This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-12-03
Channels
- # adventofcode (151)
- # asami (34)
- # babashka (43)
- # beginners (111)
- # cider (2)
- # clj-kondo (6)
- # cljdoc (12)
- # clojure (140)
- # clojure-australia (10)
- # clojure-europe (14)
- # clojure-france (5)
- # clojure-gamedev (5)
- # clojure-nl (4)
- # clojure-uk (10)
- # clojurescript (20)
- # community-development (9)
- # conjure (1)
- # core-async (4)
- # cryogen (3)
- # cursive (2)
- # datomic (17)
- # emacs (9)
- # events (1)
- # fulcro (27)
- # juxt (8)
- # kaocha (2)
- # lambdaisland (14)
- # off-topic (23)
- # pathom (37)
- # pedestal (2)
- # re-frame (8)
- # reagent (8)
- # reclojure (9)
- # reitit (5)
- # reveal (34)
- # shadow-cljs (27)
- # spacemacs (10)
- # tools-deps (123)
- # vim (28)
- # xtdb (17)
I just released a prerelease clj 1.10.1.745 with the new dep tree printing under clj -X:deps tree
(want to get some feedback but I will extend to -Stree before I release it). Options available (won't be available under -Stree):
• :file <path> - make tree from a trace.edn file created by clj -Strace
instead of the local deps.edn
• :indent <int> - tree spacing (default = 2)
• :hide-libs <set-of-libs> - libs to hide in the tree under the root, defaults to #{org.clojure/clojure}
I can't test this in our setup at work because there's no way to tell -X:deps tree
about the aliases it needs to merge in (from our "master" deps.edn
file specifically, but it's general problem if you want a tree based on a set of aliases).
I'm also thinking about having a flag to choose whether to display excluded libs (-Stree does not, the new format does)
anyways, feedback welcome
there are also apis to get as data, might be useful to have a version to print or spit the tree as edn instead of printing? dunno
Hey all. I'm clutching at straws here so apologies for the noise. 🙂 Anyone tried installing deps today and noticed classpath issues like this:
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.jar from datomic-cloud
Error building classpath. Could not find artifact com.datomic:ion:jar:0.9.48 in central ( )
I thought it was some silly Docker stuff I was doing but I'm seeing the same problem inside a GitHub action now. Given the line that says "Downloading" I'm confused as to why a classpath can't be built.I started out creating a question here because I thought it was a problem with the Datomic Maven repo but I can download the JAR with aws s3 cp
just fine.
http://ask.datomic.com/index.php/546/could-not-find-artifact-com-datomic-ion-jar-0-9-48-in-central
do you have AWS creds set?
On my machine, yep. Defaults and profiles.
In the Docker container I had AWS_ACCESS_KEY_ID
and secret exported at build time, but have since moved that so the creds are only there at runtime.
Inside the GitHub Action I've not exported anything or configured AWS in any way.
I read that for Maven repos on S3 there's some AWS API interaction required to get the region. I guess that could be failing.
yes, it needs to determine the bucket location
I don't know which region the Datomic Cloud bucket is in but I should be able to find out.
it's us-east-1
No joy with GitHub:
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.jar from datomic-cloud
Downloading: joda-time/joda-time/2.10/joda-time-2.10.jar from central
Downloading: commons-codec/commons-codec/1.15/commons-codec-1.15.jar from central
Error building classpath. Could not find artifact com.datomic:ion:jar:0.9.48 in central ( )
Docker sits here for a few seconds and then continues on its way:
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.pom from datomic-cloud
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.jar from datomic-cloud
Downloading: tigris/tigris/0.1.2/tigris-0.1.2.jar from clojars
Downloading: javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar from central
Downloading: com/cognitect/aws/appsync/809.2.784.0/appsync-809.2.784.0.jar from central
Downloading: com/amazonaws/aws-java-sdk-s3/1.11.210/aws-java-sdk-s3-1.11.210.jar from central
Error building classpath. Could not find artifact com.datomic:ion:jar:0.9.48 in central ( )
ERROR: Service 'clojure' failed to build : The command '/bin/sh -c clojure -Srepro -P -A:dev:test:cider-clj' returned a non-zero code: 1
yes, pom and jar
Okay, I can reproduce locally.
mv ~/.aws{,-ignore}
mv ~/.m2/repository/com/datomic/ion{,-ignore}
Then when I jack in I see the Ion dependency being downloaded and then the same error:
error in process sentinel: Could not start nREPL server: Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
DEPRECATED: Libs must be qualified, change compliment => compliment/compliment
DEPRECATED: Libs must be qualified, change nrepl => nrepl/nrepl
DEPRECATED: Libs must be qualified, change refactor-nrepl => refactor-nrepl/refactor-nrepl
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.pom from datomic-cloud
Downloading: org/clojure/clojure/maven-metadata.xml from datomic-cloud
Downloading: com/datomic/ion/0.9.48/ion-0.9.48.jar from datomic-cloud
Error building classpath. Could not find artifact com.datomic:ion:jar:0.9.48 in central ( )
I can see two .part
files show up momentarily, and then they disappear after I'm told classpath construction failed.
it has to do with the aws creds of whatever user you're using
it does not have iam access to s3 ops or something like that
So to pull down the Ion dependency I need to configure AWS and ensure I have at least some S3 permissions?
you need to be using aws user credentials that don't prevent s3 use for HeadObject, GetObject, and maybe GetBucketLocation
Okay, I'll create an IAM policy that grants that access. 👍 I can test that pretty quickly with Docker. GitHub Actions will take a little longer. 🙂
the objects you're going after definitely still exist and are public in the bucket, the issue here is around IAM on the accessing user
@alexmiller I see you've answered my question over on http://ask.datomic.com. I've added the following policy and I'm seeing the same error:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::datomic-releases-1fc2183a/*"
}
]
}
There is no HeadObject
action as far as I can tell; you get that with GetObject
. Is there something else I'm missing?
I can't find anything in the Datomic Cloud or tools.deps docs otherwise I wouldn't be pestering you like this. Sorry!sorry I'm not an IAM guru
is there some kind of simulator or something that can answer whether this user has access to some resource?
I've added the credentials to my local machine and I'm trying out the operations using the AWS CLI.
Okay, so I'm not allowed to get the bucket location. That's not surprising though as it's not my bucket. I shouldn't be able to grant myself permission to interact with buckets owned by other people.
$ aws --profile REDACTED s3api get-bucket-location --bucket datomic-releases-1fc2183a
An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
this bucket has a policy that GetBucketLocation is open to *
you may be hitting something region related though - what's the default region for this user?
buckets are inherently region-specific
this is the case where adding the ?region=us-east-1 suffix to the url should help I think
And massive thanks for your help on this, @alexmiller. :man-bowing:
can you try setting your default region creds to us-east-1?
either via the region in your credentials file or setting AWS_REGION
@alexmiller I think I've found the right combination of permissions and Docker configuration to get things working! 💥
The IAM policy I shared previously should do the trick. There were two things I had to do to get Docker working:
1. Use COPY
to add an AWS directory to the container at the beginning of the build; use of environment variables is frowned up for security reasons, and is hard to get right with enviroment:
and env_file:
not working at build time. If you want env vars at build time you need to add ARG
s to your Dockerfile
and then you can set args:
within your build context. 🙂
2. Replace use of the new -P
option and invoke clojure -Srepro -A:dev:test:etc -e 'nil'
.
I mount the same ~/.aws
volume at runtime but could swap out new credentials if necessary (which could make sense if you want different access at build vs. runtime).
I've got a running container with all the Datomic goodness available including connecting the SOCKS proxy up to a running system. I can connect Cider from Emacs and get all the code reloading goodness you'd expect. I've created a client and I can list databases in the Solo topology running on AWS.
I have to say another massive thank you for all your help with this! Thank you! And merry Christmas! 🎅 🎄
well I'm glad it's working. I'm curious why you needed the alternate clojure command, seems like if those aliases are relevant you could use clojure -Srepro -A:dev:test:etc -P
I chalked the -P
up to using a newer version of tools.deps on my host machine to what's in the most recent Docker image for Clojure. I might have just gotten the order of the arguments wrong in that case. 🤷
yeah, that version could be lagging
I can't test this in our setup at work because there's no way to tell -X:deps tree
about the aliases it needs to merge in (from our "master" deps.edn
file specifically, but it's general problem if you want a tree based on a set of aliases).
@alexmiller Any further thoughts on TDEPS-174 and/or TDEPS-175? I'm finding more and more that those are obstacles to things we want to do at work 😞
haven't worked on it yet
Why does clj download this long list of deps with an empty deps.edn? Among these is an AWS api lib. Why? I'll post this as a snippet.
When setting :mvn/local-repo "/tmp/mvn/foo"
the list is even longer. I thought the tools jar was an uberjar that contained all clj needs
I guess so yes:
:aliases {
:deps {:replace-deps {org.clojure/tools.deps.alpha {:mvn/version "0.9.833"}
org.slf4j/slf4j-nop {:mvn/version "1.7.25"}}
:ns-default clojure.tools.cli.api}
:test {:extra-paths ["test"]}
}
The question remains: why is there an AWS api lib among the deps of tools.deps.alpha. That feels not right.
The tree looks great. But to get the deps tree of tools.deps I had to add it to the main deps, because you can't activate an alias. So running into the same problem that Sean ran into.
@borkdude I don't fully understand why those aren't part of uberjar either though :)
the :deps alias doesn't use the uberjar
running -X:deps tree
is in no way magical and doesn't use any parts of clj - it's just running a program that is in tools.deps.alpha library
the uberjar is used by clj to get the classpath of the program to run
@borkdude I'm a little confused by "But to get the deps tree of tools.deps I had to add it to the main deps, because you can't activate an alias. So running into the same problem that Sean ran into."
or nvm, I think I am reading it properly now
@alexmiller it's not magical, but the deps it downloads are probably already in the uberjar. but I get the point of not using that as that would be magical. unless :deps
was by convention a built-in thing that always uses the tools jar.
it's intentionally not that because there is no way to add additional deps and then de-dupe across the uberjar
uberjars are inherently unfriendly to combination
uberjars are evil, but a useful evil if you keep them to yourself
anyways, I'm going to change -Stree to do the format above too, so you'll be able to do all the things you do now with deps
and whenever we get to it, you should be able to use options to modify the -X:deps tree program too
one question I have is whether -Stree should show something like above or if it should be filtered to just the included libs like it does now
I guess what I'm asking is would you prefer to usually see excluded or not?
(FWIW, I've spent a chunk of today moving us off the CLJ_CONFIG
"hack" and we've decided to bite the bullet and generate our deps.edn
files from a master template and a subproject template -- handling all the :override-deps
directly ourselves... if the CLI / t.d.a ever supports an additional "shared project" deps.edn
file, we'll switch back to that format... just got tired of dealing with tooling that doesn't honor CLJ_CONFIG
and/or aliases 😞 )
There were things I didn't like about how interdeps worked so I did not go back and look at it when I rebuilt our stuff today.
We ended up with <subproject>/<subproject>-deps.edn
for the templates and a <subproject>/<subproject>-deps.md5
file for the checksums so we can regen on-demand automatically in our build
script.
The checksum for each subproject includes the checksum for the master file as well, so we regenerate any <subproject>/deps.edn
file if either the master template or the subproject template has changed. We have not yet tackled the issue of transitive :local/root
dependencies (we probably won't, unless it actually bites us).
I'll probably roll my own solution for this too, like I did in the boot era, if this remains unsupported.
Do you actually parse the EDN and merge yourself, or do you use simple string templating
Merge the EDN. I lift the :defaults
aliases out of the master template and pull it's :override-deps
out and then update the project template deps with those overrides.
Four hours of restructuring our "build" script etc and I can now run the new -X:deps tree
on our subprojects 🙂
So, yeah, the new tree structure is very nice -- thanks @alexmiller -- I haven't yet seen a *
case in any of our subprojects...
I changed that before I put it out, but you can check for the trailing :superseded tag
Oh, I thought *
indicated the newer selected version?
not in the release, no
Ah, OK. I see some :older-version
tags. Haven't seen a :superseded
tag yet
are you still doing a flat list of deps?
if so, you'll never see it
or if you're always doing some stuff to use a consistent set of transitive dep versions, same thing
Just run a full pass looking for :superseded
and, yup, plenty are showing up. Nice!
I mean, that is actually something to maybe look at given that Jackson version changes are (often) breaking
there's like a next level of potential analysis here to gather the set of versions seen
Yeah, it looks like we unexpectedly have some lower level pieces of Jackson that aren't being explicitly overridden...
Here's partial output:
. com.fasterxml.jackson.dataformat/jackson-dataformat-smile 2.10.2 :newer-version
. com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.10.2 :newer-version
X com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.8.11 :superseded
. com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.8.11
. com.fasterxml.jackson.dataformat/jackson-dataformat-smile 2.8.11
X com.fasterxml.jackson.dataformat/jackson-dataformat-smile 2.9.6 :parent-omitted
X com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.9.6 :parent-omitted
X com.fasterxml.jackson.dataformat/jackson-dataformat-smile 2.8.11 :superseded
I'm not sure how to interpret that @alexmiller?These are a top-level dep in a :local/root
dep of this project:
. com.fasterxml.jackson.dataformat/jackson-dataformat-cbor 2.8.11
. com.fasterxml.jackson.dataformat/jackson-dataformat-smile 2.8.11
I guess we'll need to add it in some of our projects that only depend on other :local/root
projectsthe tags you'll see at the end are really an artifact of the order they're found so that's not super relevant, but can be relevant if the set of considered versions are substantially different
you probably aren't even use those sub parts of jackson anyways
Ah, OK. So nothing to worry about here because it picks the same version anyway?