Skip to content

Fix bundler/inline failing in Ruby 3.2 due to conflicting securerandom versions #7984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 2, 2024
Merged

Fix bundler/inline failing in Ruby 3.2 due to conflicting securerandom versions #7984

merged 2 commits into from
Sep 2, 2024

Conversation

@deivid-rodriguez
Copy link
Contributor

What was the end-user or developer problem that led to this PR?

In Ruby 3.2, when using bundler/inline, Bundler Fetcher will internally activate the default version of securerandom (0.2.2). If the inline gemfile is using a different version of securerandom, and activation conflict will be raised.

See #7930.

What is your fix for the problem, implemented in this PR?

In the future we believe the ideal solution is to have bundler/inline reexec the original process once the install is done. However, re-exec'ing with original Ruby arguments is tricky, so for now we're vendoring securerandom in Bundler to skip this particular problem.

Make sure the following tasks are checked

@deivid-rodriguez deivid-rodriguez mentioned this pull request Aug 30, 2024
Closed
deivid-rodriguez and others added 2 commits September 2, 2024 16:05
@deivid-rodriguez @byroot
Change automatiek to properly vendor securerandom
8212fa2 
Co-authored-by: Jean Boussier <[email protected]>
@deivid-rodriguez @byroot
Vendor securerandom in Bundler as well
da76c25 
It is loaded by `Fetcher` so in most case it's fine.

But if using `bundler/inline` and a gem need to be fetched,
`securerandom` will be loaded and cause a conflict.

Can be reproduced with:

```ruby
require 'bundler/inline'

gemfile do
  source 'https://rubygems.org'
  gem 'graphql', '~> 2.0'
  gem 'graphql-client', '~> 0.18'
end

require 'json'
require 'graphql/client'
require 'graphql/client/http'
```

Ref: rails/rails#52473 (comment)

Co-authored-by: Jean Boussier <[email protected]>
@deivid-rodriguez deivid-rodriguez merged commit cf33207 into master Sep 2, 2024
@deivid-rodriguez deivid-rodriguez deleted the vendor-secure-random branch September 2, 2024 15:42
deivid-rodriguez added a commit that referenced this pull request Sep 17, 2024
@deivid-rodriguez
Merge pull request #7984 from rubygems/vendor-secure-random
b4b7bea 
Fix `bundler/inline` failing in Ruby 3.2 due to conflicting `securerandom` versions

(cherry picked from commit cf33207)
deivid-rodriguez added a commit that referenced this pull request Sep 17, 2024
@deivid-rodriguez
Merge pull request #7984 from rubygems/vendor-secure-random
73215eb 
Fix `bundler/inline` failing in Ruby 3.2 due to conflicting `securerandom` versions

(cherry picked from commit cf33207)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bundler: bug fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@deivid-rodriguez