Re: [Jython-dev] Bundled/shaded JARs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

In fact the problem is not shading but signimng: the fact that we bundle 
Bouncy Castle at all makes it stop working in certain respects. 
(https://bugs.jython.org/issue2858)

Jeff Allen

On 04/02/2020 06:10, Jim Baker wrote:
> The socket-reboot branch, bringing back the memories!
>
> Adam is absolutely right about the use of shading. Although in our 
> defense, when we started using jarjarbinks, it was the best available 
> choice out there to manage these dependencies. The world has moved on, 
> and the recent Gradle work will hopefully be a good bridge to that.
>
> re these shaded module imports: I think the only thing here that might 
> have been introduced in this branch is working around the shading of 
> included libraries (netty, etc) from Python library code (socket, ssl, 
> select). There is certainly no attempt to be systematic about fixing 
> other dependencies like JNR, which can still see dependency hell if 
> JRuby is also installed.
>
>
> On Mon, Feb 3, 2020 at 2:04 AM Jeff Allen <ja...@fa... 
> <mailto:ja...@fa...>> wrote:
>
>     On 03/02/2020 08:45, Adam Burke wrote:
>>     In other codebases I have seen this done reactively as a “poor
>>     man’s dependency conflict resolution”. ie introduce renaming only
>>     where there are conflicts in transitive dependencies, allowing
>>     the use of two different versions of classes with the same full
>>     name.
>>
>>     I don’t know the specific history in Jython, though.
>
>     Here from the beginning:
>     https://hg.python.org/jython/rev/107fe4a4c96b#l28.7, hence pinging
>     Jim. Unfortunately, it didn't occur to me it might be the wrong
>     thing to leave it so until after I cut a beta 3 (unpublished so far).
>
>     Now wondering if a beta 4 might be necessary as it seems the sort
>     of change that would need it, in case unshading produces the sort
>     of conflict you're talking about.  :(
>
>     Jeff
>
>>
>>     Cheers
>>     Adam
>>
>>>     在 2020年2月3日，下午6:36，Jeff Allen <ja...@fa...>
>>>     <mailto:ja...@fa...> 写道：
>>>
>>>     
>>>
>>>     When we install Jython we have bundled the contents of the JARs
>>>     we depend on into ~/jython.jar . Some we name-translate:
>>>
>>>         org/python/apache/commons/compress
>>>         org/python/bouncycastle
>>>
>>>     And some we just copy:
>>>
>>>         com/ziclix/python/sql
>>>         jnr/ffi
>>>
>>>     What drives one choice or the other?
>>>
>>>     Testing after installation, I get a test failure from test_ssl
>>>     (Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory
>>>     not available), where I suspect the shading is the cause. Quite
>>>     likely, something is loaded by its unshaded class name, since if
>>>     I place unshaded BC JARs on the path the test passes.
>>>
>>>     We seem to have gone to some lengths in _sslcerts.py, for
>>>     example, to use the shaded classes, but must we shade it?
>>>
>>>     Jeff
>>>
>>>     -- 
>>>     Jeff Allen
>>>     _______________________________________________
>>>     Jython-dev mailing list
>>>     Jyt...@li...
>>>     <mailto:Jyt...@li...>
>>>     https://lists.sourceforge.net/lists/listinfo/jython-dev
>