SlideShare a Scribd company logo

What's new in RubyGems3

Hiroshi SHIBATA
Hiroshi SHIBATA

The package management of the Ruby language

Technology
1 of 46
Download to read offline
The Package Manager of the Ruby Language Hiroshi SHIBATA / GMO Pepabo, Inc. 2019.3.22 Railsdm 2019 What’s new In RubyGems3
self.introduce
Executive Officer VP of Engineering Technical Director at GMO Pepabo, Inc. @pepabo Hiroshi SHIBATA @hsbt https://www.hsbt.org
self.introduce => { name: “SHIBATA Hiroshi”, nickname: “hsbt”, organizations: [“ruby”, “rubygems”, “bundler”, “asakusarb”, “railsgirls”, “pepabo”, …], commit_bits: [“ruby”, “rake”, “rubygems”, “bundler”, “rdoc”, “psych”, “json”, “ruby-build”, “railsgirls”, “railsgirls-jp”, …], sites: [“hsbt.org”, “ruby-lang.org”, “rubyci.org”, “railsgirls.com”, “railsgirls.jp”], }
•The RubyGems team •RubyGems •RubyGems 3 •RubyGems 4 •Bundler •RubyGems Bundler Integration Agenda
The RubyGem team 1.
Who are RubyGems Team member? alumni alumni alumni SRE Dev Dev Dev Dev
Specific roles Release Manager @hsbt: Master branch as 3.1, 3.0 and 2.7 Security Handler @hsbt: HackerOne and Private Repository Fulltime Commiter @deivid-rodriguez: Supported by RubyTogether
RubyGems 3.
•The package manager of Ruby libraries. •`gem install “rails:~>5.2”` •You can install specified version of Ruby libraries that called `Gem`. RubyGems handles global environment on your box. •You could specify `gem ‘rails’, ‘~> 5.2’` syntax without its dependency in your code. What’s rubygems?
•The RubyGems accepts SemVer like versioning Policy. •Merge latest stable version into Ruby Core •Ruby 2.6.0 bundled RubyGems 3.0 •Ruby 2.7.0 will bundle RubyGems 3.1 or 4.0(TBD) •Ruby 3.0 will bundle RubyGems ??? The policy of RubyGems versioning
•RubyGems also have HackerOne. •3 people handle vulnerability issues and will release RubyGems by SemVer Policy like “2.7.7” from “2.7.6” •On the other hand, The Ruby core team will back port only vulnerability fixes by independent version like “2.6.5.1”, not “2.7.7” Security release of RubyGems
How develop RubyGems? • The canonical repository is https:// github.com/rubygems/rubygems. • https://github.com/rubygems/ rubygems.org is rubygems.org. It’s not client software. • We use Pull-Request and merge bot named `@bundlerbot`
RubyGems 3 5.
•I released RubyGems 3 at 19 Dec 2018 •https://blog.rubygems.org/ 2018/12/19/3.0.0-released.html •It says 5 major updates. • S3 source. Pull request #1690 by Aditya Prakash. • Download gems with threads. Pull request #1898 by André Arko. • Update to SPDX license list 3.0. Pull request #2152 by Mike Linksvayer. • [GSoC] Multi-factor feature for RubyGems. Pull request #2369 by Qiu Chaofan. • Use bundler 1.17.2. Pull request #2521 by SHIBATA Hiroshi. RubyGems 3 has been released
•We use the changelog generator from commit logs. •https://github.com/rubygems/ rubygems/blob/master/util/ update_changelog.rb •It picked by @bundlerbot messages. •Because the changelog is not structured text. Where come from the changelog?
changelog.introduce
•https://github.com/rubygems/rubygems/ pull/1898 •It introduced `concurrent_downloads` option at `.gemrc`. The default value is 8. •It makes 8 times faster with `gem install`. Download gems with threads
•https://github.com/rubygems/ rubygems/pull/2369 •It introduced the multi-factor authentication for gem management by CLI like `gem push` •https://guides.rubygems.org/setting- up-multifactor-authentication/ Multi-factor feature for RubyGems
•https://github.com/rubygems/rubygems/ pull/2142 •Related with https://nvd.nist.gov/vuln/ detail/CVE-2017-17405 •Given the pipe operator `|`, the attacker can execute a malicious code. Use File.open instead of open
•https://github.com/rubygems/rubygems/ pull/2207 Added coverage ability used by simplecov ~/D/g/r/rubygems (master) > rake test Run options: --seed 2662 # Running: ................................................................................................................... ...... (snip) ...........................................................................S....................................... ......................................... Finished in 72.010573s, 29.0513 runs/s, 90.0423 assertions/s. 2092 runs, 6484 assertions, 0 failures, 0 errors, 1 skips You have skipped tests. Run with --verbose for details. Coverage report generated for Unit Tests to /Users/hsbt/Documents/github.com/rubygems/rubygems/coverage. 8219 / 9194 LOC (89.4%) covered.
•https://github.com/rubygems/rubygems/ pull/2278 •It makes gem spec reproducible. •https://reproducible-builds.org/specs/ source-date-epoch/ •I’m not familiar with it… Support SOURCE_DATE_EPOCH
•https://github.com/rubygems/rubygems/ pull/2308 •https://github.com/rubygems/rubygems/ pull/2023 introduces `gem info` command. It avoid to use `gem i`. Add alias command ‘i’ for ‘install’ % gem i bundler ERROR: While executing gem ... (Gem::CommandLineError) Ambiguous command i matches [info, install]
•https://github.com/rubygems/rubygems/ pull/2466 •Now, RubyGems supports above options for `gem uninstall` Uninstall with versions  % gem i bundler:1.17.3 % gem uninstall bundler:1.17.3
•Removed deprecated methods. •Removed to support for < Ruby 2.2. •Removed Syck support. •Added warnings of deprecated methods. •Removed deprecated options. •[CAUTION] `--ri` and `--rdoc` options Cleanup Code-base
Added Rubocop AllCops: DisabledByDefault: true Exclude: - 'bundler/**/*' - 'lib/rubygems/resolver/molinillo/**/*' - 'pkg/**/*' TargetRubyVersion: 2.3 Layout/AccessModifierIndentation: Enabled: true Layout/BlockAlignment: Enabled: true Layout/CaseIndentation: Enabled: true Layout/ClosingParenthesisIndentation: Enabled: true Layout/CommentIndentation: Enabled: true Layout/ElseAlignment: Enabled: true MultilineIfThen: Enabled: true
•BundlerVersionFinder was introduced at RubyGems 2.7 •It ability is the version detection by RubyGems with Gemfile.lock strictly. Ex. 1.17.3 matches only 1.17.3 •We update it condition. Now, 1.17.3 matches 1.x.y, 2.0.3 also matches 2.x.y. Update Bundler Version Finder
RubyGems 4 4.
•It has non-compatible features. • Make enable as default for conservative option: https://github.com/rubygems/rubygems/pull/2233 • Make ruby gem install to user-install by default: https://github.com/rubygems/rubygems/issues/1394 • Executables in bin folder conflict with their gem versions: https://bugs.ruby-lang.org/issues/5060 • Behaviour changes with default gems installer: https://github.com/rubygems/rubygems/pull/2166 What’s new in RubyGems4?
•We got the installation time when already installed gems. •To use conservative is ignore re-install action. Make conservative option as default ~ > gem i rails clone http://rubyonrails.org -> /Users/hsbt/Documents/rubyonrails.org git ls-remote http://rubyonrails.org hg identify http://rubyonrails.org svn info http://rubyonrails.org error Could not find version control system: http://rubyonrails.org exists /Users/hsbt/Documents/github.com/rails/rails Successfully installed rails-5.2.0 1 gem installed ~ > gem i rails —conservative ~ >
•Rubygems 4 will install the all gems to under the `~/.gem` •Pros: Ruby in linux distribution has many of FAQ for gem installation for using `sudo`. This change resolve this issues. •Cons: Ruby version manager like rbenv is not support it. And This is big incompatible feature. Make `--user-install` as default
Bundler 5.
•The vendoring tool of Ruby. •RubyGems couldn’t care dependency of Ruby libraries and isolate version managing with ruby process. •Bundler can do them with `Gemfile` What’s bundler? # frozen_string_literal: true source "https://rubygems.org" git_source(:github) { |repo| "https://github.com/#{repo}.git" } gemspec # We need a newish Rake since Active Job sets its test tasks' descriptions. gem "rake", ">= 11.1"
•We released 1.17.x and 2.0.x at last year. •We disabled the incompatible features like renaming `gems.rb` from `Gemfile` •They no longer support under the Ruby 2.2. What’s new in Bundler 2?
RubyGems Bundler Integration 6.
•We are working to integrate RubyGems and Bundler. •I’m working it because Bundler 2 was released. •RubyGems 3&4 drop to support under the Ruby 2.2. Because Bundler 1.x still supports Ruby 1.8 and 1.9. RubyGems/Bundler integration
•Bundler was located rubygems repository as git submodule Bundler Integration(rubygems.rb) if USE_BUNDLER_FOR_GEMDEPS ENV["BUNDLE_GEMFILE"] ||= File.expand_path(path) require 'rubygems/user_interaction' Gem::DefaultUserInteraction.use_ui(ui) do require "bundler" @gemdeps = Bundler.setup Bundler.ui = nil @gemdeps.requested_specs.map(&:to_spec).sort_by(&:name) end else rs = Gem::RequestSet.new @gemdeps = rs.load_gemdeps path rs.resolve_current.map do |s| s.full_spec.tap(&:activate) end end
•RubyGems 2.x, 3.x uses Molinillo-0.5.7 •Bundler 1.16.x also uses Molinillo-0.6.4 •These are different versions and behavior of dependency resolver. Dependency Resolver incompatible ~/D/g/r/rubygems (master) > ls lib/rubygems/resolver/molinillo/lib/molinillo delegates dependency_graph.rb gem_metadata.rb resolution.rb state.rb dependency_graph errors.rb modules resolver.rb ~/D/g/b/bundler (master) > ls lib/bundler/vendor/molinillo/lib/molinillo compatibility.rb dependency_graph errors.rb modules resolver.rb delegates dependency_graph.rb gem_metadata.rb resolution.rb state.rb
•RubyGems and Bundler stored the duplicated certificates in your box. Duplicates the certificates ~/D/g/r/rubygems (master) > fd . lib/rubygems/ssl_certs/ lib/rubygems/ssl_certs/index.rubygems.org lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem lib/rubygems/ssl_certs/rubygems.org lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem ~/D/g/r/rubygems (master) > fd . bundler/lib/bundler/ssl_certs/ bundler/lib/bundler/ssl_certs/index.rubygems.org bundler/lib/bundler/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem bundler/lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net bundler/lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem bundler/lib/bundler/ssl_certs/rubygems.org bundler/lib/bundler/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem
•We will move the canonical repository of bundler to rubygems org or rubygems/rubygems(TBD). •I have a plan to integrate code-base and command-line interface. Ex. `gem install` fallback to `bundle install` with no arguments. (TBD) •After RubyKaigi 2019, the rubygems/bundler team member will discuss about this merger consideration in Fukuoka. RubyGems/Bundler integration
❤

Recommended

The Future of library dependency manageement of Ruby
The Future of library dependency manageement of RubyThe Future of library dependency manageement of Ruby
The Future of library dependency manageement of RubyHiroshi SHIBATA
 
The Future of library dependency management of Ruby
The Future of library dependency management of Ruby The Future of library dependency management of Ruby
The Future of library dependency management of RubyHiroshi SHIBATA
 
OSS Security the hard way
OSS Security the hard wayOSS Security the hard way
OSS Security the hard wayHiroshi SHIBATA
 
The Future of Bundled Bundler
The Future of Bundled BundlerThe Future of Bundled Bundler
The Future of Bundled BundlerHiroshi SHIBATA
 
The Future of Dependency Management for Ruby
The Future of Dependency Management for RubyThe Future of Dependency Management for Ruby
The Future of Dependency Management for RubyHiroshi SHIBATA
 
Roadmap for RubyGems 4 and Bundler 3
Roadmap for RubyGems 4 and Bundler 3Roadmap for RubyGems 4 and Bundler 3
Roadmap for RubyGems 4 and Bundler 3Hiroshi SHIBATA
 
Gems on Ruby
Gems on RubyGems on Ruby
Gems on RubyHiroshi SHIBATA
 
How to distribute Ruby to the world
How to distribute Ruby to the worldHow to distribute Ruby to the world
How to distribute Ruby to the worldHiroshi SHIBATA
 

Recommended

The Future of library dependency manageement of Ruby
The Future of library dependency manageement of RubyThe Future of library dependency manageement of Ruby
The Future of library dependency manageement of RubyHiroshi SHIBATA
 
The Future of library dependency management of Ruby
The Future of library dependency management of Ruby The Future of library dependency management of Ruby
The Future of library dependency management of RubyHiroshi SHIBATA
 
OSS Security the hard way
OSS Security the hard wayOSS Security the hard way
OSS Security the hard wayHiroshi SHIBATA
 
The Future of Bundled Bundler
The Future of Bundled BundlerThe Future of Bundled Bundler
The Future of Bundled BundlerHiroshi SHIBATA
 
The Future of Dependency Management for Ruby
The Future of Dependency Management for RubyThe Future of Dependency Management for Ruby
The Future of Dependency Management for RubyHiroshi SHIBATA
 
Roadmap for RubyGems 4 and Bundler 3
Roadmap for RubyGems 4 and Bundler 3Roadmap for RubyGems 4 and Bundler 3
Roadmap for RubyGems 4 and Bundler 3Hiroshi SHIBATA
 
Gems on Ruby
Gems on RubyGems on Ruby
Gems on RubyHiroshi SHIBATA
 
How to distribute Ruby to the world
How to distribute Ruby to the worldHow to distribute Ruby to the world
How to distribute Ruby to the worldHiroshi SHIBATA
 
Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesHiroshi SHIBATA
 
Ruby Security the Hard Way
Ruby Security the Hard WayRuby Security the Hard Way
Ruby Security the Hard WayHiroshi SHIBATA
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4Hiroshi SHIBATA
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Hiroshi SHIBATA
 
How to distribute Ruby to the world
How to distribute Ruby to the worldHow to distribute Ruby to the world
How to distribute Ruby to the worldHiroshi SHIBATA
 
Gems on Ruby
Gems on RubyGems on Ruby
Gems on RubyHiroshi SHIBATA
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4Hiroshi SHIBATA
 
How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?Hiroshi SHIBATA
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014Hiroshi SHIBATA
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04Hiroshi SHIBATA
 
20140918 ruby kaigi2014
20140918 ruby kaigi201420140918 ruby kaigi2014
20140918 ruby kaigi2014Hiroshi SHIBATA
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for RubyHiroshi SHIBATA
 
20140925 rails pacific
20140925 rails pacific20140925 rails pacific
20140925 rails pacificHiroshi SHIBATA
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHiroshi SHIBATA
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Hiroshi SHIBATA
 
tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02Hiroshi SHIBATA
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalkHiroshi SHIBATA
 
How DSL works on Ruby
How DSL works on RubyHow DSL works on Ruby
How DSL works on RubyHiroshi SHIBATA
 
How to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rbHow to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rbHiroshi SHIBATA
 
The story of language development
The story of language developmentThe story of language development
The story of language developmentHiroshi SHIBATA
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and futureHiroshi SHIBATA
 

More Related Content

What's hot

Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesHiroshi SHIBATA
 
Ruby Security the Hard Way
Ruby Security the Hard WayRuby Security the Hard Way
Ruby Security the Hard WayHiroshi SHIBATA
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Hiroshi SHIBATA
 
How to distribute Ruby to the world
How to distribute Ruby to the worldHow to distribute Ruby to the world
How to distribute Ruby to the worldHiroshi SHIBATA
 
How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?Hiroshi SHIBATA
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014Hiroshi SHIBATA
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04Hiroshi SHIBATA
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for RubyHiroshi SHIBATA
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHiroshi SHIBATA
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Hiroshi SHIBATA
 
tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02Hiroshi SHIBATA
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalkHiroshi SHIBATA
 
How to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rbHow to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rbHiroshi SHIBATA
 

What's hot (20)

Dependency Resolution with Standard Libraries
Dependency Resolution with Standard LibrariesDependency Resolution with Standard Libraries
Dependency Resolution with Standard Libraries
 
Ruby Security the Hard Way
Ruby Security the Hard WayRuby Security the Hard Way
Ruby Security the Hard Way
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0
 
How to distribute Ruby to the world
How to distribute Ruby to the worldHow to distribute Ruby to the world
How to distribute Ruby to the world
 
Gems on Ruby
Gems on RubyGems on Ruby
Gems on Ruby
 
RubyGems 3 & 4
RubyGems 3 & 4RubyGems 3 & 4
RubyGems 3 & 4
 
How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?How to develop the Standard Libraries of Ruby?
How to develop the Standard Libraries of Ruby?
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mruby
 
20140425 ruby conftaiwan2014
20140425 ruby conftaiwan201420140425 ruby conftaiwan2014
20140425 ruby conftaiwan2014
 
20140419 oedo rubykaigi04
20140419 oedo rubykaigi0420140419 oedo rubykaigi04
20140419 oedo rubykaigi04
 
20140918 ruby kaigi2014
20140918 ruby kaigi201420140918 ruby kaigi2014
20140918 ruby kaigi2014
 
The details of CI/CD environment for Ruby
The details of CI/CD environment for RubyThe details of CI/CD environment for Ruby
The details of CI/CD environment for Ruby
 
20140925 rails pacific
20140925 rails pacific20140925 rails pacific
20140925 rails pacific
 
How to Begin to Develop Ruby Core
How to Begin to Develop Ruby CoreHow to Begin to Develop Ruby Core
How to Begin to Develop Ruby Core
 
Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0Gemification for Ruby 2.5/3.0
Gemification for Ruby 2.5/3.0
 
tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02tDiary annual report 2009 - Sapporo Ruby Kaigi02
tDiary annual report 2009 - Sapporo Ruby Kaigi02
 
20141210 rakuten techtalk
20141210 rakuten techtalk20141210 rakuten techtalk
20141210 rakuten techtalk
 
How DSL works on Ruby
How DSL works on RubyHow DSL works on Ruby
How DSL works on Ruby
 
How to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rbHow to develop Jenkins plugin using to ruby and Jenkins.rb
How to develop Jenkins plugin using to ruby and Jenkins.rb
 

Similar to What's new in RubyGems3

The story of language development
The story of language developmentThe story of language development
The story of language developmentHiroshi SHIBATA
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and futureHiroshi SHIBATA
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mrubyHiroshi SHIBATA
 
JRuby, Ruby, Rails and You on the Cloud
JRuby, Ruby, Rails and You on the CloudJRuby, Ruby, Rails and You on the Cloud
JRuby, Ruby, Rails and You on the CloudHiro Asari
 
My rails way
My rails wayMy rails way
My rails waywildjcrt
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Brian Sam-Bodden
 
Toolbox of a Ruby Team
Toolbox of a Ruby TeamToolbox of a Ruby Team
Toolbox of a Ruby TeamArto Artnik
 
Rails入門與新人實戰經驗分享
Rails入門與新人實戰經驗分享Rails入門與新人實戰經驗分享
Rails入門與新人實戰經驗分享wildjcrt
 
Gemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyGemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyHiroshi SHIBATA
 
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...Michael Kimathi
 
GIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APPGIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APPPavel Tyk
 
What would your own version of Ruby look like?
What would your own version of Ruby look like?What would your own version of Ruby look like?
What would your own version of Ruby look like?Hung Wu Lo
 
Rapid RIA development with Netzke
Rapid RIA development with NetzkeRapid RIA development with Netzke
Rapid RIA development with Netzkenetzke
 
Breaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIBreaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIIvan Nemytchenko
 
Automated Releases to RubyGems.org using Travis-CI.org
Automated Releases to RubyGems.org using Travis-CI.orgAutomated Releases to RubyGems.org using Travis-CI.org
Automated Releases to RubyGems.org using Travis-CI.orgFrancis Luong
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 
Women Who Code - RSpec JSON API Workshop
Women Who Code - RSpec JSON API WorkshopWomen Who Code - RSpec JSON API Workshop
Women Who Code - RSpec JSON API WorkshopEddie Lau
 

Similar to What's new in RubyGems3 (20)

The story of language development
The story of language developmentThe story of language development
The story of language development
 
The secret of programming language development and future
The secret of programming language development and futureThe secret of programming language development and future
The secret of programming language development and future
 
Middleware as Code with mruby
Middleware as Code with mrubyMiddleware as Code with mruby
Middleware as Code with mruby
 
JRuby, Ruby, Rails and You on the Cloud
JRuby, Ruby, Rails and You on the CloudJRuby, Ruby, Rails and You on the Cloud
JRuby, Ruby, Rails and You on the Cloud
 
My rails way
My rails wayMy rails way
My rails way
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013
 
Toolbox of a Ruby Team
Toolbox of a Ruby TeamToolbox of a Ruby Team
Toolbox of a Ruby Team
 
Go at Skroutz
Go at SkroutzGo at Skroutz
Go at Skroutz
 
Rails入門與新人實戰經驗分享
Rails入門與新人實戰經驗分享Rails入門與新人實戰經驗分享
Rails入門與新人實戰經驗分享
 
Gemification plan of Standard Library on Ruby
Gemification plan of Standard Library on RubyGemification plan of Standard Library on Ruby
Gemification plan of Standard Library on Ruby
 
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...
Opal,The Journey from Javascript to Ruby at Ruby Conf Kenya 2017 by Bozhidar ...
 
GIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APPGIT, RVM, FIRST HEROKU APP
GIT, RVM, FIRST HEROKU APP
 
What would your own version of Ruby look like?
What would your own version of Ruby look like?What would your own version of Ruby look like?
What would your own version of Ruby look like?
 
Inside GitHub with Chris Wanstrath
Inside GitHub with Chris WanstrathInside GitHub with Chris Wanstrath
Inside GitHub with Chris Wanstrath
 
Rapid RIA development with Netzke
Rapid RIA development with NetzkeRapid RIA development with Netzke
Rapid RIA development with Netzke
 
Breaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIBreaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CI
 
Automated Releases to RubyGems.org using Travis-CI.org
Automated Releases to RubyGems.org using Travis-CI.orgAutomated Releases to RubyGems.org using Travis-CI.org
Automated Releases to RubyGems.org using Travis-CI.org
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub Clone
 
Women Who Code - RSpec JSON API Workshop
Women Who Code - RSpec JSON API WorkshopWomen Who Code - RSpec JSON API Workshop
Women Who Code - RSpec JSON API Workshop
 
11 Ruby Gems
11 Ruby Gems11 Ruby Gems
11 Ruby Gems
 

More from Hiroshi SHIBATA

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Deep dive into Ruby's require - RubyConf Taiwan 2023
Deep dive into Ruby's require - RubyConf Taiwan 2023Deep dive into Ruby's require - RubyConf Taiwan 2023
Deep dive into Ruby's require - RubyConf Taiwan 2023Hiroshi SHIBATA
 
How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?Hiroshi SHIBATA
 
How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?Hiroshi SHIBATA
 
Ruby コミッターと歩む Ruby を用いたプロダクト開発
Ruby コミッターと歩む Ruby を用いたプロダクト開発Ruby コミッターと歩む Ruby を用いたプロダクト開発
Ruby コミッターと歩む Ruby を用いたプロダクト開発Hiroshi SHIBATA
 
Why ANDPAD commit Ruby and RubyKaigi?
Why ANDPAD commit Ruby and RubyKaigi?Why ANDPAD commit Ruby and RubyKaigi?
Why ANDPAD commit Ruby and RubyKaigi?Hiroshi SHIBATA
 
RailsGirls から始める エンジニアリングはじめの一歩
RailsGirls から始める エンジニアリングはじめの一歩RailsGirls から始める エンジニアリングはじめの一歩
RailsGirls から始める エンジニアリングはじめの一歩Hiroshi SHIBATA
 
Productive Organization with Ruby
Productive Organization with RubyProductive Organization with Ruby
Productive Organization with RubyHiroshi SHIBATA
 

More from Hiroshi SHIBATA (8)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Deep dive into Ruby's require - RubyConf Taiwan 2023
Deep dive into Ruby's require - RubyConf Taiwan 2023Deep dive into Ruby's require - RubyConf Taiwan 2023
Deep dive into Ruby's require - RubyConf Taiwan 2023
 
How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?
 
How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?How resolve Gem dependencies in your code?
How resolve Gem dependencies in your code?
 
Ruby コミッターと歩む Ruby を用いたプロダクト開発
Ruby コミッターと歩む Ruby を用いたプロダクト開発Ruby コミッターと歩む Ruby を用いたプロダクト開発
Ruby コミッターと歩む Ruby を用いたプロダクト開発
 
Why ANDPAD commit Ruby and RubyKaigi?
Why ANDPAD commit Ruby and RubyKaigi?Why ANDPAD commit Ruby and RubyKaigi?
Why ANDPAD commit Ruby and RubyKaigi?
 
RailsGirls から始める エンジニアリングはじめの一歩
RailsGirls から始める エンジニアリングはじめの一歩RailsGirls から始める エンジニアリングはじめの一歩
RailsGirls から始める エンジニアリングはじめの一歩
 
Productive Organization with Ruby
Productive Organization with RubyProductive Organization with Ruby
Productive Organization with Ruby
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

What's new in RubyGems3

  • 1. The Package Manager of the Ruby Language Hiroshi SHIBATA / GMO Pepabo, Inc. 2019.3.22 Railsdm 2019 What’s new In RubyGems3
  • 3. Executive Officer VP of Engineering Technical Director at GMO Pepabo, Inc. @pepabo Hiroshi SHIBATA @hsbt https://www.hsbt.org
  • 4. self.introduce => { name: “SHIBATA Hiroshi”, nickname: “hsbt”, organizations: [“ruby”, “rubygems”, “bundler”, “asakusarb”, “railsgirls”, “pepabo”, …], commit_bits: [“ruby”, “rake”, “rubygems”, “bundler”, “rdoc”, “psych”, “json”, “ruby-build”, “railsgirls”, “railsgirls-jp”, …], sites: [“hsbt.org”, “ruby-lang.org”, “rubyci.org”, “railsgirls.com”, “railsgirls.jp”], }
  • 5.
  • 6.
  • 7.
  • 8. •The RubyGems team •RubyGems •RubyGems 3 •RubyGems 4 •Bundler •RubyGems Bundler Integration Agenda
  • 10. Who are RubyGems Team member? alumni alumni alumni SRE Dev Dev Dev Dev
  • 11.
  • 12. Specific roles Release Manager @hsbt: Master branch as 3.1, 3.0 and 2.7 Security Handler @hsbt: HackerOne and Private Repository Fulltime Commiter @deivid-rodriguez: Supported by RubyTogether
  • 14. •The package manager of Ruby libraries. •`gem install “rails:~>5.2”` •You can install specified version of Ruby libraries that called `Gem`. RubyGems handles global environment on your box. •You could specify `gem ‘rails’, ‘~> 5.2’` syntax without its dependency in your code. What’s rubygems?
  • 15. •The RubyGems accepts SemVer like versioning Policy. •Merge latest stable version into Ruby Core •Ruby 2.6.0 bundled RubyGems 3.0 •Ruby 2.7.0 will bundle RubyGems 3.1 or 4.0(TBD) •Ruby 3.0 will bundle RubyGems ??? The policy of RubyGems versioning
  • 16. •RubyGems also have HackerOne. •3 people handle vulnerability issues and will release RubyGems by SemVer Policy like “2.7.7” from “2.7.6” •On the other hand, The Ruby core team will back port only vulnerability fixes by independent version like “2.6.5.1”, not “2.7.7” Security release of RubyGems
  • 17. How develop RubyGems? • The canonical repository is https:// github.com/rubygems/rubygems. • https://github.com/rubygems/ rubygems.org is rubygems.org. It’s not client software. • We use Pull-Request and merge bot named `@bundlerbot`
  • 19. •I released RubyGems 3 at 19 Dec 2018 •https://blog.rubygems.org/ 2018/12/19/3.0.0-released.html •It says 5 major updates. • S3 source. Pull request #1690 by Aditya Prakash. • Download gems with threads. Pull request #1898 by André Arko. • Update to SPDX license list 3.0. Pull request #2152 by Mike Linksvayer. • [GSoC] Multi-factor feature for RubyGems. Pull request #2369 by Qiu Chaofan. • Use bundler 1.17.2. Pull request #2521 by SHIBATA Hiroshi. RubyGems 3 has been released
  • 20. •We use the changelog generator from commit logs. •https://github.com/rubygems/ rubygems/blob/master/util/ update_changelog.rb •It picked by @bundlerbot messages. •Because the changelog is not structured text. Where come from the changelog?
  • 22. •https://github.com/rubygems/rubygems/ pull/1898 •It introduced `concurrent_downloads` option at `.gemrc`. The default value is 8. •It makes 8 times faster with `gem install`. Download gems with threads
  • 23. •https://github.com/rubygems/ rubygems/pull/2369 •It introduced the multi-factor authentication for gem management by CLI like `gem push` •https://guides.rubygems.org/setting- up-multifactor-authentication/ Multi-factor feature for RubyGems
  • 24. •https://github.com/rubygems/rubygems/ pull/2142 •Related with https://nvd.nist.gov/vuln/ detail/CVE-2017-17405 •Given the pipe operator `|`, the attacker can execute a malicious code. Use File.open instead of open
  • 25. •https://github.com/rubygems/rubygems/ pull/2207 Added coverage ability used by simplecov ~/D/g/r/rubygems (master) > rake test Run options: --seed 2662 # Running: ................................................................................................................... ...... (snip) ...........................................................................S....................................... ......................................... Finished in 72.010573s, 29.0513 runs/s, 90.0423 assertions/s. 2092 runs, 6484 assertions, 0 failures, 0 errors, 1 skips You have skipped tests. Run with --verbose for details. Coverage report generated for Unit Tests to /Users/hsbt/Documents/github.com/rubygems/rubygems/coverage. 8219 / 9194 LOC (89.4%) covered.
  • 26. •https://github.com/rubygems/rubygems/ pull/2278 •It makes gem spec reproducible. •https://reproducible-builds.org/specs/ source-date-epoch/ •I’m not familiar with it… Support SOURCE_DATE_EPOCH
  • 27. •https://github.com/rubygems/rubygems/ pull/2308 •https://github.com/rubygems/rubygems/ pull/2023 introduces `gem info` command. It avoid to use `gem i`. Add alias command ‘i’ for ‘install’ % gem i bundler ERROR: While executing gem ... (Gem::CommandLineError) Ambiguous command i matches [info, install]
  • 28. •https://github.com/rubygems/rubygems/ pull/2466 •Now, RubyGems supports above options for `gem uninstall` Uninstall with versions  % gem i bundler:1.17.3 % gem uninstall bundler:1.17.3
  • 29. •Removed deprecated methods. •Removed to support for < Ruby 2.2. •Removed Syck support. •Added warnings of deprecated methods. •Removed deprecated options. •[CAUTION] `--ri` and `--rdoc` options Cleanup Code-base
  • 30. Added Rubocop AllCops: DisabledByDefault: true Exclude: - 'bundler/**/*' - 'lib/rubygems/resolver/molinillo/**/*' - 'pkg/**/*' TargetRubyVersion: 2.3 Layout/AccessModifierIndentation: Enabled: true Layout/BlockAlignment: Enabled: true Layout/CaseIndentation: Enabled: true Layout/ClosingParenthesisIndentation: Enabled: true Layout/CommentIndentation: Enabled: true Layout/ElseAlignment: Enabled: true MultilineIfThen: Enabled: true
  • 31. •BundlerVersionFinder was introduced at RubyGems 2.7 •It ability is the version detection by RubyGems with Gemfile.lock strictly. Ex. 1.17.3 matches only 1.17.3 •We update it condition. Now, 1.17.3 matches 1.x.y, 2.0.3 also matches 2.x.y. Update Bundler Version Finder
  • 33. •It has non-compatible features. • Make enable as default for conservative option: https://github.com/rubygems/rubygems/pull/2233 • Make ruby gem install to user-install by default: https://github.com/rubygems/rubygems/issues/1394 • Executables in bin folder conflict with their gem versions: https://bugs.ruby-lang.org/issues/5060 • Behaviour changes with default gems installer: https://github.com/rubygems/rubygems/pull/2166 What’s new in RubyGems4?
  • 34. •We got the installation time when already installed gems. •To use conservative is ignore re-install action. Make conservative option as default ~ > gem i rails clone http://rubyonrails.org -> /Users/hsbt/Documents/rubyonrails.org git ls-remote http://rubyonrails.org hg identify http://rubyonrails.org svn info http://rubyonrails.org error Could not find version control system: http://rubyonrails.org exists /Users/hsbt/Documents/github.com/rails/rails Successfully installed rails-5.2.0 1 gem installed ~ > gem i rails —conservative ~ >
  • 35. •Rubygems 4 will install the all gems to under the `~/.gem` •Pros: Ruby in linux distribution has many of FAQ for gem installation for using `sudo`. This change resolve this issues. •Cons: Ruby version manager like rbenv is not support it. And This is big incompatible feature. Make `--user-install` as default
  • 37. •The vendoring tool of Ruby. •RubyGems couldn’t care dependency of Ruby libraries and isolate version managing with ruby process. •Bundler can do them with `Gemfile` What’s bundler? # frozen_string_literal: true source "https://rubygems.org" git_source(:github) { |repo| "https://github.com/#{repo}.git" } gemspec # We need a newish Rake since Active Job sets its test tasks' descriptions. gem "rake", ">= 11.1"
  • 38.
  • 39. •We released 1.17.x and 2.0.x at last year. •We disabled the incompatible features like renaming `gems.rb` from `Gemfile` •They no longer support under the Ruby 2.2. What’s new in Bundler 2?
  • 41. •We are working to integrate RubyGems and Bundler. •I’m working it because Bundler 2 was released. •RubyGems 3&4 drop to support under the Ruby 2.2. Because Bundler 1.x still supports Ruby 1.8 and 1.9. RubyGems/Bundler integration
  • 42. •Bundler was located rubygems repository as git submodule Bundler Integration(rubygems.rb) if USE_BUNDLER_FOR_GEMDEPS ENV["BUNDLE_GEMFILE"] ||= File.expand_path(path) require 'rubygems/user_interaction' Gem::DefaultUserInteraction.use_ui(ui) do require "bundler" @gemdeps = Bundler.setup Bundler.ui = nil @gemdeps.requested_specs.map(&:to_spec).sort_by(&:name) end else rs = Gem::RequestSet.new @gemdeps = rs.load_gemdeps path rs.resolve_current.map do |s| s.full_spec.tap(&:activate) end end
  • 43. •RubyGems 2.x, 3.x uses Molinillo-0.5.7 •Bundler 1.16.x also uses Molinillo-0.6.4 •These are different versions and behavior of dependency resolver. Dependency Resolver incompatible ~/D/g/r/rubygems (master) > ls lib/rubygems/resolver/molinillo/lib/molinillo delegates dependency_graph.rb gem_metadata.rb resolution.rb state.rb dependency_graph errors.rb modules resolver.rb ~/D/g/b/bundler (master) > ls lib/bundler/vendor/molinillo/lib/molinillo compatibility.rb dependency_graph errors.rb modules resolver.rb delegates dependency_graph.rb gem_metadata.rb resolution.rb state.rb
  • 44. •RubyGems and Bundler stored the duplicated certificates in your box. Duplicates the certificates ~/D/g/r/rubygems (master) > fd . lib/rubygems/ssl_certs/ lib/rubygems/ssl_certs/index.rubygems.org lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem lib/rubygems/ssl_certs/rubygems.org lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem ~/D/g/r/rubygems (master) > fd . bundler/lib/bundler/ssl_certs/ bundler/lib/bundler/ssl_certs/index.rubygems.org bundler/lib/bundler/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem bundler/lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net bundler/lib/bundler/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem bundler/lib/bundler/ssl_certs/rubygems.org bundler/lib/bundler/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem
  • 45. •We will move the canonical repository of bundler to rubygems org or rubygems/rubygems(TBD). •I have a plan to integrate code-base and command-line interface. Ex. `gem install` fallback to `bundle install` with no arguments. (TBD) •After RubyKaigi 2019, the rubygems/bundler team member will discuss about this merger consideration in Fukuoka. RubyGems/Bundler integration
  • 46.