[jira] [Commented] (OFBIZ-7783) External library files are not in the OFBiz folder structure.

Thu, 04 Aug 2016 03:36:12 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-7783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407544#comment-15407544
 ] 

Jacques Le Roux commented on OFBIZ-7783:
----------------------------------------

Yes it's a different problem, because basically I want to check the 
vulnerability of all the libs used.

As I said at 
https://issues.apache.org/jira/browse/OFBIZ-7930?focusedCommentId=15398908&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-
tabpanel#comment-15398908 I was inspired by your solution but needed all the 
libs (not only runtime libs as in your case). Finally using the OWASP 
dependency check plugin is a far better solution for "my" problem and is still 
a WIP at OFBIZ-7930.

I personnaly see no problems adding the copyToLib task OOTB and would happily 
commit it if nobody disagree. Of course this task is a server (ie QA, UAT, 
production) environment task, so would be rather
{code}
task copyToLib(group: ofbizServer, type: Copy, description: 'Copy runtime libs 
in a QA, UAT or production environment') {
    into "$rootDir/lib"
    from configurations.runtime
}
{code}
Also maybe more would be needed to provide a ready-made complete copy for these 
environments. Like removing .gradle, gradle, build, etc. folders. Then also 
moving ofbiz.jar from build\libs (before droping it ;))...in root for 
instance... But then your solution for OFBIZ-7796 would need to be modified. So 
maybe better to keep the useless bagages. Actually I think all that is trivial 
when you are at a QA, UAT or production stage and may depend on servers 
policies. Still copyToLib makes sense.

> External library files are not in the OFBiz folder structure.
> -------------------------------------------------------------
>
>                 Key: OFBIZ-7783
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7783
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL COMPONENTS
>            Reporter: Pierre Smits
>            Assignee: Jacques Le Roux
>            Priority: Blocker
>
> With the implementation of the external library download feature of 
> gradle/gradlew, the external libraries (jar files) are not in the folder 
> structure any more. 
> They should reside there, like before.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to