RubyGems - rubygems-update - Versions diffs - 1.8.30 → 2.0.0.preview2 - Mend

rubygems-update 1.8.30 → 2.0.0.preview2

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (241) hide show

checksums.yaml +6 -6
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +3 -0
data/.autotest +6 -3
data/History.txt +137 -63
data/LICENSE.txt +1 -5
data/Manifest.txt +69 -32
data/README.rdoc +11 -9
data/Rakefile +24 -38
data/bin/gem +0 -9
data/bin/update_rubygems +1 -0
data/lib/rubygems.rb +193 -405
data/lib/rubygems/available_set.rb +95 -0
data/lib/rubygems/command.rb +88 -45
data/lib/rubygems/command_manager.rb +67 -40
data/lib/rubygems/commands/build_command.rb +5 -23
data/lib/rubygems/commands/cert_command.rb +199 -57
data/lib/rubygems/commands/check_command.rb +14 -39
data/lib/rubygems/commands/cleanup_command.rb +9 -1
data/lib/rubygems/commands/contents_command.rb +30 -12
data/lib/rubygems/commands/dependency_command.rb +3 -8
data/lib/rubygems/commands/environment_command.rb +13 -8
data/lib/rubygems/commands/fetch_command.rb +3 -16
data/lib/rubygems/commands/generate_index_command.rb +7 -47
data/lib/rubygems/commands/help_command.rb +1 -1
data/lib/rubygems/commands/install_command.rb +69 -36
data/lib/rubygems/commands/list_command.rb +6 -4
data/lib/rubygems/commands/lock_command.rb +1 -1
data/lib/rubygems/commands/mirror_command.rb +17 -0
data/lib/rubygems/commands/outdated_command.rb +6 -3
data/lib/rubygems/commands/owner_command.rb +13 -5
data/lib/rubygems/commands/pristine_command.rb +19 -4
data/lib/rubygems/commands/push_command.rb +12 -1
data/lib/rubygems/commands/query_command.rb +43 -27
data/lib/rubygems/commands/rdoc_command.rb +23 -28
data/lib/rubygems/commands/search_command.rb +4 -18
data/lib/rubygems/commands/server_command.rb +1 -1
data/lib/rubygems/commands/setup_command.rb +124 -38
data/lib/rubygems/commands/sources_command.rb +16 -16
data/lib/rubygems/commands/specification_command.rb +11 -13
data/lib/rubygems/commands/uninstall_command.rb +24 -7
data/lib/rubygems/commands/unpack_command.rb +7 -3
data/lib/rubygems/commands/update_command.rb +22 -36
data/lib/rubygems/commands/yank_command.rb +98 -0
data/lib/rubygems/compatibility.rb +51 -0
data/lib/rubygems/config_file.rb +82 -54
data/lib/rubygems/core_ext/kernel_gem.rb +53 -0
data/lib/rubygems/core_ext/kernel_require.rb +119 -0
data/lib/rubygems/defaults.rb +10 -21
data/lib/rubygems/dependency.rb +61 -10
data/lib/rubygems/dependency_installer.rb +157 -69
data/lib/rubygems/dependency_list.rb +11 -19
data/lib/rubygems/dependency_resolver.rb +562 -0
data/lib/rubygems/deprecate.rb +40 -40
data/lib/rubygems/errors.rb +77 -24
data/lib/rubygems/exceptions.rb +25 -7
data/lib/rubygems/ext/builder.rb +20 -23
data/lib/rubygems/ext/configure_builder.rb +2 -2
data/lib/rubygems/ext/ext_conf_builder.rb +5 -45
data/lib/rubygems/ext/rake_builder.rb +2 -2
data/lib/rubygems/gem_runner.rb +3 -16
data/lib/rubygems/gemcutter_utilities.rb +22 -7
data/lib/rubygems/indexer.rb +6 -159
data/lib/rubygems/install_message.rb +12 -0
data/lib/rubygems/install_update_options.rb +56 -18
data/lib/rubygems/installer.rb +244 -134
data/lib/rubygems/installer_test_case.rb +71 -19
data/lib/rubygems/mock_gem_ui.rb +17 -0
data/lib/rubygems/name_tuple.rb +110 -0
data/lib/rubygems/package.rb +514 -43
data/lib/rubygems/package/digest_io.rb +64 -0
data/lib/rubygems/package/old.rb +147 -0
data/lib/rubygems/package/tar_header.rb +18 -55
data/lib/rubygems/package/tar_reader.rb +20 -3
data/lib/rubygems/package/tar_writer.rb +63 -7
data/lib/rubygems/package_task.rb +3 -4
data/lib/rubygems/path_support.rb +14 -7
data/lib/rubygems/platform.rb +19 -26
data/lib/rubygems/rdoc.rb +316 -0
data/lib/rubygems/remote_fetcher.rb +117 -54
data/lib/rubygems/request_set.rb +182 -0
data/lib/rubygems/requirement.rb +63 -26
data/lib/rubygems/security.rb +295 -555
data/lib/rubygems/security/policies.rb +115 -0
data/lib/rubygems/security/policy.rb +227 -0
data/lib/rubygems/security/signer.rb +136 -0
data/lib/rubygems/security/trust_dir.rb +104 -0
data/lib/rubygems/server.rb +45 -55
data/lib/rubygems/source.rb +144 -0
data/lib/rubygems/source_list.rb +87 -0
data/lib/rubygems/source_local.rb +92 -0
data/lib/rubygems/source_specific_file.rb +28 -0
data/lib/rubygems/spec_fetcher.rb +116 -184
data/lib/rubygems/specification.rb +731 -335
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem +88 -30
data/lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem +90 -0
data/lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem +57 -0
data/lib/rubygems/syck_hack.rb +2 -0
data/lib/rubygems/test_case.rb +199 -109
data/lib/rubygems/test_utilities.rb +25 -5
data/lib/rubygems/uninstaller.rb +62 -20
data/lib/rubygems/user_interaction.rb +10 -0
data/lib/rubygems/validator.rb +33 -40
data/lib/rubygems/version.rb +19 -8
data/setup.rb +8 -1
data/test/rubygems/alternate_cert.pem +9 -0
data/test/rubygems/alternate_cert_32.pem +9 -0
data/test/rubygems/alternate_key.pem +9 -0
data/test/rubygems/bad_rake.rb +1 -0
data/test/rubygems/child_cert.pem +9 -0
data/test/rubygems/child_cert_32.pem +9 -0
data/test/rubygems/child_key.pem +9 -0
data/test/rubygems/data/null-type.gemspec.rz +0 -0
data/test/rubygems/expired_cert.pem +9 -0
data/test/rubygems/future_cert.pem +9 -0
data/test/rubygems/future_cert_32.pem +9 -0
data/test/rubygems/good_rake.rb +1 -0
data/test/rubygems/grandchild_cert.pem +9 -0
data/test/rubygems/grandchild_cert_32.pem +9 -0
data/test/rubygems/grandchild_key.pem +9 -0
data/test/rubygems/invalid_issuer_cert.pem +9 -0
data/test/rubygems/invalid_issuer_cert_32.pem +9 -0
data/test/rubygems/invalid_key.pem +9 -0
data/test/rubygems/invalid_signer_cert.pem +9 -0
data/test/rubygems/invalid_signer_cert_32.pem +9 -0
data/test/rubygems/invalidchild_cert.pem +9 -0
data/test/rubygems/invalidchild_cert_32.pem +9 -0
data/test/rubygems/invalidchild_key.pem +9 -0
data/test/rubygems/plugin/exception/rubygems_plugin.rb +1 -1
data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +1 -1
data/test/rubygems/private_key.pem +7 -25
data/test/rubygems/public_cert.pem +8 -18
data/test/rubygems/public_cert_32.pem +10 -0
data/test/rubygems/public_key.pem +4 -0
data/test/rubygems/rubygems/commands/crash_command.rb +1 -1
data/test/rubygems/test_config.rb +4 -6
data/test/rubygems/test_deprecate.rb +76 -0
data/test/rubygems/test_gem.rb +318 -83
data/test/rubygems/test_gem_available_set.rb +106 -0
data/test/rubygems/test_gem_command.rb +10 -0
data/test/rubygems/test_gem_command_manager.rb +55 -9
data/test/rubygems/test_gem_commands_build_command.rb +11 -19
data/test/rubygems/test_gem_commands_cert_command.rb +441 -42
data/test/rubygems/test_gem_commands_cleanup_command.rb +29 -1
data/test/rubygems/test_gem_commands_contents_command.rb +23 -0
data/test/rubygems/test_gem_commands_dependency_command.rb +5 -0
data/test/rubygems/test_gem_commands_fetch_command.rb +19 -20
data/test/rubygems/test_gem_commands_generate_index_command.rb +2 -83
data/test/rubygems/test_gem_commands_help_command.rb +2 -1
data/test/rubygems/test_gem_commands_install_command.rb +647 -48
data/test/rubygems/test_gem_commands_mirror.rb +32 -0
data/test/rubygems/test_gem_commands_owner_command.rb +4 -8
data/test/rubygems/test_gem_commands_pristine_command.rb +99 -4
data/test/rubygems/test_gem_commands_push_command.rb +62 -8
data/test/rubygems/test_gem_commands_query_command.rb +51 -0
data/test/rubygems/test_gem_commands_search_command.rb +25 -0
data/test/rubygems/test_gem_commands_setup_command.rb +45 -0
data/test/rubygems/test_gem_commands_sources_command.rb +21 -6
data/test/rubygems/test_gem_commands_specification_command.rb +33 -1
data/test/rubygems/test_gem_commands_uninstall_command.rb +91 -31
data/test/rubygems/test_gem_commands_unpack_command.rb +3 -3
data/test/rubygems/test_gem_commands_update_command.rb +56 -38
data/test/rubygems/test_gem_commands_which_command.rb +4 -4
data/test/rubygems/test_gem_commands_yank_command.rb +97 -0
data/test/rubygems/test_gem_config_file.rb +66 -21
data/test/rubygems/test_gem_dependency.rb +46 -0
data/test/rubygems/test_gem_dependency_installer.rb +228 -18
data/test/rubygems/test_gem_dependency_list.rb +0 -9
data/test/rubygems/test_gem_dependency_resolver.rb +327 -0
data/test/rubygems/test_gem_ext_configure_builder.rb +4 -4
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +21 -49
data/test/rubygems/test_gem_ext_rake_builder.rb +13 -13
data/test/rubygems/test_gem_gem_runner.rb +27 -5
data/test/rubygems/test_gem_gemcutter_utilities.rb +19 -0
data/test/rubygems/test_gem_indexer.rb +14 -227
data/test/rubygems/test_gem_install_update_options.rb +83 -3
data/test/rubygems/test_gem_installer.rb +211 -236
data/test/rubygems/test_gem_local_remote_options.rb +8 -2
data/test/rubygems/test_gem_name_tuple.rb +15 -0
data/test/rubygems/test_gem_package.rb +547 -0
data/test/rubygems/test_gem_package_old.rb +37 -0
data/test/rubygems/test_gem_package_tar_reader.rb +32 -0
data/test/rubygems/test_gem_package_tar_writer.rb +84 -1
data/test/rubygems/test_gem_path_support.rb +4 -30
data/test/rubygems/test_gem_platform.rb +3 -6
data/test/rubygems/test_gem_rdoc.rb +245 -0
data/test/rubygems/test_gem_remote_fetcher.rb +51 -5
data/test/rubygems/test_gem_request_set.rb +70 -0
data/test/rubygems/test_gem_requirement.rb +53 -24
data/test/rubygems/test_gem_security.rb +189 -43
data/test/rubygems/test_gem_security_policy.rb +376 -0
data/test/rubygems/test_gem_security_signer.rb +184 -0
data/test/rubygems/test_gem_security_trust_dir.rb +94 -0
data/test/rubygems/test_gem_server.rb +31 -36
data/test/rubygems/test_gem_silent_ui.rb +2 -2
data/test/rubygems/test_gem_source.rb +188 -0
data/test/rubygems/test_gem_source_list.rb +87 -0
data/test/rubygems/test_gem_source_local.rb +83 -0
data/test/rubygems/test_gem_source_specific_file.rb +33 -0
data/test/rubygems/test_gem_spec_fetcher.rb +91 -255
data/test/rubygems/test_gem_specification.rb +293 -39
data/test/rubygems/test_gem_uninstaller.rb +136 -13
data/test/rubygems/test_gem_validator.rb +14 -41
data/test/rubygems/test_gem_version.rb +15 -21
data/test/rubygems/test_require.rb +193 -0
data/test/rubygems/wrong_key_cert.pem +9 -0
data/test/rubygems/wrong_key_cert_32.pem +9 -0
metadata +171 -83
metadata.gz.sig +1 -0
data/CVE-2013-4287.txt +0 -36
data/CVE-2013-4363.txt +0 -45
data/ci_build.sh +0 -27
data/cruise_config.rb +0 -32
data/lib/rbconfig/datadir.rb +0 -13
data/lib/rubygems/builder.rb +0 -99
data/lib/rubygems/custom_require.rb +0 -69
data/lib/rubygems/doc_manager.rb +0 -243
data/lib/rubygems/format.rb +0 -82
data/lib/rubygems/gem_openssl.rb +0 -90
data/lib/rubygems/gem_path_searcher.rb +0 -172
data/lib/rubygems/old_format.rb +0 -153
data/lib/rubygems/package/f_sync_dir.rb +0 -23
data/lib/rubygems/package/tar_input.rb +0 -234
data/lib/rubygems/package/tar_output.rb +0 -146
data/lib/rubygems/require_paths_builder.rb +0 -18
data/lib/rubygems/source_index.rb +0 -406
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem +0 -25
data/lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem +0 -14
data/lib/rubygems/ssl_certs/DigiCertHighAssuranceEVRootCA.pem +0 -23
data/lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem +0 -28
data/lib/rubygems/ssl_certs/GeoTrustGlobalCA.pem +0 -20
data/test/rubygems/test_bundled_ca.rb +0 -59
data/test/rubygems/test_gem_builder.rb +0 -44
data/test/rubygems/test_gem_doc_manager.rb +0 -32
data/test/rubygems/test_gem_ext_builder.rb +0 -58
data/test/rubygems/test_gem_format.rb +0 -88
data/test/rubygems/test_gem_gem_path_searcher.rb +0 -94
