Upgrading Ruby To A New Patch Version

Ruby exploits are becoming more common. When one is found, it is often necessary to upgrade the Ruby in your Ruby-on-Rails  stack to the latest patch version to mitigate the vulnerability du jour. If you are using RVM, here’s how you do it:

1) Verify the latest, stable version of Ruby currently available for download at ruby-lang.org
Note the version number.

2) Check your current version of ruby.
$ rvm list
=* ruby-2.0.0-p247 [ x86_64 ]

3) Download and upgrade to the latest, stable version of RVM
$ rvm get stable

4) List the versions of Ruby that RVM knows about.
$ rvm list known
You are looking for the “MRI Rubies” section-scroll up to find it. Then ensure the Ruby version you found in step one is in the list:

5) Upgrade Ruby by passing in the name of your current version and the top-level version number.
rvm <your_current_version> 2.0.0
$ rvm upgrade 2.0.0-p247 2.0.0
You should see a confirmation message appear:
Are you sure you wish to upgrade from ruby-2.0.0-p247 to ruby-2.0.0-p353? (Y/n):

6) Select Yes to comments the upgrade. It may take some time to complete, as Ruby must be downloaded and compile, but finish without incident. Note that the installer will also offer to move your gems to the new version, while deleting them from the old version. It will also offer to move your aliases and wrappers. For convenience sake, its advisable to accept these choices.
Are you sure you wish to MOVE gems from ruby-2.0.0-p247 to ruby-2.0.0-p353?
This will overwrite existing gems in ruby-2.0.0-p353 and remove them from ruby-2.0.0-p247 (Y/n):
Do you wish to move over aliases? (Y/n): y
Do you wish to move over wrappers? (Y/n): y

7) Removing old, vulnerable version of Ruby.
It is also advisable to allow the installer to remove the older version of Ruby:
Do you also wish to completely remove ruby-2.0.0-p247 (inc. archive)? (Y/n):
Removing ruby-2.0.0-p247……..

8) If all has gone as expected, you will see a confirmation message.
Successfully migrated ruby-2.0.0-p247 to ruby-2.0.0-p353
Upgrade complete!

9) Set the upgraded version of Ruby as your RVM default.
$ rvm –default use 2.0.0

10) Verify you are running the new, patched version of Ruby:
$ rvm list
=* ruby-2.0.0-p353 [ x86_64 ]

10 Steps to Ruby 2.x and Rails 4.x on Mountain Lion

1) Download and install Xcode Command Line Tools
Mountain Lion file name: xcode462_cltools_10_86938259a.dmg

2) Install GitHub for Mac
This also has an option to install the Git command-line tools. Choose that option.

3) Install RVM
$ curl -L https://get.rvm.io | bash -s stable –ruby

4) Source rvm to open in the existing shell
$ source ~/.rvm/scripts/rvm

5) Set default Ruby version
$ rvm –default use 2.1.0

6) Update Gem manager
$ gem update –system

7) Use the global Gemset by default
$ rvm gemset use global

8) Update all Gems
$ gem update

9) Don’t download Gem documentation at install
$ echo “gem: –no-document” >> ~/.gemrc

10) Install Rails
$ gem install rails

Creating a GitHub repository from the command line.

If you’re like me, you hate swapping out of terminal to log into GitHub when creating a new repository.  It an always jarring step that gets you out of coding flow. You can accomplish the very same thing at the command line, and never open a web browser. All you need is the cURL library (found in almost every popular flavor of Linux and OSX today), and your personal GitHub API token.

This technique calls on GitHub’s API to work its magic. You will therefore need to login to GitHub, browse to the “Your Account – Account Admin” section and find your unique API token listed there. Copy the token down for reference purposes.

When you are ready to create a new GitHub repository for your code (ie: just before “git remote add origin” step), issue the following command using the cURL URL transfer tool:

$ curl -F 'login=<your_login_name>' -F 'token=<your_API_token>' https://github.com/api/v2/json/repos/create -F 'name=<your_repo_name>' -F 'description=<your_repo_summary>'

GitHub will reply to your API call with a flurry of JSON, while it creates your new repo in the background:

Your repo will now be ready to push code into. Login into GitHub to validate that it is indeed there. That’s it!

UPDATE 1/10/2013: Github terminated its API on June 1, 2012, which negates the ability to create the repo. More detail can be found here.


Install Ruby Version Manager (RVM) on CentOS 5.5

RVM, or Ruby Version Manager is a popular and effective way to manage running multiple Ruby environments. Here is how you set it up on CentOS 5.5:

1) Add the Webtatic respository and install Git.

rpm -Uvh http://repo.webtatic.com/yum/centos/5/latest.rpm
yum install --enablerepo=webtatic git

(Note that this command will also install the perl-Error and perl-Git dependencies)

2) Create an rvm user and group.

groupadd rvm
useradd -g rvm rvm

3) Add the root user to the rvm group (required for installation)

usermod -a -G rvm root

4) Install RVM as root.

bash < <(curl -L http://bit.ly/rvm-install-system-wide)

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5840  100  5840    0     0   1620      0  0:00:03  0:00:03 --:--:--  5653
Group 'rvm' exists, proceeding with installation.
Adding 'root' to the group 'rvm'
Creating the destination dir and making sure the permissions are correct
Cloning into rvm...
remote: Counting objects: 4206, done.
remote: Compressing objects: 100% (2029/2029), done.
Receiving objects:  26% (1094/4206), 796.00 KiB | 54 KiB/s


Setting up group permissions
Generating system wide rvmrc
Generating /usr/local/lib/rvm to load rvm
Correct permissions on rvmrc and the rvm loader
RVM is now installed. To use, source '/usr/local/lib/rvm' to your shell profile.

5) Install zlib via RVM.

# rvm package install zlib
Fetching zlib-1.2.5.tar.gz to /usr/local/rvm/archives
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  531k  100  531k    0     0   206k      0  0:00:02  0:00:02 --:--:--  226k
Extracting zlib-1.2.5.tar.gz to /usr/local/rvm/src
Configuring zlib in /usr/local/rvm/src/zlib-1.2.5.
Compiling zlib in /usr/local/rvm/src/zlib-1.2.5.
Installing zlib to /usr/local/rvm/usr

6) Install Ruby 1.9.2 using RVM.

# rvm install 1.9.2 -C --with-zlib-dir=/usr/local/rvm/src/
Installing Ruby from source to: /usr/local/rvm/rubi

                while depending on your cpu(s)...

ruby-1.9.2-p180 - #fetching
ruby-1.9.2-p180 - #extracting ruby-1.9.2-p180 to /u
ruby-1.9.2-p180 - #extracted to /usr/local/rvm/src/
ruby-1.9.2-p180 - #configuring
ruby-1.9.2-p180 - #compiling
ruby-1.9.2-p180 - #installing
ruby-1.9.2-p180 - Updating #rubygems to the latest.
Removing old Rubygems files...
Installing rubygems dedicated to ruby-1.9.2-p180...
Installing rubygems for /usr/local/rvm/rubies/ruby-1.9.2-p180/bin/ruby
Installation of rubygems completed successfully.
ruby-1.9.2-p180 - Updating #rubygems to the latest.
Removing old Rubygems files...
Installing rubygems dedicated to ruby-1.9.2-p180...
Installing rubygems for /usr/local/rvm/rubies/ruby-1.9.2-p180/bin/ruby
Installation of rubygems completed successfully.
ruby-1.9.2-p180 - adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
ruby-1.9.2-p180 - #importing default gemsets (/usr/local/rvm/gemsets/)
Install of ruby-1.9.2-p180 - #complete

7) Set the RVM default to version 1.9.2

# rvm --default use 1.9.2
Using /usr/local/rvm/gems/ruby-1.9.2-p180

&#56&#41 Verify that Ruby version 1.9.2 was installed successfully.

# ruby -v
ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-linux]

9) Add this environment variable to root’s .bash_profile file.

[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm"

10) Install rails.

# gem install rails
Fetching: activesupport-3.0.5.gem (100%)
Fetching: builder-2.1.2.gem (100%)
Fetching: i18n-0.5.0.gem (100%)
Installing RDoc documentation for railties-3.0.5...
Installing RDoc documentation for bundler-1.0.10...
Installing RDoc documentation for rails-3.0.5...< /pre>

UPDATE 7/25/2011: The system-wide install script is no longer available on github, and has been removed by the author. A workaround link is posted in the comments on this Stack Overflow discussion.