mongo_kerberos 2.1.1 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e6ada2e4a0ddcaf0c1bb4c4a64ca232977bfaca7cd70116179d93dd48852975
-  data.tar.gz: ff2b0390d7937b433e0a8c2fed0f8823ec290b542f01b7c54bc7e2f241af5854
+  metadata.gz: ce9257ac8238a5bd7549c9ff4c38088236b8a1f48205d501d557755d4d7a143d
+  data.tar.gz: f96d3525f760c37ac7349d6faf1f14420c57f5279004388ebfa508f0dad4a307
 SHA512:
-  metadata.gz: 2b93ad2ab566e16181b640217af56ef0e9d865230250bd673b10191b518f613c4b6aad07654650ab721c0a6a9807ac7de92e94d6a7a73fe5577d211158c631e6
-  data.tar.gz: 13cb346db91f3a813a97c3612a5f43650db61993f6390128398c98942f7e6b709f1df178ef4e4bac181fa32f1474048fdc0c8c4408e7ad0a936a9ba74bec4c0e
+  metadata.gz: 00d80f43916a7b676ed14a456f3aecf4627b003f1a40e349ac25dc8d28f4ea1491e7c8896b93d2d59142b757d03b0cf114940a9e9e42cd4ed4c9a809f3fc99ea
+  data.tar.gz: 9a9c72ae5b05c7cf95e6e829a5870689f75128c844a5fd262dc35ff5268f1e12da2a5d18b7020c55e19939e11dfe906e161c1d9d5ac9903e40108721b92df8da

data/CONTRIBUTING.md

@@ -21,8 +21,6 @@ specs should follow the following guidelines:
 - Use `context` blocks to set up conditions.
 - Always provide descriptive specifications via `it`.
 
-Specs can be automatically run with Guard, via `bundle exec guard`
-
 Before commiting, run `rake` to ensure all specs pass with both pure Ruby and
 the native extensions.
 

data/README.md

@@ -1,11 +1,11 @@
-# Mongo Kerberos [![Build Status](https://secure.travis-ci.org/mongodb/mongo-ruby-kerberos.png?branch=master&.png)](http://travis-ci.org/mongodb/mongo-ruby-kerberos) [![Code Climate](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos.png)](https://codeclimate.com/github/mongodb/mongo-ruby-kerberos) [![Coverage Status](https://coveralls.io/repos/mongodb/mongo-ruby-kerberos/badge.png?branch=master)](https://coveralls.io/r/mongodb/mongo-ruby-kerberos?branch=master)
+# Mongo Kerberos
 
 Provides Kerberos authentication support to the Mongo Ruby Driver.
 
 
 ## Compatibility
 
-mongo_kerberos is tested against MRI (1.9.3+) and JRuby (9.1+).
+mongo_kerberos is tested against MRI (2.7+) and JRuby (9.3+).
 
 ### JRuby
 
@@ -33,11 +33,36 @@ Require the `mongo_kerberos` gem in your application.
 require "mongo_kerberos"
 ```
 
+### Release Integrity
+
+Each release of this Kerberos authentication module after version 2.1.1 has been automatically built and signed using the team's GPG key.
+
+To verify the module's gem file:
+
+1. [Download the GPG key](https://pgp.mongodb.com/ruby-driver.asc).
+2. Import the key into your GPG keyring with `gpg --import ruby-driver.asc`.
+3. Download the gem file (if you don't already have it). You can download it from RubyGems with `gem fetch mongo_kerberos`, or you can download it from the [releases page](https://github.com/mongodb/mongo-ruby-kerberos/releases) on GitHub.
+4. Download the corresponding detached signature file from the [same release](https://github.com/mongodb/mongo-ruby-kerberos/releases). Look at the bottom of the release that corresponds to the gem file, under the 'Assets' list, for a `.sig` file with the same version number as the gem you wish to install.
+5. Verify the gem with `gpg --verify mongo_kerberos-X.Y.Z.gem.sig mongo_kerberos-X.Y.Z.gem` (replacing `X.Y.Z` with the actual version number).
+
+You are looking for text like "Good signature from "MongoDB Ruby Driver Release Signing Key <packaging@mongodb.com>" in the output. If you see that, the signature was found to correspond to the given gem file.
+
+(Note that other output, like "This key is not certified with a trusted signature!", is related to *web of trust* and depends on how strongly you, personally, trust the `ruby-driver.asc` key that you downloaded from us. To learn more, see https://www.gnupg.org/gph/en/manual/x334.html)
+
+### Why not use RubyGems' gem-signing functionality?
+
+RubyGems' own gem signing is problematic, most significantly because there is no established chain of trust related to the keys used to sign gems. RubyGems' own documentation admits that "this method of signing gems is not widely used" (see https://guides.rubygems.org/security/). Discussions about this in the RubyGems community have been off-and-on for more than a decade, and while a solution will eventually arrive, we have settled on using GPG instead for the following reasons:
+
+1. Many of the other driver teams at MongoDB are using GPG to sign their product releases. Consistency with the other teams means that we can reuse existing tooling for our own product releases.
+2. GPG is widely available and has existing tools and procedures for dealing with web of trust (though they are admittedly quite arcane and intimidating to the uninitiated, unfortunately).
+
+Ultimately, most users do not bother to verify gems, and will not be impacted by our choice of GPG over RubyGems' native method.
+
 
 ## API Documentation
 
-The [API Documentation](http://rdoc.info/github/mongodb/mongo-ruby-kerberos/master/frames) is
-located at rdoc.info.
+Please see the [Kerberos authentication section](https://www.mongodb.com/docs/ruby-driver/current/reference/authentication/#kerberos--gssapi-)
+of the Ruby driver documentation for high level documentation of this library.
 
 ## Versioning
 

data/Rakefile

@@ -31,6 +31,7 @@ if jruby?
     ext.name = "native"
     ext.ext_dir = "src"
     ext.lib_dir = "lib/mongo/auth/kerberos"
+    ext.release = ENV['JAVA_RELEASE'].to_i if ENV['JAVA_RELEASE']
   end
 else
   require "rake/extensiontask"
@@ -41,28 +42,73 @@ else
   end
 end
 
-require "mongo/auth/kerberos/version"
+desc "[INTERNAL] Loads the library's version"
+task :load_version do
+  require 'mongo/auth/kerberos/version'
+end
 
-def extension
-  RUBY_PLATFORM =~ /darwin/ ? "bundle" : "so"
+desc 'Print the current version (used for releases)'
+task version: :load_version do
+  puts Mongo::Auth::Kerberos::VERSION
 end
 
 RSpec::Core::RakeTask.new(:rspec)
 
-if jruby?
-  task :build => [ :clean_all, :compile ] do
-    system "gem build mongo_kerberos.gemspec"
+# `rake version` is used by the deployment system so get the release version
+# of the product beng deployed. It must do nothing more than just print the
+# product version number.
+desc 'Print the current version'
+task :build => [ :clean_all, *(jruby? ? :compile : nil) ] do
+  output = "--output=#{ENV['GEM_FILE_NAME']}" if ENV['GEM_FILE_NAME']
+  system "gem build #{output} mongo_kerberos.gemspec"
+end
+
+# `rake gem_file_name` is used by the deployment system so get the name of
+# the gem file to be generated. It must do nothing more than just print the
+# name of the gem file to generate.
+desc 'Print the name of the gem file to generate.'
+task gem_file_name: :load_version do
+  base = "mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}"
+  base << '-java' if jruby?
+  puts "#{base}.gem"
+end
+
+# overrides the default Bundler-provided `release` task, which also
+# builds the gems. Our release process assumes the gems have already
+# been built (and signed via GPG), so we just need `rake release` to
+# push the gems to rubygems.
+desc 'Push the generated gems to RubyGems'
+task :release do
+  # confirm: there ought to be two gems, one for MRI, and one for Java. These
+  # will have been previously generated by the 'Release' GitHub action.
+  gems = Dir['*.gem']
+  if gems.length != 2
+    abort "Expected two gem files to be ready to release; got #{gems.length}"
   end
-else
-  task :build => :clean_all do
-    system "gem build mongo_kerberos.gemspec"
+
+  if ENV['GITHUB_ACTION'].nil?
+    abort <<~WARNING
+      `rake release` must be invoked from the `Release` GitHub action,
+      and must not be invoked locally. This ensures the gem is properly signed
+      and distributed by the appropriate user.
+
+      Note that it is the `rubygems/release-gem@v1` step in the `Release`
+      action that invokes this task. Do not rename or remove this task, or the
+      release-gem step will fail. Reimplement this task with caution.
+
+      NO GEMS were pushed to RubyGems.
+    WARNING
+  end
+
+  gems.each do |gem|
+    system 'gem', 'push', gem
   end
 end
 
 task :clean_all => :clean do
   begin
     Dir.chdir(Pathname(__FILE__).dirname + "lib") do
-      ["o", extension, "jar"].each do |e|
+      %w[ o bundle so jar ].each do |e|
          Dir.glob(File.join("**", "*.#{e}")).each do |f|
           `rm #{f}`
         end
@@ -77,24 +123,6 @@ task :spec => :compile do
   Rake::Task["rspec"].invoke
 end
 
-# Run bundle exec rake release with mri and jruby. Ex:
-#
-# rvm use 2.1.0@mongo_kerberos
-# bundle exec rake release
-# rvm use jruby@mongo_kerberos
-# bundle exec rake release
-task :release => :build do
-  system "git tag -a #{Mongo::Auth::Kerberos::VERSION} -m 'Tagging release: #{Mongo::Auth::Kerberos::VERSION}'"
-  system "git push --tags"
-  if jruby?
-    system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
-    system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}-java.gem"
-  else
-    system "gem push mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
-    system "rm mongo_kerberos-#{Mongo::Auth::Kerberos::VERSION}.gem"
-  end
-end
-
 task :default => [ :clean_all, :spec ]
 
 desc "Generate all documentation"
@@ -102,7 +130,7 @@ task :docs => 'docs:yard'
 
 namespace :docs do
   desc "Generate yard documention"
-  task :yard do
+  task yard: :load_version do
     out = File.join('yard-docs', Mongo::Auth::Kerberos::VERSION)
     FileUtils.rm_rf(out)
     system "yardoc -o #{out} --title mongo-ruby-kerberos-#{Mongo::Auth::Kerberos::VERSION}"

data/lib/mongo/auth/kerberos/conversation.rb

@@ -127,25 +127,12 @@ module Mongo
 
         private
 
-        if BSON::Environment.jruby?
-
-          def start_token
-            BSON::Binary.new(authenticator.initialize_challenge)
-          end
-
-          def continue_token
-            payload = reply.documents[0][PAYLOAD]
-            BSON::Binary.new(authenticator.evaluate_challenge(payload.data))
-          end
-        else
-
-          def start_token
-            authenticator.initialize_challenge
-          end
+        def start_token
+          authenticator.initialize_challenge
+        end
 
-          def continue_token
-            authenticator.evaluate_challenge(reply.documents[0][PAYLOAD])
-          end
+        def continue_token
+          authenticator.evaluate_challenge(reply.documents[0][PAYLOAD])
         end
 
         def validate!(reply)

data/lib/mongo/auth/kerberos/jruby/authenticator.rb

@@ -13,7 +13,9 @@
 # limitations under the License.
 
 require 'java'
+require 'jruby'
 require 'mongo/auth/kerberos/native.jar'
+require 'forwardable'
 
 module Mongo
   module Auth

data/lib/mongo/auth/kerberos/version.rb

@@ -1,23 +1,11 @@
-# Copyright (C) 2015 MongoDB, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# frozen_string_literal: true
 
 module Mongo
   module Auth
     class Kerberos
 
       # The gem version number.
-      VERSION = '2.1.1'.freeze
+      VERSION = '2.1.2'
     end
   end
 end

data/spec/mongo/auth/kerberos/conversation_spec.rb

@@ -57,13 +57,9 @@ describe Mongo::Auth::Kerberos::Conversation do
       expect(selector[:mechanism]).to eq('GSSAPI')
     end
 
-    it 'sets the payload', unless: BSON::Environment.jruby? do
+    it 'sets the payload' do
       expect(selector[:payload]).to start_with('test')
     end
-
-    it 'sets the payload', if: BSON::Environment.jruby? do
-      expect(selector[:payload].data).to start_with('test')
-    end
   end
 
   describe '#finalize' do
@@ -72,8 +68,10 @@ describe Mongo::Auth::Kerberos::Conversation do
       Mongo::Protocol::Reply.new
     end
 
+    let(:continue_token_contents) { 'testing' }
+
     let(:continue_token) do
-      BSON::Environment.jruby? ? BSON::Binary.new('testing') : 'testing'
+      continue_token_contents
     end
 
     context 'when the conversation is a success' do
@@ -82,7 +80,7 @@ describe Mongo::Auth::Kerberos::Conversation do
         [{
           'conversationId' => 1,
           'done' => false,
-          'payload' => continue_token,
+          'payload' => continue_token_contents,
           'ok' => 1.0
         }]
       end
@@ -97,7 +95,7 @@ describe Mongo::Auth::Kerberos::Conversation do
 
       before do
         expect(authenticator).to receive(:evaluate_challenge).
-          with('testing').and_return(continue_token)
+          with(continue_token_contents).and_return(continue_token_contents)
         reply.instance_variable_set(:@documents, documents)
       end
 
@@ -105,14 +103,10 @@ describe Mongo::Auth::Kerberos::Conversation do
         expect(selector[:conversationId]).to eq(1)
       end
 
-      it 'sets the payload', unless: BSON::Environment.jruby? do
+      it 'sets the payload' do
         expect(selector[:payload]).to eq(continue_token)
       end
 
-      it 'sets the payload', if: BSON::Environment.jruby? do
-        expect(selector[:payload].data).to eq(continue_token)
-      end
-
       it 'sets the continue flag' do
         expect(selector[:saslContinue]).to eq(1)
       end

data/spec/spec_helper.rb

@@ -15,15 +15,6 @@
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
 
-if ENV["CI"] && !ENV["WITH_EXT"]
-  require "simplecov"
-  require "coveralls"
-  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
-  SimpleCov.start do
-    add_filter "spec"
-  end
-end
-
 require "mongo_kerberos"
 require "rspec"
 

metadata

@@ -1,42 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mongo_kerberos
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.2
 platform: ruby
 authors:
-- Emily Stolfo
-- Durran Jordan
-autorequire:
+- The MongoDB Ruby Team
+autorequire: 
 bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIEeDCCAuCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMREwDwYDVQQDDAhkYngt
-  cnVieTEXMBUGCgmSJomT8ixkARkWB21vbmdvZGIxEzARBgoJkiaJk/IsZAEZFgNj
-  b20wHhcNMjMwMTMxMTE1NjM1WhcNMjQwMTMxMTE1NjM1WjBBMREwDwYDVQQDDAhk
-  YngtcnVieTEXMBUGCgmSJomT8ixkARkWB21vbmdvZGIxEzARBgoJkiaJk/IsZAEZ
-  FgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC0/Veq9l47cTfX
-  tQ+kHq2NOCwJuJGt1iXWQ/vH/yp7pZ/bLej7gPDl2CfIngAXRjM7r1FkR9ya7VAm
-  IneBFcVU3HhpIXWi4ByXGjBOXFD1Dfbz4C4zedIWRk/hNzXa+rQY4KPwpOwG/hZg
-  id+rSXWSbNlkyN97XfonweVh7JsIa9X/2JY9ADYjhCfEZF+b0+Wl7+jgwzLWb46I
-  0WH0bZBIZ0BbKAwUXIgvq5mQf9PzukmMVYCwnkJ/P4wrHO22HuwnbMyvJuGjVwqi
-  j1NRp/2vjmKBFWxIfhlSXEIiqAmeEVNXzhPvTVeyo+rma+7R3Bo+4WHkcnPpXJJZ
-  Jd63qXMvTB0GplEcMJPztWhrJOmcxIOVoQyigEPSQT8JpzFVXby4SGioizv2eT7l
-  VYSiCHuc3yEDyq5M+98WGX2etbj6esYtzI3rDevpIAHPB6HQmtoJIA4dSl3gjFb+
-  D+YQSuB2qYu021FI9zeY9sbZyWysEXBxhwrmTk+XUV0qz+OQZkMCAwEAAaN7MHkw
-  CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFH4nnr4tYlatU57RbExW
-  jG86YM5nMB8GA1UdEQQYMBaBFGRieC1ydWJ5QG1vbmdvZGIuY29tMB8GA1UdEgQY
-  MBaBFGRieC1ydWJ5QG1vbmdvZGIuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQAVSlgM
-  nFDWCCNLOCqG5/Lj4U62XoALkdCI+OZ30+WrA8qiRLSL9ZEziVK9AV7ylez+sriQ
-  m8XKZKsCN5ON4+zXw1S+6Ftz/R4zDg7nTb9Wgw8ibzsoiP6e4pRW3Fls3ZdaG4pW
-  +qMTbae9OiSrgI2bxNTII+v+1FcbQjOlMu8HPZ3ZfXnurXPgN5GxSyyclZI1QONO
-  HbUoKHRirZu0F7JCvQQq4EkSuLWPplRJfYEeJIYm05zhhFeEyqea2B/TTlCtXa42
-  84vxXsxGzumuO8F2Q9m6/p95sNhqCp0B/SkKXIrRGJ7FBzupoORNRXHviS2OC3ty
-  4lwUzOlLTF/yO0wwYYfmtQOALQwKnW838vbYthMXvTjxB0EgVZ5PKto99WbjsXzy
-  wkeAWhd5b+5JS0zgDL4SvGB8/W2IY+y0zELkojBMgJPyrpAWHL/WSsSBMuhyI2Pv
-  xxaBVLklnJJ/qCCOZ3lG2MyVc/Nb0Mmq8ygWNsfwHmKKYuuWcviit0D0Tek=
-  -----END CERTIFICATE-----
-date: 2023-06-12 00:00:00.000000000 Z
+cert_chain: []
+date: 2024-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mongo
@@ -54,8 +26,7 @@ dependencies:
         version: '2.0'
 description: Adds Kerberos authentication via libsasl to the MongoDB Ruby Driver on
   MRI and JRuby
-email:
-- mongodb-dev@googlegroups.com
+email: dbx-ruby@mongodb.com
 executables: []
 extensions:
 - ext/mongo_kerberos/extconf.rb
@@ -77,11 +48,15 @@ files:
 - spec/mongo/auth/kerberos/conversation_spec.rb
 - spec/mongo/auth/kerberos/mri/authenticator_spec.rb
 - spec/spec_helper.rb
-homepage: http://www.mongodb.org
+homepage: https://docs.mongodb.com/ruby-driver/current/tutorials/ruby-driver-authentication/#kerberos-gssapi-mechanism
 licenses:
-- Apache License Version 2.0
-metadata: {}
-post_install_message:
+- Apache-2.0
+metadata:
+  bug_tracker_uri: https://jira.mongodb.org/projects/RUBY
+  changelog_uri: https://github.com/mongodb/mongo-ruby-kerberos/releases
+  documentation_uri: https://www.mongodb.com/docs/ruby-driver/current/reference/authentication/#kerberos--gssapi-
+  source_code_uri: https://github.com/mongodb/mongo-ruby-kerberos
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -96,8 +71,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.4.12
-signing_key:
+rubygems_version: 3.4.19
+signing_key: 
 specification_version: 4
 summary: Kerberos authentication support for the MongoDB Ruby driver
 test_files:

checksums.yaml.gz.sig

@@ -1 +0,0 @@
-Y:.=��1��ڌm����5�J�7W��{��}�&6���y.AO��K0cm;�[����,�Cvs����J�Sg�2���EuGZǮϙ��5��4��Jq��ll�n�v�S��c#��ά���O����V*ԏe���fo