Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent gem activation in standalone mode #6925

Merged
merged 1 commit into from
Oct 3, 2023
Merged

Prevent gem activation in standalone mode #6925

merged 1 commit into from
Oct 3, 2023

Conversation

composerinteralia
Copy link
Contributor

What was the end-user or developer problem that led to this PR?

As discussed in #6273 (comment)

The gem method behaves awkwardly in standalone mode. Assuming bundler isn't loaded at all, a call to gem might activate a gem that is not part of the bundle (because it's the gem method defined in lib/rubygems/core_ext/kernel_gem.rb and not
lib/bundler/rubygems_integration.rb). And when running with --disable-gems, the gem method won't be defined at all so we'll get a NoMethodError.

Calls to gem can appear in dependencies outside an application's control. To work around this at GitHub we defined our own Kernel#gem that no-ops.

I agree with #6273 (comment)

people using standalone mode don't want to activate gems like Kernel.gem

What is your fix for the problem, implemented in this PR?

This commit redefines Kernel#gem in the standalone script to no-op.

Make sure the following tasks are checked

@hsbt
Copy link
Member

hsbt commented Aug 30, 2023

And when running with --disable-gems, the gem method won't be defined at all so we'll get a NoMethodError.

Question: Why do you use --disable-gems in your application? It's only for Ruby core developper, not users.

@composerinteralia
Copy link
Contributor Author

composerinteralia commented Aug 30, 2023
edited

Question: Why do you use --disable-gems in your application? It's only for Ruby core developper, not users.

We mostly don't. It looks like GitHub started running some things with --disable-gems back in 2014 or so. I think the way GitHub did git operations back then involved spawning a new Ruby process each time, and so --disable-gems was used to make spawning those processes a tiny bit faster. (I'm not certain about that—I didn't work here at the time and I don't think that's how things work nowadays anyway.) There's a few old scripts that still use --disable-gems, but they might not need to.

Hopefully this PR makes sense anyway, since even without --disable-gems the gem method in standalone mode may activate a gem that's not part of the bundle, which seems generally undesirable.

@deivid-rodriguez
Copy link
Member

This looks great, but I just noticed there's a merge conflict now. Could you rebase this @composerinteralia 🙏?

@composerinteralia
Prevent gem activation in standalone mode
bea17b5 
As discussed in rubygems#6273 (comment)

The `gem` method behaves awkwardly in standalone mode. Assuming bundler
isn't loaded at all, a call to gem might activate a gem that is not part
of the bundle (because it's the gem method defined in
lib/rubygems/core_ext/kernel_gem.rb and not
lib/bundler/rubygems_integration.rb). And when running with
`--disable-gems`, the gem method won't be defined at all so we'll get a
NoMethodError.

Calls to `gem` can appear in dependencies outside an application's
control. To work around this at GitHub we defined our own `Kernel#gem`
that no-ops.

I agree with rubygems#6273 (comment)

> people using standalone mode don't want to activate gems like Kernel.gem

This commit redefines `Kernel#gem` in the standalone script to no-op.
@composerinteralia
Copy link
Contributor Author

Done!

@deivid-rodriguez
Copy link
Member

Thank you @composerinteralia!

@deivid-rodriguez deivid-rodriguez merged commit bf1a8cb into rubygems:master Oct 3, 2023
92 checks passed
deivid-rodriguez added a commit that referenced this pull request Oct 13, 2023
@deivid-rodriguez
Merge pull request #6925 from composerinteralia/prevent-standalone-ge…
ca9fb9d 
…m-activation

Prevent gem activation in standalone mode

(cherry picked from commit bf1a8cb)
deivid-rodriguez added a commit that referenced this pull request Oct 13, 2023
@deivid-rodriguez
Merge pull request #6925 from composerinteralia/prevent-standalone-ge…
48f1b6d 
…m-activation

Prevent gem activation in standalone mode

(cherry picked from commit bf1a8cb)
deivid-rodriguez added a commit that referenced this pull request Oct 13, 2023
@deivid-rodriguez
Merge pull request #6925 from composerinteralia/prevent-standalone-ge…
b3a7024 
…m-activation

Prevent gem activation in standalone mode

(cherry picked from commit bf1a8cb)
deivid-rodriguez added a commit that referenced this pull request Oct 16, 2023
@deivid-rodriguez
Merge pull request #6925 from composerinteralia/prevent-standalone-ge…
c1ce932 
…m-activation

Prevent gem activation in standalone mode

(cherry picked from commit bf1a8cb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simi simi simi approved these changes

@deivid-rodriguez deivid-rodriguez deivid-rodriguez approved these changes

Assignees
No one assigned
Labels
bundler: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@composerinteralia @hsbt @deivid-rodriguez @simi