TomEE Patch Plugin - Release?

[Zowalla, Richard]

Hi all,

I included a fix for TOMEE-3903, so we can configure, if created
*.tar.gz files are attached to the build or not.

Before that, we attached the *.tar.gz files multiple times, which leads
to unexpected behaviour in new Maven versions, e.g. deploying *.tar.gz
files as jars (see the first attempt for 8.0.11 release) overriding
existing jars, skipping *.tar.gz files from being deployed at all, etc.

So it would be need, if we could do a release of the TomEE patch
plugin?

Gruß
Richard

[GitHub] [tomee-patch-plugin] rzo1 merged pull request #7: TOMEE-3903 - Investigate *.tar.gz distributions aren't installed correctly to Maven Repository

[GitBox]

rzo1 merged PR #7:
URL: https://github.com/apache/tomee-patch-plugin/pull/7


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomee.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Key parsing in MP JWT code (Re: TomEE MicroProfile and Jakarta)

[David Blevins]

> On Apr 15, 2022, at 1:10 PM, Jean-Louis Monteiro  
> wrote:
> 
> David, yes I figured you'd want to work on JWT. I looked and it seems our
> setup needs some love. Some additional tests with EC based algorithms and a
> couple of other endpoints need to be updated.

On the note of EC keys, I wonder what people think about potentially using this 
key parsing library I wrote:

 - https://github.com/tomitribe/churchkey

It does parse EC keys in several different formats, supports 100+ curves and 
has 1450 unit tests.  If you have a public or private key in a handful of PEM 
formats, OpenSSH format, SSH2 format, JWT format or plain binary DIR format it 
will parse the key.

The very significant con is that it would be the first time we adding a library 
from that org to our server.  It's something I've deliberately avoided.  I've 
always preferred to keep lines clean.  I'm not sure how I feel about adding 
such a dependency and potentially opening a can of worms.

I'd like to hear some thoughts from others.  Perhaps I'm being overly cautious.


-David




smime.p7s
Description: S/MIME cryptographic signature

Re: [VOTE] Apache TomEE 8.0.11 - take 2

[Jean-Louis Monteiro]

My own +1 (binding)
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Fri, Apr 15, 2022 at 5:02 PM Daniel Cunha  wrote:

> +1
>
> Em sex., 15 de abr. de 2022 às 11:37, Alex The Rocker <
> alex.m3...@gmail.com>
> escreveu:
>
> > Hello,
> >
> > So far so good:
> > - Tested with IBM Semeru Runtimes 17.0.2 (aka OpenJ9) on a service
> > running as Docker containers in K8S
> > - Tested with a web app using JAX-RS, JAX-WS, JMS, Websockets &
> > Servlets on a VM with CentOS 7 with IBM Semeru 11.0.4
> > - Tested with a web app using JAX-RS and websockets on a VM with
> > RockyLinux 8.5 and IBM Semery 11.0.4
> >
> > Early next week I have a much broader scope to give my final
> > feedback/vote (non binding) on this release
> >
> > Thanks,
> > Alex
> >
> > Le jeu. 14 avr. 2022 à 17:06, Jean-Louis Monteiro
> >  a écrit :
> > >
> > > Hi All,
> > >
> > > This is the first attempt at a vote for a release of Apache TomEE
> 8.0.11
> > >
> > > I'd like to start with a big thank you and a big applause to Richard.
> He
> > > has been doing a tremendous work on the project and started to roll out
> > his
> > > first release today. Per Apache rules, the release manager needs to be
> a
> > > TomEE PMC, that's why I'm starting this VOTE, but the work has been
> done
> > by
> > > Richard, so thank you. Well done.
> > >
> > > Maven Repo:
> > >
> https://repository.apache.org/content/repositories/orgapachetomee-1200/
> > >
> > > Binaries & Sources:
> > >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1200/tomee-8.0.11/
> > >
> > > Tags:
> > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.11
> > >
> > > Release notes:
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12351352
> > >
> > > Here are the releases notes
> > > Bug
> > >
> > >- [TOMEE-3840 ] -
> > >TomEE WebProfile 8.0.9 does not start with security enabled
> > >- [TOMEE-3848 ] -
> > >Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
> > >- [TOMEE-3860 ] -
> > >Upgrade jackson-databind for CVE-2020-36518
> > >- [TOMEE-3871 ] -
> > >TomEE Plume is missing BatchEE / JCS Cache
> > >- [TOMEE-3876 ] -
> > BOM
> > >generation corrupted under windows (slash problems)
> > >- [TOMEE-3889 ] -
> > >Invalid ObjectName for MDB listening to wildcard destination
> > >- [TOMEE-3892 ] -
> > >TomEE Maven Plugin does not allow to override default "-ea" in
> > RemoteServer
> > >
> > > Improvement
> > >
> > >- [TOMEE-3842 ] -
> > >GitHub Actions fails for PullRequest Builds due to BOM auto
> generation
> > >- [TOMEE-3851 ] -
> > >Replace Google Analytics with ASF Matomo
> > >- [TOMEE-3859 ] -
> > >Update tomee.xml file so it refers to the right location
> > >
> > > Task
> > >
> > >- [TOMEE-3852 ] -
> > >Review the website in regard to external embedding of resources (JS,
> > Fonts,
> > >CSS)
> > >- [TOMEE-3853 ] -
> > Link
> > >ASF Privacy Policy from TomEE Website
> > >
> > > Dependency upgrade
> > >
> > >- [TOMEE-3841 ] -
> > >Upgrade SLF4J to 1.7.36
> > >- [TOMEE-3845 ] -
> > >Upgrade Tomcat to 9.0.59
> > >- [TOMEE-3855 ] -
> > >Upgrade Tomcat to 9.0.60
> > >- [TOMEE-3856 ] -
> > >Upgrade to jackson 2.13.2
> > >- [TOMEE-3858 ] -
> > >Upgrade OpenJPA to 3.2.2
> > >- [TOMEE-3872 ] -
> > >Update Hibernate Integration to 5.6.7
> > >- [TOMEE-3886 ] -
> > >Upgrade tomcat to 9.0.62
> > >- [TOMEE-3893 ] -
> > >Upgrade to jackson 2.13.2.2
> > >
> > > Documentation
> > >
> > >- [TOMEE-3814 ] -
> > >Commented SSL Connector fix for tomee server.xml
> > >- [TOMEE-3846 ] -
> > >Inconsistence between tomee flavors comparison in website and actual
> > jars
> > >- [TOMEE-3847 ] -
> > >

Re: TomEE MicroProfile and Jakarta

[Jean-Louis Monteiro]

Thanks guys.

Some days are more productive than others. Today I was able to get a green
TCK run for health and just pushed also for Rest Client. We should also be
compliant in the 2.

Integration code probably needs to be hardened but good start if we are
green on Metrics, Health and Rest Client. Only 3 failures on Config.

David, yes I figured you'd want to work on JWT. I looked and it seems our
setup needs some love. Some additional tests with EC based algorithms and a
couple of other endpoints need to be updated.

Side note, I removed TCK for Fault Tolerance and OpenAPI. The first one
does have a lot of timeout and therefore get the build to last way longer
than needed. Until we work on them and we get the rest to be stable and
green, at least we get faster results.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Fri, Apr 15, 2022 at 9:11 PM David Blevins 
wrote:

> > On Apr 15, 2022, at 8:08 AM, Daniel Cunha  wrote:
> >
> > if I understood correctly, we are working to provide TomEE with SmallRye
> implementation. Have you shared some branches? Where is the code that you
> are working on? Not sure if I can help too much, but I could spend some
> time and put my eyes on it as well.
>
> That's great, Dani!
>
> It looks like it's all in the master branch as of today.
>
>
> -David
>
> >
> > Em sex., 15 de abr. de 2022 às 08:09, Jean-Louis Monteiro <
> jlmonte...@tomitribe.com> escreveu:
> > Hi,
> >
> > Following our discussion I went ahead and did the following
> > - yank all Geronimo MicroProfile implementations until we can update them
> > - update MicroProfile APIs to their latest and jakarta compatible
> versions
> > - add SmallRye implementations for Config, Fault-Tolerance, OpenAPI,
> OpenTracing, Health and Metrics.
> > - Kept our JWT microprofile implementation
> > - Used CXF shaded and relocated version of the Rest Client
> >
> > Now, where are we?
> > Doing all that worked but does not make TomEE to now be MicroProfile
> compliant.
> > I went ahead and also updated all TCK to use the latest TCK and jakarta
> compatible version of MicroProfile.
> >
> > Unfortunately, SmallRye isn't like Geronimo so adding the libraries does
> not make anything happen. We were failing in all specifications. It's just
> a base set of libraries you can rely on, but ultimately, you need to write
> some integration code.
> >
> > Did most of the integration for Config, Metrics, Health, JWT and
> Rest-Client. Haven't started Fault-Tolerance and OpenAPI.
> >
> > - Config: we have 3 failures to look at. It might need some more code to
> address edge cases.
> > - JWT: 22 failures and 12 not executed. Mainly a key issue.
> > - Metrics: all green, yeah
> > - Health: a few failures I'm working on now
> > - Rest Client: half failing or maybe more - tck setup or missing bits to
> start with
> > - OpenAPI, Fault-tolerance: all failing or almost - no TCK setup or
> integration code
> >
> > I'd appreciate some help as I feel like I'm not seeing the end of the
> tunnel lol
> >
> > Hope it helps
> >
> >
> >
> >
> >
> >
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> >
> > On Sat, Apr 2, 2022 at 11:13 AM Jean-Louis Monteiro <
> jlmonte...@tomitribe.com> wrote:
> > Great discussion. Thanks everyone.
> >
> > I'll look at Sallrye over the weekend and see how hard it is to replace
> our Apache libraries.
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> >
> > On Fri, Apr 1, 2022 at 12:48 PM David Blevins 
> wrote:
> > This is very close.  The dangers of A are not quite captured.
> Completely agree with the dangers of B.
> >
> > > On Apr 1, 2022, at 1:13 AM, Zowalla, Richard <
> richard.zowa...@hs-heilbronn.de> wrote:
> > >
> > > So we basically have to options (if I understand the discussion
> > > correctly):
> > >
> > > (A) Put some effort / resources into upgrade our MP impls to the latest
> > > versions to fully support Jakarta namespace. From my understanding
> > > maintaining these impls is a bit PITA as MP tends to break its API
> > > every few months, right? It will take some time, effort and resources
> > > to catch up.
> >
> > The danger here is that we - due to lack of time / resources - will
> continue to not be seen as a viable MicroProfile implementation.
> >
> > MicroProfile is approximately 70 months old.  We were able to keep up
> for only 1.5 months out of that 70.  It was with TomEE 7.1, released with
> MicroProfile 2.0 support in September of 2018, outdated by MicroProfile 2.1
> in October 2018.  We were 27 months late to getting our first and only
> MicroProfile version implemented, which is now 41 months out of date.
> >
> > >
> > > (B) Use existing MP impls to make "fast" progress on the TomEE 9.x
> > > side, which breaks the "we use apache impls"-credo but enables a faster
> > > move forward. I see the danger here that we - due to lack of time /
> > > resources 

Re: TomEE MicroProfile and Jakarta

[David Blevins]

> On Apr 15, 2022, at 8:08 AM, Daniel Cunha  wrote:
> 
> if I understood correctly, we are working to provide TomEE with SmallRye 
> implementation. Have you shared some branches? Where is the code that you are 
> working on? Not sure if I can help too much, but I could spend some time and 
> put my eyes on it as well.

That's great, Dani!

It looks like it's all in the master branch as of today.


-David

> 
> Em sex., 15 de abr. de 2022 às 08:09, Jean-Louis Monteiro 
>  escreveu:
> Hi,
> 
> Following our discussion I went ahead and did the following
> - yank all Geronimo MicroProfile implementations until we can update them
> - update MicroProfile APIs to their latest and jakarta compatible versions
> - add SmallRye implementations for Config, Fault-Tolerance, OpenAPI, 
> OpenTracing, Health and Metrics.
> - Kept our JWT microprofile implementation
> - Used CXF shaded and relocated version of the Rest Client
> 
> Now, where are we?
> Doing all that worked but does not make TomEE to now be MicroProfile 
> compliant.
> I went ahead and also updated all TCK to use the latest TCK and jakarta 
> compatible version of MicroProfile.
> 
> Unfortunately, SmallRye isn't like Geronimo so adding the libraries does not 
> make anything happen. We were failing in all specifications. It's just a base 
> set of libraries you can rely on, but ultimately, you need to write some 
> integration code.
> 
> Did most of the integration for Config, Metrics, Health, JWT and Rest-Client. 
> Haven't started Fault-Tolerance and OpenAPI.
> 
> - Config: we have 3 failures to look at. It might need some more code to 
> address edge cases. 
> - JWT: 22 failures and 12 not executed. Mainly a key issue.
> - Metrics: all green, yeah
> - Health: a few failures I'm working on now
> - Rest Client: half failing or maybe more - tck setup or missing bits to 
> start with
> - OpenAPI, Fault-tolerance: all failing or almost - no TCK setup or 
> integration code
> 
> I'd appreciate some help as I feel like I'm not seeing the end of the tunnel 
> lol
> 
> Hope it helps
> 
> 
> 
> 
> 
> 
> 
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
> 
> 
> On Sat, Apr 2, 2022 at 11:13 AM Jean-Louis Monteiro 
>  wrote:
> Great discussion. Thanks everyone.
> 
> I'll look at Sallrye over the weekend and see how hard it is to replace our 
> Apache libraries.
> 
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
> 
> 
> On Fri, Apr 1, 2022 at 12:48 PM David Blevins  wrote:
> This is very close.  The dangers of A are not quite captured.  Completely 
> agree with the dangers of B.
> 
> > On Apr 1, 2022, at 1:13 AM, Zowalla, Richard 
> >  wrote:
> > 
> > So we basically have to options (if I understand the discussion
> > correctly):
> > 
> > (A) Put some effort / resources into upgrade our MP impls to the latest
> > versions to fully support Jakarta namespace. From my understanding
> > maintaining these impls is a bit PITA as MP tends to break its API
> > every few months, right? It will take some time, effort and resources
> > to catch up.
> 
> The danger here is that we - due to lack of time / resources - will continue 
> to not be seen as a viable MicroProfile implementation.
> 
> MicroProfile is approximately 70 months old.  We were able to keep up for 
> only 1.5 months out of that 70.  It was with TomEE 7.1, released with 
> MicroProfile 2.0 support in September of 2018, outdated by MicroProfile 2.1 
> in October 2018.  We were 27 months late to getting our first and only 
> MicroProfile version implemented, which is now 41 months out of date.
> 
> > 
> > (B) Use existing MP impls to make "fast" progress on the TomEE 9.x
> > side, which breaks the "we use apache impls"-credo but enables a faster
> > move forward. I see the danger here that we - due to lack of time /
> > resources - will not find the way back to our own Apache
> > implementations and will stick with smallrye for a long (?) time
> > perhaps.
> 
> Correct.  And as mentioned, not finding our way back to our own Apache 
> implementations has already been the status quo.
> 
> > People are eager to use EE9 / Jakarta namespace and TomEE isn't really
> > ready for it, yet. With the latest M7 version, users cannot start new
> > projects as testing possibilities are super limited.
> > 
> > Btw.: I am unsure, if we are still using Hibernate Validation in the
> > current TomEE 9-M8 Snapshot. But if we do, we already broke the
> > "everything from apache"-credo for the sake of getting the
> > certifaction. 
> 
> Our certified distribution (Plume) used EclipseLink instead of OpenJPA, 
> Mojarra instead of MyFaces and Hibernate Bean Validation instead of BVal.
> 
> 
> -David
> 
> 
> 
> -- 
> Daniel Cunha
> https://github.com/danielsoro
> https://twitter.com/danielvlcunha
> https://www.linkedin.com/in/danielvlcunha/



smime.p7s
Description: S/MIME cryptographic signature

Re: TomEE MicroProfile and Jakarta

[David Blevins]

Thank you for all the work you're doing on this, Jean-Louis!

> On Apr 15, 2022, at 4:09 AM, Jean-Louis Monteiro  
> wrote:
> 
> Unfortunately, SmallRye isn't like Geronimo so adding the libraries does
> not make anything happen. We were failing in all specifications. It's just
> a base set of libraries you can rely on, but ultimately, you need to write
> some integration code.

Anecdotally, I've suspected that the MicroProfile stuff we added that primarily 
used CDI Extensions to do integration caused our startup time to increase.  A 
few years ago I did an analysis of our cold start from a testing perspective.  
i.e. how long does it take to pack and start a TomEE server as Arquillian does.

Here's that full email, but the most interesting graph is the second link:

 - https://lists.apache.org/thread/bg8v05lksfwskxkm0y8zdg0yn17mwsfc
 - https://issues.apache.org/jira/secure/attachment/12969800/startup-times.png

What I note on that is the TomE 7.0.x binaries are towards the top of the list 
in good performance and there is a strong trend to slower performance as we get 
into 8.0 and some in 7.1.  Here are just the 7 and 8 startup times:

 - 
https://gist.githubusercontent.com/dblevins/5ed7ce26e480f34db3ea3b6fc818eb3e/raw/d86824f28ae10f86ae5d898f457ddcfa4c7814e1/startup-times-7-and-8.txt

> 
> Did most of the integration for Config, Metrics, Health, JWT and
> Rest-Client. Haven't started Fault-Tolerance and OpenAPI.
> 
> - Config: we have 3 failures to look at. It might need some more code to
> address edge cases.
> - JWT: 22 failures and 12 not executed. Mainly a key issue.
> - Metrics: all green, yeah
> - Health: a few failures I'm working on now
> - Rest Client: half failing or maybe more - tck setup or missing bits to
> start with
> - OpenAPI, Fault-tolerance: all failing or almost - no TCK setup or
> integration code
> 
> I'd appreciate some help as I feel like I'm not seeing the end of the
> tunnel lol

It'll likely be 2 weeks before I can dig in, but the place I'd probably dive in 
first would be the JWT tests as I know that spec and worked on our impl.

-David



smime.p7s
Description: S/MIME cryptographic signature

Re: TomEE MicroProfile and Jakarta

[Daniel Cunha]

Hey Jean-Louis,

if I understood correctly, we are working to provide TomEE with SmallRye
implementation. Have you shared some branches? Where is the code that you
are working on? Not sure if I can help too much, but I could spend some
time and put my eyes on it as well.

Thank you!


Em sex., 15 de abr. de 2022 às 08:09, Jean-Louis Monteiro <
jlmonte...@tomitribe.com> escreveu:

> Hi,
>
> Following our discussion I went ahead and did the following
> - yank all Geronimo MicroProfile implementations until we can update them
> - update MicroProfile APIs to their latest and jakarta compatible versions
> - add SmallRye implementations for Config, Fault-Tolerance, OpenAPI,
> OpenTracing, Health and Metrics.
> - Kept our JWT microprofile implementation
> - Used CXF shaded and relocated version of the Rest Client
>
> Now, where are we?
> Doing all that worked but does not make TomEE to now be MicroProfile
> compliant.
> I went ahead and also updated all TCK to use the latest TCK and jakarta
> compatible version of MicroProfile.
>
> Unfortunately, SmallRye isn't like Geronimo so adding the libraries does
> not make anything happen. We were failing in all specifications. It's just
> a base set of libraries you can rely on, but ultimately, you need to write
> some integration code.
>
> Did most of the integration for Config, Metrics, Health, JWT and
> Rest-Client. Haven't started Fault-Tolerance and OpenAPI.
>
> - Config: we have 3 failures to look at. It might need some more code to
> address edge cases.
> - JWT: 22 failures and 12 not executed. Mainly a key issue.
> - Metrics: all green, yeah
> - Health: a few failures I'm working on now
> - Rest Client: half failing or maybe more - tck setup or missing bits to
> start with
> - OpenAPI, Fault-tolerance: all failing or almost - no TCK setup or
> integration code
>
> I'd appreciate some help as I feel like I'm not seeing the end of the
> tunnel lol
>
> Hope it helps
>
>
>
>
>
>
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
>
> On Sat, Apr 2, 2022 at 11:13 AM Jean-Louis Monteiro <
> jlmonte...@tomitribe.com> wrote:
>
>> Great discussion. Thanks everyone.
>>
>> I'll look at Sallrye over the weekend and see how hard it is to replace
>> our Apache libraries.
>>
>> --
>> Jean-Louis Monteiro
>> http://twitter.com/jlouismonteiro
>> http://www.tomitribe.com
>>
>>
>> On Fri, Apr 1, 2022 at 12:48 PM David Blevins 
>> wrote:
>>
>>> This is very close.  The dangers of A are not quite captured.
>>> Completely agree with the dangers of B.
>>>
>>> > On Apr 1, 2022, at 1:13 AM, Zowalla, Richard <
>>> richard.zowa...@hs-heilbronn.de> wrote:
>>> >
>>> > So we basically have to options (if I understand the discussion
>>> > correctly):
>>> >
>>> > (A) Put some effort / resources into upgrade our MP impls to the latest
>>> > versions to fully support Jakarta namespace. From my understanding
>>> > maintaining these impls is a bit PITA as MP tends to break its API
>>> > every few months, right? It will take some time, effort and resources
>>> > to catch up.
>>>
>>> The danger here is that we - due to lack of time / resources - will
>>> continue to not be seen as a viable MicroProfile implementation.
>>>
>>> MicroProfile is approximately 70 months old.  We were able to keep up
>>> for only 1.5 months out of that 70.  It was with TomEE 7.1, released with
>>> MicroProfile 2.0 support in September of 2018, outdated by MicroProfile 2.1
>>> in October 2018.  We were 27 months late to getting our first and only
>>> MicroProfile version implemented, which is now 41 months out of date.
>>>
>>> >
>>> > (B) Use existing MP impls to make "fast" progress on the TomEE 9.x
>>> > side, which breaks the "we use apache impls"-credo but enables a faster
>>> > move forward. I see the danger here that we - due to lack of time /
>>> > resources - will not find the way back to our own Apache
>>> > implementations and will stick with smallrye for a long (?) time
>>> > perhaps.
>>>
>>> Correct.  And as mentioned, not finding our way back to our own Apache
>>> implementations has already been the status quo.
>>>
>>> > People are eager to use EE9 / Jakarta namespace and TomEE isn't really
>>> > ready for it, yet. With the latest M7 version, users cannot start new
>>> > projects as testing possibilities are super limited.
>>> >
>>> > Btw.: I am unsure, if we are still using Hibernate Validation in the
>>> > current TomEE 9-M8 Snapshot. But if we do, we already broke the
>>> > "everything from apache"-credo for the sake of getting the
>>> > certifaction.
>>>
>>> Our certified distribution (Plume) used EclipseLink instead of OpenJPA,
>>> Mojarra instead of MyFaces and Hibernate Bean Validation instead of BVal.
>>>
>>>
>>> -David
>>>
>>>

-- 
Daniel Cunha
https://github.com/danielsoro
https://twitter.com/danielvlcunha
https://www.linkedin.com/in/danielvlcunha/

Re: [VOTE] Apache TomEE 8.0.11 - take 2

[Daniel Cunha]

+1

Em sex., 15 de abr. de 2022 às 11:37, Alex The Rocker 
escreveu:

> Hello,
>
> So far so good:
> - Tested with IBM Semeru Runtimes 17.0.2 (aka OpenJ9) on a service
> running as Docker containers in K8S
> - Tested with a web app using JAX-RS, JAX-WS, JMS, Websockets &
> Servlets on a VM with CentOS 7 with IBM Semeru 11.0.4
> - Tested with a web app using JAX-RS and websockets on a VM with
> RockyLinux 8.5 and IBM Semery 11.0.4
>
> Early next week I have a much broader scope to give my final
> feedback/vote (non binding) on this release
>
> Thanks,
> Alex
>
> Le jeu. 14 avr. 2022 à 17:06, Jean-Louis Monteiro
>  a écrit :
> >
> > Hi All,
> >
> > This is the first attempt at a vote for a release of Apache TomEE 8.0.11
> >
> > I'd like to start with a big thank you and a big applause to Richard. He
> > has been doing a tremendous work on the project and started to roll out
> his
> > first release today. Per Apache rules, the release manager needs to be a
> > TomEE PMC, that's why I'm starting this VOTE, but the work has been done
> by
> > Richard, so thank you. Well done.
> >
> > Maven Repo:
> > https://repository.apache.org/content/repositories/orgapachetomee-1200/
> >
> > Binaries & Sources:
> > https://dist.apache.org/repos/dist/dev/tomee/staging-1200/tomee-8.0.11/
> >
> > Tags:
> > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.11
> >
> > Release notes:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12351352
> >
> > Here are the releases notes
> > Bug
> >
> >- [TOMEE-3840 ] -
> >TomEE WebProfile 8.0.9 does not start with security enabled
> >- [TOMEE-3848 ] -
> >Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
> >- [TOMEE-3860 ] -
> >Upgrade jackson-databind for CVE-2020-36518
> >- [TOMEE-3871 ] -
> >TomEE Plume is missing BatchEE / JCS Cache
> >- [TOMEE-3876 ] -
> BOM
> >generation corrupted under windows (slash problems)
> >- [TOMEE-3889 ] -
> >Invalid ObjectName for MDB listening to wildcard destination
> >- [TOMEE-3892 ] -
> >TomEE Maven Plugin does not allow to override default "-ea" in
> RemoteServer
> >
> > Improvement
> >
> >- [TOMEE-3842 ] -
> >GitHub Actions fails for PullRequest Builds due to BOM auto generation
> >- [TOMEE-3851 ] -
> >Replace Google Analytics with ASF Matomo
> >- [TOMEE-3859 ] -
> >Update tomee.xml file so it refers to the right location
> >
> > Task
> >
> >- [TOMEE-3852 ] -
> >Review the website in regard to external embedding of resources (JS,
> Fonts,
> >CSS)
> >- [TOMEE-3853 ] -
> Link
> >ASF Privacy Policy from TomEE Website
> >
> > Dependency upgrade
> >
> >- [TOMEE-3841 ] -
> >Upgrade SLF4J to 1.7.36
> >- [TOMEE-3845 ] -
> >Upgrade Tomcat to 9.0.59
> >- [TOMEE-3855 ] -
> >Upgrade Tomcat to 9.0.60
> >- [TOMEE-3856 ] -
> >Upgrade to jackson 2.13.2
> >- [TOMEE-3858 ] -
> >Upgrade OpenJPA to 3.2.2
> >- [TOMEE-3872 ] -
> >Update Hibernate Integration to 5.6.7
> >- [TOMEE-3886 ] -
> >Upgrade tomcat to 9.0.62
> >- [TOMEE-3893 ] -
> >Upgrade to jackson 2.13.2.2
> >
> > Documentation
> >
> >- [TOMEE-3814 ] -
> >Commented SSL Connector fix for tomee server.xml
> >- [TOMEE-3846 ] -
> >Inconsistence between tomee flavors comparison in website and actual
> jars
> >- [TOMEE-3847 ] -
> >Exception when building website from windows os
> >- [TOMEE-3854 ] -
> >Provide a first draft of a link collection page targeting
> >contributor/committer resources
> >- [TOMEE-3888 ] -
> >Cleanup documentation
> >- [TOMEE-3894 ] -
> >website generation 

Re: [VOTE] Apache TomEE 8.0.11 - take 2

[Alex The Rocker]

Hello,

So far so good:
- Tested with IBM Semeru Runtimes 17.0.2 (aka OpenJ9) on a service
running as Docker containers in K8S
- Tested with a web app using JAX-RS, JAX-WS, JMS, Websockets &
Servlets on a VM with CentOS 7 with IBM Semeru 11.0.4
- Tested with a web app using JAX-RS and websockets on a VM with
RockyLinux 8.5 and IBM Semery 11.0.4

Early next week I have a much broader scope to give my final
feedback/vote (non binding) on this release

Thanks,
Alex

Le jeu. 14 avr. 2022 à 17:06, Jean-Louis Monteiro
 a écrit :
>
> Hi All,
>
> This is the first attempt at a vote for a release of Apache TomEE 8.0.11
>
> I'd like to start with a big thank you and a big applause to Richard. He
> has been doing a tremendous work on the project and started to roll out his
> first release today. Per Apache rules, the release manager needs to be a
> TomEE PMC, that's why I'm starting this VOTE, but the work has been done by
> Richard, so thank you. Well done.
>
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1200/
>
> Binaries & Sources:
> https://dist.apache.org/repos/dist/dev/tomee/staging-1200/tomee-8.0.11/
>
> Tags:
> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.11
>
> Release notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12351352
>
> Here are the releases notes
> Bug
>
>- [TOMEE-3840 ] -
>TomEE WebProfile 8.0.9 does not start with security enabled
>- [TOMEE-3848 ] -
>Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
>- [TOMEE-3860 ] -
>Upgrade jackson-databind for CVE-2020-36518
>- [TOMEE-3871 ] -
>TomEE Plume is missing BatchEE / JCS Cache
>- [TOMEE-3876 ] - BOM
>generation corrupted under windows (slash problems)
>- [TOMEE-3889 ] -
>Invalid ObjectName for MDB listening to wildcard destination
>- [TOMEE-3892 ] -
>TomEE Maven Plugin does not allow to override default "-ea" in RemoteServer
>
> Improvement
>
>- [TOMEE-3842 ] -
>GitHub Actions fails for PullRequest Builds due to BOM auto generation
>- [TOMEE-3851 ] -
>Replace Google Analytics with ASF Matomo
>- [TOMEE-3859 ] -
>Update tomee.xml file so it refers to the right location
>
> Task
>
>- [TOMEE-3852 ] -
>Review the website in regard to external embedding of resources (JS, Fonts,
>CSS)
>- [TOMEE-3853 ] - Link
>ASF Privacy Policy from TomEE Website
>
> Dependency upgrade
>
>- [TOMEE-3841 ] -
>Upgrade SLF4J to 1.7.36
>- [TOMEE-3845 ] -
>Upgrade Tomcat to 9.0.59
>- [TOMEE-3855 ] -
>Upgrade Tomcat to 9.0.60
>- [TOMEE-3856 ] -
>Upgrade to jackson 2.13.2
>- [TOMEE-3858 ] -
>Upgrade OpenJPA to 3.2.2
>- [TOMEE-3872 ] -
>Update Hibernate Integration to 5.6.7
>- [TOMEE-3886 ] -
>Upgrade tomcat to 9.0.62
>- [TOMEE-3893 ] -
>Upgrade to jackson 2.13.2.2
>
> Documentation
>
>- [TOMEE-3814 ] -
>Commented SSL Connector fix for tomee server.xml
>- [TOMEE-3846 ] -
>Inconsistence between tomee flavors comparison in website and actual jars
>- [TOMEE-3847 ] -
>Exception when building website from windows os
>- [TOMEE-3854 ] -
>Provide a first draft of a link collection page targeting
>contributor/committer resources
>- [TOMEE-3888 ] -
>Cleanup documentation
>- [TOMEE-3894 ] -
>website generation broken under windows
>
>
> (Developers - please review and adjust your tickets if necessary!)
>
> Please VOTE:
>
> [+1] Yes, release it
> [+0] Not fussed
> [-1] Don't release, there's a showstopper (please specify what the
> showstopper is)
>
> Vote will be open for 72 hours.
>
> Thanks
> --
> 

Re: TomEE MicroProfile and Jakarta

[Jean-Louis Monteiro]

Hi,

Following our discussion I went ahead and did the following
- yank all Geronimo MicroProfile implementations until we can update them
- update MicroProfile APIs to their latest and jakarta compatible versions
- add SmallRye implementations for Config, Fault-Tolerance, OpenAPI,
OpenTracing, Health and Metrics.
- Kept our JWT microprofile implementation
- Used CXF shaded and relocated version of the Rest Client

Now, where are we?
Doing all that worked but does not make TomEE to now be MicroProfile
compliant.
I went ahead and also updated all TCK to use the latest TCK and jakarta
compatible version of MicroProfile.

Unfortunately, SmallRye isn't like Geronimo so adding the libraries does
not make anything happen. We were failing in all specifications. It's just
a base set of libraries you can rely on, but ultimately, you need to write
some integration code.

Did most of the integration for Config, Metrics, Health, JWT and
Rest-Client. Haven't started Fault-Tolerance and OpenAPI.

- Config: we have 3 failures to look at. It might need some more code to
address edge cases.
- JWT: 22 failures and 12 not executed. Mainly a key issue.
- Metrics: all green, yeah
- Health: a few failures I'm working on now
- Rest Client: half failing or maybe more - tck setup or missing bits to
start with
- OpenAPI, Fault-tolerance: all failing or almost - no TCK setup or
integration code

I'd appreciate some help as I feel like I'm not seeing the end of the
tunnel lol

Hope it helps







--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Sat, Apr 2, 2022 at 11:13 AM Jean-Louis Monteiro <
jlmonte...@tomitribe.com> wrote:

> Great discussion. Thanks everyone.
>
> I'll look at Sallrye over the weekend and see how hard it is to replace
> our Apache libraries.
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
>
> On Fri, Apr 1, 2022 at 12:48 PM David Blevins 
> wrote:
>
>> This is very close.  The dangers of A are not quite captured.  Completely
>> agree with the dangers of B.
>>
>> > On Apr 1, 2022, at 1:13 AM, Zowalla, Richard <
>> richard.zowa...@hs-heilbronn.de> wrote:
>> >
>> > So we basically have to options (if I understand the discussion
>> > correctly):
>> >
>> > (A) Put some effort / resources into upgrade our MP impls to the latest
>> > versions to fully support Jakarta namespace. From my understanding
>> > maintaining these impls is a bit PITA as MP tends to break its API
>> > every few months, right? It will take some time, effort and resources
>> > to catch up.
>>
>> The danger here is that we - due to lack of time / resources - will
>> continue to not be seen as a viable MicroProfile implementation.
>>
>> MicroProfile is approximately 70 months old.  We were able to keep up for
>> only 1.5 months out of that 70.  It was with TomEE 7.1, released with
>> MicroProfile 2.0 support in September of 2018, outdated by MicroProfile 2.1
>> in October 2018.  We were 27 months late to getting our first and only
>> MicroProfile version implemented, which is now 41 months out of date.
>>
>> >
>> > (B) Use existing MP impls to make "fast" progress on the TomEE 9.x
>> > side, which breaks the "we use apache impls"-credo but enables a faster
>> > move forward. I see the danger here that we - due to lack of time /
>> > resources - will not find the way back to our own Apache
>> > implementations and will stick with smallrye for a long (?) time
>> > perhaps.
>>
>> Correct.  And as mentioned, not finding our way back to our own Apache
>> implementations has already been the status quo.
>>
>> > People are eager to use EE9 / Jakarta namespace and TomEE isn't really
>> > ready for it, yet. With the latest M7 version, users cannot start new
>> > projects as testing possibilities are super limited.
>> >
>> > Btw.: I am unsure, if we are still using Hibernate Validation in the
>> > current TomEE 9-M8 Snapshot. But if we do, we already broke the
>> > "everything from apache"-credo for the sake of getting the
>> > certifaction.
>>
>> Our certified distribution (Plume) used EclipseLink instead of OpenJPA,
>> Mojarra instead of MyFaces and Hibernate Bean Validation instead of BVal.
>>
>>
>> -David
>>
>>