gitian 0.0.1 → 0.0.2

data/lib/commands/gitian.rb

@@ -1,10 +1,15 @@
+require 'net/http'
+require 'net/https'
+require 'digest/sha1'
+require 'rubygems/security'
+
 class Gem::Commands::GitianCommand < Gem::AbstractGitianCommand
   def description
     'Use a Gitian distribution as the primary gem source and enable gem security'
   end
 
   def arguments
-    "[URL]	URL of Gitian distribution, (default #{URL})"
+    "[URL]	URL of Gitian distribution, (see -g for default)"
   end
 
   def usage
@@ -14,47 +19,144 @@ class Gem::Commands::GitianCommand < Gem::AbstractGitianCommand
   def initialize
     super 'gitian', description
 
-    defaults.merge!(:insecure => false, :release => 'latest')
+    defaults.merge!(
+      :undo => false,
+      :release => nil,
+      :gitian => false,
+      :re_get_cert => false,
+      :status => false
+    )
 
     add_option('-r', '--release REL', 'Specify a release (default is "latest")') do |value, options|
       options[:release] = value
     end
 
-    add_option('', '--insecure', 'Do not require signatures on gems (defeats the design goal of Gitian!)') do |value, options|
-      options[:insecure] = true
+    add_option('-g', '--use-gitian', "Switch to #{URL}") do |value, options|
+      options[:gitian] = true
+    end
+
+    add_option('', '--re-get-cert', 'Get the signing certificate again') do |value, options|
+      options[:re_get_cert] = true
+    end
+
+    add_option('-u', '--undo', 'Disable gitian (so that you can install from an insecure repository)') do |value, options|
+      options[:undo] = true
+    end
+    add_option('-s', '--status', 'Show status') do |value, options|
+      options[:status] = true
     end
   end
 
   def execute
-    say "Thanks for using Gitian!"
-    gitian(options[:insecure], options[:release])
+    if options[:undo]
+      undo()
+    elsif options[:status]
+    else
+      gitian(options[:gitian], options[:release])
+    end
     show_status
   end
 
-  def gitian(insecure, release)
+  def undo
+    unless Gem.configuration["saved_srcs"]
+      puts "There is no saved configuration"
+      return
+    end
+
+    gem_opts = Gem.configuration["gem"] || ""
+    gem_opts.gsub!(/\s*--trust-policy[ =]\S+/, "")
+    Gem.configuration["gem"] = gem_opts.strip
+    Gem.sources = Gem.configuration["saved_srcs"]
+    Gem.configuration["saved_srcs"] = nil
+
+    Gem.configuration.write
+  end
+
+  def gitian(use_gitian, release)
     gem_opts = Gem.configuration["gem"] || ""
     gem_opts.gsub!(/\s*--trust-policy[ =]\S+/, "")
     policy = "HighSecurity"
-    policy = "MediumSecurity" if insecure
     gem_opts = gem_opts + " --trust-policy #{policy}"
     Gem.configuration["gem"] = gem_opts.strip
     oldurl = Gem.configuration["gitian_source"]
 
-    url = get_one_optional_argument || URL
-    url = url + release
+    url = get_one_optional_argument
+    if url
+      release ||= 'latest'
+    else
+      if use_gitian || oldurl.nil?
+	url = URL
+	release ||= 'latest'
+      else
+	# if using old URL, strip last component only if release given
+	url = oldurl
+	url = URI.parse(url).merge("..").to_s if release
+      end
+    end
+
     url += "/" if url[-1,1] != "/"
+    url = url + release + "/" if release
 
     sources = Gem.sources
     sources.reject! { |s| s == url || s == oldurl }
-    sources.unshift url
+    if !sources.empty?
+      Gem.configuration["saved_srcs"] = sources
+    end
+    sources = [ url ]
     Gem.sources = sources
-
     Gem.configuration["gitian_source"] = url
 
+    uri = URI.parse(url)
+    if uri.relative?
+      $stderr.puts "URL must be absolute - i.e. start with http://, https://, file:///"
+      $stderr.puts ""
+      show_help()
+      exit(1)
+    end
+
+    get_cert(uri, options[:re_get_cert])
+
     Gem.configuration.write
-    say "High security enabled.  You will get an 'unsigned gem' error if you try to install a gem from a normal, non-signing gem repository."
+
+    say "High security policy enabled.  You will get an 'unsigned gem' error if you try to install a gem from a normal, non-signing gem repository.  Use 'gem gitian --undo' if you want to install an unsigned gem."
   end
 
   def show_status
+    puts "Sources in ~/.gemrc:"
+    Gem.sources.each do |source|
+      puts "- #{source}"
+    end
+    puts "Gem defaults: #{Gem.configuration["gem"]}" if Gem.configuration["gem"] && Gem.configuration["gem"] != ""
   end
+
+  def get_cert(uri, do_force)
+    http = Net::HTTP.new(uri.host, uri.port)
+    if uri.scheme == 'https'
+      http.use_ssl = true
+    end
+    http.start do
+      cert_uri = uri.merge("../gem-public_cert.pem")
+      http.request_get(cert_uri.path) do |res|
+	case res
+	when Net::HTTPSuccess
+	  # OK
+	else
+	  $stderr.puts "Could not get certificate at #{cert_uri}"
+	  res.error!
+	end
+	cert = OpenSSL::X509::Certificate.new(res.body)
+	path = Gem::Security::Policy.trusted_cert_path(cert)
+	return if (!do_force && File.exists?(path))
+	Gem::Security.add_trusted_cert(cert)
+	digest = Digest::SHA1.hexdigest(cert.to_der)
+	digest = digest.upcase.gsub(/../, '\0:').chop
+	subject = cert.subject.to_s
+	subject.sub!("/CN=", '')
+	subject.sub!("/DC=", '@')
+	subject.gsub!("/DC=", '.')
+	puts "Please verify fingerprint for <#{subject}> is\n #{digest}"
+      end
+    end
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: gitian
 version: !ruby/object:Gem::Version 
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors: 
 - Miron Cuperman
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-12-05 00:00:00 -08:00
+date: 2009-12-08 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,7 +22,7 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 1.2.0
     version: 
-description: Add gitian sub-commands to the gem command
+description: Add the 'gitian' sub-commands to the gem command
 email: info.deb@nginz.org
 executables: []
 
@@ -35,7 +35,7 @@ files:
 - lib/commands/gitian.rb
 - lib/rubygems_plugin.rb
 has_rdoc: true
-homepage: http://github.com/devrandom/gitian
+homepage: http://gitian.org/
 licenses: []
 
 post_install_message: |+
@@ -66,11 +66,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   version: 
 requirements: []
 
-rubyforge_project: 
+rubyforge_project: gitian-tools
 rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
-summary: Use Gitian repository as gem source
+summary: Use a Gitian repository as the rubygems source
 test_files: 
 - spec/spec_helper.rb
 - spec/commands/gitian_spec.rb