Bug#891136: ITP: tools-deps-alpha-clojure -- functional API for dependency management and classpath creation

2020-04-13 Thread Elana Hashman 
Okay, latest version is now 0.8.677. Let's reevaluate what's required for 
packaging.

`lein deps :tree` now says:

 [org.clojure/tools.deps.alpha "0.8.677"]

   ;; I'm going to ignore these for now
   [com.cognitect.aws/api "0.8.408"]
 [com.cognitect/http-client "0.1.101"]
   [org.eclipse.jetty/jetty-client "9.4.15.v20190215"]
 [org.eclipse.jetty/jetty-io "9.4.15.v20190215"]
   [org.eclipse.jetty/jetty-http "9.4.15.v20190215"]
   [org.eclipse.jetty/jetty-util "9.4.15.v20190215"]
 [commons-codec "1.13"]
 [org.clojure/core.async "0.5.527"]
   [org.clojure/tools.analyzer.jvm "0.7.2"]
 [org.clojure/core.memoize "0.5.9"]
   [org.clojure/core.cache "0.6.5"]
 [org.clojure/data.priority-map "0.0.7"]
 [org.clojure/tools.analyzer "0.6.9"]
 [org.clojure/tools.reader "1.0.0-beta4"]
 [org.ow2.asm/asm-all "4.2"]
 [org.clojure/data.json "0.2.7"]
 [org.clojure/tools.logging "0.5.0"]
   [com.cognitect.aws/endpoints "1.1.11.705"]
   [com.cognitect.aws/s3 "784.2.593.0"]

   ;; inside libatinject-jsr330-api-java
   [javax.inject "1"]

   ;; libmaven-resolver-java == 1.4.1 in sid
   [org.apache.maven.resolver/maven-resolver-api "1.4.1"]
   [org.apache.maven.resolver/maven-resolver-connector-basic "1.4.1"]
   [org.apache.maven.resolver/maven-resolver-impl "1.4.1"]
 [org.slf4j/slf4j-api "1.7.25"]
   [org.apache.maven.resolver/maven-resolver-spi "1.4.1"]
   [org.apache.maven.resolver/maven-resolver-transport-file "1.4.1"]
   [org.apache.maven.resolver/maven-resolver-transport-http "1.4.1"]
 [org.apache.httpcomponents/httpclient "4.5.6" :exclusions 
[[commons-logging]]]
 [org.apache.httpcomponents/httpcore "4.4.10"]
 [org.slf4j/jcl-over-slf4j "1.7.25" :scope "runtime"]
   [org.apache.maven.resolver/maven-resolver-util "1.4.1"]

   ;; libmaven3-core-java == 3.6.3 in sid
   [org.apache.maven/maven-core "3.6.3"]
 [com.google.inject/guice "4.2.1" :classifier "no_aop"]
   [aopalliance "1.0"]
   [com.google.guava/guava "25.1-android"]
 [com.google.code.findbugs/jsr305 "3.0.2"]
 [com.google.errorprone/error_prone_annotations "2.1.3"]
 [com.google.j2objc/j2objc-annotations "1.1"]
 [org.checkerframework/checker-compat-qual "2.0.0"]
 [org.codehaus.mojo/animal-sniffer-annotations "1.14"]
 [org.apache.commons/commons-lang3 "3.8.1"]
 [org.apache.maven.shared/maven-shared-utils "3.2.1"]
   [commons-io "2.5"]
 [org.apache.maven/maven-artifact "3.6.3"]
 [org.apache.maven/maven-builder-support "3.6.3"]
 [org.apache.maven/maven-plugin-api "3.6.3"]
 [org.apache.maven/maven-settings-builder "3.6.3"]
   [org.sonatype.plexus/plexus-sec-dispatcher "1.4"]
 [org.sonatype.plexus/plexus-cipher "1.4"]
 [org.apache.maven/maven-settings "3.6.3"]
 [org.codehaus.plexus/plexus-classworlds "2.6.0"]
 [org.codehaus.plexus/plexus-component-annotations "2.1.0" :exclusions 
[[junit]]]
 [org.eclipse.sisu/org.eclipse.sisu.inject "0.3.4"]
 [org.eclipse.sisu/org.eclipse.sisu.plexus "0.3.4"]
   [javax.enterprise/cdi-api "1.0" :exclusions [[javax.el/el-api] 
[org.jboss.ejb3/jboss-ejb3-api] [org.jboss.interceptor/jboss-interceptor-api]]]
 [javax.annotation/jsr250-api "1.0"]

   ;; in libmaven3-core-java == 3.6.3 in sid
   [org.apache.maven/maven-resolver-provider "3.6.3"]
 [org.apache.maven/maven-model-builder "3.6.3"]
   [org.codehaus.plexus/plexus-interpolation "1.25"]
 [org.apache.maven/maven-model "3.6.3"]
 [org.apache.maven/maven-repository-metadata "3.6.3"]
 [org.codehaus.plexus/plexus-utils "3.2.1"]

