Skip to content

Untitled#14

Closed
trans wants to merge 2 commits into
ruby:masterfrom
trans:resources
Closed

Untitled#14
trans wants to merge 2 commits into
ruby:masterfrom
trans:resources

Conversation

@trans

@trans trans commented Dec 8, 2010

Copy link
Copy Markdown

No description provided.

@luislavena

Copy link
Copy Markdown
Member

Hello Trans,

Can you better explain the rationale of this addition? You did provide a test or documentation for this, nor was discussed in the mailing list.

Thank you.

@drbrain

drbrain commented Dec 8, 2010

Copy link
Copy Markdown
Member

There is no recommended usage documentation provided. Providing a big bucket to dump arbitrary data in does not lend itself well to careful and thoughtful usage by gem developers.

Most of the per-method documentation is missing.

If this is supposed to be a URL-store why aren't entries validated by URI?

Gem::Resource

I do not understand why both attr_accessor is overridden and method_missing is provided. method_missing appears to be the better solution as it has the smallest implementation.

Gem::Resource#to_h will never be called as Gem::Specification#ruby_code is never called with a Gem::Resource. Furthermore, I don't understand why it isn't implemented as "return @table.dup".

Gem::Resource#home/#homepage duplicates an attribute provided on Gem::Specification.

I don't understand why multiple aliases are provided.

Use $` instead of converting label to a string multiple times and chomping in #method_missing

If you're not going to use the block in #method_missing there's no need to capture it in an argument.

Why are #hash and #eql? implemented? Will Gem::Resource be used as a Hash key? I cannot conceive of this.

Why is a protected reader for @table provided? This class doesn't make use of it.

Gem::Resource#set is a useless abstraction

It appears that a resources Hash on Gem::Specification would be a better solution. This implementation requires triple-dispatch. (Gem::Specification#add_resource => Gem::Resource#add_resource => #resource_name => Hash#[]= vs Gem::Specification#add_resource => Hash#[]=)

Gem::Specification

Resources MUST NOT be included in the Marshal gemspec. Since #resources stores arbitrary data it presents a risk of high bandwidth usage through user's ignorance. (Furthermore, if the Marshal format is altered the specification version MUST be changed.)

Why is Gem::Resource handled in Gem::Specification#ruby_code but never used?

Why is Gem::Specification#add_resource aliased to Gem::Specification#resource? #resource is one letter different from #resources but does something entirely different.

There is no protection around #add_resource in the generated gemspec for earlier RubyGems versions. (Yes, people will install gems with a version of RubyGems that supports #add_resource then attempt to use them on a version that does not.)

@trans

trans commented Dec 8, 2010

Copy link
Copy Markdown
Author

Many of your questions can be answered by two points.

  1. "I don't understand why multiple aliases are provided." Aliases are provided for the the convenience of using a shorter term, eg. mail vs. mailing_list. The short terms also line up nicely making it easier to read write. The longer terms of course correspond the terms used on rubygems.org. B/c of the aliases, a separate class is called for rather then just a hash, as is the attr_accessor and not just method_missing. In junction with this I would not bet against other resources might exist unaccounted for by a fixed spec, so the ability to add additional arbitrary entries was made possible. (I don't see why anyone would abuse it any more than anything else can already be abused.)

  2. This is not a 100% complete implementation. I am well aware some version conditions need to added, but not knowing what version it will be I left that to be done. As I am well aware other details will need consideration too, e.g. URL validation. The marshaling and ruby_code part were a bit confusing to me, I worked them as best as I could make out and get the current tests to pass. Things like #hash/eql? were implemented b/c the tests actually would not pass without it. And obviously there is a Gem::Resource#home/#homepage duplication of an attribute provided on Gem::Specification, ultimately they would be refactored to reference the same data.

I think the rest of your comments are merely minor details, which can be adjusted as seen fit, of course.

@drbrain

drbrain commented Dec 8, 2010

Copy link
Copy Markdown
Member

One descriptive, concise name is better than four aliases as it removes any need for an extra class and is easier to document.

You don't need a version check, #respond_to? is sufficient. Gem::Specification#to_ruby already makes use of this.

Your tests do not require Gem::Resources#hash nor #eql?

If this isn't a complete implementation and ready for inclusion in RubyGems why did you create a pull request?

@drbrain

drbrain commented Dec 8, 2010

Copy link
Copy Markdown
Member

I ran all the tests with your patch applied and without hash/eql?. Nothing failed.

If you are looking for feedback on an idea you should go to the mailing list. When your idea is completed to the best of your ability you should submit a pull request for final review.

@drbrain

drbrain commented Dec 9, 2010

Copy link
Copy Markdown
Member

Then you have some other bug. #eql? is aliased to #== which you did not modify to check for resource equality.

@zenspider

Copy link
Copy Markdown
Member
5:12:46 PM zenspider: maybe I should start meta commenting and pointing out that
                      for nearly every single critique, he defended instead of
                      embraced / adapted
5:13:10 PM Professor: perhaps
5:13:14 PM zenspider: and that RANTY TIRADES usually mean you're done because 
                      you've blown all legitimacy with your audience if you 
                      come back 10 minutes later
5:13:17 PM Professor: he tried to defend every single one
5:13:26 PM Professor: none of them he went "ok, thats fine, i'll do it that way"
5:13:28 PM zenspider: he needs to learn how the fuck to take critiques
5:13:45 PM Professor: yep

junaruga added a commit to junaruga/rubygems that referenced this pull request Jun 9, 2026
When `bundle install` connects with a certification (CA) to a private RubyGems
HTTPS server emulated by WEBrick, the connection to the
https://localhost:18443/versions succeeded, but the connection to download gems
failed with the following error.

```
+ /home/jaruga/var/git/ruby/rubygems/bin/bundle config set --local ssl_ca_cert /home/jaruga/git/report-bundler-bundle-config-set-ssl_ca_cert/tmp/client/ssl/ca.crt
...
+ /home/jaruga/var/git/ruby/rubygems/bin/bundle install -V
Running `bundle install --verbose` with bundler 4.1.0.dev
Resolving dependencies because there's no lockfile
HTTP GET https://localhost:18443/versions
HTTP 206 Partial Content https://localhost:18443/versions
HTTP GET https://localhost:18443/versions
HTTP 200 OK https://localhost:18443/versions
Fetching gem metadata from https://localhost:18443/
Looking up gems ["hello"]
Resolving dependencies...
Using bundler 4.1.0.dev
1:  bundler (4.1.0.dev) from /home/jaruga/var/git/ruby/rubygems/bundler/bundler.gemspec
Fetching hello 0.1.0
Retrying download gem from https://localhost:18443/ due to error (2/4): Gem::RemoteFetcher::FetchError SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:18443 state=error: certificate verify failed (unable to get local issuer certificate) (https://localhost:18443/gems/hello-0.1.0.gem)
Sleeping for 1.22 seconds before retry
Retrying download gem from https://localhost:18443/ due to error (3/4): Gem::RemoteFetcher::FetchError SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:18443 state=error: certificate verify failed (unable to get local issuer certificate) (https://localhost:18443/gems/hello-0.1.0.gem)
Sleeping for 2.26 seconds before retry
Retrying download gem from https://localhost:18443/ due to error (4/4): Gem::RemoteFetcher::FetchError SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:18443 state=error: certificate verify failed (unable to get local issuer certificate) (https://localhost:18443/gems/hello-0.1.0.gem)
Sleeping for 4.02 seconds before retry
Bundler::InstallError: Bundler::HTTPError: Could not download gem from https://localhost:18443/ due to underlying error <SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:18443 state=error: certificate verify failed (unable to get local issuer certificate) (https://localhost:18443/gems/hello-0.1.0.gem)>
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/rubygems_integration.rb:406:in 'Bundler::RubygemsIntegration#download_gem'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:531:in 'block in Bundler::Source::Rubygems#download_gem'
  /home/jaruga/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems.rb:1068:in 'Gem.time'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:530:in 'Bundler::Source::Rubygems#download_gem'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:459:in 'Bundler::Source::Rubygems#fetch_gem'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:443:in 'Bundler::Source::Rubygems#fetch_gem_if_possible'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:575:in 'Bundler::Source::Rubygems#rubygems_gem_installer'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:184:in 'Bundler::Source::Rubygems#download'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/installer/gem_installer.rb:29:in 'Bundler::GemInstaller#download'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/installer/parallel_installer.rb:148:in 'Bundler::ParallelInstaller#do_download'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/installer/parallel_installer.rb:132:in 'block in Bundler::ParallelInstaller#worker_pool'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/worker.rb:70:in 'Bundler::Worker#apply_func'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/worker.rb:65:in 'block in Bundler::Worker#process_queue'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/worker.rb:56:in 'Kernel#loop'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/worker.rb:56:in 'Bundler::Worker#process_queue'
  /home/jaruga/var/git/ruby/rubygems/bundler/lib/bundler/worker.rb:98:in 'block (2 levels) in Bundler::Worker#create_threads'
...
```

`Bundler::Fetcher` has the `#connection` calling `#bundler_cert_store` storing
`Bundler.settings[:ssl_ca_cert]` in the following part. It is used in some parts.

bundler/lib/bundler/fetcher.rb
...
    def bundler_cert_store
...
      ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
                    (Gem.configuration.ssl_ca_cert if
                      Gem.configuration.respond_to?(:ssl_ca_cert))
...
    end
```

However in the case of downloading gems in Bundler,
Bundler calls `Bundler::Source::Rubygems#download_gem`
calling `Bundler::Fetcher#gem_remote_fetcher`
calling `Bundler::Fetcher::GemRemoteFetcher`
extending `Gem::RemoteFetcher` managing `@cert_files` for RubyGems.

Therefore, the `Bundler::Fetcher::GemRemoteFetcher` needs to update the `@cert_files`
by adding the value of the `Bundler.settings[:ssl_ca_cert]`.

As `Gem::Request.configure_connection_for_https` is called, and gets the value of
`Gem.configuration.ssl_ca_cert` in the proess of downloading gems,
we don't need to add the value in the `Bundler::Fetcher::GemRemoteFetcher`.

The backtrace is below.

```
+ rdbg -c \
  -e 'b Gem::Request.configure_connection_for_https' \
  -e c \
  -- /home/jaruga/git/ruby/rubygems/bin/bundle install -V
...
(rdbg) bt    # backtrace command
=>#0	Gem::Request.configure_connection_for_https(connection=#<Gem::Net::HTTP localhost:18443 open=fal..., cert_files=["/home/jaruga/.local/ruby-4.1.0-debug-3e...) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request.rb:71
  ruby#1	Gem::Request::HTTPSPool#setup_connection(connection=#<Gem::Net::HTTP localhost:18443 open=fal...) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request/https_pool.rb:7
  ruby#2	Gem::Request::HTTPPool#make_connection at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request/http_pool.rb:43
  ruby#3	Gem::Request::HTTPPool#checkout at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request/http_pool.rb:23
  ruby#4	Gem::Request#connection_for(uri=#<Gem::Uri:0x00007f4e473adda0 @parsed_uri...) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request.rb:136
  ruby#5	Gem::Request#perform_request(request=#<Gem::Net::HTTP::Get GET path="/gems/hel...) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request.rb:194
  ruby#6	Gem::Request#fetch at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/request.rb:161
  ruby#7	Gem::RemoteFetcher#request(uri=#<Gem::Uri:0x00007f4e473adda0 @parsed_uri..., request_class=Gem::Net::HTTP::Get, last_modified=nil) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/remote_fetcher.rb:326
  ruby#8	Bundler::Fetcher::GemRemoteFetcher#request(args=[#<Gem::Uri:0x00007f4e473adda0 @parsed_ur...) at ~/var/git/ruby/rubygems/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb:18
  ruby#9	Gem::RemoteFetcher#fetch_http(uri=#<Gem::Uri:0x00007f4e473adda0 @parsed_uri..., last_modified=nil, head=false, depth=0) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/remote_fetcher.rb:217
  ruby#10	Gem::RemoteFetcher#fetch_path(uri=#<Gem::Uri:0x00007f4e473adda0 @parsed_uri..., mtime=nil, head=false) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/remote_fetcher.rb:261
  ruby#11	Gem::RemoteFetcher#cache_update_path(uri=#<Gem::URI::HTTPS https://localhost:18443..., path="/home/jaruga/var/git/report-bundler-bund..., update=true) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems/remote_fetcher.rb:302
  ruby#12	block in Bundler::RubygemsIntegration#download_gem (2 levels) at ~/var/git/ruby/rubygems/bundler/lib/bundler/rubygems_integration.rb:393
  ruby#13	Bundler::SharedHelpers#filesystem_access(path="/home/jaruga/var/git/report-bundler-bund..., action=:write, block=#<Proc:0x00007f4e1d7dfad8 /home/jaruga/va...) at ~/var/git/ruby/rubygems/bundler/lib/bundler/shared_helpers.rb:106
  ruby#14	block in Bundler::RubygemsIntegration#download_gem at ~/var/git/ruby/rubygems/bundler/lib/bundler/rubygems_integration.rb:392
  ruby#15	Bundler::Retry#run(block=#<Proc:0x00007f4e1d7df9c0 /home/jaruga/va...) at ~/var/git/ruby/rubygems/bundler/lib/bundler/retry.rb:48
  ruby#16	Bundler::Retry#attempts(block=#<Proc:0x00007f4e1d7df880 /home/jaruga/va...) at ~/var/git/ruby/rubygems/bundler/lib/bundler/retry.rb:38
  ruby#17	Bundler::RubygemsIntegration#download_gem(spec=Gem::Specification.new do |s| s.name = "h..., uri=#<Gem::URI::HTTPS https://localhost:18443..., cache_dir="/home/jaruga/var/git/report-bundler-bund..., fetcher=#<Bundler::Fetcher::GemRemoteFetcher:0x00...) at ~/var/git/ruby/rubygems/bundler/lib/bundler/rubygems_integration.rb:384
  ruby#18	block in Bundler::Source::Rubygems#download_gem at ~/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:531
  ruby#19	Gem.time(msg="Downloaded hello in", width=0, display=true) at ~/.local/ruby-4.1.0-debug-3ef48ef9c8-openssl-4.1.0-7194354488/lib/ruby/4.1.0+1/rubygems.rb:1068
  ruby#20	Bundler::Source::Rubygems#download_gem(spec=Gem::Specification.new do |s| s.name = "h..., download_cache_path="/home/jaruga/var/git/report-bundler-bund..., previous_spec=nil) at ~/var/git/ruby/rubygems/bundler/lib/bundler/source/rubygems.rb:530
...
```

According to the following logic, `@cert_files` is not nil,
as `Dir.glob(patterns` returns Array.

lib/rubygems/remote_fetcher.rb
```
  def initialize(proxy = nil, dns = nil, headers = {})
    ...
    @cert_files = Gem::Request.get_cert_files
    ...
  end
```

lib/rubygems/request.rb
```
  def self.get_cert_files
    pattern = File.expand_path("./ssl_certs/*/*.pem", __dir__)
    Dir.glob(pattern)
  end
```
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants