You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2022/01/06 18:04:53 UTC

[brooklyn-server] 03/04: don't use gson embedded by jclouds, use our own

This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit 40f2cd0a9da5bd29ed8db1939b5962d785a1acd4
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Thu Jan 6 16:57:25 2022 +0000

    don't use gson embedded by jclouds, use our own
    
    provides consistency, speeds up wiring, and let's us control version, as 2.8.5 has a CVE but 2.8.9 fixes it
---
 karaf/features/src/main/feature/feature.xml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/karaf/features/src/main/feature/feature.xml b/karaf/features/src/main/feature/feature.xml
index b13d1ab..cb16631 100644
--- a/karaf/features/src/main/feature/feature.xml
+++ b/karaf/features/src/main/feature/feature.xml
@@ -131,7 +131,7 @@
         <bundle dependency='true'>mvn:commons-codec/commons-codec/${commons-codec.version}</bundle>
 
         <bundle dependency='true'>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jsr305/${jsr305.bundle.version}</bundle>
-        <bundle dependency='true'>mvn:com.google.code.gson/gson/${gson.version}</bundle>
+        <bundle dependency='true'>wrap:mvn:com.google.code.gson/gson/${gson.version}$overwrite=merge&amp;Export-Package=*;version=${gson.version}</bundle>
 
         <bundle dependency="true">mvn:commons-io/commons-io/${commons-io.version}</bundle>
         <bundle dependency='true'>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jcip-annotations/${jcip-annotations.bundle.version}</bundle>
@@ -159,7 +159,10 @@
         <bundle>mvn:org.apache.brooklyn/brooklyn-utils-groovy/${project.version}</bundle>
 
         <bundle>mvn:ch.qos.logback/logback-classic/${logback.version}</bundle> <!-- has an optional dep on groovy-all so refreshes when it is installed; just delay install till when it is -->
-        <bundle>mvn:com.google.code.gson/gson/${gson.version}</bundle>
+
+        <!-- export internal packages for use by jclouds -->
+        <bundle>wrap:mvn:com.google.code.gson/gson/${gson.version}$overwrite=merge&amp;Export-Package=*;version=${gson.version}</bundle>
+
         <bundle>mvn:com.jayway.jsonpath/json-path/${jsonPath.version}</bundle>
         <bundle>mvn:com.fasterxml.jackson.core/jackson-core/${fasterxml.jackson.version}</bundle>
         <bundle>mvn:com.fasterxml.jackson.core/jackson-databind/${fasterxml.jackson.version}</bundle>
@@ -320,7 +323,8 @@
         <bundle dependency="true">mvn:com.google.inject/guice/${guice.version}</bundle>
         <bundle dependency="true">mvn:com.google.inject.extensions/guice-assistedinject/${guice.version}</bundle>
         <bundle dependency="true">mvn:com.google.inject.extensions/guice-multibindings/${guice.version}</bundle>
-        <bundle>mvn:com.google.code.gson/gson/${gson.version}</bundle>
+        <!-- jclouds _embeds_ 2.8.5 but we ignore that and pull this in -->
+        <bundle>wrap:mvn:com.google.code.gson/gson/${gson.version}$overwrite=merge&amp;Export-Package=*;version=${gson.version}</bundle>
         <bundle>mvn:com.google.guava/guava/${guava.version}</bundle>
 
         <bundle>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jsch/${jsch.bundle.version}</bundle>
@@ -373,12 +377,18 @@
         <bundle>mvn:org.apache.jclouds.driver/jclouds-sshj/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds/jclouds-blobstore/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds/jclouds-compute/${jclouds.version}</bundle>
-        <bundle>mvn:org.apache.jclouds/jclouds-core/${jclouds.version}</bundle>
+
+        <!-- <bundle>mvn:org.apache.jclouds/jclouds-core/${jclouds.version}</bundle> -->
+        <!-- jclouds-core embeds gson 2.8.5 which conflicts with our use of 2.8.9; we want to load gson earlier, and later version, so suppress jclouds' classpath access and export; extra needed as . is default and so ignored -->
+        <bundle>wrap:mvn:org.apache.jclouds/jclouds-core/${jclouds.version}$overwrite=merge&amp;Export-Package=org.jclouds.*;version=${jclouds.version};-noimport:=true&amp;Bundle-ClassPath=.,extra</bundle>
+
         <bundle>mvn:org.apache.jclouds/jclouds-loadbalancer/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds/jclouds-scriptbuilder/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds.provider/aws-ec2/${jclouds.version}</bundle>
+
         <!-- <bundle>mvn:org.apache.jclouds.provider/aws-s3/${jclouds.version}</bundle> add visibility to options so guice can resolve, below -->
         <bundle>wrap:mvn:org.apache.jclouds.provider/aws-s3/${jclouds.version}$overwrite=merge&amp;Import-Package=org.jclouds.http.options,*</bundle>
+
         <bundle>mvn:org.apache.jclouds.provider/azureblob/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds.provider/azurecompute-arm/${jclouds.version}</bundle>
         <bundle>mvn:org.apache.jclouds.provider/b2/${jclouds.version}</bundle>