-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LUCENE-9266 remove gradle wrapper jar from source #1390
Conversation
buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java
Outdated
Show resolved
Hide resolved
buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java
Outdated
Show resolved
Hide resolved
buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java
Outdated
Show resolved
Hide resolved
buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java
Outdated
Show resolved
Hide resolved
buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java
Outdated
Show resolved
Hide resolved
I like the direction, Mike. If we can keep gradle wrapper jar in the repository (see that comment on legal jira) then this patch could be easily extended to make the whole download check conditional and only applicable if you're running a stand-alone source release bundle. This is definitely a follow-up work. I can try to help out with Windows testing and maybe cosmetics; let me know if you want me to file a pr against your repo or attach a patch when you're ready. |
Realistically, I don't think anybody will. Rather, they'll retry the
script. If something doesn't work with move it's probably fatal
anyway.
…On Tue, Mar 31, 2020 at 9:34 PM Mike Drob ***@***.***> wrote:
@madrob commented on this pull request.
________________________________
In buildSrc/src/main/java/org/apache/lucene/gradle/WrapperDownloader.java:
> + File temp = Files.createTempFile("gradle-wrapper", null).toFile();
+ try (ReadableByteChannel in = Channels.newChannel(url.openStream());
+ FileOutputStream out = new FileOutputStream(temp)) {
+ out.getChannel().transferFrom(in, 0, maxSize);
+ }
+
+ try (FileInputStream fis = new FileInputStream(temp)) {
+ MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
+
+ // Convert binary digest to hex checksum value
+ // This will strip leading zeroes, deal with that when we need to
+ String sha256sum = new BigInteger(1, sha256.digest(fis.readAllBytes())).toString(16);
+
+ if (args[2].equals(sha256sum)) {
+ if (!temp.renameTo(jar)) {
+ System.err.println("Failed renaming wrapper jar, leaving download at " + temp);
The user might be able to manually move it into place since we've already validated the checksum. I'll update the error.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Hi Mike. I've restructured the downloader class a bit so that gradle wrapper version and checksum are aligned with the target file - makes it a single place to change things (instead of messing with the scripts). I also simplified error messaging a bit, hope it's ok. More interestingly I discovered a hideous problem with CLASSPATH environment variable: this is used by java in single-source mode and was locking the wrapper file (on Windows), effectively preventing any changes (in case of overwriting due to a wrong checksum, for example). Corrected. Looks good to me to commit this in (removing the gradle-wrapper.jar file). Anything else can be a follow-up. |
ASF Release Policy states that we cannot have binary JAR files checked in to our source releases, a few other projects have solved this by modifying their generated gradlew scripts to download a copy of the wrapper jar. We now have a version and checksum file in ./gradle/wrapper directory used for verifying the wrapper jar, and will take advantage of single source java execution to verify and download. The gradle wrapper jar will continue to be available in the git repository, but will be excluded from src tarball generation. This should not change workflows for any users, since we expect the gradlew script to get the jar when it is missing. Co-authored-by: Dawid Weiss <dweiss@apache.org>
Your patch moved the *nix invocation of WrapperDownloader to before we set JAVA_CMD, when it still needed to be after. I switched that back, but kept your change of setting the CLASSPATH after we download the new gradle-wrapper.jar. I'll push a squashed/rebased version of everything here for one last look before committing. In your Windows patch you use backslashes for GRADLE_WRAPPER_JAR but forward slashes for the JAVA_EXE command - is that fine/expected/necessary? |
bq. Your patch moved the *nix invocation of WrapperDownloader to before we set JAVA_CMD, when it still needed to be after. I switched that back, but kept your change of setting the CLASSPATH after we download the new gradle-wrapper.jar I should have checked, sorry. I had a million things to do today. bq. In your Windows patch you use backslashes for GRADLE_WRAPPER_JAR but forward slashes for the JAVA_EXE command - is that fine/expected/necessary? Neither matters on modern Java versions. You can switch them to windows path separators if you wish but you don't have to. |
From @gerlowskija on Slack:
A better error message would be nice here, but I also don't want to figure out how to parse the output. Maybe the easiest solution is to add another class with an empty main method and if that fails we assume the java launcher is too old? |
I would really want to limit the number of forked java processes to the absolute minimum in those scripts. Each invocation of java adds a bit of penalty to startup and these accumulate. I would assume people are running with Java 11+ and if it fails for them so be it... If you really want to be nice here then I would rewrite the Downloader to be compatible with Java 8, then compile that class with javac and run it as regular class. The first thing you do in the downloader then is you can System.exit(-1) if java version < 11. It can be also left for a separate patch/ improvement. |
Committed in e25ab42 |
ASF Release Policy states that we cannot have binary JAR files checked
in to our source releases, a few other projects have solved this by
modifying their generated gradlew scripts to download a copy of the
wrapper jar.
This implementation is heavily based on the one found in KAFKA-1714