From 7566e5bca91ca5ac0e24151eb07f438331435ec5 Mon Sep 17 00:00:00 2001 From: Louis Bergelson Date: Wed, 10 Jan 2024 15:59:00 -0500 Subject: [PATCH 1/2] Convert to use gradle java-library plugin * this more clearly defines the necessary dependencies needed downstream to use picard * reorganized the libraries a bit to make things clearer --- build.gradle | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/build.gradle b/build.gradle index e77831db4c..7787d3e7c0 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ buildscript { } plugins { - id "java" + id "java-library" id 'maven-publish' id 'signing' id 'jacoco' @@ -60,25 +60,34 @@ def ensureBuildPrerequisites(buildPrerequisitesMessage) { ensureBuildPrerequisites(buildPrerequisitesMessage) final htsjdkVersion = System.getProperty('htsjdk.version', '4.1.0') +final log4jVersion = System.getProperty('log4j.version', '2.20.0') + dependencies { - implementation('com.intel.gkl:gkl:0.8.11') { + api 'com.github.samtools:htsjdk:' + htsjdkVersion + api 'org.broadinstitute:barclay:5.0.0' + + //log4j api and core used in logging + api 'org.apache.logging.log4j:log4j-api:' +log4jVersion + implementation 'org.apache.logging.log4j:log4j-core:' + log4jVersion + + //gkl and associated native bindings + implementation('com.intel.gkl:gkl:0.8.11'){ exclude module: 'htsjdk' } implementation 'org.broadinstitute:gatk-native-bindings:1.0.0' //this should be redundant when GKL is updated past 0.8.11 + //needed for execuing javascript in filter + implementation 'org.openjdk.nashorn:nashorn-core:15.4' + implementation 'com.google.guava:guava:32.1.1-jre' implementation 'org.apache.commons:commons-math3:3.6.1' implementation 'org.apache.commons:commons-collections4:4.4' - implementation 'com.github.samtools:htsjdk:' + htsjdkVersion - implementation 'org.broadinstitute:barclay:5.0.0' - implementation 'org.apache.logging.log4j:log4j-api:2.20.0' - implementation 'org.apache.logging.log4j:log4j-core:2.20.0' - implementation 'org.openjdk.nashorn:nashorn-core:15.4' implementation 'org.apache.commons:commons-lang3:3.12.0' - implementation 'com.google.cloud:google-cloud-nio:0.127.0' - implementation 'org.broadinstitute:http-nio:1.1.0' implementation 'commons-io:commons-io:2.11.0' + //nio plugin providers for google cloud and http(s) + implementation 'com.google.cloud:google-cloud-nio:0.127.0' + implementation 'org.broadinstitute:http-nio:1.1.0' testImplementation 'org.testng:testng:7.7.0' } From 6642bce4b89479ae04f108f006139686627e2298 Mon Sep 17 00:00:00 2001 From: Louis Bergelson Date: Wed, 10 Jan 2024 16:26:52 -0500 Subject: [PATCH 2/2] Remove uses of log4j in picard, it's still a required transitively * replace the dependency with a version constraint so we don't import a buggy version --- build.gradle | 10 ++++++---- src/main/java/picard/nio/DeleteRecursive.java | 12 ++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/build.gradle b/build.gradle index 7787d3e7c0..6308fd7d8c 100644 --- a/build.gradle +++ b/build.gradle @@ -66,10 +66,6 @@ dependencies { api 'com.github.samtools:htsjdk:' + htsjdkVersion api 'org.broadinstitute:barclay:5.0.0' - //log4j api and core used in logging - api 'org.apache.logging.log4j:log4j-api:' +log4jVersion - implementation 'org.apache.logging.log4j:log4j-core:' + log4jVersion - //gkl and associated native bindings implementation('com.intel.gkl:gkl:0.8.11'){ exclude module: 'htsjdk' @@ -90,6 +86,12 @@ dependencies { implementation 'org.broadinstitute:http-nio:1.1.0' testImplementation 'org.testng:testng:7.7.0' + + constraints { + //log4j api and core, specify these so we don't transitively get old vulnerable versions + implementation 'org.apache.logging.log4j:log4j-api:' +log4jVersion + implementation 'org.apache.logging.log4j:log4j-core:' + log4jVersion + } } configurations.configureEach { diff --git a/src/main/java/picard/nio/DeleteRecursive.java b/src/main/java/picard/nio/DeleteRecursive.java index 33647b6f5f..f38405d64e 100644 --- a/src/main/java/picard/nio/DeleteRecursive.java +++ b/src/main/java/picard/nio/DeleteRecursive.java @@ -1,7 +1,7 @@ package picard.nio; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; +import htsjdk.samtools.util.Log; + import java.nio.file.Path; import java.util.ArrayList; import java.util.Collections; @@ -15,10 +15,10 @@ * *

This class is a modification of {@link htsjdk.samtools.util.nio.DeleteOnExitPathHook} * - * This class should be considered an implementation detail of {@link IOUtils#deleteOnExit(Path)} and not used directly. + * This class should be considered an implementation detail of {@link GATKIOUtils#deleteOnExit(Path)} and not used directly. */ class DeleteRecursivelyOnExitPathHook { - private static final Logger LOG = LogManager.getLogger(DeleteRecursivelyOnExitPathHook.class); + private static final Log LOG = Log.getInstance(DeleteRecursivelyOnExitPathHook.class); private static LinkedHashSet paths = new LinkedHashSet<>(); static { Runtime.getRuntime().addShutdownHook(new Thread(DeleteRecursivelyOnExitPathHook::runHooks)); @@ -60,8 +60,8 @@ static void runHooks() { try { GATKIOUtils.deleteRecursively(path); } catch (final Exception e) { - // do nothing if cannot be deleted, because it is a shutdown hook - LOG.debug(() -> "Could not recursively delete " + path.toString() + " during JVM shutdown because we encountered the following exception:", e); + // do nothing if itcannot be deleted, because it is a shutdown hook + LOG.debug(e, "Could not recursively delete ", path.toString(), " during JVM shutdown because we encountered the following exception:"); } } }