Yanked 0.3.x breaks Rails install

[pedantic-git]

Hey @minad - I see you've addressed a license issue today by yanking all gem versions prior to 0.4.0. Trouble is, Rails itself depends on 0.3.x so this is breaking all CI installs of Rails for me (and probably others too)!

I know this is on Rails to fix and I'll make sure the issue is raised over there too but is there any chance of releasing a version 0.3.x with the correct license while we wait? No worries if not.

[alexmreis]

Hi @minad , I can confirm this is breaking our builds and there is no upgrade path:

Bundler could not find compatible versions for gem "mimemagic":
  In Gemfile:
    mimemagic (~> 0.4.0)

    rails (~> 6.0.3, >= 6.0.3.4) was resolved to 6.0.3.4, which depends on
      activestorage (= 6.0.3.4) was resolved to 6.0.3.4, which depends on
        marcel (~> 0.3.1) was resolved to 0.3.3, which depends on
          mimemagic (~> 0.3.2)

Unless marcel upgrades anyone using mimemagic through activestorage is stuck without being able to build right now.

[gr8bit]

Duplicates #99 and #100.

[minad]

There is 0.3.6 released under GPL-2.0 now.

[ianformanek]

Indeed, the yanking of all previous versions (which does not seem to be based on the typical reasoning = vulnerability fixes) has the potential of "breaking the internet", given how many gems have a dependency fixed at ~>0.3. Please reconsider keeping the previous versions available.

[gr8bit]

@minad I love you. <3

[pedantic-git]

Thanks for such a quick response!!!

I've also raised this with Rails rails/rails#41750

[minad]

Note that the GPL-2.0 license may not be desirable under all circumstances. If there is interest in the alternative approach proposed in #97 (reading the freedesktop.xml file at startup) and someone prepares a PR a new version could be released under the MIT license again.

[sergey-alekseev]

From https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.en.html#GPLRequireSourcePostedPublic:

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

Now if I use mimemagic I have to make my programs source code available to the program's users. In fact this means mimemagic can't be used in released proprietary software. Correct me if I'm wrong.

[jebw]

I think the relicense in a 0.3.x is potentially unexpected to users of this gem.

Because the license change has a cascading effect out to the dependent users own application I think this should be treated as a breaking change and not just a point release (ie 0.4 is fine but 0.3.6 would not be expected to relicense a dependent applications codebase)?

[pedrofurtado]

Is it possible to undo yank in previous versions of gem?

[dfjones89]

Hi all 👋

Thanks for your (super-speedy) efforts to highlight and address this issue.

Please can I confirm the step(s) that need to be taken to fix failing bundle install runs?

So far, I've run bundle update mimemagic which bumped me to release 0.3.6, as expected.
Deployments are still failing, however, since marcel references 0.3.2 which has been yanked.

marcel (0.3.3)
      mimemagic (~> 0.3.2)

I've tried manually changing the version number to 0.3.6:

marcel (0.3.3)
      mimemagic (~> 0.3.6)

Though this then gives rise to the following error during bundle install

Downloading marcel-0.3.3 revealed dependencies not in the API or the lockfile

Thanks in advance for your help and clarification 🙏

[jsmartt]

Just went through and updated all my applications/services to 0.3.6, and now that's yanked too 😞 . I totally understand needing to fix a licensing issue, but yanking gem versions causes lots of things to break. Please don't yank old versions; just move forward with fixes.

[grassiricardo]

when executing bundler update mimemagic these dependency errors are returned, I don't know how to proceed. Anybody know?

An error occurred while installing mimemagic (0.3.8), and Bundler cannot continue.
Make sure that `gem install mimemagic -v '0.3.8' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  devise_token_auth was resolved to 1.1.4, which depends on
    rails was resolved to 6.0.3.4, which depends on
      actionmailbox was resolved to 6.0.3.4, which depends on
        activestorage was resolved to 6.0.3.4, which depends on
          marcel was resolved to 0.3.3, which depends on
            mimemagic

[roaring-lion-33]

@grassiricardo figure anything out yet? Running into same exact error.

[house9]

see: #112

if you are on a Mac:

brew install shared-mime-info
bundle update mimemagic

That should bump the mimemagic version to 0.3.8 in your Gemfile.lock

The system you are deploying too must have the proper libraries installed

[grassiricardo]

when executing bundler update mimemagic these dependency errors are returned, I don't know how to proceed. Anybody know?

An error occurred while installing mimemagic (0.3.8), and Bundler cannot continue.
Make sure that `gem install mimemagic -v '0.3.8' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  devise_token_auth was resolved to 1.1.4, which depends on
    rails was resolved to 6.0.3.4, which depends on
      actionmailbox was resolved to 6.0.3.4, which depends on
        activestorage was resolved to 6.0.3.4, which depends on
          marcel was resolved to 0.3.3, which depends on
            mimemagic

@franklincamp I ran this and it worked

brew install shared-mime-info  # we use macs for development
bundle update nokogiri marcel mimemagic

[DavidArmendariz]

Doing bundle update mimemagic gives me this error

Unable to find a spec satisfying mimemagic (~> 0.3.6) in the set. Perhaps the lockfile is corrupted?

[ea0723]

@house9 You're my hero - thanks!

brew install shared-mime-info
bundle update mimemagic

worked perfectly 👍

[pramirez2328]

if you are on a Mac:

brew install shared-mime-info
bundle update mimemagic

That should bump the mimemagic version to 0.3.8 in your Gemfile.lock

The system you are deploying too must have the proper libraries installed

problem solved

[shqear93]

still not solved for me

bundle update mimemagic

Installing mimemagic 0.3.9 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /Users/shqear/.rvm/gems/ruby-2.7.1/gems/mimemagic-0.3.9/ext/mimemagic
/Users/shqear/.rvm/rubies/ruby-2.7.1/bin/ruby -I/Users/shqear/.rvm/rubies/ruby-2.7.1/lib/ruby/2.7.0/rubygems -rrubygems
/Users/shqear/.rvm/gems/ruby-2.7.1/gems/rake-13.0.3/exe/rake RUBYARCHDIR\=/Users/shqear/.rvm/gems/ruby-2.7.1/extensions/x86_64-darwin-20/2.7.0/mimemagic-0.3.9
RUBYLIBDIR\=/Users/shqear/.rvm/gems/ruby-2.7.1/extensions/x86_64-darwin-20/2.7.0/mimemagic-0.3.9
rake aborted!
Could not find MIME type database in the following locations: ["/usr/local/share/mime/packages/freedesktop.org.xml",
"/opt/homebrew/share/mime/packages/freedesktop.org.xml", "/usr/share/mime/packages/freedesktop.org.xml"]

Ensure you have either installed the shared-mime-info package for your distribution, or
obtain a version of freedesktop.org.xml and set FREEDESKTOP_MIME_TYPES_PATH to the location
of that file.
/Users/shqear/.rvm/gems/ruby-2.7.1/gems/mimemagic-0.3.9/ext/mimemagic/Rakefile:14:in `locate_mime_database'
/Users/shqear/.rvm/gems/ruby-2.7.1/gems/mimemagic-0.3.9/ext/mimemagic/Rakefile:25:in `block in <top (required)>'
/Users/shqear/.rvm/gems/ruby-2.7.1/gems/rake-13.0.3/exe/rake:27:in `<main>'
Tasks: TOP => default
(See full trace by running task with --trace)

rake failed, exit code 1

Gem files will remain installed in /Users/shqear/.rvm/gems/ruby-2.7.1/gems/mimemagic-0.3.9 for inspection.
Results logged to /Users/shqear/.rvm/gems/ruby-2.7.1/extensions/x86_64-darwin-20/2.7.0/mimemagic-0.3.9/gem_make.out

An error occurred while installing mimemagic (0.3.9), and Bundler cannot continue.
Make sure that `gem install mimemagic -v '0.3.9' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  devise_token_auth was resolved to 1.1.3, which depends on
    rails was resolved to 6.0.3.4, which depends on
      actionmailbox was resolved to 6.0.3.4, which depends on
        activestorage was resolved to 6.0.3.4, which depends on
          marcel was resolved to 0.3.3, which depends on
            mimemagic

[joshchernoff]

Thinking about all these people who can't upgrade their version of rails 🙃
Just wow.

[house9]

Installing mimemagic 0.3.9 with native extensions

0.3.9 😮

ok, looks like if you are on 0.3.8 you are good, unless you are on ubuntu trusty, in that case 0.3.9 is your jam 🎸

v0.3.8...v0.3.9

[ddhung95]

when installing mimemagic 0.3.7 on windows:

Could not find MIME type database in the following locations:
["/usr/local/share/mime/packages/freedesktop.org.xml",
"/opt/homebrew/share/mime/packages/freedesktop.org.xml",
"/usr/share/mime/packages/freedesktop.org.xml"]

Ensure you have either installed the shared-mime-types package for your
distribution, or
obtain a version of freedesktop.org.xml and set FREEDESKTOP_MIME_TYPES_PATH to
the location
of that file.

Can anyone help me?

[wheeleruniverse]

Trying to run my rails app that I ported from my laptop to my desktop. During initial rails installation I can't resolve this mimemagic dependency. I have tried a lot of the comments above, but none of them work for me. I don't care what license it's using just let it work.

Tried:

bundle install
gem install mimemagic

Installed other gems trying to resolve some hidden issue:

gem install mime-types-data
gem install mime-types
shared-mime-info

I went to my ruby directory on the explorer and wiped out all gems stored there, then removed my Gemfile.lock to re-install from scratch. Still no success.

I'll admit I'm new to Ruby. I started learning it in February. Do these types of issues happen often? This is a real turn off from learning and/or using this language...

[CircleSoar]

This problem occurred when I was publishing the project：

After I ran the following command locally, this problem was solved，it has upgraded mimemagic.

brew install shared-mime-info
bundle update mimemagic

[bilicheng]

I got the same issue.
I can install it by gem install mimemagic -v 0.3.8, it works.

BUT, when I do "bundle install", got an error as:
"Downloading mimemagic-0.3.8 revealed dependencies not in the API or the lockfile (nokogiri (~> 1)).
Either installing with --full-index or running bundle update mimemagic should fix the problem."

---

I've tried the version from 0.3.5 to 0.3.9, got the exact problem: can be installed individually but not "bundle install".

[y-okamoto-1113]

@bilicheng
#98 (comment)

write in your Gemfile.lock

mimemagic (0.3.9)
  nokogiri (~> 1)
  rake

and then, retry bundle install.
i hope this will help you ;)

[jayaram-venugopal]

when executing bundler update mimemagic these dependency errors are returned, I don't know how to proceed. Anybody know?

An error occurred while installing mimemagic (0.3.8), and Bundler cannot continue.
Make sure that `gem install mimemagic -v '0.3.8' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  devise_token_auth was resolved to 1.1.4, which depends on
    rails was resolved to 6.0.3.4, which depends on
      actionmailbox was resolved to 6.0.3.4, which depends on
        activestorage was resolved to 6.0.3.4, which depends on
          marcel was resolved to 0.3.3, which depends on
            mimemagic

@franklincamp I ran this and it worked

brew install shared-mime-info  # we use macs for development
bundle update nokogiri marcel mimemagic

Working Perfect for mac

[bater]

I have the same issue and I solved it in my local by:

brew install shared-mime-info

And if you build your service by Dockerfile, please add shared-mime-info there.

RUN apk add shared-mime-info

[kevkev300]

Also had the same issue when Heroku and Github action CI ran. Locally, it worked, probably because the gem was still cached.

On Mac, just running bundle update mimemagic did the trick! Thanks guys 😄

[imhimi]

Add shared-mime-info to your DockerFile and update mimemagic

RUN apk add shared-mime-info
bundle update mimemagic