Why does Ruby 1.9.2 remove "." from LOAD_PATH, and what's the alternative?

views:

1456

answers:

+10 Q:

Why does Ruby 1.9.2 remove "." from LOAD_PATH, and what's the alternative?

The latest changesets to Ruby 1.9.2 no longer make the current directory . part of your LOAD_PATH. I have a non-trivial number of Rakefiles that assume that . is part of the LOAD_PATH, so this broke them. Was there a particular justification for doing this?

As for a fix, adding $: << "." everywhere works, but seems incredibly hacky and I don't want to do that. What's the preferred way to make my Rakefiles 1.9.2+ compatible?

+4 A:

it was deemed a "security" risk

You can get around it by using full paths or relative paths or doing require './filename' (ironically). GL.

rogerdpack 2010-05-24 21:44:30

I wound up using `require_relative`. Thanks.

John Feminella 2010-05-24 22:50:56

Is this akin to most unixes not including the current directory in the path for running executables?

Andrew Grimm 2010-05-24 23:56:31

+5 A:

There's two reasons:

robustness and
security

Both are based on the same underlying principle: in general, you simply cannot know what the current directory is, when your code is run. Which means that, when you require a file and depend on it being in the current directory, you have no way of controlling whether that file will even be there, or whether it is the file that you actually expect to be there.

Jörg W Mittag 2010-05-25 07:17:53

I don't think that enforcing that two files be in the same location relative to each other is necessarily a bad requirement. If that were true, then we would have no use for directories.

John Feminella 2010-05-25 12:11:18

@John Feminella: what does this have to do with putting files in paths relative to each other? The question is about putting them relative to `.`, i.e. the current working directory. If the user `cd` s into a different directory, the current working directory changes, and you now `require` *completely* different files depending on what directory the user happened to be in when he called your script. I don't think that's a good idea.

Jörg W Mittag 2010-05-25 12:53:42

So to maintain a decent interface, you should do this? `$: << File.dirname(__FILE__)`

Joshua Cheek 2010-09-11 22:07:38

@Joshua Cheek: Personally, I don't like that. (But please don't look at my older code, because it is *littered* with that kind of stuff :-) ). I simply *pretend* that the `lib` directory is on the `$LOAD_PATH` and then `require` all files relative to `lib`. In other words: I leave it to the administrator to figure out how to set up the `$LOAD_PATH` correctly. If you use RubyGems, that is trivial, because RubyGems automatically does it *for* you, and if you use Debian packages, then it's the package maintainer's job. All in all, it seems to work out quite nicely.

Jörg W Mittag 2010-09-11 22:22:26

@Joshua Cheek: Also, as a sort-of counterbalance to removing `.` from `$LOAD_PATH`, Ruby 1.9.2 introduces `require_relative` which ... surprise ... `require` s a file relative to the location of the currently executing file (i.e. relative to `File.dirname(__FILE__)` ).

Jörg W Mittag 2010-09-11 22:24:59

+1 A:

'.' in your path has long been considered a bad thing in the Unix world (see, for example, http://www.faqs.org/faqs/unix-faq/faq/part2/section-13.html). I assume the Ruby folks have been persuaded of the wisdom of not doing that.

Rodger 2010-05-25 07:32:48

But now non of examples from common libraries works, like gtk examples or qt samples.

e.g. Main.rb from gtk-demo uses external modules/files for all the examples like application.rb, to use them you need to change all the references in the code to './filename.rb'... I think this is annoying but ... (maybe a little of security worth the hundreds of lines we will need to change)

just my 2 cents!!

carlitos esquer 2010-09-13 18:04:44

ansaurus

tags:

views:

answers:

Why does Ruby 1.9.2 remove "." from LOAD_PATH, and what's the alternative?

related questions