ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-7783) External library files are not in the OFBiz folder structure.
Date Thu, 04 Aug 2016 10:35:20 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-7783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407544#comment-15407544

Jacques Le Roux commented on OFBIZ-7783:

Yes it's a different problem, because basically I want to check the vulnerability of all the
libs used.

As I said at https://issues.apache.org/jira/browse/OFBIZ-7930?focusedCommentId=15398908&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-
tabpanel#comment-15398908 I was inspired by your solution but needed all the libs (not only
runtime libs as in your case). Finally using the OWASP dependency check plugin is a far better
solution for "my" problem and is still a WIP at OFBIZ-7930.

I personnaly see no problems adding the copyToLib task OOTB and would happily commit it if
nobody disagree. Of course this task is a server (ie QA, UAT, production) environment task,
so would be rather
task copyToLib(group: ofbizServer, type: Copy, description: 'Copy runtime libs in a QA, UAT
or production environment') {
    into "$rootDir/lib"
    from configurations.runtime
Also maybe more would be needed to provide a ready-made complete copy for these environments.
Like removing .gradle, gradle, build, etc. folders. Then also moving ofbiz.jar from build\libs
(before droping it ;))...in root for instance... But then your solution for OFBIZ-7796 would
need to be modified. So maybe better to keep the useless bagages. Actually I think all that
is trivial when you are at a QA, UAT or production stage and may depend on servers policies.
Still copyToLib makes sense.

> External library files are not in the OFBiz folder structure.
> -------------------------------------------------------------
>                 Key: OFBIZ-7783
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7783
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL COMPONENTS
>            Reporter: Pierre Smits
>            Assignee: Jacques Le Roux
>            Priority: Blocker
> With the implementation of the external library download feature of gradle/gradlew, the
external libraries (jar files) are not in the folder structure any more. 
> They should reside there, like before.

This message was sent by Atlassian JIRA

View raw message