Developers can confidently generate single file apps that work for the supported target platforms

Question

Developers can confidently generate single file apps that work for the supported target platforms

samsp-msft opened this issue 5 years ago · 16 comments

Answer 1 · 2020-10-16T21:54:32.000Z

@agocke - we need to flush out the list of work items

Answer 2 · 2020-11-09T23:47:47.000Z

@agocke do you want to create child stories eg for the proposed analyzer? We have a dependency on it presumably.

Answer 3 · 2020-11-10T00:48:04.000Z

Analyzer already exists and shipped in .NET 5 :)

I'll create a tracking issue for the few improvements we would like to make, although many will not require changes to the libraries.

Answer 4 · 2020-11-10T02:01:58.000Z

I'll create a tracking issue for the few improvements we would like to make, although many will not require changes to the libraries.

That sounds great - anything to see the work likely on us.

Answer 5 · 2020-12-03T16:51:15.000Z

Tagging subscribers to this area: @agocke, @vitek-karas
See info in area-owners.md if you want to be subscribed.

Issue Details

Single file apps are a journey, we progressed from a self-extract approach in 3.x to a superhost in 5.0, but there is more to be done to complete the story. Single file apps need to work for every .NET workload and app framework where the target platform allows for it (to reduce developer perceived complexity of seeing several output files vs one output file), including:

Winforms
WPF
MAUI
ASP.NET including MVC, Razor Pages, Server-side Blazor, WebAPI, gRPC etc.

Goals:

Predictability: Developers should be aware of what will and won't work in a single file experience
- Ensuring that referenced libraries are also not going to produce issues
Completeness for specific workloads

Work Items

Author:	samsp-msft
Assignees:	agocke, samsp-msft
Labels:	`Priority:0`, `Team:Runtime`, `User Story`, `area-Single-File`
Milestone:	-

Answer 6 · 2021-01-13T01:06:16.000Z

@agocke I think this should be marked Committed (in the .NET 6 project). It has committed children. Otherwise it will get reviewed..

Answer 7 · 2021-01-13T16:18:27.000Z

Thanks Dan. I have done at least 3 scans of the epics/themes/user stories, but I seem to keep finding new ones

Answer 8 · 2021-02-08T17:53:44.000Z

Do single file applications need to be code signed? What is the user experience for non-signed single file applications?

Answer 9 · 2021-02-08T17:58:26.000Z

@greatoceansoftware From .NET's point of view they don't need to be signed. Specific target platforms might have additional requirements though (for example macOS). The apps behave the same whether they are signed or not. .NET itself doesn't look at the signature, it's typically the target OS which does that.

Answer 10 · 2021-02-08T23:54:11.000Z

Thanks. I have a couple of machines I will test. Seems like there should be an article in the MS/.NET documentation somewhere that describes the user experience of single file installs (for comparison, there is adequate information on ClickOnce), but I haven't found one yet.

Answer 11 · 2021-02-09T11:29:59.000Z

@greatoceansoftware Just so that I understand your request: what do you mean by "experience of single file installs"? Single-file is a publish option, it's not a deployment technology (unlike ClickOnce which is exactly that).

Answer 12 · 2021-02-09T16:40:33.000Z

I'm asking what does a user see when they download and try to run a single file application for the first time? Especially in terms of security warnings with signed/unsigned code. I can test it here, just not quite ready yet. Sorry, it's been almost a decade since I published to anyone except myself and I'm sure things have changed a bit. Most of my apps are internal use only.

Answer 13 · 2021-02-09T16:45:58.000Z

There's really no difference in that experience between single-file or non-single-file, so what you're asking about is a general experience of running a .NET app - which is probably very similar to running any "freshly" compiled app (ignoring dependency problems).

Answer 14 · 2021-02-09T17:02:02.000Z

Well, I can make a long story long... ;-) I released my last commercial application circa 2013, and used the Lindersoft SetupBuilder (similar to InstallShield). I signed my code and the installer. As a small developer, this was a real pain to obtain the certificate, and compile .NET setup packages, and keep users current with different newer versions of the software. Despite that, the installer did a nice job of ensuring the user had a good first experience (no scary installation warnings).

Fast forward to now, it seems there's a possibility to make life simpler at least on the developer end with single file installs. But I can't find any documentation (similar to ClickOnce documentation) on what the user will experience if they try to run one of these single file applications. So my only recourse is to test it myself (not a big deal), but I only have so many machines where .NET 5 has never been installed (with various flavors of Windows 10) to see how it will/should react with different publish options (sign/unsigned, framework dependent/self-contained, etc.).

I have colleagues who will help me beta test, but I feel like there should be some further guidance in the documentation about the effects of our publish choices on end users. Thanks, and hope that made sense.

Answer 15 · 2021-08-16T20:11:07.000Z

This is mostly done -- we have a single file analyzer now, which can be enabled with <EnableSingleFileAnalyzer>true</EnableSingleFileAnalyzer>. The analyzer is enabled in dotnet/runtime and winforms. Remaining work is mainly on enabling the analyzer in more places.

Answer 16 · 2022-07-28T18:45:14.000Z

Closing as complete.