David Knupp has posted comments on this change. ( http://gerrit.cloudera.org:8080/15796 )
Change subject: IMPALA-9649: Add shiro* to the banned dependency maven plugin ...................................................................... Patch Set 5: (3 comments) http://gerrit.cloudera.org:8080/#/c/15796/4//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/15796/4//COMMIT_MSG@21 PS4, Line 21: remove the Te > Fixup redundant language Done http://gerrit.cloudera.org:8080/#/c/15796/4/fe/pom.xml File fe/pom.xml: http://gerrit.cloudera.org:8080/#/c/15796/4/fe/pom.xml@1406 PS4, Line 1406: <dependency> : <groupId>org.apache.sentry</groupId> : <artifactId>sentry-core-common</artifactId> : <exclusions> : <exclusion> : <groupId>org.apache.shiro</groupId> : <artifactId>shiro-crypto-cipher</artifactId> : </exclusion> : <exclusion> : <groupId>org.apache.shiro</groupId> : <artifactId>shiro-core</artifactId> : </exclusion> : </exclusions> : </dependency> > I haven't use the dependencyManagement section. What is the significance of So, with this being my first foray into doing anything with maven, I'll confess that some of this results from me just googling and hacking, trying to figure out what works and what doesn't. So I will explain how I wound up arriving at this solution, but it's quite possible that this is not the best/approved way to do this. This all actually came from working on excluding netty/netty-all (IMPALA-9648). In my first attempt at excluding netty-all, I added an exclusion in the dependency for hadoop-hdfs, thinking that was all I'd need to do. But after building with that change, I found that new instances of netty/netty-all were popping up in the dependency tree -- namely, under zookeeper and hadoop-distcp, which were themselves nested under hadoop-hdfs. When I went to add exclusions for netty-all in those spots as well (per a suggeston from Tim Armstrong that I'd probably need multiple netty-all exclusions), it turned out zookeeper and hadoop-distcp weren't even explicitly listed in our fe/pom.xml. I tried adding them as explicit dependencies under hadoop-hdfs, just so I could then exclude netty-all from them, but I was having trouble simply getting the build to succeed. This is explained in the comments in https://issues.apache.org/jira/browse/IMPALA-9648. I don't recall exactly where I saw the reference to dependencyManagement, but it was immediately helpful. I just kept rerunning the build and seeing where netty-all would pop up each time, then I'd add then that specific exclusion to dependencyManagement. After a couple iterations, netty-all was gone, and the plugin for banning dependencies allowed the build to pass. So given that experience, when it seemed that excluding shiro-* had a similar pattern (each time I tried to exclude it, it would just show up somewhere else in the dependency tree the next time I built), I just applied the same approach. For what it's worth, here are two articles that might be a little more clear: https://stackoverflow.com/questions/2619598/differences-between-dependencymanagement-and-dependencies-in-maven https://bhaskarvk.github.io/2007/06/maven-best-practices-use-dependency-management-for-multi-module-projects./ http://gerrit.cloudera.org:8080/#/c/15796/4/fe/pom.xml@1422 PS4, Line 1422: sentry-provider-db > This artifact is listed here as well as above in the dependencies section, This came from the approach I outlined above. I'm happy to try an alternate approach, if you think it would be preferred. -- To view, visit http://gerrit.cloudera.org:8080/15796 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I9f9994bf81c1d2e025a03925e8eccb147c34d66e Gerrit-Change-Number: 15796 Gerrit-PatchSet: 5 Gerrit-Owner: David Knupp <dkn...@cloudera.com> Gerrit-Reviewer: David Knupp <dkn...@cloudera.com> Gerrit-Reviewer: Dinesh Garg (430) Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Reviewer: Tim Armstrong <tarmstr...@cloudera.com> Gerrit-Comment-Date: Wed, 29 Apr 2020 00:53:01 +0000 Gerrit-HasComments: Yes