2014-02-21 19:40 GMT+04:00 Mark Thomas <ma...@apache.org>: > On 21/02/2014 15:35, Konstantin Kolinko wrote: >> 2014-02-20 13:53 GMT+04:00 Konstantin Kolinko <knst.koli...@gmail.com>: >>> 2014-02-20 13:26 GMT+04:00 Mark Thomas <ma...@apache.org>: >>>> On 20/02/2014 09:10, Konstantin Kolinko wrote: >>>>> 2014-02-20 13:04 GMT+04:00 <ma...@apache.org>: >>>>>> Author: markt >>>>>> Date: Thu Feb 20 09:04:52 2014 >>>>>> New Revision: 1570115 >>>>>> >>>>>> URL: http://svn.apache.org/r1570115 >>>>>> Log: >>>>>> Simplify patternsets where possible >>>>>> Avoid pattern sets ending in "/*" as much as possible as they usually >>>>>> result in JARs containing empty packages with the contents of the >>>>>> package in a different JAR >>>>>> >>>>>> Modified: >>>>>> tomcat/tc7.0.x/trunk/ (props changed) >>>>>> tomcat/tc7.0.x/trunk/build.xml >>>>>> tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml >>>>>> >>>>>> Propchange: tomcat/tc7.0.x/trunk/ >>>>>> ------------------------------------------------------------------------------ >>>>>> Merged /tomcat/trunk:r1570114 >>>>>> >>>>>> Modified: tomcat/tc7.0.x/trunk/build.xml >>>>>> URL: >>>>>> http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/build.xml?rev=1570115&r1=1570114&r2=1570115&view=diff >>>>>> ============================================================================== >>>>>> --- tomcat/tc7.0.x/trunk/build.xml (original) >>>>>> +++ tomcat/tc7.0.x/trunk/build.xml Thu Feb 20 09:04:52 2014 >>>>>> @@ -277,20 +277,18 @@ >>>>>> <!-- ========= Pattern sets used to control content of JAR files >>>>>> ========= --> >>>>>> <!-- Pattern sets for jar files in standard distributions --> >>>>>> <patternset id="files.annotations-api"> >>>>>> - <include name="javax/annotation/*" /> >>>>>> - <include name="javax/annotation/security/*" /> >>>>>> - <include name="javax/annotation/sql/*" /> >>>>>> - <include name="javax/ejb/*" /> >>>>>> - <include name="javax/persistence/*" /> >>>>>> - <include name="javax/xml/ws/*" /> >>>>>> + <include name="javax/annotation/**" /> >>>>>> + <include name="javax/ejb/**" /> >>>>>> + <include name="javax/persistence/**" /> >>>>>> + <include name="javax/xml/ws/**" /> >>>>>> </patternset> >>>>>> >>>>>> <patternset id="files.servlet-api"> >>>>>> - <include name="javax/servlet/*" /> >>>>>> - <include name="javax/servlet/annotation/*" /> >>>>>> - <include name="javax/servlet/descriptor/*" /> >>>>>> - <include name="javax/servlet/http/*" /> >>>>>> - <include name="javax/servlet/resources/*" /> >>>>>> + <include name="javax/servlet/*.class" /> >>>>> >>>>> I do not like these *.class patterns. >>>>> >>>>> I think occasionally having an empty package is less evil than missing >>>>> a *.properties file. >>>> >>>> Empty packages might cause issues when we start signing JARs. I know you >>>> can't have classes from the same package in different signed JARs. I'm >>>> not sure about empty packages. >>> >>> IIRC from looking into WebappClassLoader a month ago, processing of >>> certificates is triggered by having found a *.class. If there is no >>> class file there, it is not triggered. >>> >>>> We can always add a *.properties pattern to those patternsets. >>>> >>> >>> There might also be *.xml (mbeans-descriptors.xml, >>> \storeconfig\server-registry.xml). >>> >>> The rest are in their special packages (antlib.xml, *.tasks, >>> tagPlugins.xml, *.dtd, *.xsd). >>> >>> *.html, *.gif, *.jjt are there, but are needed in the source only. Be >>> sure to pack them into *src zips. >>> >> >> -1 (veto) to r1570115 and followups. > > OK. I'll see if I can come up with a better solution. If not, I'll > revert to the /* pattern that creates empty dirs. >
OK. Regarding the use of filesonly="true" in http://svn.apache.org/r1570629 It is known that such setting breaks some jar scanning technologies, e.g https://ecosystem.atlassian.net/browse/PLUG-949 https://jira.springsource.org/browse/SPR-8551 I think none of those would scan Tomcat jars, so not a stopper. Just mentioning it to encourage testing. >> (...) >> >> As I mentioned, I think that empty packages won't prevent code >> signing. If they are, I'd better deal with this when it happens. >> (Could there be an option in jar task or resources collection in Ant >> to skip empty directories when creating the jar file?) >> Regarding the issue of empty directories vs. signing: We have fr/es/jp message files in separate i18n jars. If those do not interfere with signing, then I think empty directories wouldn't hurt either. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
