Gemspec corrupted in 1.0.4

[andrewdsmith]

Installing 1.0.4 (under Ruby 1.8.7 and gem 1.3.7) causes problems due to what I think is a corrupted gemspec, as can be see at http://rubygems.org/gems/cucumber/versions/1.0.4. By way of confirmation I'll quote http://stackoverflow.com/questions/7379385/invalid-gemspec-in-and-illformed-requirement-whenever-i-create-a-new-project.

[cgriego]

After I installed cucumber-1.0.4 I get this anytime ruby gems is loaded.

Invalid gemspec in [/gems/ruby-1.8.7-p352/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#YAML::Syck::DefaultKey:0x104dda680 0.8.4"]

[chicks]

I see this issue as well, on mri 1.9.2 and rubygems 1.8.10

[statonjr]

I'm also getting this on JRuby 1.6.4 and rubygems 1.8.10.

[jobinthepast]

I have the same issue with Ruby 1.9.2p180 rubygems 1.8.10. when I run "bundle install", the error messages are:

Installing cucumber (1.0.4) Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x000001051123c0> 0.8.4"]
Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-rails-1.0.3.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x00000100ce58a0> 0.7.2"]

Installing cucumber-rails (1.0.3) Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x000001051123c0> 0.8.4"]
Invalid gemspec in [/Users/ndgiang84/.rvm/gems/ruby-1.9.2-p180/specifications/cucumber-rails-1.0.3.gemspec]: Illformed requirement ["#<Syck::DefaultKey:0x00000103fabf78> 0.7.2"]

[chicks]

Also worth noting, if you inspect the gemspec file, it contains:

#<Syck::DefaultKey:0x00000100ce58a0> 0.7.2

as one of the dependency versions. Is this a cucumber gem spec issue, or a bundler issue?

[chicks]

Also for those who are having this problem, manually removing the gemspec file and linking against the github repo like so:

group :development, :test do
  gem 'ruby-debug19', :require => 'ruby-debug'
  gem 'capybara'
  gem 'cucumber', :git => 'https://github.com/cucumber/cucumber.git'
  gem 'cucumber-rails', :git => 'https://github.com/cucumber/cucumber-rails.git'

Seems to resolve the problem

[thegcat]

Seeing this too, it probably is the same problem as already occured in gherkin and was fixed in cucumber/gherkin@9d0cd89

[andrewdsmith]

I can confirm that this is a regression since 1.0.3. However...

I revisited the StackOverflow question and there's a link to this very informative blog post: http://blog.rubygems.org/2011/08/31/shaving-the-yaml-yacc.html. Apparently this is a problem with rubygems.org using Syck not Psyck. The advice on StackOverflow is to run gem update --system. I won't have a chance to confirm this for a while but the release history for rubygems makes more than one reference to fixing Syck issues, so I'm hopeful.

I'm leaving this issue open for the time being as it appears to be a useful landing pad for those experiencing this issue!

[stuartellis]

I've got a slightly different error message with JRuby 1.6.4 and RubyGems 1.5.1 (RVM jruby installation), but also resolved it by installing Cucumber 1.0.3.

ERROR: While executing gem ... (ArgumentError)
undefined class/module YAML::Syck::DefaultKey

[andycutright]

gem update --system does not solve this problem.

[laran]

Ran into this as well. Using 1.0.3 works for me.

[mattwynne]

You should not get this error if you're using the latest version of Rubygems 1.8.10, however: if you have problems with gems that were installed with an older version of Rubygems, you will need to remove those gems, even if you update Rubygems.

If you're using RVM with gemsets, this is relatively painless:

rvm gemset empty
gem update --system
bundle

The warnings should now go away.

[andrewdsmith]

This is not an issue with Cucumber but with rubygems. Upgrading to rubygems 1.8.10 resolves the issue. Closing but adding some details for the Googlers out there.

I'm running Ubuntu and so the upgrading the system rubygems requires a little more determination:

sudo REALLY_GEM_UPDATE_SYSTEM=TRUE gem update --system

After this gem no longer recognised the latest json and gherkin gems installed for Cucumber 1.0.3:

Invalid gemspec in [/home/andrew/.gem/ruby/1.8/specifications/json-1.5.4.gemspec]: invalid date format in specification: "2011-08-31 00:00:00.000000000Z"
Invalid gemspec in [/home/andrew/.gem/ruby/1.8/specifications/gherkin-2.4.18.gemspec]: invalid date format in specification: "2011-09-05 00:00:00.000000000Z"

This was resolved by manually removing the referenced .gemspec files and associated gem folders. Next I went to run bundle update but got this error:

/home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/ui.rb:56: uninitialized constant Gem::SilentUI (NameError)
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/cli.rb:16:in `initialize'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor.rb:246:in `new'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor.rb:246:in `dispatch'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/lib/bundler/vendor/thor/base.rb:389:in `start'
    from /home/andrew/.gem/ruby/1.8/gems/bundler-1.0.7/bin/bundle:13
    from /home/andrew/.gem/ruby/1.8/bin/bundle:19:in `load'
    from /home/andrew/.gem/ruby/1.8/bin/bundle:19

This turned out to be because I was using a stale version of Bundler not compatible with the latest version of rubygems. Easily solved with just:

gem update bundler

Finally, I was able to bundle update and get Cucumber 1.0.4 in and running.

[andycutright]

I have both the latest bundle and the latest gem in my path. This does not solve the problem.

$ bundle --version
Bundler version 1.0.18
$ gem --version
1.8.10
$ which bundle
~/.rvm/gems/ruby-1.9.2-p290@global/bin/bundle
$ which gem
~/.rvm/rubies/ruby-1.9.2-p290/bin/gem

Using rvm to create a new gemset and install cucumber i see this error message:

Invalid gemspec in [~/.rvm/gems/ruby-1.9.2-p290@junker/specifications/cucumber-1.0.4.gemspec]: Illformed requirement ["#Syck::DefaultKey:0x00000102b92140 0.8.4"]

[mattwynne]

@coopsite please delete that dodgy gemspec file and reinstall cucumber with your new Rubygems.

[cgriego]

What about the people on Engine Yard stuck using Rubygems 1.5? This same issue was previously fixed in gherkin, why not fix it here as well? Please reopen.

[mattwynne]

I think @aslakhellesoy is going to release a fix in the next few days.

[aslakhellesoy]

I just did a rubygems update:

$ gem update --system
Updating rubygems-update
Fetching: rubygems-update-1.8.10.gem (100%)
Successfully installed rubygems-update-1.8.10
Installing RubyGems 1.8.10
RubyGems 1.8.10 installed

== 1.8.10 / 2011-08-25

RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded.  See
https://github.com/rubygems/rubygems/pull/165 for details.

* 5 bug fixes:

  * RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
    and %q to prevent code injection.  Issue #165 by Postmodern
  * RubyGems attempt to activate the psych gem now to obtain bugfixes from
    psych.
  * Gem.dir has been restored to the front of Gem.path.  Fixes remaining
    problem with Issue #115
  * Fixed Syck DefaultKey infecting ruby-format specifications.
  * `gem uninstall a b` no longer stops if gem "a" is not installed.

They claim the Syck problem has been fixed. Yay! So I released 1.0.5, assuming it would be fixed. No dice. The gemspec still seems to be corrupted: https://rubygems.org/gems/cucumber/versions/1.0.5

As some of you know, I had similar issues with gherkin releases a couple of weeks back. I worked around it by removing all '= x.y.z' and 'x.y.z' dependencies in the gemspec, replacing them with '>= x.y.z'. Unfortunately we can't do that with prawn (for the pdf formatter). It doesn't work with newer versions of prawn.

We could of course yank out the prawn formatter (or just remove the gem dependency and print an error if someone uses the prawn formatter without prawn installed).

These are all workarounds. Rubygems is designed to work with '= x.y.z' dependencies, but right now it seems to buggy to work.

Any tips on what I should do to release non-corrupt gems?

[aslakhellesoy]

There seems to be several gems that have this problem. Google for YAML::Syck::DefaultKey in the past week or month.

I would submit a bug to the rubygems project, but I can't even find the bug tracker.

[aslakhellesoy]

Found it. There are 3 relevant bugs that claim to be fixed: http://rubyforge.org/search/?type_of_search=artifact&group_id=126&atid=575&words=DefaultKey&Search=Search

The gems I release are still corrupt, and I am on ruby 1.9.2 and rubygems 1.8.10.

I don't have much time to shave this yak right now, so some help would be great.

[mattwynne]

On 13 Sep 2011, at 11:33, Aslak Hellesøy wrote:

The gemspec still seems to be corrupted: https://rubygems.org/gems/cucumber/versions/1.0.5

Did you remove your old gemspecs first? I got caught out by this: gemspecs that were installed by the older, broken, Rubygems stay around, and cause errors even after you've upgraded Rubygems.

[aslakhellesoy]

@mattwynne I was talking about what rubygems lists as deps, not what I have/see locally. See the link.

And here is a recent blog entry: http://blog.rubygems.org/2011/08/31/shaving-the-yaml-yacc.html

[aslakhellesoy]

As explained in the article I downloaded the gemspec for 1.0.3 and 1.0.4 (1.0.5 is similar to 1.0.4):

mkdir 1.0.3
cd 1.0.3
gem fetch cucumber -v 1.0.3
tar xvf cucumber-1.0.3.gem
gunzip metadata.gz
cd ..

mkdir 1.0.4
cd 1.0.4
gem fetch cucumber -v 1.0.4
tar xvf cucumber-1.0.4.gem
gunzip metadata.gz
cd ..

less 1.0.3/metadata # versions are ~> (unquoted), ">=" (double-quoted) and "=" (double-quoted). This was built with sych.
less 1.0.4/metadata # versions are ~> (unquoted), '>=' (single-quoted) and = (unquoted). This was built with psych.

1.0.3 and older were probably packaged using an older rubygems (using sych). Before releasing 1.0.4 (and 1.0.5) I had a newer ruby and rubygems (and psych). The = dependencies are unquoted, causing older rubygems to fail. rubygems.org is using an older rubygems to parse the gemspecs before displaying the deps on the web page, which explains why it looks like the gemspecs for 1.0.4 and 1.0.5 are corrupt.

They are not.

There are three ways to deal with this:

a) I use a ruby with old rubygems (using sych) when releasing, so that both sych and psych can read the gemspec
b) I remove all = dependencies from the gemspec
c) I do nothing and force everybody to upgrade their buggy rubygems/yaml interpreters from sych to psych

I realise many people can't do c). a) is too much of a PITA for me, so it will be b). This means I'll remove prawn from the gemspec (and >= the remaining = deps). I'll try to make a new release later.

What a royal PITA!

[cgriego]

Thanks for the release.

FYI, I think @dchelimsky ran into this with rspec as well. Every other project I've known to run into this ended up falling back to building their gems on 1.8.

[aslakhellesoy]

@cgriego - 1.0.5 does not fix the problems with 1.0.4. I'll have to make a 1.0.6 release later.

[aslakhellesoy]

1.0.6 is out. chew on that folks.

[jtushman]

Thanks so much for this, note I think the issue still persists with cucumber-rails. I am using @chicks work around for cucumber-rails for now.

[sl4m]

cucumber 1.0.6 resolves the issue, but is it possible to update cucumber-rails as well? It's an issue there as well.

[aslakhellesoy]

Sure, I'll get to that as well.

[andycutright]

Great, thanks for the fixes :)

[sl4m]

@aslakhellesoy: thanks for the cucumber-rails 1.0.5 update! it's working now.

[mewren]

rvm gemset empty
gem update --system
bundle

this is NOT painless

[aslakhellesoy]

@mewren what's painful about it?

[andycutright]

@mewren I empty and repopulate gemsets regularly. Apart from this issue, which has been fixed for this set of gems, I've never had any problem with it. Do you have some specific problem?

[mewren]

I am fairly new to rails/gems (well, I used it years ago, rails 1.2, but recently using it again), it ended up deleting all my gems and "bundle install" didn't have an error, but "gem list" was empty.
I have now re-installed my gems and my local server is working again, but cucumber still shows an error (see below)

Am I supposed to be using the "cucumber" or "cucumber-rails" gem? Which version of rails is the latest cucumber compatible with?

error:

cucumber
Using the default profile...
You have already activated activesupport 3.1.0, but your Gemfile requires activesupport 3.0.10. Consider using bundle exec. (Gem::LoadError)
/usr/local/rvm/gems/ruby-1.8.7-p352/gems/bundler-1.0.18/lib/bundler/runtime.rb:31:in `setup'

[chicks]

Remove Gemfile.lock from your rails project directory and try again.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.