gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Favor for the Gump Project
Date Tue, 19 Oct 2004 14:11:29 GMT 
Greg,

I'm writing you on behalf of Gump (http://gump.apache.org) the continous 
integration tool that the ASF runs to understand project dependencies 
issues.

As you might know, Jetty is required to build some of the ASF project 
and we recently found out (with not ease of pain!) that jetty is causing 
a little problem with the fact that it's 'sealing' the jars that it 
produces.

For example, if you take a look here:

   http://brutus.apache.org/gump/test/project_todos.html

you'll see that the 20 projects are prevented from building because the 
cactus-framework depends on jetty *and* on the servlet API *and* the ant 
build file for cactus-framework checks for the availability of the 
servlet API 2.4, resulting in the servlet API classes to be loaded both 
from the jetty.jar and from the servlet-api.jar, but since jetty.jar is 
sealed, a security violation is thrown!

Now, Gump, as a practice, does *NOT* ask projects to change their 
descriptors for him, but we believe that it would be enough to apply the 
following patch

15:31:49.000000000 -0700
@@ -220,7 +220,7 @@
      <jar jarfile="${servlet.jar}" basedir="${classes}" >
         <include name="javax/servlet/**" />
         <manifest>
-         <attribute name="Sealed" value="true"/>
+         <attribute name="Sealed" value="${jar.sealed}"/>
           <attribute name="Built-By" value="${user.name}"/>
           <attribute name="Specification-Title" value="Java API for 
Servlets"/>
           <attribute name="Specification-Version" value="2.4"/>
@@ -237,7 +237,7 @@
    <target name="jetty.jar" depends="classes,servlet.jar" >
      <jar jarfile="${jetty.jar}">
         <manifest>
-         <attribute name="Sealed" value="true"/>
+         <attribute name="Sealed" value="${jar.sealed}"/>
           <attribute name="Built-By" value="${user.name}"/>
           <attribute name="Specification-Version" 
value="${RELEASE.MAJOR}"/>
           <attribute name="Implementation-Version" 
value="${RELEASE.MAJOR.MINOR}"/>

so that "jar sealing" could be turned on and off at need.

We deeply apologize for the incovenience and we realize it's none of 
your concern if gump builds or not, but this very simple patch would 
help up a great deal.

Thanks for your understanding.

-- 
Stefano.
Mime
View raw message