Add bundled gems to list we don't package

There's not really a good reason to update the bundled gems either, unless they have a CVE. This adds them to the list, and the only bundled gem we keep around is rexml, since it currently and often has CVEs.

Author: nmburgan

configs/components/_base-rubygem.rb

@@ -35,21 +35,16 @@
 # If a gem needs more command line options to install set the :gem_install_options
 # in its component file rubygem-<compoment>, before the instance_eval of this file.
 gem_install_options = settings["#{pkg.get_name}_gem_install_options".to_sym]
-remove_older_versions = settings["#{pkg.get_name}_remove_older_versions".to_sym]
 # Set a default gem_uninstall
 gem_uninstall = settings[:gem_uninstall] || "#{settings[:host_gem]} uninstall --all --ignore-dependencies"
 pkg.install do
   steps = []
-  steps << "#{gem_uninstall} #{name}" if remove_older_versions
-  steps << if gem_install_options.nil?
-             "#{settings[:gem_install]} #{name}-#{version}.gem"
-           else
-             "#{settings[:gem_install]} #{name}-#{version}.gem #{gem_install_options}"
-           end
+  # Attempting to uninstall a default gem this way will fail, so ignore failures
+  steps << "#{gem_uninstall} --force #{name} || true"
+  steps << "#{settings[:gem_install]} #{name}-#{version}.gem #{gem_install_options || ''}"
   # If we are installing a newer version of a default gem, we need to remove the existing
-  # specification file so that we don't get warnings.
+  # specification file so that we don't get warnings. The corresponding gem directory is
+  # usually empty and only there for compatibility reasons, so we remove that too to avoid confusion.
   steps << "rm -f #{settings[:gem_home]}/specifications/default/#{name}-*.gemspec"
-  # This dir is usually empty and only there for compatilibity reasons for things requiring
-  # a directory corresponding to a gemspec. Remove it to avoid confusion.
-  steps << "rm -f #{settings[:gem_home]}/gems/#{name}-*[!#{version}]"
+  steps << "rm -rf #{settings[:gem_home]}/gems/#{name}-*[!#{version}]"
 end

configs/components/rubygem-fast_gettext.rb

@@ -10,7 +10,6 @@
   # PINNED
   pkg.version '2.4.0'
   pkg.sha256sum 'fd26c4c406aa10be34f0fd2847ce3ffdc1e9d9798de87538594757bbb9175fbf'
-  pkg.build_requires 'rubygem-prime'
   ### End automated maintenance section ###
 
   instance_eval File.read('configs/components/_base-rubygem.rb')

configs/components/rubygem-gettext.rb

@@ -9,7 +9,6 @@
   pkg.sha256sum '03ec7f71ea7e2cf1fdcd5e08682e98b81601922fdbee890b7bc6f63b0e1a512a'
   pkg.build_requires 'rubygem-erubi'
   pkg.build_requires 'rubygem-locale'
-  pkg.build_requires 'rubygem-prime'
   pkg.build_requires 'rubygem-text'
   ### End automated maintenance section ###
 

configs/components/rubygem-net-ftp.rb

@@ -55,10 +55,8 @@
   proj.component 'rubygem-hocon'
   proj.component 'rubygem-locale'
   proj.component 'rubygem-multi_json'
-  proj.component 'rubygem-net-ftp'
   proj.component 'rubygem-net-ssh'
   proj.component 'rubygem-optimist'
-  proj.component 'rubygem-prime'
   proj.component 'rubygem-semantic_puppet'
   proj.component 'rubygem-scanf'
   proj.component 'rubygem-text'

configs/components/rubygem-prime.rb

@@ -131,7 +131,6 @@
   proj.component 'rubygem-text'
   proj.component 'rubygem-locale'
   proj.component 'rubygem-gettext'
-  proj.component 'rubygem-prime'
   proj.component 'rubygem-fast_gettext'
   proj.component 'rubygem-scanf'
   proj.component 'rubygem-semantic_puppet'
@@ -197,7 +196,6 @@
   proj.component 'rubygem-multi_json'
   proj.component 'rubygem-multipart-post'
   proj.component 'rubygem-net-http-persistent'
-  proj.component 'rubygem-net-ftp'
   proj.component 'rubygem-net-scp'
   proj.component 'rubygem-net-ssh'
   proj.component 'rubygem-net-ssh-krb'

configs/projects/agent-runtime-main.rb

@@ -23,8 +23,9 @@ GEM_TYPE       = /^\s*#\s*GEM\s+TYPE:\s*(?<platform>[A-Za-z0-9\-_.]+)\s*$/
 PROJ_COMPONENT = /^\s*proj\.component\s+(?<quote>['"]?)(?<component>rubygem-[^'"\s]+)\k<quote>\s*$/
 
 TARGET_RUBY_VER = ENV['TARGET_RUBY']&.strip || '3.2'
-# Update this list when targeting a new Ruby version
-DEFAULT_GEMS = [
+# Update this list when targeting a new Ruby version. Comment out
+# gems that we specifically want to manage even if they are default or bundled.
+DEFAULT_AND_BUNDLED_GEMS = [
   'abbrev',
   'base64',
   'benchmark',
@@ -33,6 +34,7 @@ DEFAULT_GEMS = [
   'cgi',
   'csv',
   'date',
+  'debug',
   'delegate',
   'did_you_mean',
   'digest',
@@ -54,29 +56,41 @@ DEFAULT_GEMS = [
   'irb',
   'json',
   'logger',
+  'matrix',
+  'minitest',
   'mutex_m',
+  'net-ftp',
   'net-http',
+  'net-imap',
+  'net-pop',
   'net-protocol',
+  'net-smtp',
   'nkf',
   'observer',
+  'open-uri',
   'open3',
   'openssl',
-  'open-uri',
   'optparse',
   'ostruct',
   'pathname',
+  'power_assert',
   'pp',
   'prettyprint',
+  'prime',
   'pstore',
   'psych',
   'racc',
+  'rake',
+  'rbs',
   'rdoc',
+  # 'rexml',
   'readline',
   'readline-ext',
   'reline',
   'resolv',
   'resolv-replace',
   'rinda',
+  'rss',
   'ruby2_keywords',
   'rubygems',
   'securerandom',
@@ -85,15 +99,17 @@ DEFAULT_GEMS = [
   'singleton',
   'stringio',
   'strscan',
-  'syslog',
   'syntax_suggest',
+  'syslog',
   'tempfile',
+  'test-unit',
   'time',
   'timeout',
   'tmpdir',
   'tsort',
+  'typeprof',
   'un',
-  'uri',
+  # 'uri',
   'weakref',
   'win32ole',
   'yaml',
@@ -177,7 +193,7 @@ def get_metadata(name:, version: nil, platforms: ['ruby'])
   shas = platforms.to_h { |platform| [platform, find_sha(name, version, platform)] }
   deps = get_version_details(name, version).dig('dependencies', 'runtime') || []
   # Remove any default gems as we don't want to manage them unless specifically needed
-  deps.reject! { |d| DEFAULT_GEMS.include?(d['name']) }
+  deps.reject! { |d| DEFAULT_AND_BUNDLED_GEMS.include?(d['name']) }
   { 'version' => version, 'shas' => shas, 'dependencies' => deps }
 end