Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-14818

Missing metadata field in RubyGems packages

    XMLWordPrintable

    Details

    • Severity:
      Medium

      Description

      After trying to install several times a logstash-plugin using Artifactory and the method provided by Elastic's Team, we found out that Artifactory has a bug where the rubygems repository does not save the gemspec's metadata field.
      The proof can be obtained by performing a gem push to Artifactory and executing the following code in the Interactive Ruby Shell:

      require "rubygems/package"
      spec = Gem::RemoteFetcher.fetcher.fetch_path URI.parse('https://<username>:<password>@<snip>/quick/Marshal.4.8/logstash-filter-bogon-1.0.3.gemspec.rz')
      spec = Gem.inflate(spec)
      puts spec
      => "\x04\bu:\x17Gem::Specification\x02R\x05\x04\b[\x17I\"\n2.4.8\x06:\x06ETi\tI\"\x1Alogstash-filter-bogon\x06;\x00TU:\x11Gem::Version[\x06I\"\n1.0.3\x06;\x00TIu:\tTime\r`\\\x1D\xC0\x00\x00\x00\x00\x06:\rsubmicro\"\x06\x00I\"JPlugin that checks if a given IP Address is in a Bogon Address Range.\x06;\x00TU:\x15Gem::Requirement[\x06[\x06[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\x060\x06;\x00TU;\t[\x06[\x06[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\x060\x06;\x00TI\"\truby\x06;\x00F[\vo:\x14Gem::Dependency\n:\x11@requirementU;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b2.0\x06;\x00T:\n@nameI\"\x1Dlogstash-core-plugin-api\x06;\x00T:\x10@prereleaseF:\n@type:\fruntime:\x1A@version_requirementsU;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b2.0\x06;\x00To;\n\n;\vU;\t[\x06[\x06[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\x060\x06;\x00T;\fI\"\x16logstash-devutils\x06;\x00T;\rF;\x0E:\x10development;\x10U;\t[\x06[\x06[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\x060\x06;\x00To;\n\n;\vU;\t[\x06[\a[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b1.5\x06;\x00T[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\n1.5.1\x06;\x00T;\fI\"\fnetaddr\x06;\x00T;\rF;\x0E;\x0F;\x10U;\t[\x06[\a[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b1.5\x06;\x00T[\aI\"\a>=\x06;\x00TU;\x06[\x06I\"\n1.5.1\x06;\x00To;\n\n;\vU;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b0.2\x06;\x00T;\fI\"\x1Arspec_junit_formatter\x06;\x00T;\rF;\x0E;\x11;\x10U;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\b0.2\x06;\x00To;\n\n;\vU;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\t0.14\x06;\x00T;\fI\"\x0Esimplecov\x06;\x00T;\rF;\x0E;\x11;\x10U;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\t0.14\x06;\x00To;\n\n;\vU;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\n0.2.3\x06;\x00T;\fI\"\x13simplecov-rcov\x06;\x00T;\rF;\x0E;\x11;\x10U;\t[\x06[\x06[\aI\"\a~>\x06;\x00TU;\x06[\x06I\"\n0.2.3\x06;\x00T0I\"!<snip>\x06;\x00T[\x06I\"\x19<snip>\x06;\x00TI\"\x01\xB5This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program\x06;\x00TI\" <snip>
      Marshal.load(spec)
      

      And as you can see by the output from the De-Marshalled object in Plain Text or Rich Object:

      [11] pry(#<LogStash::PluginManager::Install>)> Marshal.load(spec)
      => Gem::Specification.new do |s|
        s.name = "logstash-filter-bogon"
        s.version = Gem::Version.new("1.0.3")
        s.installed_by_version = Gem::Version.new("0")
        s.authors = ["<snip>"]
        s.date = Time.utc(2017, 8, 3)
        s.dependencies = [Gem::Dependency.new("logstash-core-plugin-api", Gem::Requirement.new(["~> 2.0"]), :runtime),
         Gem::Dependency.new("logstash-devutils", Gem::Requirement.new([">= 0"]), :development),
         Gem::Dependency.new("netaddr", Gem::Requirement.new([">= 1.5.1", "~> 1.5"]), :runtime),
         Gem::Dependency.new("rspec_junit_formatter", Gem::Requirement.new(["~> 0.2"]), :development),
         Gem::Dependency.new("simplecov", Gem::Requirement.new(["~> 0.14"]), :development),
         Gem::Dependency.new("simplecov-rcov", Gem::Requirement.new(["~> 0.2.3"]), :development)]
        s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
        s.email = "<snip>"
        s.homepage = "<snip>"
        s.metadata = nil
        s.require_paths = ["lib"]
        s.rubygems_version = "2.4.8"
        s.specification_version = 4
        s.summary = "Plugin that checks if a given IP Address is in a Bogon Address Range."
        end
      

      The metadata field is nil, and Logstash checks for some tags in this field to install it's plugins.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            psadikov Pavel Sadikov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-14818 -
                SYNCHRONIZED
                • Last Sync Date: