最近我创建了一个新的Rails 5应用程序,没有git存储库。 自动生成的Gemfile包含一个我以前从未见过的新块:
git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") "https://github.com/#{repo_name}.git" end它的含义是什么? 每个新应用程序都是强制性的吗?
Recently I created a new Rails 5 app, without a git repository. The auto-generated Gemfile contains a new block I had not seen before:
git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") "https://github.com/#{repo_name}.git" endWhat's the meaning of it? Is it mandatory for every new app?
最满意答案
它是一段遗留代码,很可能会被删除。
补充:它是一个解决Bundler中的bug的解决方法,它可以让github的源代码通过HTTP加载,而不是HTTPS - 这使得它在中间攻击时容易受到攻击。
git_source添加了一个可以使用的源代码,以便从git存储库下载gem,而不是从rubygems.org下载软件包。
git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") "https://github.com/#{repo_name}.git" end会这样做,当你声明:
gem 'foo_bar', :github => 'foo/bar'Bundler会尝试从https://github.com/foo/bar.git下载gem。
由于修复这将是一个突破性的变化,因为它会使任何现有的Gemfile.lock失效,它在Bundler 2.x中得到修复。 此时,应该安全地删除此解决方法。
Its a piece of legacy code and should most likely be removed.
Added: Its a workaround for a bug in Bundler which can cause sources from github to be loaded via HTTP and not HTTPS - which makes it vulnerable to man in the middle attacks.
git_source adds a source which you can use so that the gem is downloaded from a git repository instead of a package from rubygems.org.
git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") "https://github.com/#{repo_name}.git" endWould make it so that when you declare:
gem 'foo_bar', :github => 'foo/bar'Bundler would attempt to download the gem from https://github.com/foo/bar.git.
Since fixing this would be a breaking change as it would invalidate any existing Gemfile.lock it is fixed in Bundler 2.x. At that point it should be safe to remove this workaround.
更多推荐
发布评论