Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

parse `gem env` for dangerous settings #855

Closed
mpapis opened this Issue · 10 comments

4 participants

@mpapis
Owner

We need to add few warnings for the bad settings in gemrc like:

  • gem: -n/path/to/bin
  • gem_install: --user-install

scheduled for 1.11.2

@mpapis mpapis was assigned
@PaulMakepeace

It'd be great if it'd catch other .gemrc errors and report on them at least in a way that exposes where the error is. I had "gem: --no-ri --no-rdocgem: --no-ri --no-rdoc" in my .gemrc and the error simply said Psych had a problem - no filename. (I had to insert debug into rubygems/config_file.rb)

@lemoinem lemoinem referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@mpapis mpapis closed this in 35523b7
@barraponto

gem: --user-install is a default in Archlinux ruby package. Should we add instructions to rvm notes?

@richo
Collaborator

Sigh. That seems like a good stopgap.

@mpapis
Owner

@barraponto we have auto detection of the problem and the message is displayed only when it should be, is there any reason to add it also to the notes?

@barraponto

Actually, I meant rvm requirements. It would be good if rvm instructed users on what to do (adding/removing settings to .gemrc) instead of instructing on ignoring the errors. Also, why does it check both user .gemrc and system /etc/gemrc when only one is going to be loaded?

@mpapis
Owner

@barraponto both files will be read by rubygems, and yes we could add a note to requirements for Archlinux, feel free to propose a change here (Edit button): https://github.com/wayneeseguin/rvm/blob/master/scripts/requirements

@barraponto

@mpapis I think the proper solution would be copying /etc/gemrc to ~/.gemrc and removing the --user-install option. But current shell script would still issue the warning. So the issue is: should rvm check /etc/gemrc for issues when there's a ~/.gemrc file available?

@mpapis
Owner

@barraponto here is gemrc description https://github.com/rubygems/rubygems/blob/master/lib/rubygems/config_file.rb#L27 - both files are read, I'm not sure about the merging, but still the safest way for now is to leave editing to user ... if you can find something better please let me know

@barraponto

That's not what the docs say:

gem looks for a configuration file .gemrc in your home directory, although you can specify another file on the command-line if you wish (with the —config-file modifier). Only one configuration file will be processed: the rightmost one on the command-line, or the default $HOME/.gemrc, or none at all.

@mpapis
Owner

it looks like docs are out of date: https://github.com/rubygems/rubygems/blob/master/lib/rubygems/config_file.rb#L190-L193 where --config-file is responsible for overwriting location of $HOME/.gemrc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.