rubygems-update 1.0.1 → 1.1.0

data/lib/rubygems/package/f_sync_dir.rb

@@ -0,0 +1,24 @@
+#++
+# Copyright (C) 2004 Mauricio Julio Fern�ndez Pradier
+# See LICENSE.txt for additional licensing information.
+#--
+
+require 'rubygems/package'
+
+module Gem::Package::FSyncDir
+
+  private
+
+  ##
+  # make sure this hits the disc
+
+  def fsync_dir(dirname)
+    dir = open dirname, 'r'
+    dir.fsync
+  rescue # ignore IOError if it's an unpatched (old) Ruby
+  ensure
+    dir.close if dir rescue nil
+  end
+
+end
+

data/lib/rubygems/package/tar_header.rb

@@ -0,0 +1,245 @@
+#++
+# Copyright (C) 2004 Mauricio Julio Fern�ndez Pradier
+# See LICENSE.txt for additional licensing information.
+#--
+
+require 'rubygems/package'
+
+##
+#--
+# struct tarfile_entry_posix {
+#   char name[100];     # ASCII + (Z unless filled)
+#   char mode[8];       # 0 padded, octal, null
+#   char uid[8];        # ditto
+#   char gid[8];        # ditto
+#   char size[12];      # 0 padded, octal, null
+#   char mtime[12];     # 0 padded, octal, null
+#   char checksum[8];   # 0 padded, octal, null, space
+#   char typeflag[1];   # file: "0"  dir: "5"
+#   char linkname[100]; # ASCII + (Z unless filled)
+#   char magic[6];      # "ustar\0"
+#   char version[2];    # "00"
+#   char uname[32];     # ASCIIZ
+#   char gname[32];     # ASCIIZ
+#   char devmajor[8];   # 0 padded, octal, null
+#   char devminor[8];   # o padded, octal, null
+#   char prefix[155];   # ASCII + (Z unless filled)
+# };
+#++
+
+class Gem::Package::TarHeader
+
+  FIELDS = [
+    :checksum,
+    :devmajor,
+    :devminor,
+    :gid,
+    :gname,
+    :linkname,
+    :magic,
+    :mode,
+    :mtime,
+    :name,
+    :prefix,
+    :size,
+    :typeflag,
+    :uid,
+    :uname,
+    :version,
+  ]
+
+  PACK_FORMAT = 'a100' + # name
+                'a8'   + # mode
+                'a8'   + # uid
+                'a8'   + # gid
+                'a12'  + # size
+                'a12'  + # mtime
+                'a7a'  + # chksum
+                'a'    + # typeflag
+                'a100' + # linkname
+                'a6'   + # magic
+                'a2'   + # version
+                'a32'  + # uname
+                'a32'  + # gname
+                'a8'   + # devmajor
+                'a8'   + # devminor
+                'a155'   # prefix
+
+  UNPACK_FORMAT = 'A100' + # name
+                  'A8'   + # mode
+                  'A8'   + # uid
+                  'A8'   + # gid
+                  'A12'  + # size
+                  'A12'  + # mtime
+                  'A8'   + # checksum
+                  'A'    + # typeflag
+                  'A100' + # linkname
+                  'A6'   + # magic
+                  'A2'   + # version
+                  'A32'  + # uname
+                  'A32'  + # gname
+                  'A8'   + # devmajor
+                  'A8'   + # devminor
+                  'A155'   # prefix
+
+  attr_reader(*FIELDS)
+
+  def self.from(stream)
+    header = stream.read 512
+    empty = (header == "\0" * 512)
+
+    fields = header.unpack UNPACK_FORMAT
+
+    name     = fields.shift
+    mode     = fields.shift.oct
+    uid      = fields.shift.oct
+    gid      = fields.shift.oct
+    size     = fields.shift.oct
+    mtime    = fields.shift.oct
+    checksum = fields.shift.oct
+    typeflag = fields.shift
+    linkname = fields.shift
+    magic    = fields.shift
+    version  = fields.shift.oct
+    uname    = fields.shift
+    gname    = fields.shift
+    devmajor = fields.shift.oct
+    devminor = fields.shift.oct
+    prefix   = fields.shift
+
+    new :name     => name,
+        :mode     => mode,
+        :uid      => uid,
+        :gid      => gid,
+        :size     => size,
+        :mtime    => mtime,
+        :checksum => checksum,
+        :typeflag => typeflag,
+        :linkname => linkname,
+        :magic    => magic,
+        :version  => version,
+        :uname    => uname,
+        :gname    => gname,
+        :devmajor => devmajor,
+        :devminor => devminor,
+        :prefix   => prefix,
+
+        :empty    => empty
+
+    # HACK unfactor for Rubinius
+    #new :name     => fields.shift,
+    #    :mode     => fields.shift.oct,
+    #    :uid      => fields.shift.oct,
+    #    :gid      => fields.shift.oct,
+    #    :size     => fields.shift.oct,
+    #    :mtime    => fields.shift.oct,
+    #    :checksum => fields.shift.oct,
+    #    :typeflag => fields.shift,
+    #    :linkname => fields.shift,
+    #    :magic    => fields.shift,
+    #    :version  => fields.shift.oct,
+    #    :uname    => fields.shift,
+    #    :gname    => fields.shift,
+    #    :devmajor => fields.shift.oct,
+    #    :devminor => fields.shift.oct,
+    #    :prefix   => fields.shift,
+
+    #    :empty => empty
+  end
+
+  def initialize(vals)
+    unless vals[:name] && vals[:size] && vals[:prefix] && vals[:mode] then
+      raise ArgumentError, ":name, :size, :prefix and :mode required"
+    end
+
+    vals[:uid] ||= 0
+    vals[:gid] ||= 0
+    vals[:mtime] ||= 0
+    vals[:checksum] ||= ""
+    vals[:typeflag] ||= "0"
+    vals[:magic] ||= "ustar"
+    vals[:version] ||= "00"
+    vals[:uname] ||= "wheel"
+    vals[:gname] ||= "wheel"
+    vals[:devmajor] ||= 0
+    vals[:devminor] ||= 0
+
+    FIELDS.each do |name|
+      instance_variable_set "@#{name}", vals[name]
+    end
+
+    @empty = vals[:empty]
+  end
+
+  def empty?
+    @empty
+  end
+
+  def ==(other)
+    self.class === other and
+    @checksum == other.checksum and
+    @devmajor == other.devmajor and
+    @devminor == other.devminor and
+    @gid      == other.gid      and
+    @gname    == other.gname    and
+    @linkname == other.linkname and
+    @magic    == other.magic    and
+    @mode     == other.mode     and
+    @mtime    == other.mtime    and
+    @name     == other.name     and
+    @prefix   == other.prefix   and
+    @size     == other.size     and
+    @typeflag == other.typeflag and
+    @uid      == other.uid      and
+    @uname    == other.uname    and
+    @version  == other.version
+  end
+
+  def to_s
+    update_checksum
+    header
+  end
+
+  def update_checksum
+    header = header " " * 8
+    @checksum = oct calculate_checksum(header), 6
+  end
+
+  private
+
+  def calculate_checksum(header)
+    header.unpack("C*").inject { |a, b| a + b }
+  end
+
+  def header(checksum = @checksum)
+    header = [
+      name,
+      oct(mode, 7),
+      oct(uid, 7),
+      oct(gid, 7),
+      oct(size, 11),
+      oct(mtime, 11),
+      checksum,
+      " ",
+      typeflag,
+      linkname,
+      magic,
+      oct(version, 2),
+      uname,
+      gname,
+      oct(devmajor, 7),
+      oct(devminor, 7),
+      prefix
+    ]
+
+    header = header.pack PACK_FORMAT
+                  
+    header << ("\0" * ((512 - header.size) % 512))
+  end
+
+  def oct(num, len)
+    "%0#{len}o" % num
+  end
+
+end
+

data/lib/rubygems/package/tar_input.rb

@@ -0,0 +1,219 @@
+#++
+# Copyright (C) 2004 Mauricio Julio Fern�ndez Pradier
+# See LICENSE.txt for additional licensing information.
+#--
+
+require 'rubygems/package'
+
+class Gem::Package::TarInput
+
+  include Gem::Package::FSyncDir
+  include Enumerable
+
+  attr_reader :metadata
+
+  private_class_method :new
+
+  def self.open(io, security_policy = nil,  &block)
+    is = new io, security_policy
+
+    yield is
+  ensure
+    is.close if is
+  end
+
+  def initialize(io, security_policy = nil)
+    @io = io
+    @tarreader = Gem::Package::TarReader.new @io
+    has_meta = false
+
+    data_sig, meta_sig, data_dgst, meta_dgst = nil, nil, nil, nil
+    dgst_algo = security_policy ? Gem::Security::OPT[:dgst_algo] : nil
+
+    @tarreader.each do |entry|
+      case entry.full_name
+      when "metadata"
+        @metadata = load_gemspec entry.read
+        has_meta = true
+      when "metadata.gz"
+        begin
+          # if we have a security_policy, then pre-read the metadata file
+          # and calculate it's digest
+          sio = nil
+          if security_policy
+            Gem.ensure_ssl_available
+            sio = StringIO.new(entry.read)
+            meta_dgst = dgst_algo.digest(sio.string)
+            sio.rewind
+          end
+
+          gzis = Zlib::GzipReader.new(sio || entry)
+          # YAML wants an instance of IO
+          @metadata = load_gemspec(gzis)
+          has_meta = true
+        ensure
+          gzis.close unless gzis.nil?
+        end
+      when 'metadata.gz.sig'
+        meta_sig = entry.read
+      when 'data.tar.gz.sig'
+        data_sig = entry.read
+      when 'data.tar.gz'
+        if security_policy
+          Gem.ensure_ssl_available
+          data_dgst = dgst_algo.digest(entry.read)
+        end
+      end
+    end
+
+    if security_policy then
+      Gem.ensure_ssl_available
+
+      # map trust policy from string to actual class (or a serialized YAML
+      # file, if that exists)
+      if String === security_policy then
+        if Gem::Security::Policy.key? security_policy then
+          # load one of the pre-defined security policies
+          security_policy = Gem::Security::Policy[security_policy]
+        elsif File.exist? security_policy then
+          # FIXME: this doesn't work yet
+          security_policy = YAML.load File.read(security_policy)
+        else
+          raise Gem::Exception, "Unknown trust policy '#{security_policy}'"
+        end
+      end
+
+      if data_sig && data_dgst && meta_sig && meta_dgst then
+        # the user has a trust policy, and we have a signed gem
+        # file, so use the trust policy to verify the gem signature
+
+        begin
+          security_policy.verify_gem(data_sig, data_dgst, @metadata.cert_chain)
+        rescue Exception => e
+          raise "Couldn't verify data signature: #{e}"
+        end
+
+        begin
+          security_policy.verify_gem(meta_sig, meta_dgst, @metadata.cert_chain)
+        rescue Exception => e
+          raise "Couldn't verify metadata signature: #{e}"
+        end
+      elsif security_policy.only_signed
+        raise Gem::Exception, "Unsigned gem"
+      else
+        # FIXME: should display warning here (trust policy, but
+        # either unsigned or badly signed gem file)
+      end
+    end
+
+    @tarreader.rewind
+    @fileops = Gem::FileOperations.new
+
+    raise Gem::Package::FormatError, "No metadata found!" unless has_meta
+  end
+
+  def close
+    @io.close
+    @tarreader.close
+  end
+
+  def each(&block)
+    @tarreader.each do |entry|
+      next unless entry.full_name == "data.tar.gz"
+      is = zipped_stream entry
+
+      begin
+        Gem::Package::TarReader.new is do |inner|
+          inner.each(&block)
+        end
+      ensure
+        is.close if is
+      end
+    end
+
+    @tarreader.rewind
+  end
+
+  def extract_entry(destdir, entry, expected_md5sum = nil)
+    if entry.directory? then
+      dest = File.join(destdir, entry.full_name)
+
+      if File.dir? dest then
+        @fileops.chmod entry.header.mode, dest, :verbose=>false
+      else
+        @fileops.mkdir_p dest, :mode => entry.header.mode, :verbose => false
+      end
+
+      fsync_dir dest
+      fsync_dir File.join(dest, "..")
+
+      return
+    end
+
+    # it's a file
+    md5 = Digest::MD5.new if expected_md5sum
+    destdir = File.join destdir, File.dirname(entry.full_name)
+    @fileops.mkdir_p destdir, :mode => 0755, :verbose => false
+    destfile = File.join destdir, File.basename(entry.full_name)
+    @fileops.chmod 0600, destfile, :verbose => false rescue nil # Errno::ENOENT
+
+    open destfile, "wb", entry.header.mode do |os|
+      loop do
+        data = entry.read 4096
+        break unless data
+        # HACK shouldn't we check the MD5 before writing to disk?
+        md5 << data if expected_md5sum
+        os.write(data)
+      end
+
+      os.fsync
+    end
+
+    @fileops.chmod entry.header.mode, destfile, :verbose => false
+    fsync_dir File.dirname(destfile)
+    fsync_dir File.join(File.dirname(destfile), "..")
+
+    if expected_md5sum && expected_md5sum != md5.hexdigest then
+      raise Gem::Package::BadCheckSum
+    end
+  end
+
+  # Attempt to YAML-load a gemspec from the given _io_ parameter.  Return
+  # nil if it fails.
+  def load_gemspec(io)
+    Gem::Specification.from_yaml io
+  rescue Gem::Exception
+    nil
+  end
+
+  ##
+  # Return an IO stream for the zipped entry.
+  #
+  # NOTE:  Originally this method used two approaches, Return a GZipReader
+  # directly, or read the GZipReader into a string and return a StringIO on
+  # the string.  The string IO approach was used for versions of ZLib before
+  # 1.2.1 to avoid buffer errors on windows machines.  Then we found that
+  # errors happened with 1.2.1 as well, so we changed the condition.  Then
+  # we discovered errors occurred with versions as late as 1.2.3.  At this
+  # point (after some benchmarking to show we weren't seriously crippling
+  # the unpacking speed) we threw our hands in the air and declared that
+  # this method would use the String IO approach on all platforms at all
+  # times.  And that's the way it is.
+
+  def zipped_stream(entry)
+    if defined? Rubinius then
+      zis = Zlib::GzipReader.new entry
+      dis = zis.read
+      is = StringIO.new(dis)
+    else
+      # This is Jamis Buck's Zlib workaround for some unknown issue
+      entry.read(10) # skip the gzip header
+      zis = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      is = StringIO.new(zis.inflate(entry.read))
+    end
+  ensure
+    zis.finish if zis
+  end
+
+end
+