Paul Bradley

Published:

Building a legacy application with the dotnet sdk on Ubuntu 22.04

Upgrading a legacy .NET 5.0 application to .NET 8.0 LTS (Long Term Support)

Table of Contents
  1. Installing the dotnet sdk on Ubuntu 22.04
  2. Modifying the .csproj file
  3. Check for outdated packages
  4. Check for vulnerable packages
  5. Update the vulnerable package & check the build completes
  6. Update the other packages
  7. Versions

I recently had a requirement to re-compile/rebuild a legacy C# .NET web application so that it was compliant against the latest long term support edition of .net core. The latest LTS is .NET 8.0.1 which was released on January 9, 2024 and will provide support through to November 10, 2026.

The application in question was developed in Visual Studio 2019, which can only compile projects against the .NET 5 runtime, which went of support in May 10, 2022. Some of the NUGET packages that were used within the project were out of date and one had a known security venerability.

By following the steps below, I was able to update the packages and build the project to target the .NET 8.0 runtime.

Installing the dotnet sdk on Ubuntu 22.04

Before starting the installation of the dotnet SDK we first need to add the Microsoft package repository to our system:

1wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
2sudo dpkg -i packages-microsoft-prod.deb
3rm packages-microsoft-prod.deb

and then install the dependencies:

1sudo apt install zlib1g

Once the dependencies have been installed, then we can install the dotnet sdk:

1sudo apt-get update && \
2sudo apt-get install -y dotnet-sdk-8.0

and the dotnet runtime:

1sudo apt-get install -y dotnet-runtime-8.0

Modifying the .csproj file

Open the projects .csproj file and change the TargetFramework line from:

1<PropertyGroup>
2   <TargetFramework>net5.0</TargetFramework>
3</PropertyGroup>

to

1<PropertyGroup>
2   <TargetFramework>net8.0</TargetFramework>
3</PropertyGroup>

Check for outdated packages

We can check for outdated packages with the following command:

1dotnet list package --outdated
2
3Project `******` has the following updates to its packages
4   [net8.0]:
5   Top-level Package                                       Requested   Resolved   Latest
6   > Microsoft.AspNetCore.Authentication.Negotiate         3.1.26      3.1.26     8.0.1
7   > Microsoft.VisualStudio.Web.CodeGeneration.Design      3.1.5       3.1.5      8.0.0
8   > System.CodeDom                                        6.0.0       6.0.0      8.0.0
9   > System.Data.SqlClient                                 4.8.3       4.8.3      4.8.6

Check for vulnerable packages

We can check for vulnerable packages with the following command:

1dotnet list package  --vulnerable
2
3Project `******` has the following vulnerable packages
4   [net8.0]:
5   Top-level Package            Requested   Resolved   Severity   Advisory URL                                     
6   > System.Data.SqlClient      4.8.3       4.8.3      Moderate   https://github.com/advisories/GHSA-8g2p-5pqh-5jmc

Update the vulnerable package & check the build completes

Running the add package sub-command also updates it to the latest version. This command updates the references within the projects .csproj file.

1$ dotnet add package System.Data.SqlClient
2$ dotnet build
3
4`******` -> ../******/bin/Debug/net8.0/******.dll
5Build succeeded

Update the other packages

We can follow the same process to update all the NUGET packages used within the project:

1dotnet add package Microsoft.AspNetCore.Authentication.Negotiate
2dotnet add package Microsoft.VisualStudio.Web.CodeGeneration.Design
3dotnet add package System.CodeDom
4dotnet list package --outdated
5 
6The given project `******` has no updates given the current sources.

Versions