Skip to content
This repository

Gemspec corrupted in 1.0.4 #136

Closed
andrewdsmith opened this Issue · 36 comments
Andrew Smith

Installing 1.0.4 (under Ruby 1.8.7 and gem 1.3.7) causes problems due to what I think is a corrupted gemspec, as can be see at http://rubygems.org/gems/cucumber/versions/1.0.4. By way of confirmation I'll quote http://stackoverflow.com/questions/7379385/invalid-gemspec-in-and-illformed-requirement-whenever-i-create-a-new-project.

Chris Griego

After I installed cucumber-1.0.4 I get this anytime ruby gems is loaded.

Invalid gemspec in [/gems/ruby-1.8.7-p352/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#YAML::Syck::DefaultKey:0x104dda680 0.8.4"]

Carl Hicks

I see this issue as well, on mri 1.9.2 and rubygems 1.8.10

Larry Staton Jr.

I'm also getting this on JRuby 1.6.4 and rubygems 1.8.10.

Giang Kenneth Nguyen Duc

I have the same issue with Ruby 1.9.2p180 rubygems 1.8.10. when I run "bundle install", the error messages are:

Installing cucumber (1.0.4) Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x000001051123c0> 0.8.4"]
Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-rails-1.0.3.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x00000100ce58a0> 0.7.2"]

Installing cucumber-rails (1.0.3) Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x000001051123c0> 0.8.4"]
Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-rails-1.0.3.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x00000103fabf78> 0.7.2"]

Carl Hicks

Also worth noting, if you inspect the gemspec file, it contains:

#<Syck::DefaultKey:0x00000100ce58a0> 0.7.2

as one of the dependency versions. Is this a cucumber gem spec issue, or a bundler issue?

Carl Hicks

Also for those who are having this problem, manually removing the gemspec file and linking against the github repo like so:

group :development, :test do
  gem 'ruby-debug19', :require => 'ruby-debug'
  gem 'capybara'
  gem 'cucumber', :git => 'https://github.com/cucumber/cucumber.git'
  gem 'cucumber-rails', :git => 'https://github.com/cucumber/cucumber-rails.git'

Seems to resolve the problem

Felix Schäfer

Seeing this too, it probably is the same problem as already occured in gherkin and was fixed in cucumber/gherkin@9d0cd89

Andrew Smith

I can confirm that this is a regression since 1.0.3. However...

I revisited the StackOverflow question and there's a link to this very informative blog post: http://blog.rubygems.org/2011/08/31/shaving-the-yaml-yacc.html. Apparently this is a problem with rubygems.org using Syck not Psyck. The advice on StackOverflow is to run gem update --system. I won't have a chance to confirm this for a while but the release history for rubygems makes more than one reference to fixing Syck issues, so I'm hopeful.

I'm leaving this issue open for the time being as it appears to be a useful landing pad for those experiencing this issue!

Stuart Ellis

I've got a slightly different error message with JRuby 1.6.4 and RubyGems 1.5.1 (RVM jruby installation), but also resolved it by installing Cucumber 1.0.3.

ERROR: While executing gem ... (ArgumentError)
undefined class/module YAML::Syck::DefaultKey

coopsite

gem update --system does not solve this problem.

laran

Ran into this as well. Using 1.0.3 works for me.

Matt Wynne
Owner

You should not get this error if you're using the latest version of Rubygems 1.8.10, however: if you have problems with gems that were installed with an older version of Rubygems, you will need to remove those gems, even if you update Rubygems.

If you're using RVM with gemsets, this is relatively painless:

rvm gemset empty
gem update --system
bundle

The warnings should now go away.

Andrew Smith

This is not an issue with Cucumber but with rubygems. Upgrading to rubygems 1.8.10 resolves the issue. Closing but adding some details for the Googlers out there.

I'm running Ubuntu and so the upgrading the system rubygems requires a little more determination:

sudo REALLY_GEM_UPDATE_SYSTEM=TRUE gem update --system

After this gem no longer recognised the latest json and gherkin gems installed for Cucumber 1.0.3:

Invalid gemspec in [/home/andrew/.gem/ruby/1.8/specifications/json-1.5.4.gemspec]: invalid date format in specification: "2011-08-31 00:00:00.000000000Z"
Invalid gemspec in [/home/andrew/.gem/ruby/1.8/specifications/gherkin-2.4.18.gemspec]: invalid date format in specification: "2011-09-05 00:00:00.000000000Z"

This was resolved by manually removing the referenced .gemspec files and associated gem folders. Next I went to run bundle update but got this error:

/home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/ui.rb:56: uninitialized constant Gem::SilentUI (NameError)
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/cli.rb:16:in `initialize'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor.rb:246:in `new'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor.rb:246:in `dispatch'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor/base.rb:389:in `start'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/bin/bundle:13
    from /home/andrew/.gem/ruby/1.8/bin/bundle:19:in `load'
    from /home/andrew/.gem/ruby/1.8/bin/bundle:19

This turned out to be because I was using a stale version of Bundler not compatible with the latest version of rubygems. Easily solved with just:

gem update bundler

Finally, I was able to bundle update and get Cucumber 1.0.4 in and running.

Andrew Smith andrewdsmith closed this
coopsite

I have both the latest bundle and the latest gem in my path. This does not solve the problem.

$ bundle --version
Bundler version 1.0.18
$ gem --version
1.8.10
$ which bundle
~/.rvm/gems/ruby-1.9.2-p290@global/bin/bundle
$ which gem
~/.rvm/rubies/ruby-1.9.2-p290/bin/gem

Using rvm to create a new gemset and install cucumber i see this error message:

Invalid gemspec in [~/.rvm/gems/ruby-1.9.2-p290@junker/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#Syck::DefaultKey:0x00000102b92140 0.8.4"]

Matt Wynne
Owner

@coopsite please delete that dodgy gemspec file and reinstall cucumber with your new Rubygems.

Chris Griego

What about the people on Engine Yard stuck using Rubygems 1.5? This same issue was previously fixed in gherkin, why not fix it here as well? Please reopen.

Matt Wynne
Owner

I think @aslakhellesoy is going to release a fix in the next few days.

Aslak Hellesøy

I just did a rubygems update:

$ gem update --system
Updating rubygems-update
Fetching: rubygems-update-1.8.10.gem (100%)
Successfully installed rubygems-update-1.8.10
Installing RubyGems 1.8.10
RubyGems 1.8.10 installed

== 1.8.10 / 2011-08-25

RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded.  See
https://github.com/rubygems/rubygems/pull/165 for details.

* 5 bug fixes:

  * RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
    and %q to prevent code injection.  Issue #165 by Postmodern
  * RubyGems attempt to activate the psych gem now to obtain bugfixes from
    psych.
  * Gem.dir has been restored to the front of Gem.path.  Fixes remaining
    problem with Issue #115
  * Fixed Syck DefaultKey infecting ruby-format specifications.
  * `gem uninstall a b` no longer stops if gem "a" is not installed.

They claim the Syck problem has been fixed. Yay! So I released 1.0.5, assuming it would be fixed. No dice. The gemspec still seems to be corrupted: https://rubygems.org/gems/cucumber/versions/1.0.5

As some of you know, I had similar issues with gherkin releases a couple of weeks back. I worked around it by removing all '= x.y.z' and 'x.y.z' dependencies in the gemspec, replacing them with '>= x.y.z'. Unfortunately we can't do that with prawn (for the pdf formatter). It doesn't work with newer versions of prawn.

We could of course yank out the prawn formatter (or just remove the gem dependency and print an error if someone uses the prawn formatter without prawn installed).

These are all workarounds. Rubygems is designed to work with '= x.y.z' dependencies, but right now it seems to buggy to work.

Any tips on what I should do to release non-corrupt gems?

Aslak Hellesøy

There seems to be several gems that have this problem. Google for YAML::Syck::DefaultKey in the past week or month.

I would submit a bug to the rubygems project, but I can't even find the bug tracker.

Aslak Hellesøy

Found it. There are 3 relevant bugs that claim to be fixed: http://rubyforge.org/search/?type_of_search=artifact&group_id=126&atid=575&words=DefaultKey&Search=Search

The gems I release are still corrupt, and I am on ruby 1.9.2 and rubygems 1.8.10.

I don't have much time to shave this yak right now, so some help would be great.

Matt Wynne
Owner
Aslak Hellesøy

@mattwynne I was talking about what rubygems lists as deps, not what I have/see locally. See the link.

And here is a recent blog entry: http://blog.rubygems.org/2011/08/31/shaving-the-yaml-yacc.html

Aslak Hellesøy

As explained in the article I downloaded the gemspec for 1.0.3 and 1.0.4 (1.0.5 is similar to 1.0.4):

mkdir 1.0.3
cd 1.0.3
gem fetch cucumber -v 1.0.3
tar xvf cucumber-1.0.3.gem
gunzip metadata.gz
cd ..

mkdir 1.0.4
cd 1.0.4
gem fetch cucumber -v 1.0.4
tar xvf cucumber-1.0.4.gem
gunzip metadata.gz
cd ..

less 1.0.3/metadata # versions are ~> (unquoted), ">=" (double-quoted) and "=" (double-quoted). This was built with sych.
less 1.0.4/metadata # versions are ~> (unquoted), '>=' (single-quoted) and = (unquoted). This was built with psych.

1.0.3 and older were probably packaged using an older rubygems (using sych). Before releasing 1.0.4 (and 1.0.5) I had a newer ruby and rubygems (and psych). The = dependencies are unquoted, causing older rubygems to fail. rubygems.org is using an older rubygems to parse the gemspecs before displaying the deps on the web page, which explains why it looks like the gemspecs for 1.0.4 and 1.0.5 are corrupt.

They are not.

There are three ways to deal with this:

a) I use a ruby with old rubygems (using sych) when releasing, so that both sych and psych can read the gemspec
b) I remove all = dependencies from the gemspec
c) I do nothing and force everybody to upgrade their buggy rubygems/yaml interpreters from sych to psych

I realise many people can't do c). a) is too much of a PITA for me, so it will be b). This means I'll remove prawn from the gemspec (and >= the remaining = deps). I'll try to make a new release later.

What a royal PITA!

Chris Griego

Thanks for the release.

FYI, I think @dchelimsky ran into this with rspec as well. Every other project I've known to run into this ended up falling back to building their gems on 1.8.

Aslak Hellesøy

@cgriego - 1.0.5 does not fix the problems with 1.0.4. I'll have to make a 1.0.6 release later.

Aslak Hellesøy

1.0.6 is out. chew on that folks.

Jonathan Tushman

Thanks so much for this, note I think the issue still persists with cucumber-rails. I am using @chicks work around for cucumber-rails for now.

skim

cucumber 1.0.6 resolves the issue, but is it possible to update cucumber-rails as well? It's an issue there as well.

Aslak Hellesøy

Sure, I'll get to that as well.

coopsite

Great, thanks for the fixes :)

skim

@aslakhellesoy: thanks for the cucumber-rails 1.0.5 update! it's working now.

mewren

rvm gemset empty
gem update --system
bundle

this is NOT painless

Aslak Hellesøy

@mewren what's painful about it?

coopsite

@mewren I empty and repopulate gemsets regularly. Apart from this issue, which has been fixed for this set of gems, I've never had any problem with it. Do you have some specific problem?

mewren

I am fairly new to rails/gems (well, I used it years ago, rails 1.2, but recently using it again), it ended up deleting all my gems and "bundle install" didn't have an error, but "gem list" was empty.
I have now re-installed my gems and my local server is working again, but cucumber still shows an error (see below)

Am I supposed to be using the "cucumber" or "cucumber-rails" gem? Which version of rails is the latest cucumber compatible with?

error:

cucumber
Using the default profile...
You have already activated activesupport 3.1.0, but your Gemfile requires activesupport 3.0.10. Consider using bundle exec. (Gem::LoadError)
/usr/local/rvm/gems/ruby-1.8.7-p352/gems/bundler-1.0.18/lib/bundler/runtime.rb:31:in `setup'

Carl Hicks

Remove Gemfile.lock from your rails project directory and try again.

Mike Sassak msassak referenced this issue from a commit in msassak/cucumber
Aslak Hellesøy Release 1.0.6. Closes #136 for good. I EAT YAML AND RUBYGEMS FOR FUCK…
…ING BREAKFAST.
2c9a267
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.