[
https://issues.apache.org/jira/browse/RATIS-383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703440#comment-16703440
]
Josh Elser commented on RATIS-383:
----------------------------------
{code}
diff --git a/misc/pom.xml b/misc/pom.xml
index 073e816..ee03fff 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -64,6 +64,11 @@
<artifactId>gson</artifactId>
<version>2.8.2</version>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ <version>${shaded.netty.tcnative.version}</version>
+ </dependency>
<dependency>
<groupId>io.opencensus</groupId>
<artifactId>opencensus-api</artifactId>
{code}
We can omit the {{<version>}} in misc/pom.xml because we have it declared in
dependencyManagement in the parent.
{code}
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <version>3.0.2</version>
+ <executions>
+ <execution>
+ <id>unpack-dependencies</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>unpack-dependencies</goal>
+ </goals>
+ <configuration>
+ <includes>**/META-INF/native/*</includes>
+
<outputDirectory>${project.build.directory}/classes/</outputDirectory>
+ <overWriteReleases>true</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
{code}
This is going to unpack all dependencies, isn't it? Can we find a way that we
only unpack the tcnative-boring-ssl artifact?
{code}
<!--Version of grpc to be shaded -->
- <shaded.grpc.version>1.14.0</shaded.grpc.version>
+ <shaded.grpc.version>1.16.0</shaded.grpc.version>
<!--Version of Netty to be shaded -->
- <shaded.netty.version>4.1.27.Final</shaded.netty.version>
+ <shaded.netty.version>4.1.30.Final</shaded.netty.version>
{code}
Just noting that another change was done here. We should either amend the
description or spin out another Jira issue to capture that some versions were
also bumped.
> Shade native library tcnative for grpc/netty in Ratis-Thirdparty
> ----------------------------------------------------------------
>
> Key: RATIS-383
> URL: https://issues.apache.org/jira/browse/RATIS-383
> Project: Ratis
> Issue Type: Bug
> Components: security
> Reporter: Mukul Kumar Singh
> Assignee: Xiaoyu Yao
> Priority: Major
> Labels: ozone
> Attachments: RATIS-383.001.patch, RATIS-383.002.patch
>
>
> RATIS-246 discusses making GRPC endpoint secure with mTLS. This jira is
> needed as GRPC/netty has dependency on tcnative jar/libraries that need to be
> shaded in Ratis-Thirdparty.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)