cookiejar 0.3.1 is packaged with incorrect file permissions in gem #13

Closed
davidzhao opened this Issue Feb 20, 2014 · 15 comments

Projects

None yet

9 participants

@davidzhao

The latest version is showing file perms of 600 instead of 644 for all files within the gem. This creates a problem when people install gems as root into /usr/local/lib/ruby, and then try to load it with another user on the system.

0.3.0 is packaged correctly. something had changed in the last version

/usr/local/lib/ruby/gems/2.1.0/gems/cookiejar-0.3.1$ ls -l
total 24
-rw------- 1 root root  363 Feb 19 01:19 contributors.json
drwxr-xr-x 3 root root 4096 Feb 19 01:19 lib
-rw------- 1 root root 1320 Feb 19 01:19 LICENSE
-rw------- 1 root root  717 Feb 19 01:19 Rakefile
-rw------- 1 root root  670 Feb 19 01:19 README.markdown
drwxr-xr-x 2 root root 4096 Feb 19 01:19 spec
/usr/local/lib/ruby/gems/2.1.0/gems/cookiejar-0.3.1$ ls -l ../cookiejar-0.3.0
total 8
drwxr-xr-x 3 root root 4096 Jan  9 06:54 lib
drwxr-xr-x 2 root root 4096 Jan  9 06:54 test
@flauwekeul

👍 My collegue discovered this same issue recently too.

@jvanbaarsen

I tried repackaging the gem, and install it locally, that will fix the issue. @dwaite Can you please repack and republish the gem?

@kevinslin

Ran into the same issue using em-http-request gem since it uses cookiejar as a dependency and now fails on require

Fetching the gem and running the following should fix it

cd cookiejar
sudo chmod -R a+r lib
gem build cookie-jar.gemspec
gem push cookie-jar-0.3.1.gem
@kevinslin kevinslin referenced this issue in igrigorik/em-http-request Feb 20, 2014
Merged

lock down cookiejar version #261

@davidzhao

Any updates here? It'd be a huge help if the maintainer could simply repackage and bump the version.

@alain75007

Please update this project to fix this problem.

@avitus
avitus commented Mar 5, 2014

👍

@jvanbaarsen

@dwaite Please repackage the gem :) 👍

@ajb
ajb commented Mar 7, 2014

:(

@kornypoet

+1

@ajb
ajb commented Mar 12, 2014

Has anyone pinged @dwaite via email?

@jvanbaarsen

@adamjacobbecker Please go ahead 😄

@ajb
ajb commented Mar 13, 2014

Just pinged him via email. FWIW, it might be worth asking the maintainers of other libraries that depend on cookiejar to lock the version at 0.3.0.

@ajb ajb added a commit to ajb/faye that referenced this issue Mar 13, 2014
@ajb ajb Lock cookiejar at 0.3.0 434c86f
@ajb ajb referenced this issue in faye/faye Mar 13, 2014
Closed

Lock cookiejar at 0.3.0 #287

@ajb ajb added a commit to ajb/em-http-request that referenced this issue Mar 13, 2014
@ajb ajb Lock cookiejar at 0.3.0
Per this issue: dwaite/cookiejar#13 (comment)

This should probably be considered urgent.
f08bb65
@ajb ajb referenced this issue in igrigorik/em-http-request Mar 13, 2014
Closed

Lock cookiejar at 0.3.0 #267

@dwaite
Owner
dwaite commented Mar 13, 2014

cookiejar 0.3.2 released to fix the issue. But now I'll be raising an issue with ruby gems ;-)

@dwaite dwaite closed this Mar 13, 2014
@ajb
ajb commented Mar 13, 2014

Amazing, thank you!

@jvanbaarsen

@dwaite Thanks :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment