubuMVC.Fastpack package by specifying that it needs 3.1.1 exactly:

<dependency id="NHibernate" version="[2.1.2.4000]" />
<dependency id="Antlr" version="[3.1.1]" />

I would expect nuget to look at all packages and their dependencies, and then figure out which version would be most compatible with everything. For Antlr, it would see that NH wants >=3.1.1 and FubuMVC.Fastpack wants == 3.1.1, so it would install 3.1.1 as the most compatible.

However, what I'm seeing is it evaluates NH's requirements first (not considering FubuMVC.Fastpack), installs 3.1.3.42154. It then attempts to satisfy FubuMVC.Fastpack's requirements (3.1.1), and fails, since a newer version is available. Is this the desired behavior? How else could I, as a package consumer, force a more restrictive version than the package author?

PM> install-package fubumvc.fastpack
'FubuMVC.References' not installed. Attempting to retrieve dependency from source...
Done.
'Bottles' not installed. Attempting to retrieve dependency from source...
Done.
'FubuCore' not installed. Attempting to retrieve dependency from source...
Done.
'CommonServiceLocator (≥ 1.0)' not installed. Attempting to retrieve dependency from source...
Done.
'HtmlTags' not installed. Attempting to retrieve dependency from source...
Done.
'DotNetZip' not installed. Attempting to retrieve dependency from source...
Done.
'FubuLocalization' not installed. Attempting to retrieve dependency from source...
Done.
'StructureMap' not installed. Attempting to retrieve dependency from source...
Done.
'FubuValidation' not installed. Attempting to retrieve dependency from source...
Done.
'NHibernate (= 2.1.2.4000)' not installed. Attempting to retrieve dependency from source...
Done.
'log4net (≥ 1.2.10)' not installed. Attempting to retrieve dependency from source...
Done.
'Iesi.Collections (≥ 1.0.1)' not installed. Attempting to retrieve dependency from source...
Done.
'Antlr (≥ 3.1.1)' not installed. Attempting to retrieve dependency from source...
Done.
'Castle.DynamicProxy (≥ 2.1.0)' not installed. Attempting to retrieve dependency from source...
Done.
'Castle.Core (= 1.1.0)' not installed. Attempting to retrieve dependency from source...
Done.
'NHibernate.Linq (= 1.0)' not installed. Attempting to retrieve dependency from source...
Done.
'Antlr (= 3.1.1)' not installed. Attempting to retrieve dependency from source...
Done.
Install-Package : Already referencing a newer version of 'Antlr'.
At line:1 char:16
+ install-package <<<<  fubumvc.fastpack
    + CategoryInfo          : NotSpecified: (:) [Install-Package], InvalidOperationException
    + FullyQualifiedErrorId : NuGetCmdletUnhandledException,NuGet.PowerShell.Commands.InstallPackageCommand

Jun 14, 2011 at 11:09 PM
This is a crazy thought on my part, but what if you switch the order of specified dependencies?

<dependency id="Antlr" version="[3.1.1]" /> <dependency id="NHibernate" version="[2.1.2.4000]" />
This seems on the surface to most definitely be a bug, because it should be finding the lowest number that everyone agrees with.
Jun 14, 2011 at 11:13 PM

Formatting went a bit crazy in that email when it hit codeplex, sorry about that.  

Jun 14, 2011 at 11:16 PM

That fixed it.

I published a new version of of the FubuMVC.FastPack package with the Antlr dependency listed first in the nuspec, and all worked correctly (3.1.1 was installed).

This definitely sounds like a bug to me. All dependencies should be evaluated before a version is chosen to install.

Jun 14, 2011 at 11:34 PM

Hmm... thinking about this a little more, I'm not sure how you could evaluate all of the dependencies up front.

How do you know what NHibernate depends on until you choose a version to install and check that package for dependencies?

However, it does seem like a package's direct dependencies should be evaluated before any of its dependencies' dependencies, regardless of the order listed in the nuspec.

So in this case, nuget should have seen that ==3.1.1 was required before it even looked to satisfy NHibernate's requirements.

Developer
Jun 15, 2011 at 2:10 AM

Eeek that's not good, can you file a bug for this? I don't think the order which dependencies are evaluated matters, we never downgrade, that's why you see that error.

Jun 15, 2011 at 3:38 AM

Created issue: http://nuget.codeplex.com/workitem/1203