   ;; in libdata-xml-clojure > 0.0.8 in sid
   ;; there's an incompatibility with leiningen issue in upgrading
   [org.clojure/data.xml "0.2.0-alpha6"]
 [org.clojure/data.codec "0.1.0"]

   ;; in libtools-cli-clojure > 0.3.5 in sid
   [org.clojure/tools.cli "0.4.2"]

   ;; NOT in Debian, see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905543
   [org.clojure/tools.gitlibs "0.2.64"]
 [com.jcraft/jsch.agentproxy.connector-factory "0.0.9"]
   [com.jcraft/jsch.agentproxy.core "0.0.9"]
   [com.jcraft/jsch.agentproxy.pageant "0.0.9"]
   [com.jcraft/jsch.agentproxy.sshagent "0.0.9"]
   [com.jcraft/jsch.agentproxy.usocket-jna "0.0.9"]
 [net.java.dev.jna/jna-platform "4.1.0"]
 [net.java.dev.jna/jna "4.1.0"]
   [com.jcraft/jsch.agentproxy.usocket-nc "0.0.9"]
 [com.jcraft/jsch.agentproxy.jsch "0.0.9"]
 [org.eclipse.jgit "4.10.0.201712302008-r"]
   [com.googlecode.javaewah/JavaEWAH "1.1.6"]
   [com.jcraft/jsch "0.1.54"]



So in summary, we need the following new packages:

- [org.clojure/tools.gitlibs "0.2.64"]

And the following upgrades:

- [org.clojure/data.xml "0.2.0-alpha6"]
- [org.clojure/tools.cli "0.4.2"]

Again, I'm going to skip all the AWS stuff and consider it a "recommends"
rather than a "depends".

Previously, clojure-tools-gitlibs also needed version

Bug#891136: ITP: tools-deps-alpha-clojure -- functional API for dependency management and classpath creation

2018-08-05 Thread Elana Hashman 
So I was thinking about this, because the vast majority of the work
consists of new uploads for S3 support... namely:

> - s3-wagon-private "1.3.1"
> - com.amazonaws/aws-java-sdk-core "1.11.184"
> - com.amazonaws/aws-java-sdk-kms "1.11.184"
> - com.amazonaws/aws-java-sdk-s3 "1.11.184"
> - software.amazon.ion/ion-java "1.0.2"
> - com.amazonaws/jmespath-java "1.11.184"
> - org.springframework.build/aws-maven "4.8.0.RELEASE"

Looking at the underlying code, it looks like patching out S3 support
is very straightforward.[*] And since S3 support is mainly for private
maven repos (i.e. to serve proprietary artifacts), I'm not too worried
about leaving out support for this in Debian. Of course, if someone
wants to package the Java SDK, they should feel free.

In that case, the remaining work for tools.deps is:

> Needs version bump:
> - data-xml-clojure to 0.2.0-alpha5
> - libjsch-agent-proxy-java to 0.0.9
> - jgit to 4.10.0
> 
> Needs new upload:
> - org.clojure/tools.gitlibs "0.2.64"

That is a manageable workload and I'd love to make it happen. So I'll
file an ITP for tools-gitlibs-clojure and version bump requests for
the other three.

- e

[*]: 
https://github.com/clojure/tools.deps.alpha/blob/884d7ae5b9c228ff795e4385291708102f1cd46d/src/main/clojure/clojure/tools/deps/alpha/util/maven.clj#L105-L106


signature.asc
Description: Digital signature

Bug#891136: ITP: tools-deps-alpha-clojure -- functional API for dependency management and classpath creation

2018-08-04 Thread Elana Hashman 
Okay, since I got a bug report about this, let's take a look at this
again for the latest tools.deps.alpha release 0.5.422. From deps.edn:

org.clojure/clojure {:mvn/version "1.9.0"}

* Good here: https://tracker.debian.org/pkg/clojure

org.apache.maven.resolver/maven-resolver-api {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-spi {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-impl {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-util {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-connector-basic {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-transport-file {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-transport-http {:mvn/version "1.1.1"}
org.apache.maven.resolver/maven-resolver-transport-wagon {:mvn/version "1.1.1"}

* Good here: https://tracker.debian.org/pkg/maven-resolver

org.apache.maven/maven-resolver-provider {:mvn/version "3.5.2"}
org.apache.maven/maven-core {:mvn/version "3.5.2"}
org.apache.maven/maven-settings-builder {:mvn/version "3.5.2"}

* We have 3.5.3, shouldn't be an issue: https://tracker.debian.org/pkg/maven

org.slf4j/slf4j-nop {:mvn/version "1.6.2"}

* We have 1.7.25, shouldn't be an issue: 
https://tracker.debian.org/pkg/libslf4j-java

org.clojure/data.xml {:mvn/version "0.2.0-alpha5"}

* This one might be a little hairy. We currently have 0.0.8 in Debian.
  Leiningen (and possibly other libraries) depend on it. If it's fully
  backwards compatible, we can upgrade. But we might wanna try being
  conservative and patch upstream.

s3-wagon-private {:mvn/version "1.3.1" :exclusions 
[ch.qos.logback/logback-classic]}

* We do not have this one.

org.clojure/tools.gitlibs {:mvn/version "0.2.64"}

* We do not have this one.

org.clojure/tools.cli {:mvn/version "0.3.5"}

* Good here: https://tracker.debian.org/pkg/tools-cli-clojure


Okay, that leaves us with new uploads needed for:

s3-wagon-private {:mvn/version "1.3.1" :exclusions 
[ch.qos.logback/logback-classic]}
org.clojure/tools.gitlibs {:mvn/version "0.2.64"}

Let's recurse. With the help of lein:

[s3-wagon-private "1.3.1"]
  [com.amazonaws/aws-java-sdk-s3 "1.11.184" :exclusions
  [[com.fasterxml.jackson.core/jackson-core]
  [com.fasterxml.jackson.core/jackson-databind]]]
[com.amazonaws/aws-java-sdk-core "1.11.184"]
  [com.fasterxml.jackson.dataformat/jackson-dataformat-cbor "2.6.7"]
  [commons-logging "1.1.3"]
  [joda-time "2.8.1"]
  [software.amazon.ion/ion-java "1.0.2"]
[com.amazonaws/aws-java-sdk-kms "1.11.184"]
[com.amazonaws/jmespath-java "1.11.184"]
  [com.fasterxml.jackson.core/jackson-core "2.5.5"]
  [com.fasterxml.jackson.core/jackson-databind "2.5.5"]
[com.fasterxml.jackson.core/jackson-annotations "2.5.0"]
  [org.springframework.build/aws-maven "4.8.0.RELEASE" :exclusions 
[[com.amazonaws/aws-java-sdk]]]
[org.slf4j/jcl-over-slf4j "1.7.5"]
[org.slf4j/slf4j-api "1.7.5"]

Of s3-private-wagon's deps, we're also missing
com.amazonaws/aws-java-sdk-s3 (and its deps
com.amazonaws/aws-java-sdk-core software.amazon.ion/ion-java
com.amazonaws/aws-java-sdk-kms com.amazonaws/jmespath-java) and
org.springframework.build/aws-maven; everything else looks okay.

[org.clojure/tools.gitlibs "0.2.64"]
  [com.jcraft/jsch.agentproxy.connector-factory "0.0.9"]
[com.jcraft/jsch.agentproxy.core "0.0.9"]
[com.jcraft/jsch.agentproxy.pageant "0.0.9"]
[com.jcraft/jsch.agentproxy.sshagent "0.0.9"]
[com.jcraft/jsch.agentproxy.usocket-jna "0.0.9"]
  [net.java.dev.jna/jna-platform "4.1.0"]
  [net.java.dev.jna/jna "4.1.0"]
[com.jcraft/jsch.agentproxy.usocket-nc "0.0.9"]
  [com.jcraft/jsch.agentproxy.jsch "0.0.9"]
  [org.eclipse.jgit "4.10.0.201712302008-r"]
[com.googlecode.javaewah/JavaEWAH "1.1.6"]
[com.jcraft/jsch "0.1.54"]
[org.apache.httpcomponents/httpclient "4.5.2"]
  [commons-codec "1.9"]
  [org.apache.httpcomponents/httpcore "4.4.4"]

libjsch-agent-proxy-java is in Debian but needs a version bump from
0.0.8 to 0.0.9. jgit is also in Debian but needs a major version bump
from 3.7.1 to 4.10.0.


In summary...

Needs version bump:
- data-xml-clojure to 0.2.0-alpha5
- libjsch-agent-proxy-java to 0.0.9
- jgit to 4.10.0

Needs new upload:
- s3-wagon-private "1.3.1"
- com.amazonaws/aws-java-sdk-core "1.11.184"
- com.amazonaws/aws-java-sdk-kms "1.11.184"
- com.amazonaws/aws-java-sdk-s3 "1.11.184"
- software.amazon.ion/ion-java "1.0.2"
- com.amazonaws/jmespath-java "1.11.184"
- org.springframework.build/aws-maven "4.8.0.RELEASE"
- org.clojure/tools.gitlibs "0.2.64"

I'm happy to package the two new Clojure dependencies, s3-wagon-private
and tools-gitlibs. Anyone wanna package some AWS Java stuff?

- e


signature.asc
Description: Digital signature

Bug#891136: ITP: tools-deps-alpha-clojure -- functional API for dependency management and classpath creation

2018-02-22 Thread Elana Hashman 
Package: wnpp
Owner: Elana Hashman 
Severity: wishlist

* Package name: tools-deps-alpha-clojure
  Version : 0.5.393
  Upstream Author : Rich Hickey
* URL : https://github.com/clojure/tools.deps.alpha
* License : EPL-1.0
  Programming Lang: Clojure
  Description : functional API for dependency management and classpath 
creation

tools.deps.alpha makes it simple and easy to interactively consume JVM
libraries with Clojure, without dragging in unrelated concerns of
building programs or project management. It provides a functional API
for transitive dependency graph expansion and the creation of
classpaths.


signature.asc
Description: Digital signature