[ANN] RubyInstaller Preview2 released!

[Luis Lavena]

Hello Guys,

I'm pleased to announce the second preview release of the new
installer technology.

First thanks to all who helped with content, feedback, code and contributions.

This release marks the base structure of the new installer, which
includes what I believe
is a complete set of features for a Runtime package:

* Complete interpreter (Ruby + RubyGems)
* Documentation (Core and StdLib Windows Help files)
* Learn to program Ruby (The Book of Ruby)

Also, this is the first release that gets delivered over RubyForge.
From now on, future preview and final releases will be delivered at
RubyForge.

Both Ruby 1.8.6 and 1.9.1 versions has been updated to latest
patchlevels. And both can be installed simultaneously.

No more distractions, please grab them while fresh!

http://rubyforge.org/frs/?group_id=167&release_id=38052

Regards,
--
Luis Lavena
AREA 17
-
Perfection in design is achieved not when there is nothing more to add,
but rather when there is nothing more to take away.
Antoine de Saint-Exupéry

[Mike Hodgson]

Hi Luis,

Tried to download 1.9.1 from RubyForge and Kaspersky Anti-Virus
detected "Trojan.Win32.FraudPack.qgr" in the file, and denied the
download. This could be a false positive, but might be a good idea to
look into it before announcing the release outside of this list.

1.8.6 came through clean, just installing it now.

Regards,
Mike

[Mike Hodgson]

On Aug 16, 9:21 am, Mike Hodgson <mhodg...@gmail.com> wrote:
> Hi Luis,
>
> Tried to download 1.9.1 from RubyForge and Kaspersky Anti-Virus
> detected "Trojan.Win32.FraudPack.qgr" in the file, and denied the
> download. This could be a false positive, but might be a good idea to
> look into it before announcing the release outside of this list.
>
> 1.8.6 came through clean, just installing it now.
>
> Regards,
> Mike

Just to follow up on this (got sidetracked by real life) the 1.8.6
installer is also reported as containing the same trojan and
installation is blocked by Kaspersky :(

Sorry for top posting in the first reply, was early in the morning :)

Mike

[Luis Lavena]

On Sun, Aug 16, 2009 at 12:24 PM, Mike Hodgson<mhod...@gmail.com> wrote:
>
> On Aug 16, 9:21 am, Mike  Hodgson <mhodg...@gmail.com> wrote:
>> Hi Luis,
>>
>> Tried to download 1.9.1 from RubyForge and Kaspersky Anti-Virus
>> detected "Trojan.Win32.FraudPack.qgr" in the file, and denied the
>> download. This could be a false positive, but might be a good idea to
>> look into it before announcing the release outside of this list.
>>
>> 1.8.6 came through clean, just installing it now.
>>
>> Regards,
>> Mike
>
> Just to follow up on this (got sidetracked by real life) the 1.8.6
> installer is also reported as containing the same trojan and
> installation is blocked by Kaspersky :(
>

Indeed a false positive. I have NOD32 installed, checked the packages
and no issue.

Please report to Kaspersky that is indeed a false positive, since the
installer uses LZMA compression and InnoSetup, so it's being
incorrectly detected.

> Sorry for top posting in the first reply, was early in the morning :)
>

No worries :-)

Cheers,

[Mike Hodgson]

On Aug 16, 1:37 pm, Luis Lavena <luislav...@gmail.com> wrote:

> On Sun, Aug 16, 2009 at 12:24 PM, Mike  Hodgson<mhodg...@gmail.com> wrote:
>
> > On Aug 16, 9:21 am, Mike  Hodgson <mhodg...@gmail.com> wrote:
> >> Hi Luis,
>
> >> Tried to download 1.9.1 from RubyForge and Kaspersky Anti-Virus
> >> detected "Trojan.Win32.FraudPack.qgr" in the file, and denied the
> >> download. This could be a false positive, but might be a good idea to
> >> look into it before announcing the release outside of this list.
>
> >> 1.8.6 came through clean, just installing it now.
>
> >> Regards,
> >> Mike
>
> > Just to follow up on this (got sidetracked by real life) the 1.8.6
> > installer is also reported as containing the same trojan and
> > installation is blocked by Kaspersky :(
>
> Indeed a false positive. I have NOD32 installed, checked the packages
> and no issue.
>
> Please report to Kaspersky that is indeed a false positive, since the
> installer uses LZMA compression and InnoSetup, so it's being
> incorrectly detected.

Hi Luis,

I've sent the false positive report and sent them both installers. I
also pointed them to this thread.

I'm not sure if/when they will rectify the problem, but a note should
probably be made in the release notes and on the download page if
possible.

I disabled Kaspersky and both 1.8.6 and 1.9.1 installed with no
trouble.

Regards,
Mike

[Mike Hodgson]

> > Indeed a false positive. I have NOD32 installed, checked the packages
> > and no issue.
>
> > Please report to Kaspersky that is indeed a false positive, since the
> > installer uses LZMA compression and InnoSetup, so it's being
> > incorrectly detected.
>
> Hi Luis,
>
> I've sent the false positive report and sent them both installers. I
> also pointed them to this thread.

Following up, received a reply from a Kaspersky virus analyst this
morning that this will be fixed in the next update.

Regards,
Mike

[Charles Roper]

2009/8/16 Luis Lavena <luisl...@gmail.com>:

> I'm pleased to announce the second preview release of the new
> installer technology.

I've just installed Preview2 here at work on both my admin machine and
a non-admin machine (both XP). Nothing further to report - all
installed flawlessly. After installing rubysspi gem manually, gems
install just fine. Docs work. All links work.

One quick question: what *is* the gems documentation server?

Charles

[Gordon Thiesfeld]

On Aug 17, 2009, at 12:39 PM, Charles Roper <charle...@gmail.com>
wrote:

It's the same as typing 'gem server' at the command line. It fires up
a webrick server on port 8808 (by default) that hosts rdoc for all the
gems installed on your machine.

Try 'gem help server' for more info.

[Jon]

SHA1's for all downloads?

My favorite easy-to-use Win32 command line hash tool is fsum at http://slavasoft.com/fsum/index.htm

[Jon]

heresy I know, but what about 7z downloads for those of us who are Luddites?

[Bosko Ivanisevic]

On Mon, Aug 17, 2009 at 8:36 PM, Jon <jon.f...@gmail.com> wrote:

SHA1's for all downloads?

My favorite easy-to-use Win32 command line hash tool is fsum at http://slavasoft.com/fsum/index.htm

How about ruby script:

require 'digest/md5'

content = File.open(ARGV[0], 'rb') {|f| f.read}

puts Digest::SHA1.hexdigest(content)

At the end we all use Ruby here, aren't we :-) Small notice: flag 'rb' is needed for file to be completely read on Windows systems.

Regards,

Bosko

[Gordon Thiesfeld]

You beat me to it :-) I always trip over the 'rb' flag. I'm planning
on writing a release task at some point, this would be easy enough to
incorporate.

[Bosko Ivanisevic]

Yes, that 'rb' flag gave me a lot of headache on Windows ;-)

Regards,

Bosko Ivanisevic

[Luis Lavena]

On Mon, Aug 17, 2009 at 3:36 PM, Jon<jon.f...@gmail.com> wrote:
> SHA1's for all downloads?
>

InnoSetup contains a self checking to ensure that if the download was
corrupted it will fail.

Also, I'm getting a call back in the next few days for digitally
signed installers, so the trust issue will be no issue after that.

[Luis Lavena]

On Mon, Aug 17, 2009 at 3:44 PM, Jon<jon.f...@gmail.com> wrote:
> heresy I know, but what about 7z downloads for those of us who are Luddites?

Oh, infidel, you think I forgot about it? Nah, just take the day off,
needed to rest.

Going to upload those with the exact same folder structure of the installed one.

[Luis Lavena]

On Mon, Aug 17, 2009 at 4:31 PM, Bosko
Ivanisevic<bosko.iv...@gmail.com> wrote:
>
> Yes, that 'rb' flag gave me a lot of headache on Windows ;-)

'b' has no effect on POSIX, so is harmless.

Dealing with file reading and writing in the past with C teach me about it :-P

Cheers,

[Bosko Ivanisevic]

On Tue, Aug 18, 2009 at 6:31 AM, Luis Lavena <luisl...@gmail.com> wrote:

On Mon, Aug 17, 2009 at 4:31 PM, Bosko

Ivanisevic<bosko.iv...@gmail.com> wrote:
>

> Yes, that 'rb' flag gave me a lot of headache on Windows ;-)

'b' has no effect on POSIX, so is harmless.

Exactly ;-) and leaving it out Windows give wrong results when MD5 or SHA1 is calculated. That's why I got used to  it.

Dealing with file reading and writing in the past with C teach me about it :-P

Same :D

Regards,

Bosko Ivanisevic

[Jon]

> On Mon, Aug 17, 2009 at 3:44 PM, Jon<jon.f...@gmail.com> wrote:
> > heresy I know, but what about 7z downloads for those of us who are Luddites?
>
> Oh, infidel, you think I forgot about it? Nah, just take the day off,
> needed to rest.

:)

About time you take some time off...we can't have you burning out before RubyInstaller Final >;->

[Jon]

> InnoSetup contains a self checking to ensure that if the download was
> corrupted it will fail.

Yes, most of the installers have CRC checks or similar.

That said, for the OCD among us (you know who you are) we should at
least put SHA1's up for the 7z downloads.

And the best argument ever for having SHA1's on the installers
is...and thankfully my last before I let it go...wait for it, it's
sooo convincing...Python does it for their msi's :)

http://python.org/download/releases/3.1.1/


Jon

[Luis Lavena]

Ohhh, those snakes! ;-)

Ok ok, is worth have those in the release notes, or as a downloadable file?

[Jon]

> Ok ok, is worth have those in the release notes, or as a downloadable file?

Downloadable file but make sure the file has the correct MIME type (text/plain I believe) associated with it so you can simply right-click the link and bring it up in another browser tab to copy out the hash if you don't want to download the actual hash file.

The Apache and Scala guys do it right. For example, http://maven.apache.org/download.html or http://www.scala-lang.org/downloads

Jon