l0f...@tuta.io wrote: > What is the best practice regarding Ruby gems installation please (user vs > root)? > > So my question about the best practice at the very beginning.
> I think it can be very tricky to have parallel versions of the same gems, and > I don't think having obsolete user gems is really nice (security+features). > How do you manage that situation? Do you delete all user local gems and only > keep root's (maybe it introduces access errors in your programs by doing so)? > Do you change the gem directories permissions (maybe it's less secure...)? > Don't you touch anything and just use sudo everywhere? Other idea? > I'll contribute another viewpoint. My company writes in Ruby as part of our financial service software. It's vitally important that we maintain continuity during development, so that what we run in production is absolutely the same as what we tested in QA. We build .deb packages for ruby that we distribute internally. It does not conflict with the Debian ruby package, which we install when there are requirements from other Debian packages. We maintain our own gem repository. When a developer wants to add a new gem or update one, it is brought to our repository so that it doesn't change out from under us. We don't install those via .deb, but rather through the bundler. We run an environment-setting script that points each user to the desired ruby and gems directories, which we put in /opt/ruby-$VERSION on each machine. If you want to test your program against different versions, it's as easy as running a different script. Effectively, we have the Debian ruby environment that is compatible with whatever Debian wants, and we have our local ruby environments which we use to build software. -dsr-
