Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-7793

Add download definition for drivers of commonly used open source rdbms to build gradle

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.01
    • Component/s: None
    • Labels:
      None

      Description

      With the move to dependency mgt through gradle/gradlew the download definitions for the drivers of the most commonly used rdbms solutions were removed.

      Adding these to the build.gradle file will deliver a great pleasure adoption wise through a small effort.

        Issue Links

          Activity

          Hide
          pfm.smits Pierre Smits added a comment -

          This patch addresses the issue.

          Show
          pfm.smits Pierre Smits added a comment - This patch addresses the issue.
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          How to maintain this? Is it only temporary (then OK)?

          Show
          jacques.le.roux Jacques Le Roux added a comment - How to maintain this? Is it only temporary (then OK)?
          Hide
          pfm.smits Pierre Smits added a comment -

          Through community effort and collaboration

          Like I did in 2015 with OFBIZ-6582 and in 2012 with OFBIZ-4800

          Show
          pfm.smits Pierre Smits added a comment - Through community effort and collaboration Like I did in 2015 with OFBIZ-6582 and in 2012 with OFBIZ-4800
          Hide
          pfm.smits Pierre Smits added a comment -

          Is not everything temporary?

          Do you see any adopter posting issues about the drivers selecting not working with their (production) environments? If that happens, we'll deal with then. Let us not jump the fence here, and just help potential adopters, reviewers and contributors.

          A little deed goes a long way. And reputations break easily.

          Show
          pfm.smits Pierre Smits added a comment - Is not everything temporary? Do you see any adopter posting issues about the drivers selecting not working with their (production) environments? If that happens, we'll deal with then. Let us not jump the fence here, and just help potential adopters, reviewers and contributors. A little deed goes a long way. And reputations break easily.
          Hide
          jacques.le.roux Jacques Le Roux added a comment - - edited

          I'm not strongly against this solution, and we could live with it temporarily but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy team recommendation which is to use https://github.com/tkruse/gradle-groovysh-plugin. We could then ask users for their preference, it's here a bit more difficult so maybe best to forget it and let users completly decide about it.

          Globally for static downloads, one issue I'm thinking about is possible vulnerabilities. Here see eg https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search
          The beauty of a tool like Gradle is it should automatically prevent vulnerabilities. We can of course cross compilation issues with automatic updates but it's orders of magnitude less dangerous than an hidden vulnerability...

          Show
          jacques.le.roux Jacques Le Roux added a comment - - edited I'm not strongly against this solution, and we could live with it temporarily but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy team recommendation which is to use https://github.com/tkruse/gradle-groovysh-plugin . We could then ask users for their preference, it's here a bit more difficult so maybe best to forget it and let users completly decide about it. Globally for static downloads, one issue I'm thinking about is possible vulnerabilities. Here see eg https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search The beauty of a tool like Gradle is it should automatically prevent vulnerabilities. We can of course cross compilation issues with automatic updates but it's orders of magnitude less dangerous than an hidden vulnerability...
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          We can apply this patch and use static libs while we work on OFBIZ-7808

          Show
          jacques.le.roux Jacques Le Roux added a comment - We can apply this patch and use static libs while we work on OFBIZ-7808
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          Thanks Pierre,

          Your patch is in trunk at revision: 1752843

          This is an agreed temporary workaround while we are trying to implement interactive tasks at OFBIZ-7808

          Show
          jacques.le.roux Jacques Le Roux added a comment - Thanks Pierre, Your patch is in trunk at revision: 1752843 This is an agreed temporary workaround while we are trying to implement interactive tasks at OFBIZ-7808
          Hide
          jacques.le.roux Jacques Le Roux added a comment - - edited

          OK since we also agreed about not use interactive tasks for now, I will remove this from OOTB config and close here

          Show
          jacques.le.roux Jacques Le Roux added a comment - - edited OK since we also agreed about not use interactive tasks for now, I will remove this from OOTB config and close here
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          After running the OWASP depend. check. Gradle plugin (OFBIZ-7930) I know that I was too much optimistic on this. We will need to check manually and create something similar to suppress.xml at least...

          Show
          jacques.le.roux Jacques Le Roux added a comment - After running the OWASP depend. check. Gradle plugin ( OFBIZ-7930 ) I know that I was too much optimistic on this. We will need to check manually and create something similar to suppress.xml at least...
          Hide
          jacques.le.roux Jacques Le Roux added a comment - - edited

          Based on a lazy consensus following this Taher's comment I close this issue and we will rather document in the wiki documentation

          Show
          jacques.le.roux Jacques Le Roux added a comment - - edited Based on a lazy consensus following this Taher's comment I close this issue and we will rather document in the wiki documentation
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          The download in build.gradle are commented out at revision: 1754567

          Show
          jacques.le.roux Jacques Le Roux added a comment - The download in build.gradle are commented out at revision: 1754567

            People

            • Assignee:
              jacques.le.roux Jacques Le Roux
              Reporter:
              pfm.smits Pierre Smits
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development