data/test/rubygems/test_gem_package_tar_input.rb +0 -129
data/test/rubygems/test_gem_package_tar_output.rb +0 -101
data/test/rubygems/test_gem_source_index.rb +0 -250
data/util/update_bundled_ca_certificates.rb +0 -103

data/lib/rubygems/installer_test_case.rb CHANGED

@@ -6,11 +6,26 @@ class Gem::Installer
   ##
   # Available through requiring rubygems/installer_test_case
+  attr_writer :bin_dir
+  ##
+  # Available through requiring rubygems/installer_test_case
+  attr_writer :build_args
+  ##
+  # Available through requiring rubygems/installer_test_case
   attr_writer :gem_dir
   ##
   # Available through requiring rubygems/installer_test_case
+  attr_writer :force
+  ##
+  # Available through requiring rubygems/installer_test_case
   attr_writer :format
   ##
@@ -54,47 +69,68 @@ end
 class Gem::InstallerTestCase < Gem::TestCase
+  ##
+  # Creates the following instance variables:
+  #
+  # @spec::
+  #   a spec named 'a', intended for regular installs
+  # @user_spec::
+  #   a spec named 'b', intended for user installs
+  # @gem::
+  #   the path to a built gem from @spec
+  # @user_spec::
+  #   the path to a built gem from @user_spec
+  #
+  # @installer::
+  #   a Gem::Installer for the @spec that installs into @gemhome
+  # @user_installer::
+  #   a Gem::Installer for the @user_spec that installs into Gem.user_dir
   def setup
     super
-    @installer_tmp = File.join @tempdir, 'installer'
-    FileUtils.mkdir_p @installer_tmp
+    @spec = quick_gem 'a' do |spec|
+      util_make_exec spec
+    end
-    Gem.use_paths @installer_tmp
-    Gem.ensure_gem_subdirectories @installer_tmp
+    @user_spec = quick_gem 'b' do |spec|
+      util_make_exec spec
+    end
-    @spec = quick_gem 'a'
-    util_make_exec @spec
     util_build_gem @spec
-    @gem = @spec.cache_file
-    @user_spec = quick_gem 'b'
-    util_make_exec @user_spec
     util_build_gem @user_spec
-    @user_gem = @user_spec.cache_file
-    Gem.use_paths @gemhome
+    @gem = @spec.cache_file
+    @user_gem = @user_spec.cache_file
     @installer      = util_installer @spec, @gemhome
     @user_installer = util_installer @user_spec, Gem.user_dir, :user
-    Gem.use_paths @gemhome
   end
-  def util_gem_bindir spec = @spec
+  def util_gem_bindir spec = @spec # :nodoc:
     # TODO: deprecate
     spec.bin_dir
   end
-  def util_gem_dir spec = @spec
+  def util_gem_dir spec = @spec # :nodoc:
     # TODO: deprecate
     spec.gem_dir
   end
+  ##
+  # The path where installed executables live
   def util_inst_bindir
     File.join @gemhome, "bin"
   end
+  ##
+  # Adds an executable named "executable" to +spec+ with the given +shebang+.
+  #
+  # The executable is also written to the bin dir in @tmpdir and the installed
+  # gem directory for +spec+.
   def util_make_exec(spec = @spec, shebang = "#!/usr/bin/ruby")
     spec.executables = %w[executable]
     spec.files << 'bin/executable'
@@ -110,6 +146,14 @@ class Gem::InstallerTestCase < Gem::TestCase
     end
   end
+  ##
+  # Builds the @spec gem and returns an installer for it.  The built gem
+  # includes:
+  #
+  #   bin/executable
+  #   lib/code.rb
+  #   ext/a/mkrf_conf.rb
   def util_setup_gem(ui = @ui) # HACK fix use_ui to make this automatic
     @spec.files << File.join('lib', 'code.rb')
     @spec.extensions << File.join('ext', 'a', 'mkrf_conf.rb')
@@ -129,16 +173,24 @@ class Gem::InstallerTestCase < Gem::TestCase
       end
       use_ui ui do
-        FileUtils.rm @gem
+        FileUtils.rm_f @gem
-        @gem = Gem::Builder.new(@spec).build
+        @gem = Gem::Package.build @spec
       end
     end
     @installer = Gem::Installer.new @gem
   end
+  ##
+  # Creates an installer for +spec+ that will install into +gem_home+.  If
+  # +user+ is true a user-install will be performed.
   def util_installer(spec, gem_home, user=false)
-    Gem::Installer.new spec.cache_file, :user_install => user
+    Gem::Installer.new(spec.cache_file,
+                       :install_dir => gem_home,
+                       :user_install => user)
   end
 end

data/lib/rubygems/mock_gem_ui.rb CHANGED

@@ -6,6 +6,17 @@ require 'rubygems/user_interaction'
 # retrieval during tests.
 class Gem::MockGemUi < Gem::StreamUI
+  ##
+  # Raised when you haven't provided enough input to your MockGemUi
+  class InputEOFError < RuntimeError
+    def initialize question
+      super "Out of input for MockGemUi on #{question.inspect}"
+    end
+  end
   class TermError < RuntimeError
     attr_reader :exit_code
@@ -44,6 +55,12 @@ class Gem::MockGemUi < Gem::StreamUI
     @terminated = false
   end
+  def ask question
+    raise InputEOFError, question if @ins.eof?
+    super
+  end
   def input
     @ins.string
   end

data/lib/rubygems/name_tuple.rb ADDED

@@ -0,0 +1,110 @@
+##
+#
+# Represents a gem of name +name+ at +version+ of +platform+. These
+# wrap the data returned from the indexes.
+require 'rubygems/platform'
+class Gem::NameTuple
+  def initialize(name, version, platform="ruby")
+    @name = name
+    @version = version
+    unless platform.kind_of? Gem::Platform
+      platform = "ruby" if !platform or platform.empty?
+    end
+    @platform = platform
+  end
+  attr_reader :name, :version, :platform
+  ##
+  # Turn an array of [name, version, platform] into an array of
+  # NameTuple objects.
+  def self.from_list list
+    list.map { |t| new(*t) }
+  end
+  ##
+  # Turn an array of NameTuple objects back into an array of
+  # [name, version, platform] tuples.
+  def self.to_basic list
+    list.map { |t| t.to_a }
+  end
+  ##
+  # A null NameTuple, ie name=nil, version=0
+  def self.null
+    new nil, Gem::Version.new(0), nil
+  end
+  ##
+  # Indicate if this NameTuple matches the current platform.
+  def match_platform?
+    Gem::Platform.match @platform
+  end
+  ##
+  # Indicate if this NameTuple is for a prerelease version.
+  def prerelease?
+    @version.prerelease?
+  end
+  ##
+  # Return the name that the gemspec file would be
+  def spec_name
+    case @platform
+    when nil, 'ruby', ''
+      "#{@name}-#{@version}.gemspec"
+    else
+      "#{@name}-#{@version}-#{@platform}.gemspec"
+    end
+  end
+  ##
+  # Convert back to the [name, version, platform] tuple
+  def to_a
+    [@name, @version, @platform]
+  end
+  def to_s
+    "#<Gem::NameTuple #{@name}, #{@version}, #{@platform}>"
+  end
+  def <=> other
+    to_a <=> other.to_a
+  end
+  include Comparable
+  ##
+  # Compare with +other+. Supports another NameTuple or an Array
+  # in the [name, version, platform] format.
+  def == other
+    case other
+    when self.class
+      @name == other.name and
+        @version == other.version and
+        @platform == other.platform
+    when Array
+      to_a == other
+    else
+      false
+    end
+  end
+  alias_method :eql?, :==
+  def hash
+    to_a.hash
+  end
+end

data/lib/rubygems/package.rb CHANGED

@@ -3,16 +3,54 @@
 # Copyright (C) 2004 Mauricio Julio Fernández Pradier
 # See LICENSE.txt for additional licensing information.
 #++
+#
+# Example using a Gem::Package
+#
+# Builds a .gem file given a Gem::Specification. A .gem file is a tarball
+# which contains a data.tar.gz and metadata.gz, and possibly signatures.
+#
+#   require 'rubygems'
+#   require 'rubygems/package'
+#
+#   spec = Gem::Specification.new do |s|
+#     s.summary = "Ruby based make-like utility."
+#     s.name = 'rake'
+#     s.version = PKG_VERSION
+#     s.requirements << 'none'
+#     s.files = PKG_FILES
+#     s.description = <<-EOF
+#   Rake is a Make-like program implemented in Ruby. Tasks
+#   and dependencies are specified in standard Ruby syntax.
+#     EOF
+#   end
+#
+#   Gem::Package.build spec
+#
+# Reads a .gem file.
+#
+#   require 'rubygems'
+#   require 'rubygems/package'
+#
+#   the_gem = Gem::Package.new(path_to_dot_gem)
+#   the_gem.contents # get the files in the gem
+#   the_gem.extract_files destination_directory # extract the gem into a directory
+#   the_gem.spec # get the spec out of the gem
+#   the_gem.verify # check the gem is OK (contains valid gem specification, contains a not corrupt contents archive)
+#
+# #files are the files in the .gem tar file, not the ruby files in the gem
+# #extract_files and #contents automatically call #verify
+require 'rubygems/security'
 require 'rubygems/specification'
+require 'rubygems/user_interaction'
+require 'zlib'
-module Gem::Package
+class Gem::Package
+  include Gem::UserInteraction
+  class Error < Gem::Exception; end
-  class Error < StandardError; end
-  class NonSeekableIO < Error; end
-  class ClosedIO < Error; end
-  class BadCheckSum < Error; end
-  class TooLongFileName < Error; end
   class FormatError < Error
     attr_reader :path
@@ -26,57 +64,490 @@ module Gem::Package
   end
+  class PathError < Error
+    def initialize destination, destination_dir
+      super "installing into parent path %s of %s is not allowed" %
+              [destination, destination_dir]
+    end
+  end
+  class NonSeekableIO < Error; end
+  class TooLongFileName < Error; end
   ##
   # Raised when a tar file is corrupt
   class TarInvalidError < Error; end
-  # FIX: zenspider said: does it really take an IO?
-  # passed to a method called open?!? that seems stupid.
-  def self.open(io, mode = "r", signer = nil, &block)
-    tar_type = case mode
-               when 'r' then TarInput
-               when 'w' then TarOutput
-               else
-                 raise "Unknown Package open mode"
-               end
-    tar_type.open(io, signer, &block)
-  end
-  def self.pack(src, destname, signer = nil)
-    TarOutput.open(destname, signer) do |outp|
-      dir_class.chdir(src) do
-        outp.metadata = (file_class.read("RPA/metadata") rescue nil)
-        find_class.find('.') do |entry|
-          case
-          when file_class.file?(entry)
-            entry.sub!(%r{\./}, "")
-            next if entry =~ /\ARPA\//
-            stat = File.stat(entry)
-            outp.add_file_simple(entry, stat.mode, stat.size) do |os|
-              file_class.open(entry, "rb") do |f|
-                os.write(f.read(4096)) until f.eof?
-              end
-            end
-          when file_class.dir?(entry)
-            entry.sub!(%r{\./}, "")
-            next if entry == "RPA"
-            outp.mkdir(entry, file_class.stat(entry).mode)
-          else
-            raise "Don't know how to pack this yet!"
+  attr_accessor :build_time # :nodoc:
+  ##
+  # Checksums for the contents of the package
+  attr_reader :checksums
+  ##
+  # The files in this package.  This is not the contents of the gem, just the
+  # files in the top-level container.
+  attr_reader :files
+  ##
+  # The security policy used for verifying the contents of this package.
+  attr_accessor :security_policy
+  ##
+  # Sets the Gem::Specification to use to build this package.
+  attr_writer :spec
+  def self.build spec, skip_validation=false
+    gem_file = spec.file_name
+    package = new gem_file
+    package.spec = spec
+    package.build skip_validation
+    gem_file
+  end
+  ##
+  # Creates a new Gem::Package for the file at +gem+.
+  #
+  # If +gem+ is an existing file in the old format a Gem::Package::Old will be
+  # returned.
+  def self.new gem
+    return super unless Gem::Package == self
+    return super unless File.exist? gem
+    start = File.read gem, 20
+    return super unless start
+    return super unless start.include? 'MD5SUM ='
+    Gem::Package::Old.new gem
+  end
+  ##
+  # Creates a new package that will read or write to the file +gem+.
+  def initialize gem # :notnew:
+    @gem = gem
+    @build_time      = Time.now
+    @checksums       = {}
+    @contents        = nil
+    @digests         = Hash.new { |h, algorithm| h[algorithm] = {} }
+    @files           = nil
+    @security_policy = nil
+    @signatures      = {}
+    @signer          = nil
+    @spec            = nil
+  end
+  ##
+  # Adds a checksum for each entry in the gem to checksums.yaml.gz.
+  def add_checksums tar
+    Gem.load_yaml
+    checksums_by_algorithm = Hash.new { |h, algorithm| h[algorithm] = {} }
+    @checksums.each do |name, digests|
+      digests.each do |algorithm, digest|
+        checksums_by_algorithm[algorithm][name] = digest.hexdigest
+      end
+    end
+    tar.add_file_signed 'checksums.yaml.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        YAML.dump checksums_by_algorithm, gz_io
+      end
+    end
+  end
+  ##
+  # Adds the files listed in the packages's Gem::Specification to data.tar.gz
+  # and adds this file to the +tar+.
