Packaging for shipping product made out of RoR

Hi,
I am exploring using RoR for an enterprise application that needs to be
given out to customers, and the two criteria I am looking at are
packaging
and ease of deployment/upgrade, and protecting source code.

Can someone point me to some references for these two – how are RoR
projects packaged and deployed, and if they can be compiled into
binaries
before distribution.

thanks.

no takers?

On Oct 10, 2011, at 10:21 PM, Santosh c wrote:

no takers?

On Sun, Oct 9, 2011 at 2:38 PM, Santosh c [email protected] wrote:
Hi,
I am exploring using RoR for an enterprise application that needs to be given
out to customers, and the two criteria I am looking at are packaging and ease of
deployment/upgrade, and protecting source code.

Can someone point me to some references for these two – how are RoR projects
packaged and deployed, and if they can be compiled into binaries before
distribution.

The way that you protect your Ruby code is usually by not giving it to
anyone. If you provide software as a service, and you keep the secret
sauce on your server, that’s the ticket. If you want to sell the source
code to your customers, guess what – they can read it, because it’s not
a compiled language.

Walter

On 10/10/2011 07:21 PM, Santosh c wrote:

Can someone point me to some references for these two -- how are
RoR projects packaged and deployed, and if they can be compiled
into binaries before distribution.
thanks

You need to protect the source code with a contract or by keeping it to
yourself.

Don’t dismiss the contractual agreement - pushes the problem to your
legal
people.

Another idea is providing the software on a virtual machine image. It
has
the benefit of being a packaging mechanism too.

Peter

I believe the best method is to use Jruby and to produce a compiled WAR
file, combined with some sort of external encrypted licence file…

On Mon, Oct 10, 2011 at 10:26 PM, mitch [email protected]
wrote:

I believe the best method is to use Jruby and to produce a compiled
WAR file

Sorry, no – WAR files are not “compiled”, and they’re nearly always
expanded at deployment anyway, so that’s pointless.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

Makes me wonder how the current vendors shipping their enterprise apps
do
it. We are a small shop, legal route will not work for us.

Any references to how JRuby / War packaging works? Have done it with
tomcat
7-8 yrs back, latest references/tutorials will help.

thanks!

Sketchy details on these Hobo threads. They are obviously having some
success with Jruby.

https://groups.google.com/forum/?hl=en-GB#!searchin/hobousers/war/hobousers/ChkP_ei4h_o/NzH0DPHjP6IJ

https://groups.google.com/forum/?hl=en-GB#!searchin/hobousers/Torquebox/hobousers/CfznPkeIvlw/2bedQ0np15MJ

On Tue, Oct 11, 2011 at 4:34 AM, mitch [email protected]
wrote:

Sketchy details on these Hobo threads. They are obviously having some
success with Jruby.

“success” at what? Yes, you can certainly run JRuby/Rails from a
WAR file. I’m maintaining one such application now.

This does nothing to prevent access to your app’s source code, as
the OP is seeking to do.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

Ah…sorry about that. I haven’t used JRuby myself but am planning to.

I remember reading a long time ago that Thoughtworks have devised a
method
of code protection for their Mingle product, using JRuby. I don’t know
how
its done though.

http://en.wikipedia.org/wiki/Mingle

On Tue, Oct 11, 2011 at 5:32 AM, mitch [email protected]
wrote:

I remember reading a long time ago that Thoughtworks have devised a method
of code protection for their Mingle product, using JRuby. I don’t know how
its done though.

There appears to be a free download – you could take a look and
report back :slight_smile:

(I would but I’m about to shut down to head to the airport.)


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

On Tue, Oct 11, 2011 at 7:15 AM, mitch [email protected]
wrote:

But there’s gotta be a way, no? As I understand it, although the WAR file
code can be viewed it can’t be changed.

Sorry, that’s not true. A WAR file is just a packaged (equivalent to
tar)
directory structure that’s usually un-WAR’d on deployment. And you
can do anything you want with the contents at that point.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

Sorry, that’s not true. A WAR file is just a packaged (equivalent to tar)
directory structure that’s usually un-WAR’d on deployment. And you
can do anything you want with the contents at that point.

Could you give me a reference to building and deploying a WAR for a ruby
web
app? thanks.

Sorry no time. I’m snowed under with work.

But there’s gotta be a way, no? As I understand it, although the WAR
file
code can be viewed it can’t be changed. If it references some kind of
encrypted Java class which needs an external licence file, perhaps that
would do it? The licence file could include a customer hardware or name
key
etc.

I’m keen to find a solution to this too.

On Tue, Oct 11, 2011 at 6:44 PM, Santosh c [email protected]
wrote:

Couldyou give me a reference to building and deploying a WAR fora ruby web
app? thanks.

Are you familiar with the Servlet Spec? If not, I’d strongly recommend
reading it to understand how a Java web app (and hence a WAR file)
is structured.

http://rubygems.org/gems/warbler provides the building part, at least
for a basic app.

The deployment part somewhat depends on what servlet container
you’re using, so check the relevant docs. Alternatively you can use
something like capistrano with custom recipes.

HTH,

Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

JRuby is indeed your answer.

I used to work for a company that did exactly this. We had an on
premise enterprise server we were selling and distributing to clients
written in ruby. Yes, we did WAR it all up too, but that’s it what
you’re looking for.

JRuby has the ability to actually compile your ruby code into
java .class files. This has some clear performance benefits since your
rb files aren’t being interpreted at runtime anymore, but it also
gives you some obvious advantages when your distributing your code.

In my opinion it’s the only decent way to distribute ruby. There’s
loads of documentation on the topic if you look it up.

https://github.com/jruby/jruby/wiki/JRubyCompiler

Also, one other quick word of advice: watch those license agreements
in your dependencies carefully.

Much of the awesome open source code we love and enjoy in the ruby
community has entire different rules when your distributing it vs
running it on a web server. Have your lawyers check it over good. The
good news is though that if JRuby also lets you leverage java
libraries in your ruby code so you can no doubt find what you need.

JRuby has the ability to actually compile your ruby code into
java .class files.

Which, it should be pointed out, can be easily de-compiled to reveal
a pretty decent representation of your source code :slight_smile:

I am seasoned java developer and have used DJ decompiler and Jad pretty
extensively myself. With largest level of obfuscation it takes decent
expertise to figure out what those a/b/c/d variables represent and
interpret
the logic. With ruby even the starters can figure out everything, so I’d
be
happy if we can achieve at least the level of complexity of java
bytecodes
for my ruby source.

The OP should note that pretty much all companies distributing their
software to end users use licensing agreements to protect proprietary
IP, not just obfuscation (via e.g. compilation).

Point taken, this is a must, it’s just that it’s not sufficient. There
are
situations where some large enterprises require highest level of
security
for their data and they are sensitive about the vendor product being
confidential as they know they are not without bugs :slight_smile: And I am talking
of
practical reality and not some mathematically proven RSA algorithm which
is
open to the public to challenge :slight_smile:

That’s totally correct, but true with anything you compile and release.

Its no different than what you do with a regular Java app now …or
Flash, or C, or Objective-C, etc.

There are things you can do to obfuscate your compiled code but that
too can be reversed.

Nothing is fool proof, but providing compiled .class files beats they
hell out of handing them your source code in clear text.

On Oct 12, 2011, at 9:18 AM, Hassan S.

On Wed, Oct 12, 2011 at 1:45 AM, Brandon B. [email protected]
wrote:

JRuby has the ability to actually compile your ruby code into
java .class files.

Which, it should be pointed out, can be easily de-compiled to reveal
a pretty decent representation of your source code :slight_smile:

The OP should note that pretty much all companies distributing their
software to end users use licensing agreements to protect proprietary
IP, not just obfuscation (via e.g. compilation).

FWIW,

Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs