[
https://issues.apache.org/jira/browse/CASSANDRA-18877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Miklosovic updated CASSANDRA-18877:
------------------------------------------
Description:
I was digging in the project deps and if you compare all libs in "libs" dir and
all libs in "build/lib/jars", there are indeed some differences which are OK
however in build/lib/jars there are also libraries for byteman and byte-buddy.
This is clearly wrong as these dependecies should not be accessible from the
production code, only from tests.
The reason they are accessible in prod code is that there is the class
TestRateLimiter (1). I do not have a clue why that class is in the prod code in
the first place. The only place it is referenced in is here (2) but that
byteman script is not loaded anywhere in tests. I was also checking Python
dtests.
I think this is some leftover or something like "I will keep it here when I
need it", but as nobody seems to do, I strongly advocate for removing it and
making bytebuddy and byteman only test scoped dependencies as it should be.
A reader who pays attention notices that these dependencies are of provided
scope which is a trick to have it compilable but not among the libraries in the
production runtime and it does not do any harm as it is never invoked from the
production code (if it was, it would fail on missing imports) neverthless this
is still an issue which should be addressed. We were doing something similar
with assertj dependency recently.
The second issue is that there is a dependency on compress-lzf in build
dependencies. This is not necessary either as that library was removed from the
repository in (3) but it still somehow leaked to the build process again.
(1)
https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/utils/TestRateLimiter.java
(2)
https://github.com/apache/cassandra/blob/trunk/test/resources/byteman/mutation_limiter.btm
(3)
https://github.com/apache/cassandra/commit/fc92db2b9b56c143516026ba29cecdec37e286bb
was:
I was digging in the project deps and if you compare all libs in "libs" dir and
all libs in "build/lib/jars", there are indeed some diffrences which are OK
however in build/lib/jars there are also libraries for byteman and byte-buddy.
This is clearly wrong as these dependecies should not be accessible from the
production code, only from tests.
The reason they are accessible in prod code is that there is the class
TestRateLimiter (1). I do not have a clue why that class is in the prod code in
the first place. The only place it is referenced in is here (2) but that
byteman script is not loaded anywhere in tests. I was also checking Python
dtests.
I think this is some leftover or something like "I will keep it here when I
need it", but as nobody seems to do, I strongly advocate for removing it and
making bytebuddy and byteman only test scoped dependencies as it should be.
A reader who pays attention notices that these dependencies are of provided
scope which is a trick to have it compilable but not among the libraries in the
production runtime and it does not do any harm as it is never invoked from the
production code (if it was, it would fail on missing imports) neverthless this
is still an issue which should be addressed. We were doing something similar
with assertj dependency recently.
The second issue is that there is a dependency on compress-lzf in build
dependencies. This is not necessary either as that library was removed from the
repository in (3) but it still somehow leaked to the build process again.
(1)
https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/utils/TestRateLimiter.java
(2)
https://github.com/apache/cassandra/blob/trunk/test/resources/byteman/mutation_limiter.btm
(3)
https://github.com/apache/cassandra/commit/fc92db2b9b56c143516026ba29cecdec37e286bb
> remove bytebuddy / byteman from production classpath and remove compress-lzf
> dependency from build deps
> -------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-18877
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18877
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 5.x
>
>
> I was digging in the project deps and if you compare all libs in "libs" dir
> and all libs in "build/lib/jars", there are indeed some differences which are
> OK however in build/lib/jars there are also libraries for byteman and
> byte-buddy. This is clearly wrong as these dependecies should not be
> accessible from the production code, only from tests.
> The reason they are accessible in prod code is that there is the class
> TestRateLimiter (1). I do not have a clue why that class is in the prod code
> in the first place. The only place it is referenced in is here (2) but that
> byteman script is not loaded anywhere in tests. I was also checking Python
> dtests.
> I think this is some leftover or something like "I will keep it here when I
> need it", but as nobody seems to do, I strongly advocate for removing it and
> making bytebuddy and byteman only test scoped dependencies as it should be.
> A reader who pays attention notices that these dependencies are of provided
> scope which is a trick to have it compilable but not among the libraries in
> the production runtime and it does not do any harm as it is never invoked
> from the production code (if it was, it would fail on missing imports)
> neverthless this is still an issue which should be addressed. We were doing
> something similar with assertj dependency recently.
> The second issue is that there is a dependency on compress-lzf in build
> dependencies. This is not necessary either as that library was removed from
> the repository in (3) but it still somehow leaked to the build process again.
> (1)
> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/utils/TestRateLimiter.java
> (2)
> https://github.com/apache/cassandra/blob/trunk/test/resources/byteman/mutation_limiter.btm
> (3)
> https://github.com/apache/cassandra/commit/fc92db2b9b56c143516026ba29cecdec37e286bb
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
