Is it possible to change the source code link of the gem, after publishing.
Yes, but only by publishing a new version of the gem.
You could yank (delete) the old version, but I would strongly advise against it. Yanking should only be done for "extreme" errors such as critical security or legal problems.
Related
Hi I am building a gem which depends on the multi_json gem, which is basically adapters to all other json encoder/decoders out there.
So an user filed an issue on my gem. He has issues because multi_json has a small bug in one of the adapters, which is later fixed on multi_json's end, so it is not really my issue.
I am wondering if I should change my gemspec to hardcode the dependency to the fixed version of multi_json. I thought it would be easier to just tell the user to explicitly specify to use the fixed version of multi_json. This way my dependency won't be too strict and conflict with other gems which use multi_json.
What are the thoughts on this?
You don't have to lock dependency version entirely, just make sure that you have release that have above-mentioned bug fixed. For instance,
gem 'multi_json', '> 1.9.1'
It will be on rubygems sooner or later and you're definitely not interested in encountering the same bug twice.
My opinion is that the reliability of your library in the present is more important than future development inconveniences, which may or may not occur.
As for what to tell your users, they should've already heard (and if they haven't you could remind them of this in the README.md) that most of the critical problems usually are solved within the day and can be found in master. So if they want to take advantage of the latest fixes (and the freshest new bugs), they could specify github as a source:
gem 'your_gem', github: 'lulalala/your_gem'
I have a gem published here: https://rubygems.org/gems/rangy-rails/
When I first released it in March 2013 I later realized that I had set an incorrect version.
I immediately yanked the gem and resubmitted it with the correct version. Unfortunately RubyGems does not remove the yanked gem and this is causing two problems:
The version list is not ordered correctly (yanked gem is on top): https://rubygems.org/gems/rangy-rails/versions
My gem's main page on RubyGems: https://rubygems.org/gems/rangy-rails/ is using a description about the gem being yanked instead of the gemspec's description.
How can I fix this?
So far my only option seems to be contacting RubyGems but they explicitly say the following:
Our policy is to only perma-delete gems that really need it, such as
gems that may contain passwords, malicious/harmful code, etc. Yanking
a gem effectively removes it from being found and will do the trick in
99% percent of situations.
(source: http://help.rubygems.org/kb/gemcutter/removing-a-published-rubygem)
Problem 2 is solvable. The description is taken from the latest non-prerelease version of the gem (not including yanked versions). (See more info about prerelease gem versions here.) Right now, your gem has 3 versions, and the two non-yanked ones are both prerelease (they have letters in the gem version). If you push a new version of the gem, even if it's 0.0.1 or something, that's a "release" version, and it will be used for the description instead.
I made a little test gem here to demonstrate what I'm talking about -- notice that the description page is taken from the latest non-prerelease version (0.0.1, in my case.)
There is no self-serve way to "solve" problem 1 -- Rubygems.org will always display your gem versions in semantic versioning order, from highest to lowest. I'm not sure why this is a big issue, though -- most people typically won't look at the versions page. Yanking will mask the bad version in most situations and, as the documentation says, will probably "do the trick" in this case.
If you really want to permanently hide the traces of the yanked gem and remove it from the versions list completely, you'll need to contact the Rubygems staff and see if they're willing to help out.
You need to publish new version, that is more than yanked. I.e., if yanked version is 1.3.0.772, you need to publish 1.3.0.780 (for example)
Very recently I created a gem on RubyGems.org. However I've worked on a new update and can't seem to figure out how to update a RubyGem. I've looked at the user guides, but I can't easily find any articles that specify how to update a RubyGem. Is there an easy way from the command line or from the website? I need to get the new update public soon. Thanks!
You just push the gem:
$ gem push my_gem-1.0.0.gem
When generating your gem's files and directories it is recommended that you use one of the available tools for creating gems for example bundler or Jeweller. They have predefined tasks that make it easy to update a gem using a versioning system. Have a look at their respective documentation.
If that is not possible. Keep your files under some form of version control. It will make it easy to add changes and update the current version of your gem.
Have a look at this tutorial on crafting gems.
First you can change the version number. If it is already exist.Then You can push the latest .gem(my_gem-x.x.x.gem). Please refer Guide:-Guide
Follow this excellent guide
I want to install a gem via gem install, but I need it to resolve with dependencies of the current project.
Basically I want the functionality that bundler gives me when I specify gem 'xyz' in a Gemfile, but I don't want to add that specific gem into the Gemfile.
I tried doing bundle exec gem install ... but it doesn't seem to work.
edit: The reason why I don't want to add it to the Gemfile is that it might be something like metric_fu, metrical, saikuro, rails_best_practices, etc. Simply gems that are kind of utility use and might only cluttler the project.
I might only want to use them temporarily, or install them, try out, if it doesn't work out the way I want do rvm gemset empty and bundle install again to clean up.
The point of Bundler is, in part, to prevent you from doing things like that (to prevent you from injecting gems from outside when your project doesn't declare them).
Looking for a way of doing that is looking for a bug in Bundler. If you did manage to find some way of skirting Bundler's enforcement mechanisms, you should probably not use it; instead, you may consider filing it as a bug with Bundler's issue tracker.
Now we come to the real questions: what can you do? and what should you do?
You should use either RVM gemsets or Bundler to isolate your application and its gem dependencies. You don't need both. I would recommend Bundler for this purpose over RVM gemsets.
You should add to your Gemfile any gems that you want to use and that integrate with your application (i.e., that either load your application or that are loaded as part of your application). This is not a requirement for any gems that refrain from integrating with your application.
You should refrain from committing a changed Gemfile or Gemfile.lock to version control until you are satisfied that your application continues to operate acceptably (tests pass, new gem does something useful, etc.).
Or you should stop using Bundler, because you want to do things it is explicitly designed to prevent you from doing (not recommended).
At the risk of sounding dumb, why not add it to the gemfile? You can always add it to its own group if you don't want to have to install it everywhere.
A slightly different approach is, if you're using version control, such as Git, to create a new branch and install the gems. If it doesn't work out, uninstall the gem (I'm not sure this will be done by bundle update on the old branch) and trash the branch. If it does, work, merge your stuff into the old the branch.
Though I do believe the other answers and comments have some very good points.
I'm confused about the world of Ruby Gems. There are several well-known repositories. Which is the right one, or does it matter?
I guess Gemcutter is the hip repository right now. They definitely have the nicest-looking website. Does that mean I should get my gems from there?
The main reason I'm asking is that I want to make sure I'm getting the latest release of the gem. If I don't specify the source, am I in danger of installing a crap version of the gem, or am I bugging?
Why is there more than one repository anyway?
GitHub gem building is defunct -- it got disabled for an upgrade, and was never re-enabled because GemCutter is taking over that role. There are no new gems being generated on GitHub.
RubyForge is planning to phase phase out gem hosting too -- GemCutter will become the standard source for gems.
Edit: The whole migration plan is here
Go gemcutter. It's been publicized that gemcutter is going to become the new de facto. But, if you can't find the gem on gemcutter, you have to look at github or rubyforge. Hopefully most people will (if they haven't already) start moving towards gemcutter.
I think that's where "we" are at right now.
Why is there more than one repository anyway?
Because you can run your very own gem server and install from that (some folks use it on large deployments to host their own gems).