Re: Using maven as appstore for java app
Excerpts from Jesse Farinacci's message of Thu Dec 22 18:32:01 +0100 2011: > Greetings, > > On Thu, Dec 22, 2011 at 12:20 PM, Deepesh Garg wrote: > > > I share your pain, but couldn't find anything close when it comes to > > installing java apps. > > > I don't think there is a standard for that, nor do I think it is required. > The shared library mechanism employed by Linux and other high quality > operating systems is a dying tradition, I think. It doesn't seem to fit for > general applications. The performance gains are minimal, and the chance for > having mismatched libraries requires far too much test and support time. It > isn't worth the headache when you can get a 1Tb drive in a notebook for < > 100 USD; or when low end business laptops ship with quad core and > hyperthreading. I see this again and again. People seem to forget that number 1 issue with bundling of dependencies is NOT performance/storage requirements. It is security. I'd like to see you fixing a security bug in a low-level java library (something from apache-commons would be a good example here). Let's see case of a multiple-application distribution with synced commons version (the dying tradition). Steps to fix security bug: 1. verify that one version you have shared among your applications is vulnerable 2. fix the vulnerability 3. test, deploy, etc. Whatever your processes require Now let's see the great new upcoming trend of bundled dependencies. Steps to fix security bug: 1. identify packages where you have bundled vulnerable library BEGIN LOOP 2. identify version of the library that is bundled for each application. Do you even have source code for bundled dep to check for vulnerability? You bundled just the binary right? 3. Develop fix for each of identified versions 4. test, deploy, etc END LOOP Good luck to your security response team. Before I forget: Merry Christmas and happy New Year everyone (no sarcasm here :-) ) -- Stanislav Ochotnicky Software Engineer - Base Operating Systems Brno PGP: 7B087241 Red Hat Inc. http://cz.redhat.com signature.asc Description: PGP signature
Re: Using maven as appstore for java app
Greetings, On Thu, Dec 22, 2011 at 12:20 PM, Deepesh Garg wrote: > I share your pain, but couldn't find anything close when it comes to > installing java apps. I don't think there is a standard for that, nor do I think it is required. The shared library mechanism employed by Linux and other high quality operating systems is a dying tradition, I think. It doesn't seem to fit for general applications. The performance gains are minimal, and the chance for having mismatched libraries requires far too much test and support time. It isn't worth the headache when you can get a 1Tb drive in a notebook for < 100 USD; or when low end business laptops ship with quad core and hyperthreading. Try: http://maven.apache.org/plugins/maven-assembly-plugin/ http://mojo.codehaus.org/appassembler/appassembler-maven-plugin/ I prefer m-assembly-p creating an executable jar file with everything embedded in it. Then the user simply has to java -jar the.jar. Though I do mean maven repository when I say that local maven repository > can double as the place to install dependencies for java application. > Maven repository in this form is user-specific, not system-specific. So, it wouldn't really help all that much. Since each application would have its own dependencies and versions thereof, it is unlikely that any space savings would be had. Since, barring a global dependencyManagement-style unifying force, all applications would have minutely different dependency versions and you'd have to download everything anyway. Anyhow, good luck. -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not.
Re: Using maven as appstore for java app
Appreciate your response. On 22 December 2011 13:51, Jesse Farinacci wrote: > Greetings, > > On Thu, Dec 22, 2011 at 5:34 AM, Deepesh Garg wrote: > > > 1) Have a new packaging type which indicate that this is an installable > > application. Pom file for such apps can include things like description, > > display name, icon file, location to put application launchers, type of > > application (desktop app, mobile app, online app(?), GUI based/command > line > > etc).. > > > > Please, I beg of you, do not create yet another installation format. Before > you do this, justify not using RPM/DEB or MSI, whichever applies for your > target environments. All of which, yes even MSI, are far better than > anything you are likely to create. > > I share your pain, but couldn't find anything close when it comes to installing java apps. I realize now that the problem is not that of not having a install format but not having a standard way of installing jars. Maven repository structure seems like a good way of filling that gap. C libraries, dlls, python modules, perl modules they all have their nice standard "home" to install, but for jars I don't know of any. For example if some application depends on SDL, or pygame or Perl DBI can those be specified as dependencies in your deb/rpm? Yes. If some java application depends on common apache libraries or spring jars, can those be specified in deb/rpm as dependencies? No. I see no other way but to package these jars with the app. > 2) Create a maven goal to search configured repositories using criteria > > specified in options (packaging type, artifact id, wildcard text search > in > > description etc). This function is useful on its own and in this case can > > be used to search installable applications in repository. > > > > This is totally outside the scope of Maven, and frankly I don't really > foresee it as being generally useful in any way. Who wants to type out "" > mvn package:search -Dpackage=rpm -Ddescription=\*angry\ birds\* "" when > they can just fire up a new chromium tab and Google search it? > > Agree. > > 3) Create a maven goal to install app. This will read pom description and > > create application icons etc (this function will depend on platform and > > will do whatever is required for current platform. Like for Linux it can > > create .desktop files in specific directories or for Windows it can > create > > shortcuts in start menu.). This goal can also generate command line to > > launch the application including all dependencies in classpath. This way > > maven itself will not be required to launch the app but will still use > > repository (as suggested by Brett). > > > > Again, please don't do this! There are already great tools to manage > packages, see my response to 1) above, then read the manual for yum/apt-get > and whatever M$ has for MSI files. Again, all of which, yes even MSI, are > far better than anything you are likely to create. > > > Agree > > 4) Once the command line tools are available, a nice GUI wrapper can be > > provided to search repositories for installable apps and install and > > uninstall apps. > > > > The tools to do this already exist. See the GUI front ends for all the > tools I already mentioned for further reference. > > > > This way maven repositories can also serve the function of app store and > I > > think it won't require too much effort as all the hard work is already > > done. > > > > Allowing a Maven Repository Manager (MRM) to perform as a target RPM/DEB > repository, or MSI storage shed, is a positive thing. Unfortunately, that > isn't what you describe though, you keep saying a Maven repository, which > isn't quite the same thing. > > At least 1 MRM already has the ability to do this: > https://code.google.com/p/nexus-yum-plugin/ > My mistake. Though I do mean maven repository when I say that local maven repository can double as the place to install dependencies for java application. > -Jesse > > -- > There are 10 types of people in this world, those > that can read binary and those that can not. > Deepesh -- I am the 10nd type.
