Project

General

Profile

Freedom Issue #3406

Bug #3395: [ruby] Requires rubygems, which conflicts with your-freedom

[various]: `require': cannot load such file -- rubygems (LoadError)

bill-auger - over 1 year ago - . Updated 2 months ago.

Status:
fixed
Priority:
freedom issue
Assignee:
lukeshu
% Done:

100%

Description

$ lolcat <<<'hello'
/usr/bin/lolcat:9:in `require': cannot load such file -- rubygems (LoadError)
    from /usr/bin/lolcat:9:in `<main>'

this presumably affects every program which loads its ruby libs; (eg: `require` above), or otherwise calls `rubygems` for fun - so presumably, each of their packages will need to be blacklisted evermore, if not patched and restored separately, if possible - there will likely be many examples of both outcomes, depending on how pervasively ruby devs tend to call rubygems from application code

note that the concern is: "freedom issue" intentionally - this ticket is presumed to be an epic - the anticipated sub-tasks will be evident/reported as bugs; but the cause is the 'your-freedom' package, and was intentional - the change was abrupt; and some sacrifices were anticipated - again presumably, that is: 'rubygems' package dependents, and any program which call rubygems from application code

there are few packages, which declare the dependency now; but it is a dependency of ruby in arch - any assumed dep is now a hidden/undeclared dep - the example above 'lolcat' is one example of the undeclared dep

$ sudo parabola-dependents -v rubygems
updating database ....
package: 'rubygems' not found - creating dummy package
dummy package 'rubygems' created
querying database ....
compiling results for (1) dependents ....
searching abslibre ....

direct and transitive arch dependents:
  [rubygems]  <- community/ruby-rake-compiler

parabola build dependents:
  pcr/ruby-syntax
  pcr/note

Subtasks

Bug #3440: metasploit fails to startfixedlukeshu

Actions

History

#1

Updated by bill-auger over 1 year ago

  • Description updated (diff)
#2

Updated by bill-auger over 1 year ago

  • Description updated (diff)
#3

Updated by bill-auger about 1 year ago

the reason why lolcat required 'rubygems' at runtime is because it is packaged as a 'gem' - it had an explicit command `require 'rubygems'`, and relied on the 'rubygems' dependency mechanism for it's other library imports

i was able to "de-pip" lolcat, by not building it as a standard gem, but simply installing it's files in the normal *nix way - i converted it's `require` commands (normally resolved at runtime) to literal filesystem paths - that solution is admittedly hackish; but those paths are reliable, because the files are owned by distro packages, declared explicitly in the depends() array, pinned to specific versions

#4

Updated by bill-auger 2 months ago

  • Assignee changed from bill-auger to lukeshu

'rubygems' was patched and re-instated - this is probably fixed now - can people verify?

#5

Updated by lukeshu 2 months ago

  • Status changed from in progress to fixed

One of the affected packages was extra/ruby-ronn-ng.

The libretools 20240221.1-2 build verified that ronn now works with its declared depends. So marking this as fixed.

Also available in: Atom PDF