Being confused about libraries

Hello,

When running gem I always need to add this lib and that lib (I’m using
an ubuntu desktop linux).

For example, for sqlite3, sometime I installed it:
gem install sqlite3-ruby

While some other time I installed it:
apt-get install sqlite3

So what’s the relation between the system “sqlite3” and (most likely)
ruby’s “sqlite3-ruby”?

Thanks.
Jenn.

On 27.01.2010 13:20, Ruby N. wrote:

So what’s the relation between the system “sqlite3” and (most likely)
ruby’s “sqlite3-ruby”?

Ubuntu (and other distros) package gems within their own package
management system. The reasons are many, but for example this allows
more fine-grained dependency tracking than RubyGems provides, and allows
the distribution to make a gem fit into the distribution’s file system
layout.

Another (side) benefit is that bugfixes are applied at the same time as
the whole system updates. One step, instead of two.

Phillip G. wrote:

On 27.01.2010 13:20, Ruby N. wrote:

So what’s the relation between the system “sqlite3” and (most likely)
ruby’s “sqlite3-ruby”?

Ubuntu (and other distros) package gems within their own package
management system.

That’s true, but the sqlite3 package isn’t a Ruby one:
"
A command line interface for SQLite 3

SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
"

The Ruby packages (for Ubuntu) are:
libsqlite3-ruby1.8
libsqlite3-ruby1.9

Marvin

Roger B. wrote:

Hi,

On Wed, Jan 27, 2010 at 1:20 PM, Ruby N. [email protected]
wrote:

So what’s the relation between the system “sqlite3” and (most likely)
ruby’s “sqlite3-ruby”?

Usually, the Ubuntu package is the library written in C (or some other
language) and the gem provides a ruby wrapper for these libraries.
That’s why you need both.

Not exactly.

If you “apt-get install libsqlite3-ruby”, then you get Ubuntu’s package
containing the ruby library which talks to the C library (libsqlite3-0).
The C library is automatically installed as a dependency. This is not a
gem; the code is installed under ruby’s site library directory.

If you install the gem (“gem install sqlite3-ruby”) then rubygems
fetches, builds and installs its own version of this ruby library. In
order for this to work, not only does the C library have to be present,
but also the C library’s header files (libsqlite3-dev), the Ruby header
files (ruby-dev) and the C compiler (build-essential)

You only need one or other of these to access sqlite3 from ruby.

The advantage of the gem approach is you can easily update it if a new
version of the sqlite3-ruby gem is released. Ubuntu won’t update their
package unless there’s a security issue, or until you move to the next
version of Ubuntu.

Hi,

On Wed, Jan 27, 2010 at 1:20 PM, Ruby N. [email protected]
wrote:

So what’s the relation between the system “sqlite3” and (most likely)
ruby’s “sqlite3-ruby”?

Usually, the Ubuntu package is the library written in C (or some other
language) and the gem provides a ruby wrapper for these libraries.
That’s why you need both.

On 27.01.2010 14:43, Brian C. wrote:

If you “apt-get install libsqlite3-ruby”, then you get Ubuntu’s package
containing the ruby library which talks to the C library (libsqlite3-0).
The C library is automatically installed as a dependency. This is not a
gem; the code is installed under ruby’s site library directory.

While not the gem per se, it is the same code used as if you would do a
sudo gem install sqlite3-ruby

The advantage of the gem approach is you can easily update it if a new
version of the sqlite3-ruby gem is released. Ubuntu won’t update their
package unless there’s a security issue, or until you move to the next
version of Ubuntu.

The disadvantage of the gem approach is security:

For one, RubyGems pretty much requires root access to some directories,
for another, it makes no distinction between compile- and install-time,
so the compiler runs as root, allowing me to potentially exploit a
vulnerability in the compiler to get a backdoor installed.

Or just do a “rm -rf /”, if I were unimaginative.

RubyGems will happily overwrite anything in /usr/bin/, so I can include
a /usr/bin/less file that grants me root access:
https://bugs.gentoo.org/show_bug.cgi?id=278566

And yes, the issue is known:
http://redmine.ruby-lang.org/issues/show/1800

And unless you check certificates (against what? Is there a default
keystore, like a “rubyist-keyring”?), you cannot verify the integrity of
a package.

So, trading convenience against security. Be aware of the risks that
carries with it.

Oddly this is less of an issue on Windows, since Ruby is self-contained
there, and happily so, and wreaking a Windows isntall is exceptionally
difficult by now.

I have the following sqite3 for ruby installed:

$ gem list sqlite3

*** LOCAL GEMS ***

dbd-sqlite3 (1.2.5)
sqlite3 (0.0.6)
sqlite3-ruby (1.2.5)

And these system libraries:

$ dpkg -l sqlite3

ii libsqlite3-0 3.6.16-1ubuntu1
SQLite 3 shared library
ii libsqlite3-dev 3.6.16-1ubuntu1
SQLite 3 development files
ii libsqlite3-ruby 1.2.4-2
SQLite3 interface for Ruby
ii libsqlite3-ruby1.8 1.2.4-2
SQLite3 interface for Ruby 1.8
ii sqlite3 3.6.16-1ubuntu1
A command line interface for SQLite 3

So what’s the relations among them? Thanks again.

On 27.01.2010 14:37, Ruby N. wrote:

ii libsqlite3-ruby1.8 1.2.4-2
SQLite3 interface for Ruby 1.8
ii sqlite3 3.6.16-1ubuntu1
A command line interface for SQLite 3

libsqlite3-ruby* is the sqlite3-ruby gem (the first one seems to be a
meta package, once Ubuntu switches to Ruby 1.9 by default, so that 1.9
versions of gems get pulled by apt-get / synaptic).

libsqlite3-0 and libsqlite3-dev are the plain old C based SQLite3
binaries and development packages, unrelated to Ruby, unless you build
the native extension of the gem (which only needs the -dev package,
technically speaking).

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs