Skip to content

Improve warning for optional Imports w/o version #6559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve warning for optional Imports w/o version #6559

wants to merge 1 commit into from
+4 −1

Conversation

chrisrueger
Copy link
Contributor

@chrisrueger chrisrueger commented Apr 14, 2025
edited
Loading

This is an attempt / idea to improve the pedantic warning "Imports that lack version ranges" .

@chrisrueger
Copy link
Contributor Author

Just for me:

I observed the following:

Assume:

  • I have some direct dependency which requires com.fasterxml.jackson.annotation (direct dep is org.mustangproject:library which I am using via -includeresource; lib:=true because it is not an OSGi bundle )
  • I only do in bnd.bnd: Import-Package: *

Then I get:

Imports that lack version ranges [com.fasterxml.jackson.annotation]

and the MANIFEST.MF only contains:

Import-Package                          com.fasterxml.jackson.annotation

But I actually have com.fasterxml.jackson.core.jackson-annotations;version=2.18.3 in my Repository.

Now I add the jackson lib to my buildpath:

-buildpath: \
   com.fasterxml.jackson.core.jackson-annotations;version=2.18.3

or even

-buildpath: \
   com.fasterxml.jackson.core.jackson-annotations;version=latest

(Even though my own code in the bundle does NOT use com.fasterxml.jackson.core.jackson-annotations directly)

Then MANIFEST.MF contains the version:

Import-Package                          com.fasterxml.jackson.annotation;version="[2.18,3)"

I wonder if this is the way it is supposed to work.
I guess, me putting it in -builtpath gives bnd a more explicit hint.
But why can't bnd do the same without it being on the buildpath?

@chrisrueger
Copy link
Contributor Author

I asked chatGPT and I believe the answer is correct. Thus I am closing the PR now.

Why It Works When You Add It to the Buildpath

When you do:

-buildpath: \
   com.fasterxml.jackson.core.jackson-annotations;version=2.18.3

Then Bnd can analyze the actual JAR and read version information from either:

  • packageinfo files
  • Export-Package headers from the JAR’s manifest

Hence, Bnd can now generate:

Import-Package: com.fasterxml.jackson.annotation;version="[2.18,3)"

So the warning disappears because the version range is now known.

Why Doesn't Bnd Do It Automatically If It's in the Repository?

This is the crux of your question.

"Why can't Bnd just use the Repository to figure out the version?"

Because Bnd separates two concerns:

  1. Compilation/building (-buildpath)
  2. Resolution/assembly (-runbundles, -runpath, -runrequires, etc.)

Just because a JAR is in your repository does not mean Bnd will include or inspect it unless you explicitly declare its usage:

  • On the -buildpath (so it's available to compile against), or

Bnd never introspects the repository just in case something might be needed — that would introduce unpredictable behavior and unnecessary coupling.

After thinking about it this way I think it makes sense. Closing.

@chrisrueger chrisrueger closed this Jul 4, 2025
@kriegfrj
Copy link
Contributor

kriegfrj commented Jul 5, 2025

But why can't bnd do the same without it being on the buildpath?

Although ChatGPT gave you a general answer, a specific example could be: what is you have two versions of the dependency in your workspace? Which version range should it use (especially if they have different major versions)?

I'm curious though: Bnd is smart enough to include imports for transitive dependencies that are required at runtime but not in the build path. But if you're building with proper bundles as your buildpath artifacts, then those transitive dependencies should be listed in one of those bundles' import package statements, which should have the correct version range, which Bnd will then use.

If I'm correct, then I'm guessing that your buildpath had a jar on it that either wasn't a bundle, was missing the import package for the annotation package, or was missing the import range for the transitive package?

@chrisrueger
Copy link
Contributor Author

If I'm correct, then I'm guessing that your buildpath had a jar on it that either wasn't a bundle, was missing the import package for the annotation package, or was missing the import range for the transitive package?

Yes I think you are correct.
We have a non-OSGi Bundle (https://mvnrepository.com/artifact/org.mustangproject/library/2.17.0) included via -includeresource ;lib:=true in our bundle

  • this internally / transitively needs com.fasterxml.jackson which leads to the Import-Package without version
  • since this is a non-OSGi bundle, there are no version information there

It makes sense now.
I realize that I am often stumble over this kind of stuff although working with bnd / OSGi for some time. My bad. My brain has no OSGi-resolver yet ;)
Not sure if there is anything which could be done here, other than maybe enriching the UI or some warnings with exactly this educative information we are discussing here.

@chrisrueger chrisrueger reopened this Jul 6, 2025
@chrisrueger
supress warning for optional Imports w/o version
4a0d294 
This suppresses the pedantic warning "Imports that lack version ranges" for the case of resolution:=optional imports. The idea behind this is, that if the developer has made the effort to customize the imports, then the developer has "handled" or "touched" that package. And one could argue the developer could have added a version too. But since the developer decided to only add resolution:=optional, then the version is probably not known or not important

Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>

Revert "supress warning for optional Imports w/o version"

This reverts commit 1616420.

add more info to warning
@chrisrueger chrisrueger force-pushed the dynamicimportpackages-of-classpath-jars branch from 1616420 to 4a0d294 Compare July 6, 2025 15:16
@chrisrueger
Copy link
Contributor Author

@kriegfrj I reopened the PR and changed it so that I just add an explanation to the warning.
What do you think? Would you explain it different?

@chrisrueger chrisrueger changed the title Suppress warning for optional Imports w/o version Improve warning for optional Imports w/o version Jul 6, 2025
@chrisrueger chrisrueger marked this pull request as ready for review July 6, 2025 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chrisrueger @kriegfrj