Turns out that Javadoc needs to know about other classes even if we
exclude their sources. The reason for excluding sources is that we
don't want to include their documentation in the generated
documentation. We can fix this by including compiled classes while
still excluding their sources.
A while ago we started using a security manager for executing tests in
order to prevent them from bothering production servers.
However, keeping the security policy up to date for testing new
functionality is becoming difficult:
- The recently extended CollecTor module for indexing files
asynchronously and creating hard links broke tests in unexpected
way by requiring permission java.nio.file.LinkPermission "hard";
- Turns out that parallel streams used for sanitizing web server logs
internally create threads that do not have the permissions as
defined in our custom security policy.
All in all it seems better to throw out the security manager at all
and prevent tests from bothering production servers simply by not
executing them on production servers.
There's an issue with Java 9+ complaining about an ilegal reflective
access [...] to field java.util.TimeZone.defaultTimeZone which is
fixed in PostgreSQL JDBC driver version 42.2.0. Updating to 42.2.5
which happens to be in Debian buster under the assumption that is has
seen more usage than 42.2.0 (containing the fix) or 42.2.7 (latest at
the moment).
Found while running integration tests using metrics-test.
We're having trouble with Cobertura and Java 8, most likely due to it
not being maintained anymore. We're removing it now and will be
replacing it with something else later.
Resolves#31361.
With this change all depending code bases start using Ivy for
resolving external dependencies rather than relying on files found in
Debian stable packages. Requires installing Ivy (using `apt-get
install ivy`, `brew install ivy`, or similar) and running `ant
resolve`. Retrieved files are then copied to the `lib/` directory,
except for dependencies on other metrics libraries that still need to
be copied to the `lib/` directory manually. Current dependency
versions resolved by Ivy are the same as in Debian stretch with few
exceptions.
Implements part of #31326.
Turns out that updating all dependencies, including those in
metrics-web and exonerator using servlets and JSPs, is much harder
than expected. We decided to revert all these changes for now, so that
we can merge patches again. We're going to investigate alternatives
like Ant + Ivy, Maven, or Gradle in the near future.
Note that Checkstyle is excluded from this update, because there's a
yet unresolved issue with the new version: ("Unable to create Root
Module") that we'll have to address in a separate patch. But given
that Checkstyle is not required for the build it's okay to keep the
old version for now. It'll be in the release tarball.
Note that Checkstyle and Cobertura are excluded from this update,
because they're not required for the build and because we're still
using newer versions than what's in stretch. We could attempt to
downgrade and see if the versions in stretch are new enough. But
that's not part of this patch.
