当我们需要将这个补丁应用到我们的应用程序时,一切都开始了 - http://seclists.org/oss-sec/2012/q2/504。看似简单的任务变成了* ss的痛苦。
我知道我有以下选择:
1.Monkeypatch;
2.Vendor rails;
3.fork Rails, apply the patch for 2.3 to the 2-3-stable
branch and use it in the Gemfile.
选项#3 对我来说最有吸引力,因为如果需要,它可以让我使用官方 repo 进行 rebase;以干净的方式应用额外的更改 - 无需使用来自 Rails 的 gem 的数十个源文件(就像 vendoring 那样)来破坏应用程序存储库。猴子补丁可能已经完成了这项工作,因为 2.3-stable 分支不会经常更新,但我真的不喜欢为这样的补丁打开课程。
所以我继续#3。
1. I forked Rails;
2. I cloned my Rails repo locally;
3. I applied the 2.3 patch (http://seclists.org/oss-sec/2012/q2/att-504/2-3-sql-injection.patch)
using git am --signoff;
4. I pushed the changes.
5. I went to our app's Gemfile and added:
gem "rails","2.3.14", :git => "git://github.com/fullofcaffeine/rails.git", :branch => "2-3-stable"
6. Ran bundle install
一切看起来都很棒,因为捆绑安装成功完成。当我尝试启动 Rails 服务器时,出现“没有可以加载 --initializer 的此类文件”错误。
经过一番谷歌搜索,我找到了以下帖子 -如何在带有 bundler 的项目中使用分支中的分支。我完全按照他说的做了,手动创建了 gemspecs,并相应地更改了 Gemfile。当我尝试运行 bundler 时,令人惊讶的是它运行时没有出现问题,我在输出中看到了这一点:
Using activerecord (2.3.14) from git://github.com/fullofcaffeine/rails.git (at 2-3-stable) Successfully built RubyGem
Name: activerecord
Version: 2.3.14
File: activerecord-2.3.14.gem
Using rails (2.3.14) from git://github.com/fullofcaffeine/rails.git (at 2-3-stable) Successfully built RubyGem
Name: rails
Version: 2.3.14
File: rails-2.3.14.gem
...
依此类推,我为每个宝石创建了一个 gemspec。
但是,当我尝试运行 Rails 服务器时,我得到了这个:
$ script/server
/Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/source.rb:572:in `load_spec_files': git://github.com/fullofcaffeine/rails.git (at 2-3-stable) is not checked out. Please run `bundle install` (Bundler::GitError)
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/source.rb:385:in `local_specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/source.rb:555:in `specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:356:in `converge_locked_specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:345:in `each'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:345:in `converge_locked_specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:143:in `resolve'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:90:in `specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:135:in `specs_for'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/definition.rb:124:in `requested_specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/environment.rb:23:in `requested_specs'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler/runtime.rb:11:in `setup'
from /Users/fullofcaffeine/.rvm/gems/ruby-1.8.7-p357@myapp/gems/bundler-1.0.21/lib/bundler.rb:110:in `setup'
from ./script/../config/../config/preinitializer.rb:16
from ./script/../config/boot.rb:28:in `load'
from ./script/../config/boot.rb:28:in `preinitialize'
from ./script/../config/boot.rb:10:in `boot!'
from ./script/../config/boot.rb:125
from script/server:3:in `require'
from script/server:3
此外,如果我试图找到 Bundler 构建的 gem(我在上面粘贴的关于 Bundler 构建 gem 的消息),我找不到它们。
我真的不知道该怎么办,这么简单的任务变成了一场噩梦。如果发现我在这方面花费了太多时间,我可能会修补课程。
- 所以问题真的是 - 对于这种“我需要根据我的需要修补或自定义 Rails”场景,最实用的解决方案是什么?
编辑:我现在通过猴子补丁解决了这个问题,请参阅下面的最后一条评论。