Made some progress by adjusting the rules - here's the latest counts (not
including string references):

Path javax uses total
./opensaml-xmlsec-api-3.3.1.jar 2
./opensaml-soap-api-3.3.1.jar 5
./java-support-7.3.0.jar 12
./opensaml-saml-impl-3.3.1.jar 7
./opensaml-core-3.3.1.jar 5
./opensaml-profile-api-3.3.1.jar 1
./opensaml-saml-api-3.3.1.jar 7

And if we include string references:

Path javax uses total
./servlet-api.jar 26
./jakarta.activation-1.2.1.jar 2
./jsp-api.jar 13
./bval-jsr-2.0.3.jar 1
./taglibs-standard-impl-1.2.5.jar 17
./openejb-core-8.0.3-SNAPSHOT.jar 41
./cxf-core-3.3.6.jar 48
./catalina.jar 135
./cxf-rt-security-saml-3.3.6.jar 7
./cxf-rt-bindings-soap-3.3.6.jar 5
./taglibs-standard-jstlel-1.2.5.jar 1
./opensaml-xmlsec-api-3.3.1.jar 2
./opensaml-security-api-3.3.1.jar 2
./jakarta.xml.bind-api-2.3.2.jar 5
./taglibs-standard-spec-1.2.5.jar 11
./openejb-jee-8.0.3-SNAPSHOT.jar 1
./openwebbeans-impl-2.0.12.jar 4
./saaj-impl-1.5.1.jar 7
./opensaml-soap-api-3.3.1.jar 5
./jasper.jar 36
./jakarta.faces-2.3.14.jar 165
./openejb-client-8.0.3-SNAPSHOT.jar 1
./tomcat-util-scan.jar 1
./openjpa-3.1.0.jar 80
./cxf-rt-rs-security-oauth2-3.3.6.jar 1
./java-support-7.3.0.jar 12
./cxf-rt-frontend-jaxws-3.3.6.jar 74
./cxf-rt-transports-http-3.3.6.jar 10
./opensaml-saml-impl-3.3.1.jar 7
./catalina-ssi.jar 4
./cxf-rt-ws-security-3.3.6.jar 15
./javaee-api-8.0-4.jar 47
./tomee-catalina-8.0.3-SNAPSHOT.jar 1
./opensaml-core-3.3.1.jar 5
./cxf-rt-ws-addr-3.3.6.jar 4
./eclipselink-2.7.4.jar 177
./opensaml-profile-api-3.3.1.jar 1
./tomcat-coyote.jar 23
./opensaml-saml-api-3.3.1.jar 7
./cxf-rt-frontend-jaxrs-3.3.6.jar 3

This is looking a lot better.

Jon

On Wed, Jun 3, 2020 at 6:06 PM David Blevins <[email protected]>
wrote:

> > On Jun 3, 2020, at 9:03 AM, Jonathan Gallimore <
> [email protected]> wrote:
> >
> > Just wanted to follow up with some details on how I'm getting the numbers
> > below. I'm using this tool: https://github.com/tomitribe/jkta
>
> So people have a heads-up on that tool, I'm currently working on the
> Tomitribe side with Sonatype to scan all of Maven Central for uses of the
> affected javax packages.  We'll be building a reporting site to share the
> data with everyone.  I mention that just in case people get excited and
> think, "wow, we could help a lot of people with a tool like that!"  Agree
> and covered :)  "Go big or go home" as they say :)
>
> I unfortunately won't be able to go into much more detail.  I'll just say
> we're all very excited and we hope to make the javax-to-jakarta transition
> as survivable as possible.
>
> > Once TomEE is built, I'm extracting the zip, changing to the lib folder,
> > and running the following commands:
> >
> > for f in *.jar; do java -jar
> > ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage jar $f > $f.tsv;
> done
> > for f in *.jar; do java -jar
> > ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage jar
> > --include-strings=true $f > $f.strings.tsv; done
> > java -jar ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage dir . >
> > jars.tsv
> > java -jar ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage dir
> > --include-strings=true . > jars.strings.tsv
> >
> > The goal to see what the gaps are from the transformation process and
> close
> > those gaps.
>
> I'll dig in and see what I can find.  I've had my nose deep in ASM for a
> few weeks now, so we'll see if helps.
>
>
> -David
>
>

Reply via email to