[Rubygems-developers] Gems as Ruby programs (or not)?

Richard Kilmer rich at infoether.com
Sat Jan 24 13:33:53 EST 2004

On Jan 24, 2004, at 9:37 AM, Chad Fowler wrote:

> At the Software MFA program I attended in Illinois recently, I was 
> talking
> about RubyGems with one of the other attendees and he started really
> grilling me on why the gem files (not the specs) are Ruby programs.
> He did a pretty good job of convincing me.  By the end of the
> conversation, I couldn't really think of a good reason (that would
> outweight the negatives--mainly security issues).
> Any thoughts?  Is there some reason that I've forgotten?
> Chad
> _______________________________________________
> Rubygems-developers mailing list
> Rubygems-developers at rubyforge.org
> http://rubyforge.org/mailman/listinfo/rubygems-developers

Its just a convenience thing.  If you are concerned, don't run the code 
that is at the top of the Gem file.  Think about it, installers are 
executable programs right?  I mean, on Windows you download .exe's that 
install your apps.  Install-anywhere uses Java for the same purpose.  
The jar in that case has executable code to install the app.  The 
installer portion of the gem is very simple.  If you don't want to use 
it just provide another mechanism to do this:

-- gem_installer.rb
require 'optparse'

options = {}
ARGV.options do |opts|
   opts.on_tail("--help", "show this message") {puts opts; exit}
   opts.on('--file=FILENAME', "Gem file") {|options[:filename]|}
   opts.on('--dir=DIRNAME', "Installation directory for the Gem") 
   opts.on('--force', "Force Gem to intall, bypassing dependency 
checks") {|options[:force]|}
   opts.on('--gen-rdoc', "Generate RDoc documentation for the Gem") 

require 'rubygems'
@directory = options[:directory] || Gem.dir
@force = options[:force]
@filename = options[:filename]

gem = Gem::Installer.new(@filename).install(@force, @directory)
if options[:gen_rdoc]

-- EOF

That is exactly what is in the gem file right now...its an executable 
header.  Its just cool that we can do that.  Note that all Ruby 
installers are Ruby executable code (install.rb, setup.rb).  Does 
anyone actually inspect these files before running them?


More information about the Rubygems-developers mailing list