Migrate org.eclipse.equinox.security.ui to eclipse.platform?

[laeubi]

While working with the maven info generation for equinox I noticed that equinox has an inter-connection with eclipse.platform through the org.eclipse.equinox.security.ui bundle (it requires org.eclipse.ui).

It seems equinox itself has no use for this UI bundle and as it cannot work without platform I wonder if it would be possible to move that bundle to the eclipse.platform repository to make equinox repo more self contained?

[tjwatson]

I would not want to split org.eclipse.equinox.security.ui to another repo without also taking the rest of equinox.security projects:

org.eclipse.equinox.security
org.eclipse.equinox.security.linux
org.eclipse.equinox.security.macosx
org.eclipse.equinox.security.tests
org.eclipse.equinox.security.ui
org.eclipse.equinox.security.win32.x86_64

I think this should impact what the built equinox-SDK zip would include. Such a move would need to be broadcast pretty clearly to inform users where to find the moved bundles.

[laeubi]

I would not want to split org.eclipse.equinox.security.ui to another repo without also taking the rest of equinox.security projects

Is there any specific reason? The org.eclipse.equinox.security and alike seem rather selfcontained, but org.eclipse.equinox.security.ui currently pull in other platform stuff transitively :-\

I think this should impact what the built equinox-SDK zip

The equinox-SDK includes also P2 (and then p2 ui stuff ...) and something else, I'm not quite sure whats the purpose of this is ...

Such a move would need to be broadcast pretty clearly to inform users where to find the moved bundles.

It seems the SDK ist not realy "standalone" so one actually would already need the platform repo/platform SDK so maybe it would not be a big issue for users anyway?

In a perfect world, I think equinox should be able to be build from scratch without any platform or i-build repos and even released independently...

[tjwatson]

Is there any specific reason? The org.eclipse.equinox.security and alike seem rather selfcontained, but org.eclipse.equinox.security.ui currently pull in other platform stuff transitively :-\

To keep development of security stuff to one repository. I never spent that much time in the equinox.security implementation, but IIRC equinox.security.ui is a closer user of services implemented by equinox.security. I think it would be best to keep then all together in one repository for ease of development and ease of understanding of where all the parts are for equinox.security.

[laeubi]

For sure it is a consumer, but looking at the history at equinox.security.ui to couple development that closely and it seems fair to have an UI be developed independently of the API, e.g. Platform already has a lots of UI supporting stuff (e.g. PreferencePages API for preferences) so I think it won't be mandatory, as there might even users of org.eclipse.equinox.security that don't care about UI at all (what mostly seems to be management of the data inside the secure storage).

[mickaelistria]

What profitable outcome do you expect in this refactoring?
I think @tjwatson concerns are fair and valid, so if there is nothing at least as important to win, we'd better stick to current state.

[laeubi]

What profitable outcome do you expect in this refactoring?

As described the equinox build currently depends on eclipse.platform (what depends on equinox) ... that makes it hard to release equinox independently of platform in the same build, so we currently need a large, slow and inflexible "aggregator build" to account for some preference page managed in equinox that has no benefit for the equinox story that is:

From a code point of view, Eclipse Equinox™ is an implementation of the OSGi core framework specification, a set of bundles that implement various optional OSGi services and other infrastructure for running OSGi-based systems.

So the main goal is that equinox can be release / build independent of platform / UI stuff.

I think @tjwatson concerns are fair and valid

If you think its better to move more stuff away, go on ... I just trying to find as small as possible improvements and "disruption".

[laeubi]

I also found that equinox depends on org.eclipse.core.runtime.jobs what actually is part of eclipse.platform (but has no platform dependencies!)...

regarding the SDK zip, it seem to also contain P2 stuff so just technically speaking if we move a bundle from one repository to another, it would still be possible to include it in such a SDK zip through the aggregator update-sites...

So would it be an option if we keep the features/sites as is for now but move the bundle?

FYI @akurtakov This is directly related to my current attempt to have a "maven compatible" deployment as in this PR #128 but it is hard to get this right if the build depends on foreign (snapshot) dependencies.

[akurtakov]

I still don't understand why is this move a prereq for the "maven compatible" deployment? I fully understand the principal separation of core/ui bundles and preferably separating the builds and etc. but this would lead us down the rabbit hole as there is too much interdependencies and the only way to do proper separation is having more dedicated git repos with separate releng but we tried to move away of many git repos for ease of contribution sake.

[laeubi]

I still don't understand why is this move a prereq for the "maven compatible" deployment?

Currently org.eclipse.equinox.security.ui has a dependency on org.eclipse.ui (that pulls a whole lot of stuff transitively), that mean before we can release equinox one would need a release of platform because otherwhise we can't use a stable version in equinox, and there we are blocked.

but this would lead us down the rabbit hole as there is too much interdependencies

That's why I choose the one I would assume is the "root" of all and actually this works already quite well except some special cases that are:

1. The jasper part, as there is literally no maven equivalent at the moment, and we even don't have an actual build for this and rely on older orbit release. For that purpose I just excluded that.
2. The "sdk feature", we can ignore this as well as we most likely never release that in the near future
3. org.eclipse.equinox.security.ui that actually should better be part of the platform as it is a pure UI configuration concern
4. the jobs API, that is part of platform but must stay independent (and actually is), what actually could better be part of equinox

I can also add 3+4 to the "ignore list", that is they won't contribute any useful maven-meta-data but first want to investigate if there is any chance to solve this issues, so we can release equinox independent and anytime of any other platform repo/aggregator.

The next would be P2, where one could consume the (snapshot) release of equinox (lets ignore the UI parts for now), and then P2 can also be released independent and anytime and then finally Tycho can also consume this without need to waiting for a quarterly release and hoping that the maven-data is not wrecked :-)

[akurtakov]

Now, I understand what you try to achieve and like the end goal a lot. Let's see what @tjwatson thinks about independent releases of Equinox first before we continue with technical details.

[tjwatson]

I would also like independent releases of Equinox as an end goal. I am fine moving equinox.security.ui to platform, but like I mentioned, I think it best to keep all of equinox.security.* in one repository. We could move jobs to Equinox, but the more OSGi "pure" way is to move everything that is not dealing with implementing the OSGi specifications out of Equinox altogether, including the extension registry itself. Basically everything that was originally split out of org.eclipse.core.runtime way back. In retrospect I think it was a mistake that we ever split org.eclipse.core.runtime bundle into its various parts:

org.eclipse.equinox.common
org.eclipse.core.jobs
org.eclipse.equinox.registry
org.eclipse.equinox.preferences
org.eclipse.core.contenttype
org.eclipse.equinox.app

I see very little evidence that anyone consumes any of these bundles without also having the org.eclipse.core.runtime in their installation. The whole idea behind the split was that we left the things in org.eclipse.core.runtime that we ultimately wanted to deprecate and remove. That never happened fast enough and the time is long and gone that we could actually do that. That leaves us with this complicated split package state for the org.eclipse.core.runtime package for no real benefit to anyone as far as I can tell.

If I had the time to invest, I would want all these bundles to be moved to platform along with anything else in Equinox that depends on the extension registry. Ultimately I would want to recombine all of these core.runtime bits back into a single org.eclipse.core.runtime bundle because that is far more simple to maintain from a versioning point of view.

That would leave equinox as the most basic core and then platform the thing everyone else is based off of to do Eclipse platform stuff..

[tjwatson]

I realize what I stated above is likely too much for anyone to realistically act upon in one go, if ever. If the easiest thing to get to the end goal (Equinox independent release) is to move selective stuff to and from Equinox then I would not object.

[merks]

I think there is a false premise here from which conclusions are being drawn. The premise seems to be that Equinox can't release without the Platform's release because Equinox depends on the Platform with special attention specifically on org.eclipse.ui:

But it only depends on really old versions of these things. Versions that are released already, long ago. That bundle also depends on org.eclipse.core.runtime. So why isn't that also problem? Many things depend on org.eclipse.core.runtime:

I think we should keep in mind that we can release anything as long as we make sure that it works with a released version of its dependencies as declared by the lower bounds. Otherwise one couldn't release the Platform unless EMF releases and EMF can't release unless the Platform releases, but neither of those statements true because neither the Platform nor EMF depend on specific things in the latest version of either.

I get the sense that taking this deck of cards and reshuffling it is going to prove futile at best. I'm not even sure why one specific dependency on one specific bundle was singled from all the other dependencies...

[laeubi]

That bundle also depends on org.eclipse.core.runtime. So why isn't that also problem?

No one said it isn't ;-)

Many things depend on org.eclipse.core.runtime:

As @tjwatson said, the main culprit here is the split nature of ".core.runtime" so whether or not someone depend on this or that core.runtime is often just not decided but done by "as long as it works I don't care"

I get the sense that taking this deck of cards and reshuffling it is going to prove futile at best. I'm not even sure why one specific dependency on one specific bundle was singled from all the other dependencies...

It is never futile to improve things instead even if that do not solve all possible problems ... so one valid decision might be that equinox no longer ship an UI bundles (that is only this single one here) because UI is not a projects concern.

I think we should keep in mind that we can release anything as long as we make sure that it works with a released version of its dependencies as declared by the lower bounds.

Well the problem is we declare this but no one test this, e.g it is never build nor checked that such a thing still works ...

Otherwise one couldn't release the Platform unless EMF releases and EMF can't release unless the Platform releases, but neither of those statements true because neither the Platform nor EMF depend on specific things in the latest version of either.

Well actually the final goal outlined by @tjwatson can be archived fast and easy (fro equinox), we simply delete all of the mentioned bundles and equinox ships the ones from the 2022-09 release from now on... simple as ABC isn't it? And as no one depends on the "latest stuff" there shouldn't be a problem at all!

[merks]

I think we stopped having a serious technical conversation.

[laeubi]

I think we stopped having a serious technical conversation.

Why do you think so? Because all other argument are are always "false premise"? Can you show a "technical" way to release given that both equinox and platform depend on a new feature off either? Just because it "works" today, where we never update, even though this won't work at all because of all the singleton bundles, does not mean there is no problem with such cyclic dependencies! And we have already seen multiple times how this breaks consumers that only want to use parts of that in their builds...

[merks]

I'm not sure what to say about Because all other argument are are always "false premise"?" You use all twice in this sentence. I'm not sure where that comes from. You seem to have take offense by someone questioning a premise...

Yes, of course if there are two-way changes, releasing them independently is a problem. You didn't say that though but rather suggested deleting a bunch of things forever, which is not a serious technical point to be made. How often does this bundle need something new from SWT or the UI?

In any case, it seems releasing parts of org.eclipse.core.runtime's split packages is already a major problem. Seems like show stopper. Can we say anything technical about what will resolve that issue?

[laeubi]

I'm not sure where that comes from. You seem to have take offense by someone questioning a premise...

You wrote:

I think there is a false premise here from which conclusions are being drawn. The premise seems to be that Equinox can't release without the Platform's release because Equinox depends on the Platform

An I do not take offense of any kind, just noticed that it often is that case (my be a wrong feeling though):

1. Suggestion is made to improve something
2. "Why do you need this?"
3. Explanation given
4. "Your assumption is wrong everything is perfect"

That makes it hard to argue on a technical level.

Yes, of course if there are two-way changes, releasing them independently is a problem.

And that's all what I have suggested from the beginning, that one can't release (in all cases) both independently if the reverence each other. That we can release somehow (now) as we have not the case is something that was never neglected., it is just very hard, just assume something like Log4J would be detected today in Equinox and one would ask for an immediate bugfix how would this work? Release equinox and hope that there is nothing newer used anywhere? Scedule a full simrel release? Actually it would take weeks, while one better need days if not hours in such a case to spin a release.

Even the very very simple request to deploy one single artifact that is nowhere used in platform directly and completely stand alone was regarded too complex and user has to wait for more than two hours until finally the next release was out:

• Please deploy a new version of ecj to maven central eclipse-jdt/eclipse.jdt.core#241

this is simply horrible and shows that there is a real problem.

You didn't say that though but rather suggested deleting a bunch of things forever, which is not a serious technical point to be made. How often does this bundle need something new from SWT or the UI?

This is just a logical extension of the argument "we can release because we only rely on old stuff" to show that actually this is not a valid argument. I would consider this valid if e.g. Equinox would always use the latest released platform and platform always using the latest released equinox in its build and release target platform like Tycho does, but thats not the case and I assume would also be not accepted at all.

In any case, it seems releasing parts of org.eclipse.core.runtime's split packages is already a major problem. Seems like show stopper. Can we say anything technical about what will resolve that issue?

Nothing you would like as it won't be backward compatible (as far as I know) :-)

Maybe one could use some dirty hacks like creating a complete new,bundle put all code there and properly export it, reference that in the others with visbility=reexport ...

[merks]

The statement "Your assumption is wrong everything is perfect" is hardly paraphrasing what I said nor even close to what I was trying to say. "It's a tangle web of inter-dependencies" would be a better generalized statement of my view of "everything". What I hoped to understand is the end point and in particular how the hardest problems will be resolved. But these types of discussions tend to spiral out of control. 😢

Along the line of what you are suggesting, it would be not totally unreasonable, for example, to say "Equinox bundles should not use any new API from the Platform until after one release cycle". I think that would be reasonable and manageable. I think it would possible to do builds and run tests that would verify that this works correctly. Also, I don't think security.ui is highly evolving and it seems to me that this bundle needing immediately to use something new from the Platform would be an uncommon event.

As a case in point, EMF does builds to ensure that everything other that the Xcore support works (compiles and passes all the test) for very old versions of the Platform:

https://ci.eclipse.org/emf/job/all-target-platforms/

I.e., the lower bounds really are tested...

I imagine it would be possible to set up such a build for Equinox and perhaps that way would be less work, and would produce quicker results, without breaking anything, than trying to untangle the messy inter-dependencies, one by one, until the every last one is gone, hopefully, eventually. I'm trying to make a constructive suggestion, so please don't read "everything is sunshine and roses" between the lines...

[laeubi]

The point about security.ui is that is unnecessary binds equinox to UI concerns without any value! Why should I only be able to configure it with a Eclipse E3 UI? Why not adding security.ui.e4 to support an E4 variant? And security.ui.awt to support swing users? And what about security.ui.fxfor java FX?

So from my point of view, as someone working in different projects (and not all find that eclipse is the end of all glory), I don't see any value in managing it here as:

1. This is the only "UI" in equinox
2. It is nowhere used in equinox
3. It is very specific to a particular technology (Eclipse E3) to be useful to anyone not already using Eclipse Platform
4. As you said it not evolves fast, so having it close to equinox does not give any benefit and if we follow the "not use any new API from the Platform until after one release cycle" it wont even speedup things in any way.
5. Removing it would bring us one step closer to other goals (e.g. more independent releases).

So that's was the only thing I suggested here it is small it is focused and it is doable.

The rest was just came out of the discussion, "if we do this would it not be good to also do ..." and then it turned into something "this might be to big and we will never archive it" ...

[merks]

Your comment here suggested releasing Equinox independently was a goal:

#127 (reply in thread)

You reiterated that point here to characterize that goal as the profitable outcome of the refactoring:

#127 (reply in thread)

You reiterated the point again here:

#127 (reply in thread)

Now you argue that mostly purely for "separation of concerns," Equinox would be better off without UI dependencies. That being said, at the same time you are also suggesting, yet again, that getting a step closer to independent releases is a goal (among 'other' goals).

It's really hard to pin down what exactly you are hoping to achieve and why that is so important when you yourself bring in so many tangential concerns, topics, and goals. For example when you start out by mentioning that equinox has an inter-connection with eclipse.platform and call out one specific such case, should you really find fault that people will look at all such inter-connections? You noticed I asked that specifically I'm not even sure why one specific dependency on one specific bundle was singled from all the other dependencies... Thomas also wondered about that drawing attention to other dependencies.

#127 (reply in thread)

I know you want the discussion to be focused, but the focal point seemed to be general Equinox independence of the platform not specific Equinox independence of the UI.

[laeubi]

Your comment here suggested releasing Equinox independently was a goal:

It is a goal for me, and this is a small step towards this goal

You reiterated that point here to characterize that goal as the profitable outcome of the refactoring:

Well as said, I'm looking for improvements that are actionable to reach a higher goal, and if it helps people to better understand I also try to describe what one can call a "vision" ... and there was even some kind of agreement by @tjwatson and @akurtakov that this in the end would be a good achievement.

Now you argue that mostly purely for "separation of concerns," Equinox would be better off without UI dependencies. That being said, at the same time you are also suggesting, yet again, that getting a step closer to independent releases is a goal (among 'other' goals).

I don't get whats the problem with this, these are not exclusive to each other nor contradictory reducing (unnecessary) dependencies help in better managing releases and makes development more focused and removes the burden of maintaining unrelated stuff. So there is always more than one "goal" a certain change can improve.

So if "separation of concern" seems irrelevant for someone, "having independent releases" might be relevant for them so they can be certain that the first is good if it pays off the other as well.

It's really hard to pin down what exactly you are hoping to achieve and why that is so important when you yourself bring in so many tangential concerns, topics, and goals.

I think the main goals and motivations are exhaustively explained, at least I have no idea how to better paraphrase it ... and it is important to "me" because I use equinox/platform a lot and many people I talk with have similar concerns and it is often state that trying to improve is useless because of the bureaucracy and retentissement of "eclipse", on the other hand there are always complains "we" must do something so people contribute more/don't migrate to VsCode/InteliJ/... so what I try instead of complain, is looking for ways to improve and actually make a difference.

For example when you start out by mentioning that equinox has an inter-connection with eclipse.platform and call out one specific such case, should you really find fault that people will look at all such inter-connections? You noticed I asked that specifically I'm not even sure why one specific dependency on one specific bundle was singled from all the other dependencies... Thomas also wondered about that drawing attention to other dependencies.
I know you want the discussion to be focused, but the focal point seemed to be general Equinox independence of the platform not specific Equinox independence of the UI.

I already mentioned I'm open to solve this in a larger scale, but it doesn't help at all to say "we should take a larger scale" and on the other hand claim "we can't reach that goal realistically". So I try to find the smallest possible increment that could be archived... what will lead to another thing that then seems achievable and so on ...

As a result we have now maven-artifacts as first-class citizen in PDE/Tycho something that was claimed to be "never achievable", mixed reactor builds, also something that "most probably can never be archived", and many more ... just because they do not affect everyone does not mean they are of no helping others. One should always think outside the box....

[merks]

Let's say we have a rule "Equinox bundles should not use any new API from the Platform until after one release cycle" and let's say we set up a build that builds Equinox against 4.25 to test that it compiles and to demonstrate that the tests pass. Is that not actionable? Is that not a small enough step? If we did this, wouldn't it be possible to release Equinox more often? (I imagine it would be good to do this for p2 as well.)

Perhaps the above is out of focus or tangential to the primary theme, but in almost every post here you come back to this as the goal toward which this one simple change is one single step in that one right direction. But then you get frustrated that we look toward the next step and the next step. Not only that you simply don't respond at all the concrete suggestion repeated in my first sentence above. This is a suggested improvement that could help address a really tough problem in just a few steps, that to me appear actionable.

In any case, at at this point, I think I've said all that needs to be said. Others like @tjwatson @arunkumart @mickaelistria and can decide what actions make the most sense.

[laeubi]

Let's say we have a rule "Equinox bundles should not use any new API from the Platform until after one release cycle" and let's say we set up a build that builds Equinox against 4.25 to test that it compiles and to demonstrate that the tests pass. Is that not actionable?

That's actionable, but would mean complicate build and development, what contradicts the whole purpose of making build simpler and easier to manage. So we just replace one odd thing by another even more complex one.