Rails 2.0: Release Candidate 1

We’ve been taking our sweet time, but now it really is almost there. We’ve just pushed new beta gems to gems.rubyonrails.org and created the rel_2-0-0_RC1 tag. So this is shaping up to be the last chance to raise concerns for Rails 2.0 before we go final in oh-so-shortly.

So please give it a spin. First, upgrade to 1.2.5 if you haven’t already. Fix all the deprecation warnings you see. Then try to jump on Rails 2.0 and see if it runs. If it doesn’t, and you think it’s not because of something you did wrong, please create a ticket.

We’re going to be running this release candidate phase over the next couple of weeks, give or take depending on how many issues are raised.

You can read all about why you should actually care about Rails 2.0 in the original preview release announcement.

The gem version for this release is 1.99.0.

Prototype 1.6.0 and script.aculo.us 1.8.0 released

New versions of the JavaScript libraries that ship with Rails, Prototype 1.6.0 and script.aculo.us 1.8.0, have been released. You can find out about the numerous changes on the Prototype blog and on mir.aculo.us. If you’re running Edge Rails, just svn up and run rake rails:update:javascripts to install the latest versions into your application automatically.

Also of note: Christophe Porteneuve’s Prototype & script.aculo.us book is now out of beta and available for purchase from the Pragmatic Programmers. It’s up-to-date with all of the new features in both libraries, so be sure to check it out if you’re using Prototype and script.aculo.us in your applications.

RailsConf '08: Call for participation

RailsConf 2008 is set to return to Portland on May 29th through June 1st. It takes a lot of time and coordination to get a conference of that magnitude put together, so we’re starting early by asking for presentation proposals from the community. The submission deadline is December 13th.

We’re really hoping to get some more advanced stuff this year. More nitty gritty details. More code on the wall. What did you learn from your last project that others could benefit from too? What techniques have you been experimenting with? What awesome plugins do you find invaluable? This is the place to share all that learning with the rest of the community.

A good reason to take that bold step into submitting a conference proposal is to raise your visibility in the community. I’ve met with lots of speakers who say that they got great business leads after presenting at a Rails conference. Your next client, boss, co-worker, or open-source collaborator may well be in the audience when you’re presenting.

Most of all, though, it’s a lot of fun to share and you tend to learn as least as much as your audience when giving a presentation at a major conference like this. I strongly recommend that you think about which areas of Ruby on Rails you’re especially passionate about and submit a proposal to share that passion.

Today is Leopard day!

OS X 10.5 is shipping today under the Leopard moniker. Besides being a great upgrade to a wonderful operating system, it's also the first version of OS X that ships with Rails in the package. Apple has done a phenomenal job including all the good stuff from the Ruby and Rails world into the developer tools that come with the OS.

So out of the box you get Ruby 1.8.6, Rails 1.2.3 (which is just a "gem update rails" call away from being 1.2.5), Capistrano, SQLite-bindings, and so much more. No more need for compiling your own Ruby. It's great. See all the changes in What's New in Leopard.

The only minor snag is that in order to install the MySQL C bindings for Ruby, you have to be quite particular on the command line. Here's the cheat line you need to install (read more at macosforge):

sudo env ARCHFLAGS="-arch i386" gem install mysql -- --with-mysql-config=/usr/local/mysql/bin/mysql_config

So happy Leopard day, folks!

MicroPlace Launches

MicroPlace, a site that lets you make small loans to workers in developing countries and receive a return, just recently launched. Josh Susser, one of the contractors that worked on it, wrote a great introduction to the project.

“As far as I am aware, MicroPlace is the first SEC-registered online brokerage implemented in Ruby on Rails. We had to go through an extensive security audit, and there were a lot of regulatory requirements for us to meet… But the bottom line is that we didn’t have any significant problems with either Ruby or Rails in passing those hurdles.”

Josh also mentioned that MicroPlace is owned by eBay, making this the first Rails project at an otherwise all-Java shop. Awesome, high-fives all around guys. I hope to see more posts about the development aspect of the site.

Capistrano 2.1

After a much larger delay than I would have liked, Capistrano 2.1 is now available! (Capistrano is a utility for executing commands on multiple remote machines in parallel, and is the tool of choice for many Rails developers for automating deployment.) There is a lot going on in this release, including some pretty exciting changes. As ever, install it via RubyGems with:

  gem install capistrano

Here’s what’s new, roughly in order of magnitude:

No default PTY. Prior to 2.1, Capistrano would request a pseudo-tty for each command that it executed. This had the side-effect of causing the profile scripts for the user to not be loaded. Well, no more! As of 2.1, Capistrano no longer requests a pty on each command, which means your .profile (or .bashrc, or whatever) will be properly loaded on each command! Note, however, that some have reported on some systems, when a pty is not allocated, some commands will go into non-interactive mode automatically. If you’re not seeing commands prompt like they used to, like svn or passwd, you can return to the previous behavior by adding the following line to your capfile:

  default_run_options[:pty] = true

Disable sh wrapping. Some shared hosts do not allow the POSIX shell to be used to execute arbitrary commands, which is what Capistrano has done since 2.0. If you’re on such a host, you can add the following line to your capfile:

  default_run_options[:shell] = false

Capistrano will then run the command directly, rather than wrapping it in an “sh -c” command. Note, though, that this means that your own user shell on the remote hosts must be POSIX compatible, or you’ll get cryptic errors.

Git SCM support. Many thanks to Garry Dolley, Geoffrey Grosenbach, and Scott Chacon for their work on the new Git SCM module for Capistrano. If you’re a user of Git, you can now do:

  set :scm, :git

Accurev SCM support. Thanks to Doug Barth, all you Accurev users can now enjoy Capistrano, too. Just do:

  set :scm, :accurev

Rails’ Plugin Support. Capfile’s generated via the “capify” utility will now include a line that will autoload all recipes from vendor/plugins/*/recipes/*.rb. If you want this feature and you’ve already got a Capfile (and you don’t mind losing any changes you might have made to your Capfile), you can delete the Capfile and re-run “capify .”. Or, you can just add the following line to your Capfile, before the line that loads ‘config/deploy’:

  Dir['vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }

Windows-safe reads. Any time Capistrano needs to read a file’s contents, it will now use the “b” flag, so that binary reads on Windows do not corrupt the file.

Cap shell and sudo. The Capistrano shell now properly recognizes sudo commands and prompts for the password correctly.

Use `match’ to check dependencies. There is a new remote dependency method for deploy:check: “match”. You can now look for arbitrary regular expressions in the output of various commands to see if things are set up correctly:

  depend :remote, :match, "rake -V", /version 0\.7/

Namespaces#top. Sometimes you’ll find yourself wanting to execute a task from within another task, but the parent namespace of the target task is conflicting with a similarly-named namespace, and things are breaking. You can now use the “top” method to jump to the top of the namespace hierarchy:

  namespace :apache do
    namespace :deploy do
      task :restart do
        run "restart apache"

Other changes. There are lots of other, smaller bug fixes and changes, too:

  • Default to 0664 instead of 0660 on upload.
  • Fix deploy:pending to query SCM for the subsequent revision so that it does not include the last deployed change.
  • Prefer ‘Last Changed Rev’ over ‘Revision’ when querying latest revision via Subversion.
  • Explicitly require ‘stringio’ in copy_test.
  • When Subversion#query_revision fails, give a more sane error.
  • Don’t run the upgrade:revisions task on non-release servers.
  • Use the —password switch for subversion by default, but add :scm_prefer_prompt variable for those who’d rather not send the password on the command-line.
  • Use sudo -p switch to set sudo password prompt to something predictable.
  • Allow independent configurations to require the same recipe file within the same Ruby process.
  • Allow auth-caching of subversion credentials to be enabled via :scm_auth_cache.
  • Don’t let a task trigger itself when used as the source for an “on” hook.
  • Add version_dir, current_dir, and shared_dir variables for naming the directories used in deployment.
  • Use the :runner variable to determine who to sudo as for deploy:restart.
  • Change the “-h” output so that it does not say that “-q” is the default.

Enjoy! And please report any bugs on the Rails trac, with the component set to “Capistrano”.

Rails 1.2.5: Security and maintenance release

This release closes a JSON XSS vulnerability, fixes a couple of minor regressions introduced in 1.2.4, and backports a handful of features and fixes from the 2.0 preview release.

All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn’t strictly necessary if you aren’t working with JSON. For more information the JSON vulnerability, see CVE-2007-3227.

Summary of changes:

  • acts_as_list: fixed an edge case where removing an item from the list then destroying the item leads to incorrect item positioning
  • deprecated calling .create on has_many associations with an unsaved owner (like post = Post.new; post.comments.create)
  • backport array and hash query parameters
  • fix in place editor’s setter action with non-string fields
  • updated config/boot.rb to correctly recognize RAILS_GEM_VERSION

To upgrade, `gem install rails`, set RAILS_GEM_VERSION to ‘1.2.5’ in config/environment.rb, and `rake rails:update:configs`.