parse `gem env` for dangerous settings #855

Closed
mpapis opened this Issue Mar 24, 2012 · 10 comments

Comments

Projects
None yet
4 participants
Owner

mpapis commented Mar 24, 2012

We need to add few warnings for the bad settings in gemrc like:

  • gem: -n/path/to/bin
  • gem_install: --user-install

scheduled for 1.11.2

@ghost ghost assigned mpapis Mar 24, 2012

It'd be great if it'd catch other .gemrc errors and report on them at least in a way that exposes where the error is. I had "gem: --no-ri --no-rdocgem: --no-ri --no-rdoc" in my .gemrc and the error simply said Psych had a problem - no filename. (I had to insert debug into rubygems/config_file.rb)

@mpapis mpapis closed this in 35523b7 Sep 25, 2012

mpapis added a commit that referenced this issue Sep 25, 2012

Merge pull request #1132 from lemoinem/fix/check-for-compatible-rubyg…
…em-config

Check for trouble-prone config in "gemrc"s, fix #855

gem: --user-install is a default in Archlinux ruby package. Should we add instructions to rvm notes?

Member

richo commented Nov 25, 2012

Sigh. That seems like a good stopgap.

Owner

mpapis commented Nov 25, 2012

@barraponto we have auto detection of the problem and the message is displayed only when it should be, is there any reason to add it also to the notes?

Actually, I meant rvm requirements. It would be good if rvm instructed users on what to do (adding/removing settings to .gemrc) instead of instructing on ignoring the errors. Also, why does it check both user .gemrc and system /etc/gemrc when only one is going to be loaded?

Owner

mpapis commented Nov 25, 2012

@barraponto both files will be read by rubygems, and yes we could add a note to requirements for Archlinux, feel free to propose a change here (Edit button): https://github.com/wayneeseguin/rvm/blob/master/scripts/requirements

@mpapis I think the proper solution would be copying /etc/gemrc to ~/.gemrc and removing the --user-install option. But current shell script would still issue the warning. So the issue is: should rvm check /etc/gemrc for issues when there's a ~/.gemrc file available?

Owner

mpapis commented Nov 25, 2012

@barraponto here is gemrc description https://github.com/rubygems/rubygems/blob/master/lib/rubygems/config_file.rb#L27 - both files are read, I'm not sure about the merging, but still the safest way for now is to leave editing to user ... if you can find something better please let me know

That's not what the docs say:

gem looks for a configuration file .gemrc in your home directory, although you can specify another file on the command-line if you wish (with the —config-file modifier). Only one configuration file will be processed: the rightmost one on the command-line, or the default $HOME/.gemrc, or none at all.

Owner

mpapis commented Nov 25, 2012

it looks like docs are out of date: https://github.com/rubygems/rubygems/blob/master/lib/rubygems/config_file.rb#L190-L193 where --config-file is responsible for overwriting location of $HOME/.gemrc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment