| 30 Oct 2024 |
 emily | it turns out that our current deps.json literally cannot be reproduced | 18:18:06 |
| emily | because JCenter died and they just, killed all the jars I guess | 18:18:14 |
| emily | so even though I fixed it for modern Gradle there is just no way to get the jd-core JAR it wants except using the one we build ourselves and I am not sure I can be bothered to figure out how to tell Gradle to use something local | 18:18:47 |
| emily | bah. never mind I looked it up in a moment of weakness and it's easy. | 18:19:47 |
| emily | oh but we don't even build jd-core for jd-cli! | 18:21:15 |
| emily | and jd-cli's FOD is also not reproducible because it also fetches it from JCenter! | 18:22:27 |
| emily | so we actually should drop that one too | 18:22:40 |
| emily | I kind of suspect we'd find that half the Java applications we build can't even be reproduced now | 18:23:00 |
| emily | fwiw jd-core is not mirrored to any other repositories according to mvnrepository.com | 18:26:19 |
| emily | it's not clear if there are any complete mirrors of JCenter, so that's kind of worrying in terms of reproducibility of our Java packages | 18:26:34 |
 Tomodachi94 (they/them) | Tracking issue time! 🙃 | 18:27:06 |
| emily | not on Wayback either: https://web.archive.org/web/20240000000000*/https://jcenter.bintray.com/org/jd/jd-core/1.1.3/jd-core-1.1.3.pom | 18:27:23 |
| emily | I'm surprised nobody tried to archive it | 18:27:28 |
| emily | we really need to find a way to build Java dependenciees from source | 18:27:46 |
| emily | * we really need to find a way to build Java dependencies from source | 18:27:48 |
| emily | source is very likely to get archived or have another source, random mystery meat .jars are bad for supply-chain security and bad for longevity | 18:28:05 |
| emily | anyway yeah just yeet both the GUI and the CLI. tragic but nothing we can easily do | 18:28:54 |
| emily | unless someone wants to write a from-source jd-core package | 18:29:20 |
| emily | In reply to @emilazy:matrix.org
source is very likely to get archived or have another source, random mystery meat .jars are bad for supply-chain security and bad for longevity sketch of a solution: we MITM to file:/// and maintain a reverse DNS → Nixpkgs package mapping | 18:31:10 |
| emily | dunno if Gradle supports a more "native" way of doing this | 18:31:19 |
| emily | looks like there's some flatDir thing for getting deps from the fs | 18:32:03 |
| emily | not sure how bad the incompatible version proliferation is in Java | 18:32:25 |
| emily | anyway if you update the PR to drop the CLI too I'll merge :( | 18:35:47 |
| emily | there's actually a jar at https://github.com/java-decompiler/jd-core/releases. we could use that, if we care. | 18:56:29 |
| emily | the actual Gradle fixes were trivial
diff --git a/build.gradle b/build.gradle
index 8fd6d27a49..20c6c2461c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,16 +1,14 @@
buildscript {
repositories {
- jcenter()
+ mavenCentral()
}
dependencies {
- classpath 'edu.sc.seis.gradle:launch4j:2.4.4'
classpath 'net.sf.proguard:proguard-gradle:6.1.0'
}
}
apply plugin: 'java'
apply plugin: 'distribution'
-apply plugin: 'edu.sc.seis.launch4j'
// Common configuration //
rootProject.version='1.6.6'
@@ -29,7 +27,7 @@
}
repositories {
- jcenter()
+ mavenCentral()
}
configurations {
@@ -105,16 +103,3 @@
libraryjars System.getProperty('java.home') + '/lib/rt.jar'
libraryjars System.getProperty('java.home') + '/jmods/'
}
-
-// Java executable wrapper for Windows //
-launch4j {
- createExe.dependsOn 'proguard'
-
- version = textVersion = project.version
- fileDescription = productName = 'JD-GUI'
- errTitle 'JD-GUI Windows Wrapper'
- copyright 'JD-GUI (C) 2008-2019 Emmanuel Dupuy'
- icon projectDir.path + '/src/launch4j/resources/images/jd-gui.ico'
- jar projectDir.path + '/' + proguard.outJarFiles[0]
- bundledJrePath = '%JAVA_HOME%'
-}
| 18:56:52 |
| Tomodachi94 (they/them) | Ultimately up to you whether or not to update it | 20:14:01 |
| Tomodachi94 (they/them) | Feel free to close it if you PR a fix | 20:14:11 |
| emily | yeah I don't care enough :) | 20:17:35 |
| emily | merged; did you want to open a gradle_6 drop? | 20:18:17 |
| emily | turns out we could have just used https://jitpack.io/#java-decompiler/jd-core | 21:21:13 |
