Comments (9)
Requires discussion with Darcy.
from rvm.
+1 to have some way of dealing with this automatically.
I am using capistrano and currently I have a custom task for this in my config/deploy.rb
:
namespace :rvm do
task :trust_rvmrc do
run "rvm rvmrc trust #{release_path}"
end
end
I use an after
hook in my main deploy task to run the task above on each deployment:
after "deploy", "rvm:trust_rvmrc"
Maybe the fix is as simple as defining something in rvm/capistrano
that can be called to turn automatic trust on and off?
from rvm.
+1 I had to add this to get an update working
from rvm.
Anybody know if this issue was addressed? It was closed without any comments...
from rvm.
The problem with implicitly trusting the file, instead of creating trust for it's fingerprint at the time of deployment is that any subsequent changes will be trusted if a malicious user changes the file.
I would say that @bowsersenior's solution to trust the file as it's deployed is correct.
from rvm.
@richoH : I didn't consider the security implications you brought up. That is an important issue to be aware of.
from rvm.
No problem.
Another approach (potentially wiht it's own compatility concerns) would be to calculate the fingerprint of the rvmrc at the development end and include a task to update the trust on the deployment server.
This would mitigate any chance of the race condition where
1 You deploy your whole project, including the rvmrc
Attacker traps this condition and injects his own code into the rvmrc
2 You call rvmrc trust, and trust the now malicious rc file.
from rvm.
bowsersenior this has been added to the capistrano integration page on RVM's homesite. It will show as soon as wayne redeploys the update. Thank you for this!
from rvm.
Cool, thanks for the update!
from rvm.
Related Issues (20)
- RVM - Error running '__rvm_make -j8' while running rvm install on Debian 12 HOT 7
- Error running '__rvm_make -j8', please read /usr/share/rvm/log/1704205007_ruby-3.0.0/make.log There has been an error while running make. Halting the installation. HOT 1
- Error : Installing rails on ruby 2.6.0 in rvm
- Changed requirements for Gentoo Linux HOT 1
- OpenSSL package installation: requested url does not exist HOT 2
- @jzakiya this ended up working for me on advice from a colleague.
- failed to install ruby Error running '__rvm_make -j4', HOT 3
- 3.2.3 error regenerating wrappers.
- Ubuntu 22.04 amd64 binaries for 3.2.2 and 3.2.3
- where __rvm_sed command defined
- Failed to install ruby-3.0.1. Error running '__rvm_make -j10' HOT 2
- Error running '__rvm_make -j12', in imac Sonoma 14.3.1 (23D60) HOT 1
- Errors with OpenSSL and zlib on MacOS Sonoma 14.4 M2 when installing ruby 3.3.0 HOT 4
- rvm .irbrc file incompatible with irb >= 1.11.0 HOT 1
- Could not update RVM, please report to https://github.com/rvm/rvm/issues HOT 2
- RVM warns users about building under clang too broadly
- rvm-installer downloads have bad GPG signature
- RVM not loading unless I run "rvm reload"
- 019!
- https://github.com/rvm/rvm/issues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rvm.