| Age | Commit message (Collapse) | Author |
|---|
|
(https://github.com/ruby/rubygems/pull/9296)
Symlinks are not permitted by default for a Windows user. To use them, a switch called "Development Mode" in the system settings has to be enabled.
## What was the end-user or developer problem that led to this PR?
Ordinary users as well as administrators are unable per default to install gems using symlinks.
One such problematical gem is `haml-rails-3.0.0`.
It uses symlinks for [files and directories](https://github.com/haml/haml-rails/tree/9f4703ddff0644ba52529c5cf41c1624829b16a7/lib/generators/haml/scaffold/templates).
The resulting error message is not very helpful:
```
$ gem inst haml-rails
Fetching haml-rails-3.0.0.gem
ERROR: While executing gem ... (Gem::FilePermissionError)
You don't have write permissions for the directory. (Gem::FilePermissionError)
C:/ruby/lib/ruby/4.0.0/rubygems/installer.rb:308:in 'Gem::Installer#install'
C:/ruby/lib/ruby/4.0.0/rubygems/resolver/specification.rb:105:in 'Gem::Resolver::Specification#install'
C:/ruby/lib/ruby/4.0.0/rubygems/request_set.rb:192:in 'block in Gem::RequestSet#install'
C:/ruby/lib/ruby/4.0.0/rubygems/request_set.rb:183:in 'Array#each'
C:/ruby/lib/ruby/4.0.0/rubygems/request_set.rb:183:in 'Gem::RequestSet#install'
C:/ruby/lib/ruby/4.0.0/rubygems/commands/install_command.rb:207:in 'Gem::Commands::InstallCommand#install_gem'
C:/ruby/lib/ruby/4.0.0/rubygems/commands/install_command.rb:223:in 'block in Gem::Commands::InstallCommand#install_gems'
C:/ruby/lib/ruby/4.0.0/rubygems/commands/install_command.rb:216:in 'Array#each'
C:/ruby/lib/ruby/4.0.0/rubygems/commands/install_command.rb:216:in 'Gem::Commands::InstallCommand#install_gems'
C:/ruby/lib/ruby/4.0.0/rubygems/commands/install_command.rb:162:in 'Gem::Commands::InstallCommand#execute'
C:/ruby/lib/ruby/4.0.0/rubygems/command.rb:326:in 'Gem::Command#invoke_with_build_args'
C:/ruby/lib/ruby/4.0.0/rubygems/command_manager.rb:252:in 'Gem::CommandManager#invoke_command'
C:/ruby/lib/ruby/4.0.0/rubygems/command_manager.rb:193:in 'Gem::CommandManager#process_args'
C:/ruby/lib/ruby/4.0.0/rubygems/command_manager.rb:151:in 'Gem::CommandManager#run'
C:/ruby/lib/ruby/4.0.0/rubygems/gem_runner.rb:56:in 'Gem::GemRunner#run'
C:/ruby/bin/gem.cmd:20:in '<main>'
```
## What is your fix for the problem, implemented in this PR?
Instead of working around the situation in the affected gem or to skip symlinks completely, I think the better solution would be to make copies of the files in question. This would allow Windows users to install and use the gem smoothly.
The switch for the "Developer Mode" is available in the Windows registry under
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock`
entry
`AllowDevelopmentWithoutDevLicense`
https://github.com/ruby/rubygems/commit/ca6c5791fe
|
|
https://github.com/ruby/rubygems/commit/9d54d0f830
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
This PR removes the `#verify_gz` method because it is redunant and
unnecessary.
Previously the `data.tar.gz` would get read twice for every file - once
in `verify_gz` and once in `extract_files`. The `extract_files` method
verifies the `data.tar.gz` when it reads it, and raises an error if
unzipping it fails.
The `verify_gz` code can be seen in some profiles as a hotspot -
although not major - as it accounts for between 9% and 17% of time, but
only when the installation thread doesn't have native extensions or
plugins.
https://github.com/ruby/rubygems/commit/737c82986c
|
|
https://github.com/ruby/rubygems/commit/be3b09c786
|
|
I would like to start making some of the methods in Gem::Package
private so that we can refactor them better. Right now we have many
methods that are public, and since they are public we can't refactor
them. Historically, I think "private" methods have just been tagged
with :nodoc:, but I would like to be more strict about our APIs
https://github.com/ruby/rubygems/commit/fb352e9176
|
|
sometimes
If a gem package is built from a specification whose platform has been
modified, it will include metadata using the old platform.
This change should fix the problem by making sure `original_platform` is
always properly set.
https://github.com/rubygems/rubygems/commit/ecd5cd4547
|
|
This reverts commit 01f9766aa05182a7bbdc914a5dcd8a36ebade861.
|
|
This reverts commit 772afa00b5109f55c1d8359c688aca4063818549.
|
|
|
|
|
|
https://github.com/rubygems/rubygems/commit/10c26a483d
|
|
https://github.com/rubygems/rubygems/commit/58173ff2ea
|
|
Fix up https://github.com/rubygems/rubygems/pull/6882
https://github.com/rubygems/rubygems/commit/71c73ac6d9
|
|
corrupt gem
Gem::Package::TarReader::Entry now raises EOFError or returns nil
appropriately based on Ruby core IO.read and IO.readpartial behavior.
Zlib will respond accordingly by raising Zlib::GzipFile::Error on EOF.
When verifying a gem or extracting contents, raise FormatError similar
to other cases of corrupt gems.
Addresses a bug where Gem::Package would attempt to call size on nil
instead of raising a more descriptive and useful error, leading users
to assume the problem is internal to rubygems.
Remove unused error class TarReader::UnexpectedEOF that was never raised
since the NoMethodError on nil would happen first. Use EOFError instead.
https://github.com/rubygems/rubygems/commit/dc6129644b
|
|
|
|
https://github.com/rubygems/rubygems/commit/67ece7b8b6
|
|
https://github.com/rubygems/rubygems/commit/9264d83421
|
|
https://github.com/rubygems/rubygems/commit/b18a4ef076
|
|
https://github.com/rubygems/rubygems/commit/91391ceedf
|
|
https://github.com/rubygems/rubygems/commit/fa2e835ed2
|
|
https://github.com/rubygems/rubygems/commit/860669b08a
|
|
https://github.com/rubygems/rubygems/commit/5c88c77873
|
|
https://github.com/rubygems/rubygems/commit/75abd2e504
|
|
TarReader#each previously implemented a partial version of seek.
This code moved to Entry#seek for use from TarReader#each.
Entry#close now returns nil instead of true, like IO#close.
Closing an Entry now seeks to the end of the Entry, seeking past
any remaining zero byte tar file padding and moving the io to the
correcty position to read the next file in the archive.
Uses seek for Entry#rewind and #pos=, fixing the tar->gzip->tar nested
rewind that would break previous to this change.
Add Entry.open that behaves more like File.open.
https://github.com/rubygems/rubygems/commit/f5149565d5
|
|
When extracting files from the tarball, a mode is retrieved from
the header. Occasionally you'll encounter a gem that was packaged
on a system whose permission bits result in a value that is larger
than the value that File.chmod will allow (anything >= 2^16). In
that case the extraction fails with a RangeError, which is pretty
esoteric.
If you extract the tarball with the tar and gunzip utilities, the
file permissions end up being just the bottom 16 bits masked off
from the original value. I've mirrored that behavior here. Per the
tar spec:
> Modes which are not supported by the operating system restoring
> files from the archive will be ignored.
I think that basically means what I've done here.
---
This commit also changes the behavior very slightly with regard to
when the chmod is called. Previously it was called while the file
descriptor was still open, but after the write call.
When write flushes, the file permissions are changed to the mode
value from the File.open call, undoing the changes made by
FileUtils.chmod. CRuby appears to flush the buffer after the
chmod call, whereas TruffleRuby flushes before the chmod call.
So the file permissions can change depending on implementation.
Both implementations end up getting the correct file permissions
for the bottom 9 bits (user, group, world), but differ with
regard to the sticky bit in the next 3.
To get consistent behavior, this commit changes it to close the
file descriptor before attempting to chmod anything, which makes
it consistent because the write flushes in both cases.
https://github.com/rubygems/rubygems/commit/22ce076e99
|
|
https://github.com/rubygems/rubygems/commit/425b78637f
|
|
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
|
|
Under POSIX behavior of leading // is implementation defined. Musl does
preserve it in realpath, glibc does not. That means the test was failing
when executed on alpine linux. Original issue #508 was about // in the
path, not about leading ones. When executed in such environment, the
test will still test what it should when the explicit mangling of the
path is not done.
Fixes #5652
https://github.com/rubygems/rubygems/commit/0fa7373bf6
|
|
https://github.com/rubygems/rubygems/commit/125415593ead9ab69a9f0bb5392c9d7ec61b1f51
|
|
Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a
Notes:
Merged: https://github.com/ruby/ruby/pull/5462
|
|
OpenSSL includes what we need.
https://github.com/rubygems/rubygems/commit/955f3b72ca
|
|
If we explicitly disallow the creation of symlinks that point to files
outside of the destination directory, we can avoid any other safety
checks while creating directories, because we can be sure they will
always fall under the destination directory as well.
https://github.com/rubygems/rubygems/commit/555692b8de
|
|
https://github.com/rubygems/rubygems/commit/1e363dbbcb
|
|
https://github.com/rubygems/rubygems/commit/9180b390aa
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4648
|
|
https://github.com/rubygems/rubygems/commit/c77868a555
|
|
* Port
https://github.com/ruby/ruby/commit/8e91b969df08b7a2eb27a5d6d38733eea42dc7ad
from ruby-core, and make it compatible with psych 3 & 4.
|
|
|
|
https://github.com/rubygems/rubygems/commit/c46185abe3
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/769e87f011
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
of assert_path_exists and refute_path_exists
https://github.com/rubygems/rubygems/commit/a7c93558c3
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4383
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3864
|
|
31a6eaabc165d8a222e176f2c809d90622d88ec2 is obsoleted with
https://github.com/rubygems/rubygems/pull/3820
|
|
Enable Style/EmptyLinesAroundClassBody rubocop cop.
|
|
* They likely want to support older Ruby/tempfile versions
* Reverts part of e8c3872555fc85640505974e6b1c39d315572689
|
|
automatically
|
|
If any error happens while verifying a package entry, it doesn't mean
that the package is corrupt. It could be a bug in rubygems, for example.
This in fact happened in CI and the current error doesn't make it easy
to troubleshoot the root cause, since it doesn't provide a backtrace.
See
https://github.com/rubygems/rubygems/pull/3807/checks?check_run_id=862526615.
So I propose to let the exception happens. There was something useful
about the previous message, which is the file entry where the error
happened, so I'm keeping that information in a warning message.
https://github.com/rubygems/rubygems/commit/ece87d858f
Notes:
Merged: https://github.com/ruby/ruby/pull/3379
|
|
https://github.com/rubygems/rubygems/commit/25912ce6c9
Notes:
Merged: https://github.com/ruby/ruby/pull/3379
|
|
No check is done for the other expectation and they are completely
symmetric as far as I can see.
https://github.com/rubygems/rubygems/commit/4de89e0718
Notes:
Merged: https://github.com/ruby/ruby/pull/3379
|