+  def add_contents tar # :nodoc:
+    digests = tar.add_file_signed 'data.tar.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        Gem::Package::TarWriter.new gz_io do |data_tar|
+          add_files data_tar
+        end
+      end
+    end
+    @checksums['data.tar.gz'] = digests
+  end
+  ##
+  # Adds files included the package's Gem::Specification to the +tar+ file
+  def add_files tar # :nodoc:
+    @spec.files.each do |file|
+      stat = File.stat file
+      tar.add_file_simple file, stat.mode, stat.size do |dst_io|
+        open file, 'rb' do |src_io|
+          dst_io.write src_io.read 16384 until src_io.eof?
+        end
+      end
+    end
+  end
+  ##
+  # Adds the package's Gem::Specification to the +tar+ file
+  def add_metadata tar # :nodoc:
+    digests = tar.add_file_signed 'metadata.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        gz_io.write @spec.to_yaml
+      end
+    end
+    @checksums['metadata.gz'] = digests
+  end
+  ##
+  # Builds this package based on the specification set by #spec=
+  def build skip_validation = false
+    Gem.load_yaml
+    require 'rubygems/security'
+    @spec.validate unless skip_validation
+    @spec.mark_version
+    setup_signer
+    open @gem, 'wb' do |gem_io|
+      Gem::Package::TarWriter.new gem_io do |gem|
+        add_metadata gem
+        add_contents gem
+        add_checksums gem
+      end
+    end
+    say <<-EOM
+  Successfully built RubyGem
+  Name: #{@spec.name}
+  Version: #{@spec.version}
+  File: #{File.basename @spec.cache_file}
+EOM
+  ensure
+    @signer = nil
+  end
+  ##
+  # A list of file names contained in this gem
+  def contents
+    return @contents if @contents
+    verify unless @spec
+    @contents = []
+    open @gem, 'rb' do |io|
+      gem_tar = Gem::Package::TarReader.new io
+      gem_tar.each do |entry|
+        next unless entry.full_name == 'data.tar.gz'
+        open_tar_gz entry do |pkg_tar|
+          pkg_tar.each do |contents_entry|
+            @contents << contents_entry.full_name
           end
         end
+        return @contents
+      end
+    end
+  end
+  ##
+  # Creates a digest of the TarEntry +entry+ from the digest algorithm set by
+  # the security policy.
+  def digest entry # :nodoc:
+    return unless @checksums
+    @checksums.each_key do |algorithm|
+      digester = OpenSSL::Digest.new algorithm
+      digester << entry.read(16384) until entry.eof?
+      entry.rewind
+      @digests[algorithm][entry.full_name] = digester
+    end
+    @digests
+  end
+  ##
+  # Extracts the files in this package into +destination_dir+
+  def extract_files destination_dir
+    verify unless @spec
+    FileUtils.mkdir_p destination_dir
+    open @gem, 'rb' do |io|
+      reader = Gem::Package::TarReader.new io
+      reader.each do |entry|
+        next unless entry.full_name == 'data.tar.gz'
+        extract_tar_gz entry, destination_dir
+        return # ignore further entries
+      end
+    end
+  end
+  ##
+  # Extracts all the files in the gzipped tar archive +io+ into
+  # +destination_dir+.
+  #
+  # If an entry in the archive contains a relative path above
+  # +destination_dir+ or an absolute path is encountered an exception is
+  # raised.
+  def extract_tar_gz io, destination_dir # :nodoc:
+    open_tar_gz io do |tar|
+      tar.each do |entry|
+        destination = install_location entry.full_name, destination_dir
+        FileUtils.rm_rf destination
+        FileUtils.mkdir_p File.dirname destination
+        open destination, 'wb', entry.header.mode do |out|
+          out.write entry.read
+          out.fsync rescue nil # for filesystems without fsync(2)
+        end
+        say destination if Gem.configuration.really_verbose
+      end
+    end
+  end
+  ##
+  # Gzips content written to +gz_io+ to +io+.
+  #--
+  # Also sets the gzip modification time to the package build time to ease
+  # testing.
+  def gzip_to io # :yields: gz_io
+    gz_io = Zlib::GzipWriter.new io, Zlib::BEST_COMPRESSION
+    gz_io.mtime = @build_time
+    yield gz_io
+  ensure
+    gz_io.close
+  end
+  ##
+  # Returns the full path for installing +filename+.
+  #
+  # If +filename+ is not inside +destination_dir+ an exception is raised.
