Bug 164953

Summary: RFE: java dependency tracking
Product: [Fedora] Fedora Reporter: Nalin Dahyabhai <nalin>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED UPSTREAM QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fnasser, gouyang
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-25 15:48:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Script to check for Java dependency closure on an installed system.
none
Java .class/.jar provides scanner
none
Java .class/.jar requires scanner none

Description Nalin Dahyabhai 2005-08-03 01:06:38 UTC 
Description of problem:
Right now, dependencies in Java .class and .jar files aren't tracked by RPM, so
package maintainers are manually tracking deps with Requires: statements in
.spec files.

Version-Release number of selected component (if applicable):
4.4.2-3

How reproducible:
Always

Steps to Reproduce:
1. Install Java-based package A, which depends on classes in package B-foo,
which is represented by a manual dependency in package A's .spec file.
2. Upgrade package B, which now includes the files which were previously
erroneously split out into package B-foo.
3. Curse your fate.
  
Actual results:
RPM laughs at you. yum laughs at you. up2date laughs at you. They're all
laughing at you. Are you going to take that?  From *them*?

Expected results:
Your upgrade succeeds and you manage to hold on to your sanity for one more day.

Additional info:
The proposed solution assumes that:
* Tracking dependencies at the class level is sufficient.  We could attempt to
track at the level of fields and members (with type and signature checking), but
the ability to provide fields and members through inheritance makes the problem
much harder to solve.
* The output of jcf-dump won't change in a way which breaks the scripts.  If
that happens, jcf-dump may have to be replaced with a compiled program.
* $CLASSPATH is irrelevant.
* A needed class won't be provided by more than one package.
* We won't start satisfying cross-package deps using classes which have been
compiled to native code using gcj.
Comment 1 Nalin Dahyabhai 2005-08-03 01:06:39 UTC 
Created attachment 117381 [details]
Script to check for Java dependency closure on an installed system.
Comment 2 Nalin Dahyabhai 2005-08-03 01:07:38 UTC 
Created attachment 117382 [details]
Java .class/.jar provides scanner
Comment 3 Nalin Dahyabhai 2005-08-03 01:08:21 UTC 
Created attachment 117383 [details]
Java .class/.jar requires scanner
Comment 4 Fernando Nasser 2005-08-03 18:34:25 UTC 
Nalin, step 2 is a packager error.  There is a whole community of people looking
after the collection of those packages to prevent such things to occur.  That is
why our Java packages _must_ be maintained upstream, at jpackage.org, and just
_imported_ into beehive.

The need to be on the watch for the dependencies and convert them into either
RPM dependencies, or Maven dependencies is intrinsic on the Java language and
there are even efforts (under the JCP, so we can't participate) to address these
issues.

If you have any suggestions on how to improve the Java packaging with RPMs I
suggest you bring them up at the jpackage-discuss list.

Best regards,
Fernando
Comment 5 Jeff Johnson 2005-08-25 15:48:01 UTC 
Added to rpm-4_4 cvs, should be in rpm-4.4.3-0.4 when built. Thanks for the patches.
Comment 6 Jeff Johnson 2005-11-14 22:22:20 UTC 
FInished lashing up java(...) autodetection this morning. FIxed in rpm-4.4.3-0.48.
Comment 7 Guohua Ouyang 2019-04-29 07:41:10 UTC 
*** Bug 1683109 has been marked as a duplicate of this bug. ***