search

TalentBox / sequel-rails

A gem for using Sequel with Rails 5.x, 6.x, 7.x, 8.x
http://talentbox.github.io/sequel-rails/
MIT License
326 stars 81 forks source link

File permissions of v0.9.13 gem may result in unreadable files #121

Closed GUI closed 8 years ago

GUI commented 8 years ago

After deploying v0.9.13 of sequel-rails to our servers, I was hit by some errors that were preventing our app from starting:

/var/www/shared/vendor/bundle/ruby/2.3.0/gems/railties-4.2.7.1/lib/rails/railtie/configuration.rb:95:in
`method_missing': undefined method `sequel'
for #<Rails::Application::Configuration:0x00000006a27618> (NoMethodError)

After poking around, I discovered that some of sequel-rails's files were unreadable by the user our web application runs as. This occurred because our gems were installed by a different deploy user, but something in the v0.9.13 gem installs some of the files without world-readable permissions. Some of the files the v0.9.13 gem decompresses are chmod 660 instead of 644 (which I think it the more normal permissions for any gem library files). I can't reproduce this on a fresh clone and rake build test, so were the permissions maybe different in the local environment where the last gem was built? Previous versions of the gem seem to have the more typical 644 permissions.

Here's a quick demonstration showing that the permissions differences that seem to be part of the v0.9.13 gem package:

$ curl -OL "https://rubygems.org/downloads/sequel-rails-0.9.12.gem"
$ curl -OL "https://rubygems.org/downloads/sequel-rails-0.9.13.gem" 
$ gem unpack sequel-rails-0.9.12.gem
$ gem unpack sequel-rails-0.9.13.gem

$ ls -l sequel-rails-0.9.12/lib
drwxr-xr-x  action_dispatch
drwxr-xr-x  generators
-rw-r--r--  sequel-rails.rb
drwxr-xr-x  sequel_rails
-rw-r--r--  sequel_rails.rb

$ ls -l sequel-rails-0.9.13/lib
drwxr-xr-x  action_dispatch
drwxr-xr-x  generators
-rw-rw----  sequel-rails.rb
drwxr-xr-x  sequel_rails
-rw-rw----  sequel_rails.rb

Note the differences on the sequel-rails.rb and sequel_rails.rb files (-rw-rw---- instead of -rw-r--r--).

I was able to workaround this by pointing our Gemfile at git for this gem, which installed the files with the default 644 permissions. But I thought I'd mention this in case this permission change wasn't intentional.

Thanks!

JonathanTron commented 8 years ago

Hi @GUI, thanks for the detective work here. I've released a new version after making sure read bits are set for everyone on the files.