Re: Using maven as appstore for java app
Greetings, On Thu, Dec 22, 2011 at 5:34 AM, Deepesh Garg wrote: > 1) Have a new packaging type which indicate that this is an installable > application. Pom file for such apps can include things like description, > display name, icon file, location to put application launchers, type of > application (desktop app, mobile app, online app(?), GUI based/command line > etc).. > Please, I beg of you, do not create yet another installation format. Before you do this, justify not using RPM/DEB or MSI, whichever applies for your target environments. All of which, yes even MSI, are far better than anything you are likely to create. 2) Create a maven goal to search configured repositories using criteria > specified in options (packaging type, artifact id, wildcard text search in > description etc). This function is useful on its own and in this case can > be used to search installable applications in repository. > This is totally outside the scope of Maven, and frankly I don't really foresee it as being generally useful in any way. Who wants to type out "" mvn package:search -Dpackage=rpm -Ddescription=\*angry\ birds\* "" when they can just fire up a new chromium tab and Google search it? > 3) Create a maven goal to install app. This will read pom description and > create application icons etc (this function will depend on platform and > will do whatever is required for current platform. Like for Linux it can > create .desktop files in specific directories or for Windows it can create > shortcuts in start menu.). This goal can also generate command line to > launch the application including all dependencies in classpath. This way > maven itself will not be required to launch the app but will still use > repository (as suggested by Brett). > Again, please don't do this! There are already great tools to manage packages, see my response to 1) above, then read the manual for yum/apt-get and whatever M$ has for MSI files. Again, all of which, yes even MSI, are far better than anything you are likely to create. > 4) Once the command line tools are available, a nice GUI wrapper can be > provided to search repositories for installable apps and install and > uninstall apps. > The tools to do this already exist. See the GUI front ends for all the tools I already mentioned for further reference. > This way maven repositories can also serve the function of app store and I > think it won't require too much effort as all the hard work is already > done. > Allowing a Maven Repository Manager (MRM) to perform as a target RPM/DEB repository, or MSI storage shed, is a positive thing. Unfortunately, that isn't what you describe though, you keep saying a Maven repository, which isn't quite the same thing. At least 1 MRM already has the ability to do this: https://code.google.com/p/nexus-yum-plugin/ -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not.
Re: Using maven as appstore for java app
> -- Forwarded message -- > From: Deepesh Garg > To: dev@maven.apache.org > Cc: > Date: Wed, 21 Dec 2011 14:28:33 +0000 > Subject: Using maven as appstore for java app > Hi, > I was wondering if maven repository structure can be exploited to also > distribute java applications. Same repository structure may be used on > client side for installing and launching java apps. I see many benefit in > doing so (cleaner application packaging, minimum download, standard > directory structure, simple upgrade (much like Debian)). > Are there any good reasons why maven should not be used as application > installer and launcher? Or is it already done and I slept a bit too much. > > Deepesh > > > -- Forwarded message -- > From: Wayne Fay > To: Maven Developers List > Cc: > Date: Wed, 21 Dec 2011 10:50:17 -0600 > Subject: Re: Using maven as appstore for java app > > I was wondering if maven repository structure can be exploited to also > > distribute java applications. Same repository structure may be used on > > I'm sure this is already happening in some firms. You may find the > Codehaus Mojo appassembler project [1] and/or the Webstart project [2] > to be helpful in this regard. > > What are you specifically thinking about? > > [1] http://mojo.codehaus.org/appassembler/ > [2] http://mojo.codehaus.org/webstart/ > > Wayne > > > > -- Forwarded message ------ > From: Brett Porter > To: "Maven Developers List" > Cc: > Date: Thu, 22 Dec 2011 07:05:31 +1100 > Subject: Re: Using maven as appstore for java app > As Wayne suggested, you can use Maven to assemble and distribute an > application. > > For a runtime, using a maven repository makes a lot of sense. I wouldn't > use Maven itself for this, but Maven's libraries for interacting with a > repository. > > This is being used in lots of other applications, for example: > http://karaf.apache.org/manual/latest-2.2.x/users-guide/provisioning.html > > - Brett > This is what I have in mind: 1) Have a new packaging type which indicate that this is an installable application. Pom file for such apps can include things like description, display name, icon file, location to put application launchers, type of application (desktop app, mobile app, online app(?), GUI based/command line etc).. 2) Create a maven goal to search configured repositories using criteria specified in options (packaging type, artifact id, wildcard text search in description etc). This function is useful on its own and in this case can be used to search installable applications in repository. 3) Create a maven goal to install app. This will read pom description and create application icons etc (this function will depend on platform and will do whatever is required for current platform. Like for Linux it can create .desktop files in specific directories or for Windows it can create shortcuts in start menu.). This goal can also generate command line to launch the application including all dependencies in classpath. This way maven itself will not be required to launch the app but will still use repository (as suggested by Brett). 4) Once the command line tools are available, a nice GUI wrapper can be provided to search repositories for installable apps and install and uninstall apps. This way maven repositories can also serve the function of app store and I think it won't require too much effort as all the hard work is already done. Deepesh PS: Couldn't find a way to reply to this thread so subscribed to the list and fetched the thread by mailing to dev-thread.100...@maven.apache.org(Where can you find this message id? I had to kind of guess it). Apologies if this mail looks ugly and doesn't link to original thread.
Re: Using maven as appstore for java app
For what it worths, I totally agree :) I've been looking for ages for a Java solution that allows sharing libraries in applications and the Appassembler ATM makes me satisfied :) best, -Simo http://people.apache.org/~simonetripodi/ http://simonetripodi.livejournal.com/ http://twitter.com/simonetripodi http://www.99soft.org/ On Wed, Dec 21, 2011 at 9:05 PM, Brett Porter wrote: > As Wayne suggested, you can use Maven to assemble and distribute an > application. > > For a runtime, using a maven repository makes a lot of sense. I wouldn't use > Maven itself for this, but Maven's libraries for interacting with a > repository. > > This is being used in lots of other applications, for example: > http://karaf.apache.org/manual/latest-2.2.x/users-guide/provisioning.html > > - Brett > > On 22/12/2011, at 1:28 AM, Deepesh Garg wrote: > >> Hi, >> I was wondering if maven repository structure can be exploited to also >> distribute java applications. Same repository structure may be used on >> client side for installing and launching java apps. I see many benefit in >> doing so (cleaner application packaging, minimum download, standard >> directory structure, simple upgrade (much like Debian)). >> Are there any good reasons why maven should not be used as application >> installer and launcher? Or is it already done and I slept a bit too much. >> >> Deepesh > > -- > Brett Porter > br...@apache.org > http://brettporter.wordpress.com/ > http://au.linkedin.com/in/brettporter > http://twitter.com/brettporter > > > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Using maven as appstore for java app
As Wayne suggested, you can use Maven to assemble and distribute an application. For a runtime, using a maven repository makes a lot of sense. I wouldn't use Maven itself for this, but Maven's libraries for interacting with a repository. This is being used in lots of other applications, for example: http://karaf.apache.org/manual/latest-2.2.x/users-guide/provisioning.html - Brett On 22/12/2011, at 1:28 AM, Deepesh Garg wrote: > Hi, > I was wondering if maven repository structure can be exploited to also > distribute java applications. Same repository structure may be used on > client side for installing and launching java apps. I see many benefit in > doing so (cleaner application packaging, minimum download, standard > directory structure, simple upgrade (much like Debian)). > Are there any good reasons why maven should not be used as application > installer and launcher? Or is it already done and I slept a bit too much. > > Deepesh -- Brett Porter br...@apache.org http://brettporter.wordpress.com/ http://au.linkedin.com/in/brettporter http://twitter.com/brettporter - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Using maven as appstore for java app
> I was wondering if maven repository structure can be exploited to also > distribute java applications. Same repository structure may be used on I'm sure this is already happening in some firms. You may find the Codehaus Mojo appassembler project [1] and/or the Webstart project [2] to be helpful in this regard. What are you specifically thinking about? [1] http://mojo.codehaus.org/appassembler/ [2] http://mojo.codehaus.org/webstart/ Wayne - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Using maven as appstore for java app
Hi, I was wondering if maven repository structure can be exploited to also distribute java applications. Same repository structure may be used on client side for installing and launching java apps. I see many benefit in doing so (cleaner application packaging, minimum download, standard directory structure, simple upgrade (much like Debian)). Are there any good reasons why maven should not be used as application installer and launcher? Or is it already done and I slept a bit too much. Deepesh