Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin webrick gem #401

Merged
merged 3 commits into from
Dec 20, 2017
Merged

Pin webrick gem #401

merged 3 commits into from
Dec 20, 2017

Conversation

D4rkSh1t
Copy link

Webrick 1.4.1 was released on the 18th of becember 2017. It requires ruby >= 2.3.0.

Error: /Stage[main]/R10k::Webhook::Package/Package[webrick]/ensure: change
from absent to present failed: Execution of
'/opt/puppetlabs/puppet/bin/gem install --no-rdoc --no-ri webrick'
returned 1: ERROR:  Error installing webrick: webrick requires Ruby
version >= 2.3.0

And the provider 'puppet_gem' has only with ruby version 2.2 (Puppet 4)

Maximilian Gotter added 2 commits December 19, 2017 15:17
Pin webrick gem
d36db9a 
Webrick 1.4.1 was released on the 18th of becember 2017. It requires ruby
>= 2.3.0.

```
Error: /Stage[main]/R10k::Webhook::Package/Package[webrick]/ensure: change
from absent to present failed: Execution of
'/opt/puppetlabs/puppet/bin/gem install --no-rdoc --no-ri webrick'
returned 1: ERROR:  Error installing webrick: webrick requires Ruby
version >= 2.3.0
```
adapt the spec tests
4920c14
rnelson0
rnelson0 reviewed Dec 19, 2017
View reviewed changes
README.md Outdated

By default, the `r10k::webhook::package` class uses the `puppet_gem` provider to install the webrick gem (version 1.3.1)
This version is compatible with all ruby version (webrick version 1.4.1 require Ruby version >=2.3.0)
If you are overriding `r10k::webhook::package::provider`, you will also need to override `r10k::webhook::package::webrick_version`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will, or may?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

may is right.
Should I change it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we pin webrick to 1.3.1? webrick <= 1.3.1 has some serious security issues (github reminds me daily about it)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. I think we definitely need the parameter, which this PR brings
  2. We could then extend the logic to have better defaults per OS if we'd like, still leaving room for overrides

I think # 1 is pretty important as this simply fails right now on new installs, and if we can get #2 in as well, great, but #2 can be addressed by specifying an override.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think having the parameter with a default being 1.3.1 should be ok for now. The affected ruby versions in the WEBrick CVE aren't supported by voxpupuli anyway.

@rnelson0 rnelson0 merged commit 82e4cac into voxpupuli:master Dec 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhollinger dhollinger dhollinger left review comments

@rnelson0 rnelson0 rnelson0 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@D4rkSh1t @rnelson0 @dhollinger