[wildfly-dev] Dependency Changes
James R. Perkins
jperkins at redhat.com
Fri Oct 18 12:32:35 EDT 2013
On 10/18/2013 09:28 AM, Tomaž Cerar wrote:
> Why don't you just configure shade plugin to use only specified
> dependencies and exclude everything else?
That would work, but it's more that it opened the question in my mind
what else is coming in transitively. The two client jar's I'm aware of
do this, but they both brought in a transitive dependency on the
logmanager. The exclusion though should happen in the dependency
management of the parent pom not the shade configuration though.
>
>
> On Fri, Oct 18, 2013 at 5:53 PM, James R. Perkins <jperkins at redhat.com
> <mailto:jperkins at redhat.com>> wrote:
>
>
> On 10/18/2013 06:17 AM, David M. Lloyd wrote:
> > On 10/18/2013 07:51 AM, Brian Stansberry wrote:
> >>
> >> Back to my original question then. What problem is this patch
> solving? I
> >> don't like how maven handles transitive dependencies, but it's
> a huge
> >> effort to try and fight maven, IMHO not worth it unless it's
> solving a
> >> specific problem.
> The original problem I saw just just the logmanager leaking into the
> shaded client jars. When I ran the dependency tree I noticed just
> about
> every core module had a transitive dependency on the logmanager.
> It got
> me thinking about what else might be leaked in and it sounds like
> I had
> misunderstood what David meant. End result, nothing to see here move
> along. :)
> >>
> >> The server-side runtime dependencies are controlled via the
> module.xml
> >> files, which, thankfully, have a sane approach to dependency
> management.
> >> So I think we only need to worry about runtime for the few
> things where
> >> the pom is actually relevant to runtime; stuff like
> >> model-controller-client or the client jar poms.
> >>
> >> BTW, please don't take my responses as being critical of the
> patch or
> >> the thread. You're correctly asking the same questions I am --
> "is this
> >> worth it?"
> > Well I feel like I should clarify something. When I originally
> started
> > the "exclude everything" policy, I was only excluding dependencies
> > *from* dependencies, not from the core modules. I don't think
> adding
> > exclusions in dependencies on core modules buys anything because
> they
> > themselves already have exclusions for things.
> Makes sense. I do think I will add exclusions to core modules that use
> the logmanager. I don't think there are any other dependencies that
> really matter if they leak in, but one less choice of a Logger when
> auto-completing in an IDE might be nice.
> >
> >>>> I so pray for the day when Maven finally just has reasonable
> flags to turn off transitive dependencies.
> >>> That would be awesome. Like a compile scope that actually
> means, I don't know compile not runtime :)
> > That's called "provided".
> Yeah, it's just not as intuitive as compile time and bites people all
> the time. For example looking through the pom's I found a few spots
> where jboss-logging was marked as provided when it should likely
> not be
> since it is required at runtime. I've also seen cases where the
> logging
> tooling wasn't marked as provided when it should be since it's only
> needed at compile time :)
> >
> >>>> On 10/17/13 9:40 PM, James Perkins wrote:
> >>>>> Yes that was basically the idea. The main benefit is
> dependencies, like the log manager, won't leak into projects that
> shouldn't use them. It might be more work than it's worth.
> >>>>> --
> >>>>> James R. Perkins
> >>>>> JBoss by Red Hat
> >>>>>
> >>>>> Brian Stansberry <brian.stansberry at redhat.com
> <mailto:brian.stansberry at redhat.com>> wrote:
> >>>>>
> >>>>> Can you explain more as to what this patch is doing? Partly
> it seems to
> >>>>> be directly declaring some dependencies in WF modules
> instead of having
> >>>>> them coming in transitively from other WF modules. Which is
> ok by me if
> >>>>> the module directly imports classes from the dependency. But
> I don't
> >>>>> know what practical difference this change makes.
> >>>>>
> >>>>> I don't get (or like) the exclusions in the main pom.xml at all.
> >>>>>
> >>>>> On 10/17/13 8:06 PM, James R. Perkins wrote:
> >>>>>> Debugging a TCK issue I found that the client jars that
> shade in their
> >>>>>> dependencies were also pulling in the logmanager
> transitively from a
> >>>>>> couple dependencies. This led to look at what else was
> coming in
> >>>>>> transitively and realized, as we probably already know, it
> goes deep.
> >>>>>>
> >>>>>> I started making some changes [1] after talking to David
> (which I may
> >>>>>> have misunderstood so don't blame him :)) to exclude
> dependencies for
> >>>>>> WildFly maven modules. I'm not really close to be done as
> it seems this
> >>>>>> will take quite a while. The question is do we even want to
> exclude
> >>>>>> dependencies like this? If I continued and did a PR would it be
> >>>>>> accepted? I have a feeling it's going to be quite massive.
> >>>>>>
> >>>>>> [1]: https://github.com/jamezp/wildfly/compare/WFLY-2332
> >>>>>>
> >>>>>> --
> >>>>>> James R. Perkins
> >>>>>> Red Hat JBoss Middleware
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> wildfly-dev mailing list
> >>>>>> wildfly-dev at lists.jboss.org
> <mailto:wildfly-dev at lists.jboss.org>
> >>>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >>>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> Brian Stansberry
> >>>> Principal Software Engineer
> >>>> JBoss by Red Hat
> >>> --
> >>> James R. Perkins
> >>> JBoss by Red Hat
> >>>
> >>>
> >>>
> >>
> >
>
> --
> James R. Perkins
> Red Hat JBoss Middleware
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
--
James R. Perkins
Red Hat JBoss Middleware
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20131018/88113dbc/attachment-0001.html
More information about the wildfly-dev
mailing list