Unbundle krypt libraries #1207

Closed
voxik opened this Issue Nov 8, 2013 · 6 comments

Projects

None yet

2 participants

@voxik
Contributor
voxik commented Nov 8, 2013

Could you please unbundle krypt libraries (namely lib/ruby/shared/krypt{core,providerjdk}).jar ? This is showstopper for Fedora, since Fedora prohibits bundling. Hence I cannot continue with update to JRuby 1.7.6.

Thanks.

@mkristian
Member

are you saying we should pull in the krypt gem with its dependencies (which
include those jars wrapped as gems) and use them for building jruby ?

@voxik
Contributor
voxik commented Nov 8, 2013

Pulling gem sounds somewhat better, but I have several concerns in this regard:

  1. I expect that you will do so using de.saumya.mojo:gem-maven-plugin and that troubles me. If I understand it correctly, it somehow automatically converts gems to maven artifacts, but how to replicate this for Fedora, that is totally unclear to me yet.
  2. Since Fedora needs to rebuild every jar from sources, I hope that the gem will not bundle any jars, or that there will be easy to remove and possible to rebuild them from sources.
@mkristian
Member

Pulling gem sounds somewhat better, but I have several concerns in this
regard:

  1. I expect that you will do so using de.saumya.mojo:gem-maven-plugin
    and that troubles me. If I understand it correctly, it somehow
    automatically converts gems to maven artifacts, but how to replicate this
    for Fedora, that is totally unclear to me yet.

well, the plugin does download the gem from a maven repository unless it
is already inside the local-repository of maven (same as maven does with
all artifacts). then the plugin basically calls 'gem install -l
--ignores-dependencies xzy.gem (and some more extra options) and for jruby
it uses the jruby from the build directory to execute the gem command.

since there are some changes ahead with those 'extension' gems like krypt,
openssl, readline, ripper - well it would be great to handle them all in
the same and consistent manner.

would it help (in the long run) to use a 'ruby script' instead of the
gem-maven-plugin- or ? there is ruby gem which helps to convert a gemspec
into pom.xml - does that help ?

  1. Since Fedora needs to rebuild every jar from sources, I hope that
    the gem will not bundle any jars, or that there will be easy to remove and
    possible to rebuild them from sources.

you have to look at https://github.com/krypt/ - not sure whether that is
all easy . . .

@voxik
Contributor
voxik commented Nov 8, 2013

well, the plugin does download the gem from a maven repository

This is the first step I don't understand. What is downloaded actually? If that would be:

  • Download gem from rubygems.org
  • Download pom.xml from maven repository

That would sound acceptable.

But you say "download gem from a maven repository". So the gems are mirrored? Are they modified? Are they converted to jars? Are they trusted?

would it help (in the long run) to use a 'ruby script' instead of the gem-maven-plugin- or ? there is ruby gem which helps to convert a gemspec into pom.xml - does that help ?

Since I am nor Java nor Maven expert, that would be definitely more comprehensible.

Still not sure why are the gems mavenized anyway. For Fedora, we are definitely not going to download anything from any maven repository out there, so I see it just as a complication. But I understand that your build/release process is different, so I just like to highlight Fedoras different POV and find solution which will work for both.

you have to look at https://github.com/krypt/ - not sure whether that is all easy

Well, I explored the repositories a bit and it is definitely not all that easy, otherwise I would submit PR instead ;)

@mkristian
Member

On Fri, Nov 8, 2013 at 2:13 PM, Vít Ondruch notifications@github.comwrote:

well, the plugin does download the gem from a maven repository

This is the first step I don't understand. What is downloaded actually? If
that would be:

  • Download gem from rubygems.org
  • Download pom.xml from maven repository

That would sound acceptable.

both come from a maven repository

But you say "download gem from a maven repository". So the gems are
mirrored?

basically, actually when you trigger the download there will be a redirect
to the storage grom rubygems.org. but that is how the torquebox maven gem
repo works. there a nexus-plugin for ruby which offers also repo for gem
artifacts there the gem gets mirrored in the nexus server.

Are they modified? Are they converted to jars? Are they trusted?

not modified. not converted. just put along pom.xml in maven directory
layout. trusted - that is something.

would it help (in the long run) to use a 'ruby script' instead of the
gem-maven-plugin- or ? there is ruby gem which helps to convert a gemspec
into pom.xml - does that help ?

Since I am nor Java nor Maven expert, that would be definitely more
comprehensible.

well, there are two things:

  • maven downloads the gem from that gem maven repo - for that the plugin is
    not needed, that is core maven.
  • the plugin installs the gem at the configured place

Still not sure why are the gems mavenized anyway.

well, let's say it is just convenient like maven caches the download in the
local repository, etc

For Fedora, we are definitely not going to download anything from any
maven repository out there, so I see it just as a complication. But I
understand that your build/release process is different, so I just like to
highlight Fedoras different POV and find solution which will work for both.

that is understood ;)

@mkristian
Member

this is done on both on master and on jruby-1_7 branch.

@mkristian mkristian closed this Apr 8, 2014
@mkristian mkristian added this to the JRuby 1.7.12 milestone Apr 8, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment