Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [osgi-dev] Blacklisting bundle versions
  • From: Michael Lipp <mnl@xxxxxx>
  • Date: Wed, 9 Oct 2024 14:02:06 +0200
  • Autocrypt: addr=mnl@xxxxxx; keydata= xsFNBFbn8agBEADOKof+zVMwg1nwdw8eG7kYY3iy/zCD2S3l+hRy9yF5svnpBRa7WiTKNnRZ CtOBtmkTr54fkbnYnQK2y5hMyrWkpCij7MT4yAM/HCDJqS+Yfi7VT4Alt24rm3gZoSfmgqWl dt94BdunpiNfsVQdjXu87eaSiVkqyqb+6H0lquW6uZFR5/PuHMw/UbgkKgKW97k6OAyr+PTf 1HtLfmtykXyRMTnuny1fxpvA7UnU9u54UPfUn29F1ArF8NzfKVNn6bcnmuyWm6ORPoFLXlUB 3aA1RDY+wo5zJsce6M/8FT5/hi9U6b1K/uRGCXhgzz5Vxb3mtzpVqNSBTnlhIjJhS0dYnNdH QN4Ng96Na3ZzqW4GnBmXkGDT3lo7kXsIV+2cPMDcUfmaiOtRv/hgPj4cRiExvTpsEV4FBelX C96s5kb122h7MWwStalVY+CG2x/OLvho84/hPZf60YW/1quSpTMAseMqesc/V6AuY0ZPdR7r ei66e2uL+KbipkhDTN+p9h0XD2DryhAE4rmU4cSq3+CgYl0WEgitDXPoD18g04jqgIZ4oy81 xeBG93Xc2iODiy0khBv+SB4FxLrJXo1zhmFngRAhIG2nt3tYppIOTmMGV/dJr3YMR4OUegu7 eFy/6Q1naOtzXWMDaRwUtou2c6wzWYZvFTCfnxxNLQqOw1Fc6wARAQABzSVNaWNoYWVsIE4u IExpcHAgKFByaXZhdCkgPG1ubEBtbmwuZGU+wsF3BBMBCAAhBQJW5/GoAhsDBQsJCAcCBhUI CQoLAgQWAgMBAh4BAheAAAoJEBriMFiHjvWZbycQALKiZir3N8dTZkK0csdxXBR2zfXJQT3Q A4uvv/nxNpAWanHndWq721DCUuXTZU7UCap+WpmcvKQa9kM93XXx8782ZsjMttcz5RhBb34L J2n7zV4+RN7QmtZ5iY7VvZJNjHw6WQPOYro49q0TUGYYU7Q5gFsxQSLaPrh0DntehSS6ab4k oO7jJvRTwJepxKS9r20xgmxREIFzVRkYrGke3PAGxnDagN1wdnjRIPRZvppmgQnT78If8zCg oCb1QR3jpZlfsy6emsajKB9EnxzaT0GXy3dJYyf9h7wsUtunQ4awnMB6tx/pF97LQhGGhrfe DIIBHXs/IlikzsJQi8iN65BryBYl5n9lWysCXDOZO9MHsBks2IhtKdnNHT7w7UQyO6ipNtCA nvBRomgry76CSekCTSIiYSFvW60BxpE+3sQLI7pplmTy3pjoKrf2ivNQJ5yr5bFYTA4sfKMc +Z3NqRImscWRoNXKRpyq1HG7GJHRtR2tnNqZMTkLCNcW3oVgnAuDRuRMl7BvUzdbsTl1wMJs slq6WPj1Y3n9bcgLMuYUf4SUw6edm9xuE6mydONP4xw9vAebwh/uHmTqyC0xjM+zxgv1RBjq vtJWgd3By3dOO6YGk61BKNjARHhuuGsqBp1qNuK/1KnnSQqqSsrlfVnwihGIyhJlY5nlk2Zd n6TmzsFNBFbn8agBEADTZS6bWMctsADSWRssJcE7HFUMF4IhdG/qpTofwFoPGqvRLSMbHMcM 44pJI8mBKJxJLTzlrXjJf9E8YPq5hiOxI1DmWoxZBLzE88GRJWBXHZIdUBcR6Mv+nhwaMrE6 8pRZ+cRvOMeS49n/JbEhJevGXKGcKGgB97hctzy/k5Q7sWCwxRl0BFHjB2Qlg1LmK0aap20k 2t23NlG3Sic8D7n6k4wcjYetaa5N6jFiSHgcGTukpj16X/4N6JVT0+JPkO2YOGTHJcTkFlet d2/oxzudZtTZR+VVLCS45f9C/rewMyD9AkFw5Eb1vIfQwlxGeHKnqJPDC5iBGn7gh7cCV3pQ J6vzRZgYrOzbaheWSywots4dl8LctFfzhO6EvIeMKlbhLpKpBwkN2VrNqmJzlWJvRv6ateBj qBMcR1eH7EDWeQXvnaf2OTtVxySB4c+J5eDXOqYcbVrwek5qpNjzzmW165h6vcnm8eQGo06M GHVK1NwOVQr4KNcRFLk4KFg7LigMI21dRs2WMxEBIugKF8PReP/hUg7av+XldYemgPAdWh9E 72qw9vOXTa8HO9VQIcKnXLhcd/QTI3aXeWDb+FTZXaFkLnY5aMx8zZYQYOaFJHWztI5jjNof jJMENyM0vFlNj/0JwTQjlncfZ2p6uM8ZR6RWLCj5/eqxw0joqLUSMwARAQABwsFfBBgBCAAJ BQJW5/GoAhsMAAoJEBriMFiHjvWZY/sP+wT9Y8QdjIxnl+6mRvZ+C2LEvRw/ABxrrxye0BLW KQSuwWTgHMwDAIRTXOWu2VC54UmyH+ds5tcv27215ueDYrxsNfMzwXYqA07K0aqvMDB/fn8+ 1NWm9EVNpfKKyJzvprAgqvYHS5Bkp+PiW0LAhctxRv1EpRMA2iHfTjttBoYcfAlsfrTAjCbN jCACUdOBwypog1gnUA18fFyXrGF3CRHPcqsgJOn1KPSbHeUgsqhc7XKcEUxIy37Co4qm06wq YKYr9XNCe0kjrftc+VEi/BK+uYlFR0Eq/trCsuSPJMzTM8O6wmkgngfMlNrRqgorwXwsgKFe PvMuGTO7cUB4BhQnm7rYJJCFoavijCQombRMZ+oA3N6eRcbQXd1++guEvPsivNNe1ZUuWpv5 YtkliMNHumrkHR3hE4mLZpgBslL8NsAI8kcmGmiFuV3Zv7alo9fkupBOulVSYZkSKqbV0rRY 6u5EIx2t05OsYSpBgE3T+hs2UVnGGjIpJSCiZDvOI1haMVRjkTutKAjbCAhgHIVeCTIIfsqi 3PYf6HYa+21YVMM+CvGOXXsOLYOOXYgkXsL1Gn5zQtwJP8rYezKtsuqMwfL7Vjc/scnsyHuG qeixyy3cll31vSFZ+mWh4Ze06FwqHg9YjWQidWrWCMz1XYXIWcIu8xagb/jZbLZilW65
  • Delivered-to: osgi-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/osgi-dev/>
  • List-help: <mailto:osgi-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/osgi-dev>, <mailto:osgi-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/osgi-dev>, <mailto:osgi-dev-request@eclipse.org?subject=unsubscribe>
  • User-agent: Mozilla Thunderbird
Considering the info about you on LinkedIn, there must be something non-obvious about this question.

Let me provide a beginner's answer to check if I got it right. There are actually two occasions during development when you might want to blacklist bundles: during build time and at run-time.

In both situations, the bundles available for building (or running) are primarily controlled by the configuration of the repository/repositories used (https://mnlipp.github.io/osgi-getting-started/Repositories.html). When using bnd to provide the "classpath" for building, the configuration of the "built-in" repository providers follows a "list of positives" approach, i.e. you explicitly specify the bundles that should be available in your repositories (no blacklisting required). The "Bnd POM Repository" (https://bnd.bndtools.org/plugins/pomrepo.html) deviates from this approach a bit, because it automatically provides additional bundles as specified by the dependencies from the Maven POM. AFAIK there is no possibility to blacklist individual dependencies with this plugin. (But on the other hand side, if you cannot rely on the defined maven dependencies, something's wrong anyway.)

My "Indexed Maven Repository plugin" (http://mnlipp.github.io/de.mnl.osgi/IndexedMavenRepository.html) takes the opposite approach by making everything from a maven group available unless explicitly disabled (effectively blacklisted). This approach should not be taken in an enterprise context (see below), but is very convenient for small projects that simply assume newer versions to be better.

At run-time, there may be two different scenarios. The easy one is that you resolve all dependencies at build time using a bndrun configuration. There you can explicitly blacklist specific versions to prevent them from being used when resolving your initial (explicitly required) bundles. I assume that you have seen this before, but here (https://github.com/mnlipp/jgrapes-osgi/blob/master/org.jgrapes.osgi.demo.console/democonsole.bndrun) is a non-trivial bndrun file. The list of runbundles is what results from the automatic resolution, considering whatever your repositories provide as candidate (unless blacklisted).

The more complicated run-time situation is when you have something like e.g. Eclipse that does its resolution on startup. Here you have to look at the mechanism used and find out how to configure it to blacklist something (if possible).

While all this may seem a bit complicated, the reasoning behind it is OSGi's approach of separating API and implementation (it's not unique to OSGi, but followed rather strictly in this context). So the repository used during building should only provide the API-bundles used by your bundle (or application) under development and every change of an API's version should be a controlled by an explicit process. The actual implementation of the API used at run-time is much more dynamic. Either because you want to try another provider (e.g. switching from Felix to Equinox) or because some version of an implementation bundle has proven to be buggy and you want to replace it with the fixed version (and optionally blacklist the buggy version to make sure that it isn't used under any circumstances).

 - Michael



Am 09.10.24 um 12:08 schrieb Dr. James J. Hunt via osgi-dev:

Dear Colleagues,

Does OSGi provide any mechanism for blacklisting particular versions of OSGi bundles?

Sincerely,

James


Dr. James J. Hunt
CEO & CTO


aicas GmbH
Emmy-Noether-Strasse 9 ● 76131 Karlsruhe ● Germany
https://www.aicas.com ● Tel: +49 721 / 663 968 22

USt-Id: DE216375633, Handelsregister HRB 109481, AG Mannheim
Geschäftsführer: Dr. James J. Hunt

aicas incorporated
6 Landmark Sq., Ste 400 ● Stamford, CT 06901 ● USA ● Tel: +1 203 435 0521

aicas America Limited
4023 Kennett Pike, Ste 810 ● Wilmington, DE 19807 ● USA ● Tel: +1 312 757 6153


Connect with us and stay tuned:
Subscribe to the aicas newsletter!

        

_______________________________________________
osgi-dev mailing list
osgi-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org


Back to the top