RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries, a tool designed to easily manage the installation of gems, and a server for distributing them. It was created by Chad Fowler, Jim Weirich, David Alan Black, Paul Brannan and Richard Kilmer during RubyConf 2004. The interface for RubyGems is a command-line tool called gem which can install and manage libraries. RubyGems integrates with Ruby run-time loader to help find and load installed gems from standardized library folders. Though it is possible to use a private RubyGems repository, the is most commonly used for gem management. The public repository helps users find gems, resolve dependencies and install them. RubyGems is bundled with the standard Ruby package as of Ruby 1.9.
History
Development on RubyGems started in November 2003 and was released to the public on March 14, 2004, or Pi Day 2004. In 2010, the default public repository for gems moved from to , which is still in use. Also, RubyGems development was moved to GitHub in 2010. Though RubyGems has existed since Ruby 1.8, it was not a part of the standard Ruby distribution until Ruby 1.9. Previously, compatibility with RubyGems and Ruby varied. Many versions of RubyGems are almost fully incompatible with many versions of Ruby and some versions had key features unusable. For example, Ruby 1.9 came with RubyGems 1.3.7 in its standard distribution, but RubyGems 1.4.x was not compatible with Ruby 1.9. This meant that updating RubyGems on Ruby 1.9 was not possible until RubyGems 1.5.0 was released in 2011, two years after the first stable release of Ruby 1.9. These compatibility issues led to a rapid development of RubyGems, switching to a 4–6 week release schedule. This is reflected in there being 38 releases from 2004 to 2010 and 117 releases from 2011 to 2016. 45 versions were released in 2013, which is the highest number of releases in a year for RubyGems.
Structure of a gem
Every gem contains a name, version and platform. Gems work only on ruby designed for a particular platform based on CPU architecture and operating-system type and version. Each gem consists of:
Code
Documentation
Gem specification
The code organization follows the following structure for a gem called gem_name:
Rakefile is used by Rake to automate tests and to generate code.
README includes the documentation, RDOC, for most gems.
Gem specification contains information about the author of the gem, the time of creation and the purpose the gem serves.
Working with gems
Gems are packages similar to Ebuilds. They contain package information along with files to install. Gems are usually built from ".gemspec" files, which are YAML files containing information on gems. However, Ruby code may also build gems directly. Such a practice is usually used with Rake.
gem command
The gem command is used to build, upload, download, and install gem packages.
gem usage
RubyGems is very similar to apt-get, portage, yum and npm in functionality. Installation: gem install mygem Uninstallation: gem uninstall mygem Listing installed gems: gem list Listing available gems, e.g.: gem list --r Create RDoc documentation for all gems: gem rdoc --all Adding a trusted certificate: gem cert -a Download but do not install a gem: gem fetch mygem Search available gems, e.g.: gem search STRING --remote
The gem command may also be used to build and maintain .gemspec and .gem files. Build .gem from a .gemspec file: gem build mygem.gemspec
Security concerns
Since ruby gems run their own code in an application it may lead to various security issues due to installation of malicious gems. The creator of malicious gems may be able to compromise the user system or server. A number of methods have been developed to counter the security threat:
Cryptographic signing of gems since RubyGems version 0.8.11. The gem cert and gem install commands are used for this purpose.
New signing models such as X509 and OpenPGP have been proposed and are actively being discussed among Ruby experts.