Use better owner & group for files in rubygems package

[deivid-rodriguez]

What was the end-user or developer problem that led to this PR?

The rubygems package we're currently shipping can't be extracted inside a docker container.

The problem is detailed at #3977 (comment).

The TL;DR is that depending on which system is used to create the package, the packaged files can have very high UID and GUID, and inside a rootless docker container, tar can't handle those.

What is your fix for the problem, implemented in this PR?

My fix is to pass explicit group and owner to the tar command that creates the package, so that tar can handle it.

The values are consistent with what's included in the official ruby package, so I believe they should work fine.

Fixes #3977.

Make sure he following tasks are checked

• Describe the problem / feature
• Write tests for features and bug fixes
• Write code to solve the problem
• Make sure you follow the current code style and write meaningful commit messages without tags

[deivid-rodriguez]

Thanks @bronzdoc!

[deivid-rodriguez]

@hsbt Since you're the one generating this package normally, I should've probably asked you to try this out before merging, my bad. Can you try it and verify that there are no issues and that the files doesn't have weird UID and GID inside the package?

[hsbt]

I tested it with rake pkg/rubygems-3.2.0.rc.2.tgz on my macOS machine. But it created the following files.

$ /bin/ls -lA
total 2016
drwxr-xr-x  20 hsbt  2033490572     640 Dec  1 20:25 rubygems-3.2.0.rc.2
-rw-r--r--   1 hsbt  2033490572  983166 Dec  1 20:25 rubygems-3.2.0.rc.2.tgz
~/D/g/r/r/pkg (master)
$ /bin/ls -lA rubygems-3.2.0.rc.2
total 560
-rw-r--r--   1 hsbt  2033490572    5271 Nov 25 16:25 CODE_OF_CONDUCT.md
-rw-r--r--   1 hsbt  2033490572    7124 Nov 25 16:25 CONTRIBUTING.md
(snip)

2033490572 is my company ActiveDirectory GID. It doesn't seem the expected behavior. What's wrong?

[deivid-rodriguez]

Interesting. Did you have a previous rubygems-3.2.0.rc.2.tar file? Maybe you need to delete that so that it's regenerated with the proper permissions? 🤔

[deivid-rodriguez]

Not very optimistic that's the cause though. Can you also verify that tar is being invoked with the new --group and --owner flags?

[hsbt]

Ah, It seems fine.

$ tar --list --verbose --file pkg/rubygems-3.2.0.rc.2.tgz rubygems-3.2.0.rc.2/README.md
-rw-r--r-- rubygems/rubygems 4651 2020-11-25 16:25 rubygems-3.2.0.rc.2/README.md

I did confirm the ownership with extracted files.

[deivid-rodriguez]

Cool!

[beyhan]

@deivid-rodriguez thank you for driving this. My understanding is that this fix isn't included yet in any release. When do you expect to have it released?

[deivid-rodriguez]

It should be released since 3.2.0 I believe? Did you see this weirdness on a recent version?

[beyhan]

Sorry, I thought that it is not yet released because the commit of this pr is available on on master. We will check and provide feedback. Thanks!