Project

General

Profile

Forums » Open discussion »

"Insecure operation" Error when upgrading from 2.4.2 to 2.6.1

Added by Kai Song about 9 years ago

Hi All,

As I go through the upgrade instruction, I am getting "Insecure operation - each_gemspec (SecurityError)" when running "bundle exec rake generate_secret_token", and "bundle install --without development test".

Our situation is a slightly tricky. Due to security reasons, our redmine web server is not allowed to have compilers installed. So, in order to run the bundle install script, I had to do this on a mirror system which has the compiler installed. So, on this mirror machine, the "bundle install" went fine. Then, I synced the ruby/gem installation to the target machine from the mirror machine. Now, when I run "bundle exec rake generate_secret_token" on the target machine, it complains about security error: ===========
$ bundle exec rake generate_secret_token
/global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:710:in `[]': Insecure operation - each_gemspec (SecurityError)
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:710:in `block in each_gemspec'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:709:in `each'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:709:in `each_gemspec'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:717:in `each_stub'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:736:in `stubs'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb:924:in `find_inactive_by_path'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems.rb:185:in `try_activate'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:132:in `rescue in require'
from /global/software/ares/ruby/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb:144:in `require'
from /global/software/ares/ruby/.rvm/gems/ruby-2.0.0-p353/bin/ruby_executable_hooks:9:in `<main>'

===========

I have no idea what caused this issue. I configured redmine 2.4.2 on the target system in the same way. Namely, I built and tested on the mirror machine, then copy everything over on the target machine.

Any help would be greatly appreciated! Thanks in advance!

Kai