On 16/12/2024 02:12, Ethan McCue wrote:
I am experimenting with making a package repository where modules are
the artifacts (bundled as JMODs) and not jars. In this context we lack
information about what version a particular module requires or what
provider to get that module from. What I *can* do is say "if you use
this java.base, you must use this java.xml" and so on, but given a two
java.xml modules I can't say without those hashes which one you are
allowed to use when constructing a "module set".
This is relevant also if someone uploads some of their own modules
where the hashes don't line up.
Just to say again that theses module hashes are for tightly coupled
modules, they aren't the same as hashes that might be generated when
uploading a module artifact to a repository. For example, a build of
some project might produce 3 modules, one of which uses a qualified
export to make its internal API accessible to other two modules. That
internal API might isn't a stable interface. The hash that the jar or
jmod tools can generate at packaging time is used to tie the 3 modules
and prevent accidental mixing of modules from Monday's build with the
modules from Friday's build.
One thing that may be useful to your experiment is the
"requires_version" in the requires entries of the Module attribute. This
is where a compiler can record the version string of a dependency. It
might be closer to what you are looking for.
-Alan
