gitian 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. data/lib/commands/gitian.rb +115 -13
  2. metadata +6 -6
data/lib/commands/gitian.rb CHANGED
@@ -1,10 +1,15 @@
1
+ require 'net/http'
2
+ require 'net/https'
3
+ require 'digest/sha1'
4
+ require 'rubygems/security'
5
+
1
6
  class Gem::Commands::GitianCommand < Gem::AbstractGitianCommand
2
7
  def description
3
8
  'Use a Gitian distribution as the primary gem source and enable gem security'
4
9
  end
5
10
 
6
11
  def arguments
7
- "[URL] URL of Gitian distribution, (default #{URL})"
12
+ "[URL] URL of Gitian distribution, (see -g for default)"
8
13
  end
9
14
 
10
15
  def usage
@@ -14,47 +19,144 @@ class Gem::Commands::GitianCommand < Gem::AbstractGitianCommand
14
19
  def initialize
15
20
  super 'gitian', description
16
21
 
17
- defaults.merge!(:insecure => false, :release => 'latest')
22
+ defaults.merge!(
23
+ :undo => false,
24
+ :release => nil,
25
+ :gitian => false,
26
+ :re_get_cert => false,
27
+ :status => false
28
+ )
18
29
 
19
30
  add_option('-r', '--release REL', 'Specify a release (default is "latest")') do |value, options|
20
31
  options[:release] = value
21
32
  end
22
33
 
23
- add_option('', '--insecure', 'Do not require signatures on gems (defeats the design goal of Gitian!)') do |value, options|
24
- options[:insecure] = true
34
+ add_option('-g', '--use-gitian', "Switch to #{URL}") do |value, options|
35
+ options[:gitian] = true
36
+ end
37
+
38
+ add_option('', '--re-get-cert', 'Get the signing certificate again') do |value, options|
39
+ options[:re_get_cert] = true
40
+ end
41
+
42
+ add_option('-u', '--undo', 'Disable gitian (so that you can install from an insecure repository)') do |value, options|
43
+ options[:undo] = true
44
+ end
45
+ add_option('-s', '--status', 'Show status') do |value, options|
46
+ options[:status] = true
25
47
  end
26
48
  end
27
49
 
28
50
  def execute
29
- say "Thanks for using Gitian!"
30
- gitian(options[:insecure], options[:release])
51
+ if options[:undo]
52
+ undo()
53
+ elsif options[:status]
54
+ else
55
+ gitian(options[:gitian], options[:release])
56
+ end
31
57
  show_status
32
58
  end
33
59
 
34
- def gitian(insecure, release)
60
+ def undo
61
+ unless Gem.configuration["saved_srcs"]
62
+ puts "There is no saved configuration"
63
+ return
64
+ end
65
+
66
+ gem_opts = Gem.configuration["gem"] || ""
67
+ gem_opts.gsub!(/\s*--trust-policy[ =]\S+/, "")
68
+ Gem.configuration["gem"] = gem_opts.strip
69
+ Gem.sources = Gem.configuration["saved_srcs"]
70
+ Gem.configuration["saved_srcs"] = nil
71
+
72
+ Gem.configuration.write
73
+ end
74
+
75
+ def gitian(use_gitian, release)
35
76
  gem_opts = Gem.configuration["gem"] || ""
36
77
  gem_opts.gsub!(/\s*--trust-policy[ =]\S+/, "")
37
78
  policy = "HighSecurity"
38
- policy = "MediumSecurity" if insecure
39
79
  gem_opts = gem_opts + " --trust-policy #{policy}"
40
80
  Gem.configuration["gem"] = gem_opts.strip
41
81
  oldurl = Gem.configuration["gitian_source"]
42
82
 
43
- url = get_one_optional_argument || URL
44
- url = url + release
83
+ url = get_one_optional_argument
84
+ if url
85
+ release ||= 'latest'
86
+ else
87
+ if use_gitian || oldurl.nil?
88
+ url = URL
89
+ release ||= 'latest'
90
+ else
91
+ # if using old URL, strip last component only if release given
92
+ url = oldurl
93
+ url = URI.parse(url).merge("..").to_s if release
94
+ end
95
+ end
96
+
45
97
  url += "/" if url[-1,1] != "/"
98
+ url = url + release + "/" if release
46
99
 
47
100
  sources = Gem.sources
48
101
  sources.reject! { |s| s == url || s == oldurl }
49
- sources.unshift url
102
+ if !sources.empty?
103
+ Gem.configuration["saved_srcs"] = sources
104
+ end
105
+ sources = [ url ]
50
106
  Gem.sources = sources
51
-
52
107
  Gem.configuration["gitian_source"] = url
53
108
 
109
+ uri = URI.parse(url)
110
+ if uri.relative?
111
+ $stderr.puts "URL must be absolute - i.e. start with http://, https://, file:///"
112
+ $stderr.puts ""
113
+ show_help()
114
+ exit(1)
115
+ end
116
+
117
+ get_cert(uri, options[:re_get_cert])
118
+
54
119
  Gem.configuration.write
55
- say "High security enabled. You will get an 'unsigned gem' error if you try to install a gem from a normal, non-signing gem repository."
120
+
121
+ say "High security policy enabled. You will get an 'unsigned gem' error if you try to install a gem from a normal, non-signing gem repository. Use 'gem gitian --undo' if you want to install an unsigned gem."
56
122
  end
57
123
 
58
124
  def show_status
125
+ puts "Sources in ~/.gemrc:"
126
+ Gem.sources.each do |source|
127
+ puts "- #{source}"
128
+ end
129
+ puts "Gem defaults: #{Gem.configuration["gem"]}" if Gem.configuration["gem"] && Gem.configuration["gem"] != ""
59
130
  end
131
+
132
+ def get_cert(uri, do_force)
133
+ http = Net::HTTP.new(uri.host, uri.port)
134
+ if uri.scheme == 'https'
135
+ http.use_ssl = true
136
+ end
137
+ http.start do
138
+ cert_uri = uri.merge("../gem-public_cert.pem")
139
+ http.request_get(cert_uri.path) do |res|
140
+ case res
141
+ when Net::HTTPSuccess
142
+ # OK
143
+ else
144
+ $stderr.puts "Could not get certificate at #{cert_uri}"
145
+ res.error!
146
+ end
147
+ cert = OpenSSL::X509::Certificate.new(res.body)
148
+ path = Gem::Security::Policy.trusted_cert_path(cert)
149
+ return if (!do_force && File.exists?(path))
150
+ Gem::Security.add_trusted_cert(cert)
151
+ digest = Digest::SHA1.hexdigest(cert.to_der)
152
+ digest = digest.upcase.gsub(/../, '\0:').chop
153
+ subject = cert.subject.to_s
154
+ subject.sub!("/CN=", '')
155
+ subject.sub!("/DC=", '@')
156
+ subject.gsub!("/DC=", '.')
157
+ puts "Please verify fingerprint for <#{subject}> is\n #{digest}"
158
+ end
159
+ end
160
+ end
161
+
60
162
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Miron Cuperman
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-12-05 00:00:00 -08:00
12
+ date: 2009-12-08 00:00:00 -08:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -22,7 +22,7 @@ dependencies:
22
22
  - !ruby/object:Gem::Version
23
23
  version: 1.2.0
24
24
  version:
25
- description: Add gitian sub-commands to the gem command
25
+ description: Add the 'gitian' sub-commands to the gem command
26
26
  email: info.deb@nginz.org
27
27
  executables: []
28
28
 
@@ -35,7 +35,7 @@ files:
35
35
  - lib/commands/gitian.rb
36
36
  - lib/rubygems_plugin.rb
37
37
  has_rdoc: true
38
- homepage: http://github.com/devrandom/gitian
38
+ homepage: http://gitian.org/
39
39
  licenses: []
40
40
 
41
41
  post_install_message: |+
@@ -66,11 +66,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
66
66
  version:
67
67
  requirements: []
68
68
 
69
- rubyforge_project:
69
+ rubyforge_project: gitian-tools
70
70
  rubygems_version: 1.3.5
71
71
  signing_key:
72
72
  specification_version: 3
73
- summary: Use Gitian repository as gem source
73
+ summary: Use a Gitian repository as the rubygems source
74
74
  test_files:
75
75
  - spec/spec_helper.rb
76
76
  - spec/commands/gitian_spec.rb