Patch #13173

Put source :rubygems url HTTP secure

Added by Benjamin Jeanjean almost 5 years ago. Updated over 4 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Third-party libraries
Target version:2.3.0

Description

I've got some warnings after upgrade my Apache passenger's module to a newer version.
It seems like we now have to use HTTPS instead of HTTP in the Gemfile for "source".

I've attached a patch.

source_secure.patch Magnifier - Patch for Gemfile (322 Bytes) Benjamin Jeanjean, 2013-02-14 15:04


Related issues

Duplicated by Redmine - Feature #13254: Secure Gem-Source Closed

Associated revisions

Revision 11465
Added by Jean-Philippe Lang over 4 years ago

Merged r11464 from trunk (#13173).

History

#1 Updated by Benjamin Jeanjean over 4 years ago

Problem happens with gem bundler v 1.2.4
More informations here : https://github.com/ooyala/barkeep/pull/396
And the bundler commit which make the warnings : https://github.com/carlhuda/bundler/commit/fcadf1f9d2eaca9be6370dddeb78d4ca5b30bf40

#2 Updated by Jean-Philippe Lang over 4 years ago

  • Target version set to Candidate for next minor release

#3 Updated by Daniel Felix over 4 years ago

Well I would appreciate that this could get it's way in 2.3, as it is just a small change but would give a little bit more security. :-)

#4 Updated by Jean-Philippe Lang over 4 years ago

  • Category set to Third-party libraries
  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 2.3.0

Change done.

#5 Updated by Toshi MARUYAMA over 4 years ago

  • Status changed from Closed to Reopened

r11486 roll backed http.
Why?

#6 Updated by Jean-Philippe Lang over 4 years ago

Sorry, I had to remove it when trying ruby 2.0 (cert validation error) but I didn't mean to commit it.
This error needs further investigation.

#7 Updated by Toshi MARUYAMA over 4 years ago

Jean-Philippe Lang wrote:

Sorry, I had to remove it when trying ruby 2.0 (cert validation error) but I didn't mean to commit it.

I cannot reproduce on Ruby 2.0 which installed by rvm on CentOS 6.

$ ruby --version
ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]

$ ruby script/about 
/REDMINE/hg-workdir/redmine-bb-all/lib/plugins/rfpdf/lib/tcpdf.rb:42: warning: class variable access from toplevel
/REDMINE/hg-workdir/redmine-bb-all/lib/plugins/rfpdf/lib/tcpdf.rb:43: warning: class variable access from toplevel
/REDMINE/hg-workdir/redmine-bb-all/lib/SVG/Graph/Graph.rb:3: warning: class variable access from toplevel

Environment:
  Redmine version                          2.3.0.devel
  Ruby version                             2.0.0 (x86_64-linux)
  Rails version                            3.2.12
  Environment                              production
  Database adapter                         SQLite
Redmine plugins:
  no plugin installed

#8 Updated by Toshi MARUYAMA over 4 years ago

  • Status changed from Reopened to Closed

Toshi MARUYAMA wrote:

r11486 roll backed http.

Reverted in r11487.

Also available in: Atom PDF