rvm: Manage Your Rubies With an Ill-Managed Manager
rvm is a tool for maintaining multiple versions of
ruby, as well as maintaining project-specific sets of gem dependencies. When I first learnt about it this week it sounded like a very useful tool, although it’s unfortunate that gems are so awkward to manage that it should be necessary in the first place.
Yesterday my first task was to update
rspec. Which in turn required an update to
rubygems before it would install. But who manages
rubygems? It could be
rubygems itself, or
apt, or even maybe
I looked through the documentation, and the most appropriate answer seemed to be that
rvm should manage
rubygems. I quote from the documentation:
rvm action [interpreter] [flags] [options]
update is an action, and one of the flags is
--rubygems - with update, updates rubygems for selected ruby
So I diligently typed
rvm update --rubygems
And what did
rvm do? It proceeded to attempt to update itself, instead of
rubygems. If you want to upgrade
rubygems, you’re supposed to type:
rvm --rubygems update
(note that this is incorrect according to the above documentation, but is how I eventually coerced it into upgrading
rubygems (this bug has since been fixed))
The accidental upgrade might have been okay, if its upgrade process were anything but Completely Insane. It goes thusly:
- download a file from an unsecured HTTP location
- without verifying any sort of checksum, signature or even HTTP status code, pipe the output directly into a bash shell
- this script clones a github repository, and proceeds to install the absolute latest revision, whatever that might be
Hilarity ensues. I got a bash syntax error, but evidently not early enough in the process to stop
rvm from destroying itself, requiring me to delete everything related to it and install from scratch.
Sanity checking? skipped.
Dependencies? get them yourself.
Update management? The website says “make sure you run this command frequently”.
I don’t know that I want such a tool trying to manage my dependencies, thank you very much…
The most painful thing, of course, is that it’s yet another buggy, language-specific implementation of the principals that zero-install does so much better (and simpler). If you don’t have global state, suddenly it’s really not that hard to keep things from interfering with each other.
Oh, and did I mention how
rvm integrates with your shell, so that when you
cd into a project directory, it automatically sets up your ruby version and gems? Except that when you open a new shell in the same location, you have to
cd out of your project directory and then back in or else you’ll see the system version of ruby and your gems, and things will be broken in very odd ways. Splendid.