+  def install_location filename, destination_dir # :nodoc:
+    raise Gem::Package::PathError.new(filename, destination_dir) if
+      filename.start_with? '/'
+    destination = File.join destination_dir, filename
+    destination = File.expand_path destination
+    raise Gem::Package::PathError.new(destination, destination_dir) unless
+      destination.start_with? destination_dir
+    destination.untaint
+    destination
+  end
+  ##
+  # Loads a Gem::Specification from the TarEntry +entry+
+  def load_spec entry # :nodoc:
+    case entry.full_name
+    when 'metadata' then
+      @spec = Gem::Specification.from_yaml entry.read
+    when 'metadata.gz' then
+      args = [entry]
+      args << { :external_encoding => Encoding::UTF_8 } if
+        Object.const_defined? :Encoding
+      Zlib::GzipReader.wrap(*args) do |gzio|
+        @spec = Gem::Specification.from_yaml gzio.read
+      end
+    end
+  end
+  ##
+  # Opens +io+ as a gzipped tar archive
+  def open_tar_gz io # :nodoc:
+    Zlib::GzipReader.wrap io do |gzio|
+      tar = Gem::Package::TarReader.new gzio
+      yield tar
+    end
+  end
+  ##
+  # Reads and loads checksums.yaml.gz from the tar file +gem+
+  def read_checksums gem
+    Gem.load_yaml
+    @checksums = gem.seek 'checksums.yaml.gz' do |entry|
+      Zlib::GzipReader.wrap entry do |gz_io|
+        YAML.load gz_io.read
+      end
+    end
+  end
+  ##
+  # Prepares the gem for signing and checksum generation.  If a signing
+  # certificate and key are not present only checksum generation is set up.
+  def setup_signer
+    if @spec.signing_key then
+      @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain
+      @spec.signing_key = nil
+      @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
+    else
+      @signer = Gem::Security::Signer.new nil, nil
+      @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if
+        @signer.cert_chain
+    end
+  end
+  ##
+  # The spec for this gem.
+  #
+  # If this is a package for a built gem the spec is loaded from the
+  # gem and returned.  If this is a package for a gem being built the provided
+  # spec is returned.
+  def spec
+    verify unless @spec
+    @spec
+  end
+  ##
+  # Verifies that this gem:
+  #
+  # * Contains a valid gem specification
+  # * Contains a contents archive
+  # * The contents archive is not corrupt
+  #
+  # After verification the gem specification from the gem is available from
+  # #spec
+  def verify
+    @files     = []
+    @spec      = nil
+    open @gem, 'rb' do |io|
+      Gem::Package::TarReader.new io do |reader|
+        read_checksums reader
+        verify_files reader
+      end
+    end
+    verify_checksums @digests, @checksums
+    @security_policy.verify_signatures @spec, @digests, @signatures if
+      @security_policy
+    true
+  rescue Errno::ENOENT => e
+    raise Gem::Package::FormatError.new e.message
+  rescue Gem::Package::TarInvalidError => e
+    raise Gem::Package::FormatError.new e.message, @gem
+  end
+  ##
+  # Verifies the +checksums+ against the +digests+.  This check is not
+  # cryptographically secure.  Missing checksums are ignored.
+  def verify_checksums digests, checksums # :nodoc:
+    return unless checksums
+    checksums.sort.each do |algorithm, gem_digests|
+      gem_digests.sort.each do |file_name, gem_hexdigest|
+        computed_digest = digests[algorithm][file_name]
+        unless computed_digest.hexdigest == gem_hexdigest then
+          raise Gem::Package::FormatError.new \
+            "#{algorithm} checksum mismatch for #{file_name}", @gem
+        end
       end
     end
   end
+  ##
+  # Verifies the files of the +gem+
+  def verify_files gem
+    gem.each do |entry|
+      file_name = entry.full_name
+      @files << file_name
+      case file_name
+      when /\.sig$/ then
+        @signatures[$`] = entry.read if @security_policy
+        next
+      when 'checksums.yaml.gz' then
+        next # already handled
+      else
+        digest entry
+      end
+      case file_name
+      when /^metadata(.gz)?$/ then
+        load_spec entry
+      when 'data.tar.gz' then
+        verify_gz entry
+      end
+    end
+    unless @spec then
+      raise Gem::Package::FormatError.new 'package metadata is missing', @gem
+    end
+    unless @files.include? 'data.tar.gz' then
+      raise Gem::Package::FormatError.new \
+              'package content (data.tar.gz) is missing', @gem
+    end
+  end
+  ##
+  # Verifies that +entry+ is a valid gzipped file.
+  def verify_gz entry # :nodoc:
+    Zlib::GzipReader.wrap entry do |gzio|
+      gzio.read 16384 until gzio.eof? # gzip checksum verification
+    end
+  rescue Zlib::GzipFile::Error => e
+    raise Gem::Package::FormatError.new(e.message, entry.full_name)
+  end
 end
-require 'rubygems/package/f_sync_dir'
+require 'rubygems/package/digest_io'
+require 'rubygems/package/old'
 require 'rubygems/package/tar_header'
-require 'rubygems/package/tar_input'
-require 'rubygems/package/tar_output'
 require 'rubygems/package/tar_reader'
 require 'rubygems/package/tar_reader/entry'
 require 'rubygems/package/tar_writer'