https://github.com/github/gem-builder
The scripts used to build RubyGems on GitHub
https://github.com/github/gem-builder
Last synced: 5 months ago
JSON representation
The scripts used to build RubyGems on GitHub
- Host: GitHub
- URL: https://github.com/github/gem-builder
- Owner: github
- Archived: true
- Created: 2008-10-24T22:29:32.000Z (over 17 years ago)
- Default Branch: master
- Last Pushed: 2015-02-15T07:51:11.000Z (about 11 years ago)
- Last Synced: 2024-09-30T00:41:02.366Z (over 1 year ago)
- Language: Ruby
- Homepage:
- Size: 120 KB
- Stars: 27
- Watchers: 12
- Forks: 15
- Open Issues: 0
-
Metadata Files:
- Readme: README
- Security: security.rb
Awesome Lists containing this project
README
NOTE: This repository is no longer supported or updated by GitHub. If you wish to continue to develop this code yourself, we recommend you fork it.
GitHub's Gem Evaler
-------------------
Help make GitHub's gem build process more secure and robust!
There are two components associated with this:
* gem_builder.rb - Script that builds the gem
* gem_eval.rb - Sandboxed Sinatra app that evals ruby gemspecs
gem_builder.rb works as follows:
1) process() is called with a repository object and the path to the gemspec
2) If the spec is not in YAML, a request is made to the gem evaler (see below how it works)
3) A Gem::Specification object is created from the YAML gemspec and renamed with the user's login
4) The gem is built from the Gem::Specification using a monkey-patched version of RubyGems,
so instead of grabbing the files from the filesystem, they're grabbed from the git repo
gem_eval.rb works as follows:
1) Receives a request with the repo location and the ruby gemspec
2) Makes a shallow clone of the repo and chdir's to that repo
3) Evals the spec in a separate thread with a higher $SAFE level
4) Converts spec to YAML
Goals
-----
* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.
* Never get another email from someone wondering why their gem didn't build