Fork me on GitHub
#depstar
<
2021-02-25
>
dorab00:02:24

If reproducible builds are being used for security, then I agree that there are problems. Ken Thompson's Turing Award lecture also comes to mind. https://dl.acm.org/doi/10.1145/358198.358210

1
terjesb12:02:04

Is there a way to use depstar to add an external Class-Path reference in the manifest? One of my dependencies unfortunately needs to be external to the uberjar. I need to add e.g. Class-Path: /opt/whatever/whatever.jar to the manifest. It works if I have an ‘add-class-path’ file containing that line and then post-process the uberjar using: jar --manifest=add-class-path -u -f my.jar But I’m wondering if it is within scope for doing this directly in depstar. Btw, the depstar readme has a small typo in the Exclude Files section. The example says to use: :exclude '"clojure/core/specs/alpha.*"' but that doesn’t work and I believe the correct usage is: :exclude '["clojure/core/specs/alpha.*"]' The description correctly says to use a vector of strings.

seancorfield16:02:18

Open an issue on GH and I'll give it some thought. It feels a bit out of scope but maybe a generic way to add manifest entries would be reasonable?

seancorfield16:02:53

Also, good catch on the typo : I think it accepted a regex or a vector at some point. I'll try to remember to fix that when I'm at my desk (but feel free to create an issue to remind me).

seancorfield17:02:31

OK, at my computer now. I've fixed the :exclude issue (the printed help also suggested a single regex). Also https://github.com/seancorfield/depstar/issues/69