Made some progress by adjusting the rules - here's the latest counts (not including string references):
Path javax uses total ./opensaml-xmlsec-api-3.3.1.jar 2 ./opensaml-soap-api-3.3.1.jar 5 ./java-support-7.3.0.jar 12 ./opensaml-saml-impl-3.3.1.jar 7 ./opensaml-core-3.3.1.jar 5 ./opensaml-profile-api-3.3.1.jar 1 ./opensaml-saml-api-3.3.1.jar 7 And if we include string references: Path javax uses total ./servlet-api.jar 26 ./jakarta.activation-1.2.1.jar 2 ./jsp-api.jar 13 ./bval-jsr-2.0.3.jar 1 ./taglibs-standard-impl-1.2.5.jar 17 ./openejb-core-8.0.3-SNAPSHOT.jar 41 ./cxf-core-3.3.6.jar 48 ./catalina.jar 135 ./cxf-rt-security-saml-3.3.6.jar 7 ./cxf-rt-bindings-soap-3.3.6.jar 5 ./taglibs-standard-jstlel-1.2.5.jar 1 ./opensaml-xmlsec-api-3.3.1.jar 2 ./opensaml-security-api-3.3.1.jar 2 ./jakarta.xml.bind-api-2.3.2.jar 5 ./taglibs-standard-spec-1.2.5.jar 11 ./openejb-jee-8.0.3-SNAPSHOT.jar 1 ./openwebbeans-impl-2.0.12.jar 4 ./saaj-impl-1.5.1.jar 7 ./opensaml-soap-api-3.3.1.jar 5 ./jasper.jar 36 ./jakarta.faces-2.3.14.jar 165 ./openejb-client-8.0.3-SNAPSHOT.jar 1 ./tomcat-util-scan.jar 1 ./openjpa-3.1.0.jar 80 ./cxf-rt-rs-security-oauth2-3.3.6.jar 1 ./java-support-7.3.0.jar 12 ./cxf-rt-frontend-jaxws-3.3.6.jar 74 ./cxf-rt-transports-http-3.3.6.jar 10 ./opensaml-saml-impl-3.3.1.jar 7 ./catalina-ssi.jar 4 ./cxf-rt-ws-security-3.3.6.jar 15 ./javaee-api-8.0-4.jar 47 ./tomee-catalina-8.0.3-SNAPSHOT.jar 1 ./opensaml-core-3.3.1.jar 5 ./cxf-rt-ws-addr-3.3.6.jar 4 ./eclipselink-2.7.4.jar 177 ./opensaml-profile-api-3.3.1.jar 1 ./tomcat-coyote.jar 23 ./opensaml-saml-api-3.3.1.jar 7 ./cxf-rt-frontend-jaxrs-3.3.6.jar 3 This is looking a lot better. Jon On Wed, Jun 3, 2020 at 6:06 PM David Blevins <[email protected]> wrote: > > On Jun 3, 2020, at 9:03 AM, Jonathan Gallimore < > [email protected]> wrote: > > > > Just wanted to follow up with some details on how I'm getting the numbers > > below. I'm using this tool: https://github.com/tomitribe/jkta > > So people have a heads-up on that tool, I'm currently working on the > Tomitribe side with Sonatype to scan all of Maven Central for uses of the > affected javax packages. We'll be building a reporting site to share the > data with everyone. I mention that just in case people get excited and > think, "wow, we could help a lot of people with a tool like that!" Agree > and covered :) "Go big or go home" as they say :) > > I unfortunately won't be able to go into much more detail. I'll just say > we're all very excited and we hope to make the javax-to-jakarta transition > as survivable as possible. > > > Once TomEE is built, I'm extracting the zip, changing to the lib folder, > > and running the following commands: > > > > for f in *.jar; do java -jar > > ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage jar $f > $f.tsv; > done > > for f in *.jar; do java -jar > > ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage jar > > --include-strings=true $f > $f.strings.tsv; done > > java -jar ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage dir . > > > jars.tsv > > java -jar ~/dev/jkta/target/jkta-0.11-SNAPSHOT-shaded.jar usage dir > > --include-strings=true . > jars.strings.tsv > > > > The goal to see what the gaps are from the transformation process and > close > > those gaps. > > I'll dig in and see what I can find. I've had my nose deep in ASM for a > few weeks now, so we'll see if helps. > > > -David > >
