github / safegem

Branches (1)
- master
Tags (13)
- v0.2.10
- v0.2.9
- v0.2.8
- v0.2.7
- v0.2.6
- v0.2.5
- v0.2.4
- v0.2.3
- v0.2.2
- v0.2.0
- v0.1.3
- v0.1.2
- v0.1.1

GitHub's safe gem eval web service — Read more

This URL has Read+Write access

Regenerated gemspec for version 0.2.9

mojombo (author)

Wed Apr 08 16:30:56 -0700 2009

commit f938e8b806bc55774d0502135d36fadfd7dba251
tree cc0ab9d5a922eecba2c69a423be4d790c15a19a9
parent 9450029483e339dfa8eed76dbe091fe034079105

safegem /

name	age	history message
.gitignore	Tue Feb 10 20:28:43 -0800 2009	add safegem binary to gemspec and make it execu... [mojombo]
README	Sun Mar 29 20:46:09 -0700 2009	update readme [mojombo]
Rakefile		Loading commit data...
VERSION.yml
bin/
lib/	Sat Mar 28 23:35:38 -0700 2009	part of the two-phase gem build process now [mojombo]
safegem.gemspec
test/	Sat Mar 28 18:09:45 -0700 2009	cleanup and sinatra 0.9.1.1 compatibility [mojombo]

README

SafeGem: GitHub's Safe Gem Eval Web Service
-------------------------------------------

Help make GitHub's gem build process more secure and robust!

SafeGem is a Sinatra app that safely converts Ruby gemspecs into YAML gemspecs.

It works as follows:

1) Receives a request with the repo location and the ruby gemspec
2) Returns immediately and schedules the following via EM.defer:

1) Makes a shallow clone of the repo and chdir's to that repo
2) Evals the spec in a separate thread with a higher $SAFE level
3) Converts spec to YAML
4) Posts the YAML to the specified callback

Goals
-----
* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.

github / safegem

Pledgie Donations