Hi,
I find patching rubygems (for CVEs) a pain in the ass because of the packaging guideline requirement to have the rubygem package's Source0 be the actual gem.
I'd much rather work from tarballs.
Kind regards,
Jeroen van Meeuwen -kanarip
On Thu, 2009-02-26 at 17:41 +0100, Jeroen van Meeuwen wrote:
I find patching rubygems (for CVEs) a pain in the ass because of the packaging guideline requirement to have the rubygem package's Source0 be the actual gem.
I'd much rather work from tarballs.
I think the real culprit is that nothing is done until %install in basic rubygem packages.
Maybe we should move to a scheme where we 'install' the rubygem into the source dir during %prep, and then copy files from there to %{buildroot}%{gemdir} during %install.
David
David Lutterkort wrote, at 03/02/2009 03:08 PM +9:00:
On Thu, 2009-02-26 at 17:41 +0100, Jeroen van Meeuwen wrote:
I find patching rubygems (for CVEs) a pain in the ass because of the packaging guideline requirement to have the rubygem package's Source0 be the actual gem.
I'd much rather work from tarballs.
I think the real culprit is that nothing is done until %install in basic rubygem packages.
Maybe we should move to a scheme where we 'install' the rubygem into the source dir during %prep, and then copy files from there to %{buildroot}%{gemdir} during %install.
David
I think you are saying "into the build dir" (i.e. %_builddir). Then:
As you know for rubygems containing C codes I suggested to install them first under %_builddir, compile C codes there and copy all files into %buildroot and this was already accepted by FPC/FESCo. So I think suggesting to install _all_ rubygems under %_builddir first can also be accepted.
What I am wondering currently is at what stage we should install rubygems into %_builddir, whether %prep or %build. Current "rubygem with C code" (proposed by me) is - to create "empty" directory first by "%setup -q -c -T" at %prep - then install rubygems under %_builddir at %build (then some compilation is done in %build) - then copy all needed files at %install However if we want to use "%patch0 -p1 -b .foo", for example, for files installed under %_builddir, rubygems must be installed under %_builddir at %prep, because rpm does not accept %patch? method at %build like: ----------------------------------------------------- + %patch0 -p0 -b .filechooser /home/tasaka1/rpmbuild/INSTROOT/rpm-tmp.n07iGu: line 29: fg: no job control -----------------------------------------------------
Regards, Mamoru
On Mon, 2009-03-02 at 17:07 +0900, Mamoru Tasaka wrote:
David Lutterkort wrote, at 03/02/2009 03:08 PM +9:00:
On Thu, 2009-02-26 at 17:41 +0100, Jeroen van Meeuwen wrote:
I find patching rubygems (for CVEs) a pain in the ass because of the packaging guideline requirement to have the rubygem package's Source0 be the actual gem.
I'd much rather work from tarballs.
I think the real culprit is that nothing is done until %install in basic rubygem packages.
Maybe we should move to a scheme where we 'install' the rubygem into the source dir during %prep, and then copy files from there to %{buildroot}%{gemdir} during %install.
David
I think you are saying "into the build dir" (i.e. %_builddir). Then:
Yeah, that's what I meant.
As you know for rubygems containing C codes I suggested to install them first under %_builddir, compile C codes there and copy all files into %buildroot and this was already accepted by FPC/FESCo.
So I think suggesting to install _all_ rubygems under %_builddir first can also be accepted.
I would hope so, too.
What I am wondering currently is at what stage we should install rubygems into %_builddir, whether %prep or %build. Current "rubygem with C code" (proposed by me) is
- to create "empty" directory first by "%setup -q -c -T" at %prep
- then install rubygems under %_builddir at %build (then some compilation is done in %build)
- then copy all needed files at %install
However if we want to use "%patch0 -p1 -b .foo", for example, for files installed under %_builddir, rubygems must be installed under %_builddir at %prep, because rpm does not accept %patch? method at %build like:
Since the main motiviation for a change is to enable the workflow that RPM maintainers are used to, we do want the various sections to have their 'usual' meanings, i.e. %prep - unpack sources, apply patches %build - compile/generate files from sources %install - put files into their 'right' place
So the main deviation from what the guidelines for binary rubygems suggest right now is that we'd run 'gem install' in %prep - for Ruby-only gems not a big deal, but for binary gems, it's stupid, since we'd need to recompile the gem in %build after patches have been applied.
Unfortunately, rubygems don't have a way to split building them into unpack/compile/install the same way as rpm's do.
David
David Lutterkort wrote, at 03/03/2009 08:27 AM +9:00:
On Mon, 2009-03-02 at 17:07 +0900, Mamoru Tasaka wrote:
What I am wondering currently is at what stage we should install rubygems into %_builddir, whether %prep or %build. Current "rubygem with C code" (proposed by me) is
- to create "empty" directory first by "%setup -q -c -T" at %prep
- then install rubygems under %_builddir at %build (then some compilation is done in %build)
- then copy all needed files at %install
However if we want to use "%patch0 -p1 -b .foo", for example, for files installed under %_builddir, rubygems must be installed under %_builddir at %prep, because rpm does not accept %patch? method at %build like:
Since the main motiviation for a change is to enable the workflow that RPM maintainers are used to, we do want the various sections to have their 'usual' meanings, i.e. %prep - unpack sources, apply patches %build - compile/generate files from sources %install - put files into their 'right' place
So the main deviation from what the guidelines for binary rubygems suggest right now is that we'd run 'gem install' in %prep - for Ruby-only gems not a big deal, but for binary gems, it's stupid, since we'd need to recompile the gem in %build after patches have been applied.
Unfortunately, rubygems don't have a way to split building them into unpack/compile/install the same way as rpm's do.
David
Umm.. Currently I have no idea for this, however - Anyway it seems that installing rubygems first under %_builddir (after %setup -q -c -T) should be done at %prep, in case applying patches and some extra commands are needed. - For rubygems including C codes, for now recompiling all codes seems unavoidable if we use rubygems and when patches are needed, very unwilling, though. Perhaps there are some cases where installing rubygems (by $ gem install) itself fails without patches
Usually recompiling such codes will be done through "rake build" or so. I think such commands (i.e. "rake build" or so) should be done at %build like non-gem rpms (even if first attempt of compiling C codes through $ gem install are already done _at %prep_)
- Or we (explicitly) allow to expand gem archive by using "tar" twice like below? -------------------------------------------------------- %prep
%setup -q -c -T tar xf <source gem archive> mkdir data ; cd data tar xf ../data.tar.gz %patch0 -p0 -b .foo
%build cd data/ rake build .... --------------------------------------------------------
Regards, Mamoru
packaging@lists.fedoraproject.org