Installing sake tasks along with gem (gem install hooks?)

I’d like to install a bunch of sake tasks when a gem gets installed.
Has anyone done this? Are there any nice hooks into the gem install
process, or do I just have to hack some stuff in? I know that you can
install binaries by placing them in the bin/ dir, but I’ve not seen
anything about installing sake tasks or simply running arbitrary code
during the gem install.

Thanks,
Pat

Pat M. wrote:

I’d like to install a bunch of sake tasks when a gem gets installed.
Has anyone done this? Are there any nice hooks into the gem install
process, or do I just have to hack some stuff in? I know that you can
install binaries by placing them in the bin/ dir, but I’ve not seen
anything about installing sake tasks or simply running arbitrary code
during the gem install.

Because gem install runs as root, allowing arbitrary code to run during
install is considered a security risk.

On Sunday 03 August 2008 12:47:30 Tim H. wrote:

Because gem install runs as root, allowing arbitrary code to run during
install is considered a security risk.

Even if it’s trusted, it starts to defeat the purpose of a package
manager.

See, anything I can “gem install”, I can, with confidence, “gem
uninstall”.
About the only thing missing for me at this point is reverse
dependencies –
but it’s reasonably easy for me to nuke all gems on my system. With the
Ubuntu-ized Rubygems, even easier – I can just blow away
/var/lib/gems/*,
and start over.

If a gem could run arbitrary code during installation, that would mean I
would
have no way, short of analyzing the source code, to know what it
installed,
or how to clean up after it when I decide I don’t like it after all.

Now, of course, you can always misbehave with the actual binary, because
that
is running arbitrary code. But forcing you to do it that way hopefully
discourages you from messing with my system – after all, I might not be
running that command as root.

So it’s not just a security risk – it’s a cruft risk, as well.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs