[Rubygems-developers] [ rubygems-Bugs-28404 ] Gem build does not check version carefully enough
noreply at rubyforge.org
noreply at rubyforge.org
Fri Nov 12 23:31:41 EST 2010
Bugs item #28404, was opened at 2010-07-19 09:45
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=575&aid=28404&group_id=126
Category: None
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Pierre Baillet (octplane)
>Assigned to: John Barnette (jbarnette)
Summary: Gem build does not check version carefully enough
Initial Comment:
Hi,
When building a gem, Gem should check that the version indicated by the gem builder is the same as the Gem computed one. If this is not the case, then things can go weird later:
- On one of our server, we have a Gem server that contains genx4r version "0.05" and another library mongo_report version "0.5".
- Because of the way the Gem::Version comparator is implemented (and I think this way is correct today), the two version are identical
- When building the Gem server indices, the Marshal compress method attempts to create as less objects as possible and will reuse objects that already exists when assembling the specs
- In out case this result is assigning version "0.05" to mongo_report. The gem cannot be installed anymore.
I've forked rubygems on github ( following jbarnette suggestion on IRC) and implemented a very crude algorithm to check that the computed version number is the same as the one provided by the gem builder.
http://github.com/octplane/rubygems/commit/cc332c3165cadea8766cc54b42db78ba8dc53375
Please feel free to integrate this patch in the master if you feel this is useful.
Thank your for rubygem,
--
Pierre
Admin at fotopedia.
----------------------------------------------------------------------
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=575&aid=28404&group_id=126
More information about the Rubygems-developers
mailing list