[CONJ-1025] MariaDB 3.1 driver increases application size of about 4MB Created: 2022-11-18  Updated: 2023-01-09  Resolved: 2023-01-09

Status: Closed
Project: MariaDB Connector/J
Component/s: documentation
Affects Version/s: 3.1.0
Fix Version/s: 3.1.1

Type: Bug Priority: Major
Reporter: Roland Praml Assignee: Diego Dupin
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to CONJ-1021 GSSAPI using waffle issue resulting i... Closed

 Description   

Hello,

we noticed an increase of our application of about 5MB when upgrading from 3.09 to 3.1.0

while the MariaDB driver (groupId : org.mariadb.jdbc, artifactId : mariadb-java-client) grows only from ~ 590K to 630K, we noticed, that it had a lot of new dependencies:

[INFO] +- org.mariadb.jdbc:mariadb-java-client:jar:3.1.0:compile (~630K)
 
[INFO] |  \- com.github.waffle:waffle-jna:jar:3.2.0:compile (~70K)
 
[INFO] |     +- net.java.dev.jna:jna:jar:5.10.0:compile (~1,7MB)
 
[INFO] |     +- net.java.dev.jna:jna-platform:jar:5.10.0:compile (~1,3M)
 
[INFO] |     \- com.github.ben-manes.caffeine:caffeine:jar:2.9.3:compile (~910K)
 
[INFO] |        \- com.google.errorprone:error_prone_annotations:jar:2.10.0:compile (~15K)

It seems that the windows authentication framework (https://github.com/Waffle/waffle) will require these dependencies. As we (and many others) will use the driver in a linux environment, these dependencies are useless there. I assume also, that there are many people that would not use this feature in windows environment.
So, I would suggest to add these dependencies as optional dependencies or add a short hint in README, if and how they can be excluded in pom.xml.

 Comments   
Comment by Diego Dupin [ 2022-11-21 ]

Since 3.1.0, waffle is set as dependency, in order to permit simple use for GSSAPI for windows. This have some impact on size, but generally connector must have simple use for default configuration.

That's a good point this must be documented: Waffle can be removed using <exclusions> in maven for example. This will be added.

Comment by Diego Dupin [ 2022-11-21 ]

(noted for 3.1.1 in order to avoid beeing forgotten)

Comment by Diego Dupin [ 2022-11-21 ]

To make it more comprehensive :
GSSAPI in windows isn't well supported in java, causing recurrent issues.

My point is having waffle as dependency solve those issues, making waffle as a required dependency
So yes, that means having a connector unnecessary bigger, but working ok in all situations.

Still connector will work all the same if not using windows GSSAPI authentication, then excluding dependency :
maven

<dependency>
 
	<groupId>org.mariadb.jdbc</groupId>
 
	<artifactId>mariadb-java-client</artifactId>
 
	<version>3.1.0</version>
 
        <exclusions>
 
          <exclusion>
 
            <groupId>com.github.waffle</groupId>
 
            <artifactId>waffle-jna</artifactId>
 
          </exclusion>
 
      </exclusions> 
</dependency>

or using graddle:

dependencies {
 
    implementation('org.mariadb.jdbc:mariadb-java-client:3.1.0') {
 
        exclude group: 'com.github.waffle', module: 'waffle-jna'
 
    }
 
}

solve this size increase.

Documenting above solution would seems ok for you ?

Comment by Roland Praml [ 2022-11-21 ]

Hello Diego,

thanks for the quick response.
I'm not sure which is better. If it's a note in the documentation (which only a few percent read) or if it's an optional dependency (which only a few percent need).
I understand, that you want to provide a driver, that works out of the box without much configuration overhead, but I'm afraid that few will read this notice and the libraries will be packaged into a lot of applications without ever being used...

Do you have an estimation, how often GSSAPI is used? If these are only a few percent, I think it would be better to make them optional (as also mentioned here: https://mariadb.com/kb/en/gssapi-authentication-with-mariadb-connector-j/)
Of course, the driver should throw a meaningful exception like "This server uses GSSAPI, but waffle is not found on the classpath. Please read $URL for more information"

I always prefer to have as few dependent libraries in the application as possible. On the one hand because of the size, on the other hand because of possible security gaps.
I know that means more work, possibly also a breaking change, so that this should only be introduced with 3.2.x.

But I'm also satisfied if it's only in the documentation.

Comment by Pavel Cibulka [ 2022-12-06 ]

That is exactly what optional are for.

Comment by Diego Dupin [ 2022-12-21 ]

PavelCibulka Of course. It was optional before.
Choice is done to have a better connector by default (having a 4M connector is usually not a problem).
In case connector size is important, documentation will explain solution to have a reduced size.

Comment by Diego Dupin [ 2023-01-09 ]

Documentation added: https://mariadb.com/kb/en/about-mariadb-connector-j/#size-consideration

Comment by Diego Dupin [ 2023-01-09 ]

I'm closing this issue, since this is a documentation issue.
Feel free to update documentation / recreate an issue if you think something is not clear or missing

Generated at Thu Feb 08 03:20:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.