Build, Debug & Prosper

View Slide

start

View Slide

por favor, levantem as
mãos se você não
entender Inglês?

View Slide

BUILD, DEBUG &
PROSPER
@jainrishi15

View Slide

@joshsoftware

View Slide

INDIA

View Slide

Facts about INDIA
• 7th largest country by area in world.!
• 2nd most populous country at 1.2
billion people!
• Chess was invented in India!
• Value of “pi” was ﬁrst calculated by
Indian mathematician Budhayana.!
• Exports software to 90 countries.

View Slide

GEMS

View Slide

Guess the number
of ruby gems per
rubyist ?

View Slide

0.57

View Slide

http://carie-lyndene.com/wp-content/uploads/2014/05/Why1.jpg

View Slide

POSSIBLE REASONS:

View Slide

COMPLICATED
https://www.ﬂickr.com/photos/bandinisonﬁre/4748166227/in/photolist-8ezAoX-aLrAuX-on9ZhP-aSRZug-iJ7fKX-6fKVUp-5D5YmK-7gpqHB-4EEuP8-5MQvaL-5beGnc-fLkrww-gyZGrD-cuKobW-gyZGBt-2sH6gU-5C8jE-bmHMM5-nKBwxc-8nvyqY-efSKUD-
ePCWfs-dLEJMb-negWbD-4U5N8S-9TKYq1-68sMZG-9UP8eX-9kX4PT-o8V7Lj-6QaHA2-7ByZWU-6feEkV-ntoDmR-7afmog-KV875-5bj6C1-5bj43E-5beKDR-5bj4P7-5bj17u-4LBujV-6KhZpH-6o7wUK-4FRuq-24QT5s-4Byhxn-4dia18-4KrpK8-bXVr2J

View Slide

COMPLICATED
CALIBRE

View Slide

COMPLICATED
CALIBRE
BUSY

View Slide

COMPLICATED
CALIBRE
LAZY
BUSY

View Slide

COMPLICATED
CALIBRE
TRIVIAL
BUSY
LAZY

View Slide

adorable_cat

View Slide

Lets build a gem…

View Slide

but what?

View Slide

STEPS:
• NAMING!
• CODE!
• RELEASE

View Slide

NAMING CONVENTIONS:
• UNDERSCORES!
• DASHES

View Slide

UNDERSCORES “_”
GEM NAME
MODULE/CLASS
require statement
hello_world
HelloWorld
hello_world

View Slide

DASHES “-”
GEM NAME
MODULE/CLASS
require statement
rails-hello_world
Rails::HelloWorld
rails/hello_world

View Slide

GEM NAME
AVAILABILITY

View Slide

1. rubygems.org

View Slide

2. command line
gem query --remote rails!
!
*** REMOTE GEMS ***
!
aa-rails4 (0.6.0)
aaronchi-jrails (0.5.1)
aavkontakte-rails3 (0.1.9)
abcjs-rails (1.11)
access-granted-rails (0.1.0)
activerecord-import-rails4 (0.5.0)

View Slide

3. command line
gem query --remote —name-matches
‘^rails$’!
!
!
*** REMOTE GEMS ***
!
!
rails (4.1.5)

View Slide

require 'net_explore/version'!
require 'os'!

View Slide

require 'os'!
module NetExplore!
!
!
end

View Slide

require 'os'!
module NetExplore!
def self.open_url url!
! ! #open page on mac OS!
! !
! ! #open page on linux!
! ! #raise an error!
end!
!
end

View Slide

require 'os'!
module NetExplore!
def self.open_url url!
! !
if OS.mac?!
system("open #{url}")!
! ! elsif OS.linux?!
system("xdg-open #{url}")!
! ! else!
raise 'Operating system type not supported ...
please file the issue on gitub page with your OS name
and I will try to include it in next release.'!
! ! end!
! end!
end

View Slide

VERSIONING
https://www.ﬂickr.com/photos/tedmurphy/3830352762/in/photolist-6QtyqS-5j3YPP-7gHBkt-4cv4sL-84rU3Y-aKQcDM-8deAE1-4RYoX-73jMXx-e4QTGi-5H4JMW-6P34yq-bDEUiF-oet3bA-ovVDkY-otVG51-oeudaQ-otVUfo-ovWc6S-ovGy26-ovZGS1-
ovVK2Y-oeJ8b2-owdb92-oub6gd-oxXS5a-ovZQr9-oeJkL2-oeHteb-owdhUM-oeH9kv-ovZPvS-oeHihQ-ovW9gx-owbkQ7-oubrkG-8bfvsK-99tWTS-7MGoit-4R5wJi-ovWErd-otWdej-oesGSV-5P3X3w-ovYL2k-oeH7rm-ovXKx6-otWW9G-ovWjxA-oeJfXz

View Slide

SCENARIO:
• INITIAL CLASS IS RELEASED!
• MORE FEATURES ADDED TO CLASS!
• BUG FIXES IN EXISTING METHODS!
• CHANGES WHICH BREAK EARLIER
CODE

View Slide

Incremental Versioning:
• INITIAL CLASS IS RELEASED
• MORE FEATURES ADDED TO
CLASS!
• BUG FIXES IN EXISTING
METHODS
• CHANGES WHICH BREAK
EARLIER CODE
VERSION1
VERSION2
VERSION3
VERSION4

View Slide

SEMANTIC VERSIONING:
x.y.z
patch: 0.0.x!
minor: 0.x.0!
major: x.0.0

View Slide

Semantic Versioning:
• INITIAL CLASS IS
RELEASED
VERSION 0.0.1
VERSION 0.1.0
VERSION 0.1.1
VERSION 1.0.0
• MORE FEATURES ADDED
TO CLASS
• BUG FIXES IN EXISTING
METHODS
• CHANGES WHICH BREAK
EARLIER CODE

View Slide

• OPTIMISTIC!
• PESSIMISTIC
Semantic Versioning:

View Slide

Optimistic Versioning:
gem ‘you gem name’, ‘>= 0.1.0’

View Slide

Pessimistic Versioning:
gem ‘you gem name’, ‘>= 0.1.0’, ‘< 1.0’

View Slide

~ >

View Slide

gem ‘rails’, ‘~> 3.0.3’

View Slide

Releasing a gem
gem push gem name-0.0.1.gem

View Slide

30 JAN
?

View Slide

30 JAN, 2013
?

View Slide

HACKED ..!!!
RUBYGEMS

View Slide

AFTER EFFECTS:
• SIGNING RUBY GEMS!
• APP-STORE TYPE MODEL!
• BUY CERTIFICATES

View Slide

SIGNING GEMS

View Slide

Build a public
certiﬁcate and a private
pem ﬁle.

View Slide

How to sign gems?

View Slide

Step1: Create Certiﬁcates
$ gem cert --build [email protected]!
PUBLIC CERT PRIVATE CERT

View Slide

Step2: Update gem with certs
cd /path/to/your/gem!
mkdir certs!
cp ~/.ssh/gem-public_cert.pem certs/
yourhandle.pem!
git add certs/yourhandle.pem!

View Slide

Step2: Update gem with certs
s.cert_chain = ['certs/yourhandle.pem']!
s.signing_key =File.expand_path("~/.ssh/
gem-private_key.pem")

View Slide

Step3: Update cert list
gem cert --add certs/yourhandle.pem

View Slide

Step4: Build gem
gem build gem name.gemspec
gem install gemname-version.gem -P
HighSecurity!

View Slide

gem install gemname-
version.gem -P HighSecurity!

View Slide

Security Policies:
• No security: Signed packages are treated
like unsigned packages.
• Low security: Checks expiry of
certiﬁcate.
• Medium Security: Validation + inclusion in
cert chain.
• High Security: Medium security + un-
signed gems restriction.

View Slide

Problem with signing
ruby gems ?
SCALABILITY

View Slide

Chain of certiﬁcates
rubygems
Varis Joffrey
Ned Stark Tyron Khaleesi

View Slide

Why to sign
gems at all?

View Slide

Scenario(hypothetical):
• You have a problem.!
• Solution found on stack
overﬂow (some gem)!
• gem install gem-name

View Slide

Vulnerability on gem
installation:
• Read/Write ﬁles on your system.!
• Connect to remote server.!
• Grab Passwords!
• Own all your ruby gems.

View Slide

examples:
• awesome_rails_ﬂash_messages!
• better_date_to_s!
• be_truthy
by @benjamin_smith

View Slide

gem fetch net_explore!
!
Fetching: net_explore-0.0.1.gem (100%)
Downloaded net_explore-0.0.1
!

View Slide

gem unpack net_explore-0.0.1.gem!
!
Unpacked gem: ‘path-to-net_explore-0.0.1’

View Slide

“Don’t trust gems
blindly ..!!!”

View Slide

THANK YOU!
@jainrishi15

View Slide

Build, Debug & Prosper

Build, Debug & Prosper

rishi jain

More Decks by rishi jain

Other Decks in Technology

Featured

Transcript