-
Notifications
You must be signed in to change notification settings - Fork 913
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude java.security.Provider
SPI configuration from shaded jar
#5825
Conversation
core/build.gradle
Outdated
|
||
ant.jar(destfile: trimmed.toString(), update: true, duplicate: 'fail') { | ||
ant.jar(destfile: tmp, duplicate: 'fail', filesetmanifest:'merge') { | ||
zipfileset(src: outJarFile, excludes: 'META-INF/services/java.security.Provider') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding a new property shadowExclusions
like jacocoExclusions
and excluding shadowExclusions
in shadeJar
?
Line 29 in 6dec849
jacocoExclusions=com/linecorp/armeria/internal/common/CurrentJavaVersionSpecific,com/linecorp/armeria/*/scalapb/**,META-INF/versions/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to do so, I think:
- This functionality should be applied to all modules, not just
:core
. If we take this approach, it probably makes more sense to move this functionality togradle-scripts
- In the case of
:core
, the filtering will need to happen twice: once to addversions
, another time to removeshadowExclusions
Am I understanding your intention correctly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't think we needed shadowExclusions
per module. I imagined adding shadowExclusions
in java-shade.gradle
. For example:
task shadedJar(
def shadowExclusions = []
if (rootProject.hasProperty('shadowExclusions')) {
shadowExclusions = rootProject.findProperty('shadowExclusions').split(",")
}
shadowExclusions.each {
exclude it
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My proposal intended to use the feature provided by Shadow instead of the workaround.
If you think a different exclusion is required for each module, bomGroups
pattern is also good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, this solution also works 👍 Note that I wasn't able to migrate the other exclusions to ensure backwards compat
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. Let's regard them as the default exclusions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙇♂️🙇♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 👍 👍
…5825) Motivation: Recently we noticed that java modules don't work well with Armeria. The reason was that `META-INF/services/java.security.Provider` is included in our SPI, but `org.bouncycastle.jce.provider.BouncyCastleProvider` doesn't exist in the JAR causing an exception in the following [location](https://github.com/openjdk/jdk/blob/476d2ae69d6f67fdf9e2a9353f224141318690f2/src/java.base/share/classes/jdk/internal/module/ModulePath.java#L554). Since we shade our custom `BouncyCastleProvider` and use it sparingly, we probably don't need to also export the SPI implementations. https://github.com/line/armeria/blob/6dec8498457d7032cbbc192e4070ca2bc5658535/core/src/main/java/com/linecorp/armeria/internal/common/util/MinifiedBouncyCastleProvider.java#L93-L98 Note that this problem can happen if a shaded module provides SPI implementations and is not necessarily unique to `BouncyCastle`. From a quick check I don't think (`guava`, `jctools`, `reflections`, `fastutil`, `futures`) have a similar issue though. A working version with java 9 modules with the built snapshot version can be found in the following repository: https://github.com/jrhee17/my-java-module. Note that this change also requires line/gradle-scripts#184. Also, did a local test to ensure there are no unintentional changes ``` user@AL02437565 shaded-diff % tar -zxf /Users/user/Projects/armeria/core/build/libs/armeria-shaded-1.30.0-SNAPSHOT.jar -C new user@AL02437565 shaded-diff % tar -zxf /Users/user/Projects/upstream-armeria/core/build/libs/armeria-shaded-1.30.0-SNAPSHOT.jar -C base user@AL02437565 shaded-diff % diff -rq new base Files new/META-INF/com.linecorp.armeria.versions.properties and base/META-INF/com.linecorp.armeria.versions.properties differ Only in base/META-INF/services: java.security.Provider user@AL02437565 shaded-diff % ``` Modifications: - Added a `shadowExclusions` property which excludes files from the shadowed JAR Result: - Armeria has more compatibility with Java 9 modules. <!-- Visit this URL to learn more about how to write a pull request description: https://armeria.dev/community/developer-guide#how-to-write-pull-request-description -->
Motivation:
Recently we noticed that java modules don't work well with Armeria. The reason was that
META-INF/services/java.security.Provider
is included in our SPI, butorg.bouncycastle.jce.provider.BouncyCastleProvider
doesn't exist in the JAR causing an exception in the following location.Since we shade our custom
BouncyCastleProvider
and use it sparingly, we probably don't need to also export the SPI implementations.armeria/core/src/main/java/com/linecorp/armeria/internal/common/util/MinifiedBouncyCastleProvider.java
Lines 93 to 98 in 6dec849
Note that this problem can happen if a shaded module provides SPI implementations and is not necessarily unique to
BouncyCastle
. From a quick check I don't think (guava
,jctools
,reflections
,fastutil
,futures
) have a similar issue though.A working version with java 9 modules with the built snapshot version can be found in the following repository: https://github.com/jrhee17/my-java-module. Note that this change also requires line/gradle-scripts#184.
Also, did a local test to ensure there are no unintentional changes
Modifications:
shadowExclusions
property which excludes files from the shadowed JARResult: