[Rubygems-developers] [ rubygems-Bugs-28404 ] Gem build does not check version carefully enough

noreply at rubyforge.org noreply at rubyforge.org
Sat Nov 13 08:43:03 EST 2010


Bugs item #28404, was opened at 2010-07-19 09:45
You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=575&aid=28404&group_id=126

Category: None
Group: None
Status: Open
>Resolution: Accepted
Priority: 3
Submitted By: Pierre Baillet (octplane)
Assigned to: John Barnette (jbarnette)
Summary: Gem build does not check version carefully enough

Initial Comment:
Hi,

When building a gem, Gem should check that the version indicated by the gem builder is the same as the Gem computed one. If this is not the case, then things can go weird later:

- On one of our server, we have a Gem server that contains genx4r version "0.05" and another library mongo_report version "0.5".

- Because of the way the Gem::Version comparator is implemented (and I think this way is correct today), the two version are identical

- When building the Gem server indices, the Marshal compress method attempts to create as less objects as possible and will reuse objects that already exists when assembling the specs

- In out case this result is assigning version "0.05" to mongo_report. The gem cannot be installed anymore.

I've forked rubygems on github ( following jbarnette suggestion on IRC) and implemented a very crude algorithm to check that the computed version number is the same as the one provided by the gem builder.

http://github.com/octplane/rubygems/commit/cc332c3165cadea8766cc54b42db78ba8dc53375

Please feel free to integrate this patch in the master if you feel this is useful.

Thank your for rubygem,
-- 
Pierre 
Admin at fotopedia.


----------------------------------------------------------------------

You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=575&aid=28404&group_id=126


More information about the Rubygems-developers mailing list