Allowing NGINX to use a Puma/Unicorn UNIX socket with SELinux

If you are deploying Ruby web application on Fedora with Puma (or other) application server and NGINX web server as a proxy, you might encounter SELinux forbidding NGINX to use the Puma socket. Here is how to create a SELinux policy module that you can use during your server provisioning.

Patching gems for security vulnerabilities with gem-patch

gem-patch is a RubyGems plugin that helps you to patch gems. You can use it to apply security fixes or cherry-pick commits you want to apply to your .gem files. I use it to test whether the upstream commits containing vulnerability fixes apply cleanly on older gem releases so I can prepare fixed builds of […]

gem-compare: Releasing a new gem version with confidence

What do you usually do when releasing a new version of gems? Running test suite? Something more? I like to use my tool on tracking changes in RubyGems gem-compare as it gives me a little bit more confidence on what am I actually releasing. Here’s how I do it.

Safe code evaluation in Ruby with $SAFE

As you probably know, you can use eval() to evaluate Ruby code from Ruby. But evaluating things that come from the outside of the program like user inputs can be dangerous. Why they can be dangerous you ask? eval() evaluates anything as we would program it ourselves. Basically anything can happen. That’s why it’s best […]

Running test/unit suites with Minitest

Sometimes it happens that you want to run an old test suite, but you don’t have a correct version of the testing framework available. That happens a lot in Fedora since tooling around RPM supports only one version of each component and new rubies does not come with test/unit anymore. As we still need to […]