You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Attila Doroszlai (Jira)" <ji...@apache.org> on 2023/01/26 20:18:00 UTC

[jira] [Resolved] (HDDS-7372) Check dependency convergence

     [ https://issues.apache.org/jira/browse/HDDS-7372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Attila Doroszlai resolved HDDS-7372.
------------------------------------
    Fix Version/s: 1.4.0
       Resolution: Implemented

> Check dependency convergence
> ----------------------------
>
>                 Key: HDDS-7372
>                 URL: https://issues.apache.org/jira/browse/HDDS-7372
>             Project: Apache Ozone
>          Issue Type: Task
>          Components: build
>            Reporter: Attila Doroszlai
>            Assignee: Nishit Patira
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.4.0
>
>
> {{:ozone-dist}} copies all runtime dependencies, including transitive ones, into {{share/ozone/lib}}.  The same dependency may be part of multiple dependency sub-trees with different versions, e.g.:
> {code}
> org.apache.ozone:ozone-manager:jar:1.3.0-SNAPSHOT
> +- org.apache.ranger:ranger-intg:jar:2.3.0:compile
> |  \- org.apache.ranger:ranger-plugins-common:jar:2.3.0:compile
> |     +- org.apache.ranger:ranger-plugins-audit:jar:2.3.0:compile
> |     |  +- joda-time:joda-time:jar:2.10.6:compile
> {code}
> and
> {code}
> org.apache.ozone:ozone-tools:jar:1.3.0-SNAPSHOT
> +- com.amazonaws:aws-java-sdk-core:jar:1.12.261:compile
> |  \- joda-time:joda-time:jar:2.8.1:compile
> {code}
> but {{maven-dependency-plugin}} ends up copying only one of these:
> {code}
> org.apache.ozone:ozone-dist:jar:1.3.0-SNAPSHOT
> +- org.apache.ozone:ozone-tools:jar:1.3.0-SNAPSHOT:compile
> |  +- com.amazonaws:aws-java-sdk-core:jar:1.12.261:compile
> |  |  \- joda-time:joda-time:jar:2.8.1:compile
> {code}
> The classpath of the Ozone modules still include their own dependencies:
> {code:title=grep -E -o 'joda-time[^:]*.jar' hadoop-ozone/dist/target/ozone-1.3.0-SNAPSHOT/share/ozone/classpath/ozone-manager.classpath}
> joda-time-2.10.6.jar
> {code}
>  thus we could run into missing classes, should these transitive dependencies be actually used.
> We should add dependency convergence check to the build process to flag such problems.
> https://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
> Example from Hadoop:
> https://github.com/apache/hadoop/blob/c4aa41aa801302b5efefa2a59e590d8c02c72223/hadoop-project/pom.xml#L2291-L2336



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org