Actually I think this was introduced with signed gem support, but JRuby hasn't updated since spring.
So here's the deal. With the new security policy stuff, OpenSSL has gotten pulled in as a requirement to handle certificates, signing, all that jazz. While I intensely dislike the OpenSSL extension (because it's little more than a thin wrapper around the C API, which makes it particularly difficult to emulate on non-C implementations) we could probably live with this in JRuby because we have an OpenSSL extension look-alike gem. The problem, however, is that at some point between 0.9.1 and 0.9.5, RubyGems started requiring that OpenSSL extension be present for *all* gem installs: ~/NetBeansProjects/rubygems $ jruby -S gem install jruby-openssl Bulk updating Gem source index for: http://gems.rubyforge.org ERROR: While executing gem ... (Gem::Exception) SSL is not installed on this system This is a bit of a chicken-and-egg problem. We need to install a gem to enable OpenSSL support in JRuby. We need OpenSSL to install gems. As far as I understand it, when installing non-signed gems there should be no need for RubyGems to pull in OpenSSL, correct? I poked around the source a bit, and discovered a few places where Gem.ensure_ssl_available is being called. Almost all of them look like this: if security_policy then Gem.ensure_ssl_available So the expectation is that if security_policy (usually retrieved from options[:security_policy]) is nil, SSL will not be required and the additional code will not be run. However, I also found this in dependency_installer.rb: DEFAULT_OPTIONS = { :env_shebang => false, :domain => :both, # HACK dup :force => false, :ignore_dependencies => false, :security_policy => Gem::Security::NoSecurity, # HACK AlmostNo? Low? :wrappers => true } If I'm understanding right, this means that for dependency-sensitive installs (which would be basically all of them) security_policy will *never* be nil, and OpenSSL will be required all the time. This is a little problematic for implementations that don't have out-of-the-box OpenSSL implementations like JRuby, Rubinius, Ruby.NET, XRuby, and IronRuby. I tried the naive fixes of commenting out the default security policy and adding a != NoSecurity check into the places that call ensure_ssl_available, but in each case I got errors like this: ERROR: While executing gem ... (TypeError) can't convert NilClass into nil /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:22:in `<=>' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:19:in `call' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:124:in `satisfy?' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `satisfied_by?' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `all?' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `each' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `all?' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `satisfied_by?' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/requirement.rb:117:in `install' /Users/headius/NetBeansProjects/rubygems/lib/rubygems/dependency_installer.rb:225:in `install' So I'm hoping those of you more familiar with RubyGems code can help me out here: 1. Is it intended that OpenSSL will be required all the time, regardless of whether it will be used? 2. Shouldn't the code that's checking for security_policy != nil also check that it is != NoSecurity, avoiding OpenSSL requirement? 3. Perhaps security_policy is intended to never be nil, and so the check for != nil is already useless? - Charlie _______________________________________________ Rubygems-developers mailing list [email protected] http://rubyforge.org/mailman/listinfo/rubygems-developers
