depstar

Discussion around https://github.com/seancorfield/depstar
zhuxun2 2020-09-14T01:12:13.036400Z

When building a uberjar using clojure -A:depstar -m hf.depstar.uberjar MyProject.jar, I get a long list of "clashing jar item" warnings like

{:warning "clashing jar item", :path "org/mozilla/javascript/ContextListener.class", :strategy :noop}
{:warning "clashing jar item", :path "org/mozilla/javascript/ContinuationPending.class", :strategy :noop}
{:warning "clashing jar item", :path "org/mozilla/javascript/DToA.class", :strategy :noop}
{:warning "clashing jar item", :path "org/mozilla/javascript/Decompiler.class", :strategy :noop}
{:warning "clashing jar item", :path "org/mozilla/javascript/DefaultErrorReporter.class", :strategy :noop}
{:warning "clashing jar item", :path "org/mozilla/javascript/DefiningClassLoader.class", :strategy :noop}
...
What do they mean and should I care? Thanks!

zhuxun2 2020-09-14T01:12:46.036900Z

And why are the strategies ":noop"?

seancorfield 2020-09-14T01:13:54.038300Z

They're warnings, so you can ignore them. It's just saying that the file was found in multiple dependencies that you have. :noop means it didn't try to do anything. For some file type it will merge/concatenate the files.

seancorfield 2020-09-14T01:14:19.038800Z

You can use the -S / --suppress-clash option to hide those messages if you want.

👍 1
seancorfield 2020-09-14T01:15:36.040700Z

I'm probably going to make that the default and and an option to display them only as needed since a lot of people seem to be very concerned about "warnings" if they don't understand classpaths and dependencies can contain duplicates.

zhuxun2 2020-09-14T01:16:48.041500Z

Hmmm. The above command did generate a "MyProject.jar", however, trying to run it with java -jar MyProject.jar resulted in an error:

Error: Invalid or corrupt jarfile MyProject.jar

seancorfield 2020-09-14T01:17:58.042100Z

You didn't specify a main class in your JAR to execute, and you didn't compile it.

seancorfield 2020-09-14T01:19:09.043100Z

If you read the README, it explains the various ways to make JAR files and how you can run each one. In particular, for the command you ran

clojure -A:depstar -m hf.depstar.uberjar MyProject.jar
java -cp MyProject.jar clojure.main -m project.core

seancorfield 2020-09-14T01:24:15.044100Z

I just updated the README to make it clear that folks need to read more of the information there if they want to use java -jar to run their uberjar.

zhuxun2 2020-09-14T01:37:13.046300Z

It seems to be working now, thanks!

zhuxun2 2020-09-14T01:37:51.047Z

Yeah, a bit of heads-up will be tremendously helpful for us newbies 🙂

seancorfield 2020-09-14T01:39:22.047300Z

See if the updated readme helps now.

seancorfield 2020-09-14T01:39:44.047700Z

(I'm working on making the clash warnings off by default)

zhuxun2 2020-09-14T01:51:59.049500Z

Is there a way to manually deal with the item clashes? I just found out that another package's index.html appears in my public, which is going to create problems...

zhuxun2 2020-09-14T01:55:52.050300Z

@seancorfield The update is very clear and helpful. Thanks!

1
seancorfield 2020-09-14T01:57:53.052100Z

Unfortunately, there are some libraries that have been incorrectly packaged -- they shouldn't contain things that would conflict with user's normal files (like public/index.html) so you should report a bug against the library that is doing that.

seancorfield 2020-09-14T01:59:22.053400Z

(and this is partly why depstar has previously defaulted to providing this warning)

zhuxun2 2020-09-14T01:59:34.053800Z

Got it. Is there a way to find out which one is the offending package?

seancorfield 2020-09-14T02:00:09.055100Z

There was a discussion about this a week or two ago in one of the channels here because some library was causing exactly that problem, with a stray index.html file 😐

zhuxun2 2020-09-14T02:00:49.056500Z

I mean in this case its relatively obvious once I read the index.html, but when it's not obvious is there a way to know which package it is?

seancorfield 2020-09-14T02:00:52.056800Z

You can use the -v option on depstar to tell you exactly what files are being copied in and that should tell you -- it will be large output so you'll want to redirect it to a file.

zhuxun2 2020-09-14T02:01:32.057600Z

Got ya. Wouldn't it be more helpful if the warnings themselves can point them out? Just a thought

seancorfield 2020-09-14T02:02:05.058200Z

By the time it sees a conflict, it no longer knows where the previous file came from.

seancorfield 2020-09-14T02:02:31.058600Z

And conflicts are not always a problem.

seancorfield 2020-09-14T02:04:11.060600Z

The real issue is that the order of things on the classpath is not always deterministic.

seancorfield 2020-09-14T02:04:50.061600Z

So it's OK to have the same file present in multiple dependencies, but it's sometimes not OK to have the same filename with different contents.

seancorfield 2020-09-14T02:05:07.062100Z

(and this is true of Java classpaths in general -- this isn't a Clojure issue)

zhuxun2 2020-09-14T02:07:08.063800Z

Got ya, so basically, if all is done correctly, namespaces should never clash unless they literally are the same thing

zhuxun2 2020-09-14T02:09:25.065500Z

@seancorfield But I mean, that's exactly why it would be great if the warning can point me which package it is -- so that I can know who is being naughty (even just let me know the second one would be great, which I assume depstar has the reference when the clash happens).

seancorfield 2020-09-14T02:14:27.066400Z

@zhuxun2 The information about which dependency is being processed is not available by the time the warning is issued.

seancorfield 2020-09-14T02:15:53.067600Z

(and it's just as likely that the one that "causes" the conflict would be seen as your code, depending on where it was in the classpath)

seancorfield 2020-09-14T02:16:01.067900Z

So -v is the best way to debug that.

seancorfield 2020-09-14T02:18:16.069Z

I'll probably cut 1.1.115 tomorrow with the changes made so far. That will make it harder to detect problematic index.html files, by the way, since the warning will be off by default.

seancorfield 2020-09-14T02:18:23.069200Z

(dinner time here)

zhuxun2 2020-09-14T02:44:04.069700Z

@seancorfield Thanks a lot!

seancorfield 2020-09-14T04:37:58.071400Z

`seancorfield/depstar {:mvn/version "1.1.116"}` is available https://github.com/seancorfield/depstar/releases/tag/v1.1.116 -- it suppresses the clashing jar item warning by default and adds -D / --debug-clash to enable the warnings.

cap10morgan 2020-09-14T15:42:43.074800Z

Getting an error with 1.1.116 (that I don't get with 1.1.104) building an uberjar w/ some exclusions on clojure 1.10.1.561: {:error "unable to copy file", :name "clojure/tools/reader/default_data_readers.clj", :exception java.lang.ClassCastException, :message nil}. I'm invoking it like this:

:main-opts ["-m" "hf.depstar.uberjar" "-X" "fluree/db/.*\\.clj[cs]?$" "target/fluree-ledger.standalone.jar" "-C" "-m" "fluree.db.server"]
I haven't been able to create a minimal reproduction scenario yet, and the project in question is private. But I thought I'd post here in case you already have a lead suspect @seancorfield. 🙂

cap10morgan 2020-09-14T15:46:19.075200Z

Happy to turn all that into a GitHub issue if you'd like.

seancorfield 2020-09-14T16:10:59.075600Z

@cap10morgan Sorry. Roll back to 1.1.104 and I'll fix it a.s.a.p.

cap10morgan 2020-09-14T16:17:52.075700Z

No worries. And thanks!

seancorfield 2020-09-14T17:09:55.075900Z

Can you share your deps.edn? I'm having a hard time reproducing the bug (although I think I know what is causing it).

seancorfield 2020-09-14T17:12:21.076100Z

I think that tools.reader might be ending up on your classpath twice (but I'm not sure how).

seancorfield 2020-09-14T17:12:52.076300Z

If you want to just share it privately, you can email details to <mailto:sean@corfield.org|sean@corfield.org>

seancorfield 2020-09-14T17:13:31.076500Z

And if you could run that failing command on 1.1.116 with -D and -v options added to produce all the debug output, that would be really helpful @cap10morgan

cap10morgan 2020-09-14T17:15:07.076700Z

sure I can email it to you

cap10morgan 2020-09-14T17:15:27.076900Z

I'll try it again w/ -v and -D too

seancorfield 2020-09-14T17:17:28.077100Z

(I think the clash strategy logic is seeing default_data_readers.clj and mistakenly treating it like data_readers.clj -- bug in my regex -- and then trying to merge it... which of course fails... but I'm not sure how you'd get tools.reader on your classpath twice 😐 )

cap10morgan 2020-09-14T17:24:19.077300Z

emailed

seancorfield 2020-09-14T17:25:42.077500Z

Got it!

👍 1
seancorfield 2020-09-14T17:38:29.077800Z

OK, yeah, it's finding default_data_readers.clj twice and trying to merge them which is the bug I thought it might be. I can't figure out why it's on the classpath twice (and, strangely, the verbose debugging output doesn't tell me so I'll need to dig into that some more and figure out what I'm not not displaying in verbose mode -- but that's a separate issue).

seancorfield 2020-09-14T17:44:27.078Z

Try 1.1.117 which I just released to Clojars.

seancorfield 2020-09-14T18:14:26.078300Z

@cap10morgan ^

cap10morgan 2020-09-14T18:15:09.078500Z

will do!

cap10morgan 2020-09-14T18:21:52.078700Z

Looks like it's fixed! Thanks!

seancorfield 2020-09-14T19:13:13.079800Z

OK, seancorfield/depstar {:mvn/version "1.1.117"} is available https://github.com/seancorfield/depstar/releases/tag/v1.1.117 -- it suppresses the clashing jar item warning by default and adds -D / --debug-clash to enable the warnings. This fixes an edge case bug in 1.1.116 to do with tools.reader as a dependency.