Re: [Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Ouch - If you wanted to get clever, you could add your own puppet package
provider that extends the default gem one to use that altered path - it's
probably not as hard as it sounds.
On Thu, Jun 21, 2018 at 3:10 AM Philip Davies <1777...@bugs.launchpad.net>
wrote:
> Hey Nick,
>
> Ah ok, so thats a bit painful as means till this is fix we'll need to go
> through our puppet code and re-write a whole heap to run ruby2.0 -r
> yaml -r rubygems/safe_yaml -S gem instead of the puppet way :(
>
> Thanks
>
> Phil
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1777174
>
> Title:
> 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on
> calling gem2.0 install
>
> Status in ruby2.0 package in Ubuntu:
> Confirmed
>
> Bug description:
> # Summary
> Our Docker builds have just started failing as soon as
> 2.0.0.484-1ubuntu2.10 was released. Whenever we call "gem2.0 install {some
> package}", we get an error saying "uninitialized constant Gem::SafeYAML"
>
> # Required Info
>
> 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System
> -> About Ubuntu
> Description: Ubuntu 14.04.3 LTS
> Release: 14.04
>
> 2) The version of the package you are using, via 'apt-cache policy
> pkgname' or by checking in Software Center
> ruby2.0:
> Installed: 2.0.0.484-1ubuntu2.10
> Candidate: 2.0.0.484-1ubuntu2.10
> Version table:
>*** 2.0.0.484-1ubuntu2.10 0
> 500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64
> Packages
> 500 http://archive.ubuntu.com/ubuntu/ trusty-security/main
> amd64 Packages
> 100 /var/lib/dpkg/status
>2.0.0.484-1ubuntu2 0
> 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
>
> 3) What you expected to happen
> "gem install rubygems-update" to work
>
> 4) What happened instead
> We see the error below
> ERROR: While executing gem ... (NameError)
> uninitialized constant Gem::SafeYAML
>
> # Recreate:
> To recreate, take the following Dockerfile and try to build the image:
>
> ---
> FROM ubuntu:trusty
> ENV DEBIAN_FRONTEND noninteractive
> RUN apt-get update && apt-get -y install ruby2.0 ruby2.0-dev
> RUN gem2.0 install rubygems-update
> ---
>
> This produces the following output:
>
> ---
> Sending build context to Docker daemon 2.048kB
> Step 1/4 : FROM ubuntu:trusty
>---> 38c759202e30
> Step 2/4 : ENV DEBIAN_FRONTEND noninteractive
>---> Running in fb4736ccbcfe
> Removing intermediate container fb4736ccbcfe
>---> 8d3ab112c945
> Step 3/4 : RUN apt-get update && apt-get -y install ruby2.0 ruby2.0-dev
>---> Running in 17e525082f30
> Ign http://archive.ubuntu.com trusty InRelease
> Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
> Get:2 http://archive.ubuntu.com trusty-security InRelease [65.9 kB]
> Get:3 http://archive.ubuntu.com trusty Release.gpg [933 B]
> Get:4 http://archive.ubuntu.com trusty Release [58.5 kB]
> Get:5 http://archive.ubuntu.com trusty-updates/main Sources [514 kB]
> Get:6 http://archive.ubuntu.com trusty-updates/restricted Sources [6449
> B]
> Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [253 kB]
> Get:8 http://archive.ubuntu.com trusty-updates/main amd64 Packages
> [1348 kB]
> Get:9 http://archive.ubuntu.com trusty-updates/restricted amd64
> Packages [21.4 kB]
> Get:10 http://archive.ubuntu.com trusty-updates/universe amd64 Packages
> [587 kB]
> Get:11 http://archive.ubuntu.com trusty-security/main Sources [199 kB]
> Get:12 http://archive.ubuntu.com trusty-security/restricted Sources
> [5050 B]
> Get:13 http://archive.ubuntu.com trusty-security/universe Sources [88.9
> kB]
> Get:14 http://archive.ubuntu.com trusty-security/main amd64 Packages
> [924 kB]
> Get:15 http://archive.ubuntu.com trusty-security/restricted amd64
> Packages [18.1 kB]
> Get:16 http://archive.ubuntu.com trusty-security/universe amd64
> Packages [292 kB]
> Get:17 http://archive.ubuntu.com trusty/main Sources [1335 kB]
> Get:18 http://archive.ubuntu.com trusty/restricted Sources [5335 B]
> Get:19 http://archive.ubuntu.com trusty/universe Sources [7926 kB]
> Get:20 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB]
> Get:21 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0
> kB]
> Get:22 http://archive.ubuntu.com trusty/universe amd64 Packages [7589
> kB]
> Fetched 23.1 MB in 6s ( kB/s)
> Reading package lists...
> Reading package lists...
> Building dependency tree...
> Reading state information...
> The following extra packages will be installed:
> ca-certificates libjs-jquery libruby1.9.1 libruby2.0 libyaml-0-2
> openssl
> ruby ruby1.9.1 rubygems-integration
> Suggested packages:
> javascript-common ri ruby-dev ruby1.9.1-examples ri1.9.1 graphviz
> ruby1.9.1-dev ruby-swit
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Hey Nick, Ah ok, so thats a bit painful as means till this is fix we'll need to go through our puppet code and re-write a whole heap to run ruby2.0 -r yaml -r rubygems/safe_yaml -S gem instead of the puppet way :( Thanks Phil -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Hi Philip, The workaround comes in two parts: First you rollback to ruby2.0 2.0.0.484-1ubuntu2 and install psych 2.0.17 - this will require build-essential libffi-dev and ruby2.0-dev (as per dockerfile). At this point you can reinstall the security fix The second part, which is awful, is you have to make sure any gem commands are run with: ruby2.0 -r yaml -r rubygems/safe_yaml -S gem I've just rechecked building that dockerfile from scratch and it all looks good my end, so maybe go over it a bit more carefully and see if you've missed something from the steps. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Sorry scrap that, forgot to do apt-get update. Once I did the update and run the workaround I still get issues doing gem2 update /usr/bin/gem2 update Updating installed gems Updating bigdecimal ERROR: While executing gem ... (NameError) uninitialized constant Gem::SafeYAML -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
We getting the same issues, but the work around isn't working. when we try to do ruby2.0 -S gem install psych --version 2.0.17 We get: ruby2.0 -S gem install psych --version 2.0.17 Fetching: psych-2.0.17.gem (100%) Building native extensions. This could take a while... ERROR: Error installing psych: ERROR: Failed to build gem native extension. /usr/bin/ruby2.0 extconf.rb mkmf.rb can't find header files for ruby at /usr/lib/ruby/include/ruby.h Gem files will remain installed in /var/lib/gems/2.0.0/gems/psych-2.0.17 for inspection. Results logged to /var/lib/gems/2.0.0/gems/psych-2.0.17/ext/psych/gem_make.out -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Here's a version of andy edwards' Dockerfile which applies my workaround: --- FROM ubuntu:trusty ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get -y install ruby2.0=2.0.0.484-1ubuntu2 libruby2.0=2.0.0.484-1ubuntu2 libffi-dev ruby2.0-dev build-essential RUN ruby2.0 -S gem install psych --version 2.0.17 RUN apt-get -y install ruby2.0 libruby2.0 RUN ruby2.0 -r yaml -r rubygems/safe_yaml -S gem2.0 install rubygems-update --- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
I have a workaround - I downgraded to the previous version: apt-get install ruby2.0=2.0.0.484-1ubuntu2 libruby2.0=2.0.0.484-1ubuntu2 ruby2.0 -S gem install psych --version 2.0.17 apt-get install ruby2.0 ruby2.0 -S gem -r yaml -r rubygems/safe_yaml install $whatever -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
I meant to say I temporarily rolled back, installed psych, then upgraded back to the secure version again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
If it's of use to anyone else, I had a broken build due to bundler choking on this error - I edited my /usr/local/bin/bundle and added: --- bundle 2018-06-20 16:07:50.742507869 +1200 +++ /usr/local/bin/bundle 2018-06-20 16:05:45.021007716 +1200 @@ -7,6 +7,8 @@ # require 'rubygems' +require 'yaml' +require 'rubygems/safe_yaml' version = ">= 0" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Also affected - gem2.0 is totally stuffed with this. It seems like if your system didn't already have a recent version of psych installed before the upgrade (maybe) then you can't use it... I tried using the safe_yaml that seems to be bundled with ruby (or perhaps it was pre-installed?), but that fails to... ruby2.0 -r safe_yaml -r rubygems/safe_yaml -S gem install psych --version 2.0.17 --backtrace ERROR: While executing gem ... (ArgumentError) wrong number of arguments (4 for 1..3) /usr/lib/ruby/vendor_ruby/safe_yaml/load.rb:136:in `load' /usr/lib/ruby/vendor_ruby/safe_yaml.rb:29:in `safe_load' /usr/lib/ruby/2.0.0/rubygems/safe_yaml.rb:31:in `safe_load' /usr/lib/ruby/2.0.0/rubygems/package.rb:445:in `block (2 levels) in read_checksums' /usr/lib/ruby/2.0.0/rubygems/package.rb:444:in `wrap' /usr/lib/ruby/2.0.0/rubygems/package.rb:444:in `block in read_checksums' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1777174] Re: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: ruby2.0 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1777174 Title: 2.0.0.484-1ubuntu2.10 triggers uninitialized constant Gem::SafeYAML on calling gem2.0 install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby2.0/+bug/1777174/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
