ruby

Generate Gem Checksums

The example script on the RubyGems Guides Security page is short and sweet, and left a lot of work for me to do. require 'digest/sha2' built_gem_path = 'pkg/gemname-version.gem' checksum = Digest::SHA512.new.hexdigest(File.read(built_gem_path)) checksum_path = 'checksum/gemname-version.gem.sha512' File.open(checksum_path, 'w' ) {|f| f.write(checksum) } # add and commit 'checksum_path' It doesn’t create SHA-256 checksums, which are the only ones displayed on the gem’s landing page at RubyGems.org. There is also a rake task (rake build:checksum) which only creates an SHA-256 checksum.

October 11, 2023 Read

RequireBench: When do you use it?

RequireBench: When do you use it? Upgrading an old application, I encountered the following code. # Uncomment the following monkey patch to debug "SystemStackError: stack level too deep" during boot up module Kernel def require_and_print(string) puts string require_original(string) end alias_method :require_original, :require alias_method :require, :require_and_print end This is what require_bench was written for. You don’t need to add hacks like this to your code anymore! OK, but why is the gem better than the hack?

April 15, 2023 Read

How to Repair an Old Gem (Part 5) - Rakefile & RuboCop LTS

Checkout Part 1, Part 2, Part 3, and Part 4 of the series first! In the early days of writing Ruby libraries there were many patterns, and it took time to discover problems with each, if any. By 2009 (well after the release of Ruby 1.8.7) it had become clear using the statement require "rubygems" from inside a rubygem library is problematic. So we’ll rip it out of the os source!

December 11, 2022 Read

How to Repair an Old Gem (Part 4) - Upgrade Autotest

Checkout Part 1, Part 2, and Part 3 of the series first! The ancient, venerable, and useful autotest gem died, but was reborn as rspec-autotest. Let’s migrate the library to use it! We still use the old .autotest hook file, but we replace the old contents: # autotest config for rspec # see: https://github.com/rspec/rspec/wiki/autotest Autotest.add_hook(:initialize) {|at| at.add_exception %r{^\.git} # ignore Version Control System at.add_exception %r{^pkg} # ignore gem pkg dir # at.

December 11, 2022 Read

How to Repair an Old Gem (Part 3) - Upgrade RSpec

Checkout Part 1, and Part 2 of the series first! Now that we can bundle install, and have a passing test suite with a very old version of RSpec, we need to upgrade RSpec. This is most easily done with a tool called transpec. Before we can setup transpec we need to upgrade to a minimum version of Ruby. Some generic requirements are: RSpec must be at least 2.14 or later.

December 11, 2022 Read

List of (Currently) Maintained RubyGems

I’m a Tidelift Maintainer What is Tidelift? Tidelift maximizes the health and security of the open source powering your applications. Provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications. Tidelift partners directly with maintainers like me and pays them to ensure the open source software organizations rely on meets enterprise standards now and into the future.

November 27, 2022 Read

How to Repair an Old Gem (Part 2) - Bundler

Checkout Part 1 of the series first! When I started working on this os repair project a fresh checkout of the source code would not bundle install. I was able to fix the problem, but these issues are like peeling an onion. After fixing bundler the tests would not run, and how can you merge a PR if the test suite hasn’t been run? The critical change for bundler is removing the os gem from being a dependency of the os gem.

May 5, 2022 Read

How to Repair an Old Gem (Part 1)

I want to build out new features in my rspec-pending_for gem, and to do that I want to use the os gem, which is a de-facto standard. Unfortunately the os gem has been in a state of extreme disrepair for some time. The author does respond on the issue tracker, and merges pull requests, but is no longer actively working on the gem. As it stands the os gem has a number critical issues and I have documented them extensively.

May 5, 2022 Read

New Release of oauth: Version 0.5.8

oauth version 0.5.8 is Released Project Ruby Oauth name, license, docs version & downloads dependencies & linting unit tests coverage & maintainability resources Spread ~♡ⓛⓞⓥⓔ♡~ 🌏 👼 💻 🌹 0.5.8 2021-11-10 Added Added more documentation files to packaged gem, e.g. SECURITY.md, CODE_OF_CONDUCT.md Fixed Removed reference to RUBY_VERSION from gemspec, as it depends on rake release, which is problematic on some ruby engines. (by @pboling)

November 10, 2021 Read

New Release of oauth: Version 0.5.7

oauth version 0.5.7 is Released Project Ruby Oauth name, license, docs version & downloads dependencies & linting unit tests coverage & maintainability resources Spread ~♡ⓛⓞⓥⓔ♡~ 🌏 👼 💻 🌹 0.5.7 2021-11-02 Added Setup Rubocop (#205, #208 by @pboling) Added CODE_OF_CONDUCT.md (#217, #218 by @pboling) Added FUNDING.yml (#217, #218 by @pboling) Added Client Certificate Options: :ssl_client_cert and :ssl_client_key (#136, #220 by @pboling) Handle a nested array of hashes in OAuth::Helper.normalize (#80, #221 by @pboling) Changed Switch from TravisCI to Github Actions (#202, #207, #176 by @pboling) Upgrade webmock to v3.

November 3, 2021 Read

Maintaining oauth

A Ruby wrapper for the OAuth 1.0 protocol Status Project Ruby Oauth name, license, docs version & downloads dependencies & linting unit tests coverage & maintainability resources Spread ~♡ⓛⓞⓥⓔ♡~ 🌏 👼 💻 🌹 What This is a RubyGem for implementing both OAuth 1.0 clients and servers in Ruby applications. See the OAuth 1.0 spec http://oauth.net/core/1.0/ See the sibling gem oauth2 for OAuth 2.0 implementations in Ruby. Installation Add this line to your application’s Gemfile:

November 2, 2021 Read

New Release of oauth2: Version 1.4.5

oauth2 version 1.4.5 is Released The oauth2 gem team has been working on preparing a version 2.0.0 for release. It will have some minor breaking changes, and some important bug fixes. It will have code cleanup, and new features. But for many people version 1.4.x has been working fine, and all they need is a new version, warts and all, which fixes some bugs, adds some features, and allows them to upgrade some dependencies, particularly jwt and faraday.

March 18, 2020 Read