Best practice regarding Ruby gems installation on Buster
Hi,
I'm on Debian 10.
What is the best practice regarding Ruby gems installation please (user vs root)?
Below is my situation.
It all begins with the installation of vim-gtk3 (because I want access to the +/* registers) that comes with the following dependencies:
libruby2.5 rake ruby ruby-did-you-mean ruby-minitest ruby-net-telnet ruby-power-assert ruby-test-unit ruby-xmlrpc ruby2.5 rubygems-integration
I install all of them. Good.
I can now use vim as I want and list my local gems:
$ gem list
*** LOCAL GEMS ***
bigdecimal (default: 1.3.4)
cmath (default: 1.0.0)
csv (default: 1.0.0)
date (default: 1.0.0)
dbm (default: 1.0.0)
did_you_mean (1.2.1)
etc (default: 1.0.0)
fcntl (default: 1.0.0)
fiddle (default: 1.0.0)
fileutils (default: 1.0.2)
gdbm (default: 2.0.0)
io-console (default: 0.4.6)
ipaddr (default: 1.2.0)
json (default: 2.1.0)
minitest (5.11.3)
net-telnet (0.1.1)
openssl (default: 2.1.2)
power_assert (1.1.1)
psych (default: 3.0.2)
rake (12.3.1)
rdoc (default: 6.0.1)
scanf (default: 1.0.0)
sdbm (default: 1.0.0)
stringio (default: 0.0.1)
strscan (default: 1.0.0)
test-unit (3.2.8)
webrick (default: 1.4.2)
xmlrpc (0.3.0)
zlib (default: 1.0.0)
Now I want to update my gems in order to have their latest versions installed:
$ gem update
Updating installed gems
Updating bigdecimal
Fetching: bigdecimal-2.0.0.gem (100%)
ERROR:  While executing gem ... (Gem::FilePermissionError)
    You don't have write permissions for the /var/lib/gems/2.5.0 directory.
As there is a permission error (I've decided not to change the permissions settings because there should be a true reason why a simple user is not allowed to access that directory...), I use sudo then:
$ sudo apt install ruby-dev
[...installation OK...]
$ sudo gem update
Updating installed gems
[...]
Gems updated: bigdecimal csv date dbm did_you_mean etc fileutils gdbm io-console ipaddr json minitest net-telnet power_assert psych rake rdoc stringio strscan test-unit webrick zlib
But now, as I used sudo, I have a discrepancy between my local gems and root's ones as you can see below only root has the updated gems:
$ gem list
*** LOCAL GEMS ***
bigdecimal (default: 1.3.4)
cmath (default: 1.0.0)
csv (default: 1.0.0)
date (default: 1.0.0)
dbm (default: 1.0.0)
did_you_mean (1.2.1)
etc (default: 1.0.0)
fcntl (default: 1.0.0)
fiddle (default: 1.0.0)
fileutils (default: 1.0.2)
gdbm (default: 2.0.0)
io-console (default: 0.4.6)
ipaddr (default: 1.2.0)
json (default: 2.1.0)
minitest (5.11.3)
net-telnet (0.1.1)
openssl (default: 2.1.2)
power_assert (1.1.1)
psych (default: 3.0.2)
rake (12.3.1)
rdoc (default: 6.0.1)
scanf (default: 1.0.0)
sdbm (default: 1.0.0)
stringio (default: 0.0.1)
strscan (default: 1.0.0)
test-unit (3.2.8)
webrick (default: 1.4.2)
xmlrpc (0.3.0)
zlib (default: 1.0.0)
$ sudo gem list
*** LOCAL GEMS ***
bigdecimal (2.0.0, default: 1.3.4)
cmath (default: 1.0.0)
csv (3.1.2, default: 1.0.0)
date (3.0.0, default: 1.0.0)
dbm (1.1.0, default: 1.0.0)
did_you_mean (1.4.0, 1.2.1)
etc (1.1.0, default: 1.0.0)
fcntl (default: 1.0.0)
fiddle (default: 1.0.0)
fileutils (1.4.1, default: 1.0.2)
gdbm (2.1.0, default: 2.0.0)
io-console (0.5.6, default: 0.4.6)
ipaddr (1.2.2, default: 1.2.0)
json (2.3.0, default: 2.1.0)
minitest (5.14.0, 5.11.3)
net-telnet (0.2.0, 0.1.1)
openssl (default: 2.1.2)
power_assert (1.1.7, 1.1.1)
psych (3.1.0, default: 3.0.2)
rake (13.0.1, 12.3.1)
rdoc (6.2.1, default: 6.0.1)
scanf (default: 1.0.0)
sdbm (default: 1.0.0)
stringio (0.1.0, default: 0.0.1)
strscan (1.0.3, default: 1.0.0)
test-unit (3.3.5, 3.2.8)
webrick (1.6.0, default: 1.4.2)
xmlrpc (0.3.0)
zlib (1.1.0, default: 1.0.0)
So my question about the best practice at the very beginning.
I think it can be very tricky to have parallel versions of the same gems, and I don't think having obsolete user gems is really nice (security+features). How do you manage that situation? Do you delete all user local gems and only keep root's (maybe it introduces access errors in your programs by doing so)? Do you change the gem directories permissions (maybe it's less secure...)? Don't you touch anything and just use sudo everywhere? Other idea?
PS: I fiddled so much with my installation last day that I even lost access to my local gems...
$ gem list
Traceback (most recent call last):
16: from <internal:gem_prelude>:4:in `<internal:gem_prelude>'
15: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_gem.rb:65:in `gem'
14: from /usr/lib/ruby/2.5.0/rubygems/dependency.rb:322:in `to_spec'
13: from /usr/lib/ruby/2.5.0/rubygems/dependency.rb:302:in `to_specs'
12: from /usr/lib/ruby/2.5.0/rubygems/dependency.rb:279:in `matching_specs'
11: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:869:in `stubs_for'
10: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:782:in `installed_stubs'
9: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:790:in `map_stubs'
8: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:790:in `flat_map'
7: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:790:in `each'
6: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:793:in `block in map_stubs'
5: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:768:in `gemspec_stubs_in'
4: from /usr/lib/ruby/2.5.0/rubygems/specification.rb:768:in `select'
3: from /usr/lib/ruby/2.5.0/rubygems/stub_specification.rb:208:in `valid?'
2: from /usr/lib/ruby/2.5.0/rubygems/stub_specification.rb:118:in `data'
1: from /usr/lib/ruby/2.5.0/rubygems/stub_specification.rb:118:in `open'
/usr/lib/ruby/2.5.0/rubygems/stub_specification.rb:118:in `initialize': Permission denied @ rb_sysopen - /var/lib/gems/2.5.0/specifications/did_you_mean-1.4.0.gemspec (Errno::EACCES)
Many thanks in advance :)Best regards,
l0f4r0
Reply to: