rubygems-update 1.8.30 → 2.0.0.preview2

data/lib/rubygems/installer_test_case.rb

@@ -6,11 +6,26 @@ class Gem::Installer
   ##
   # Available through requiring rubygems/installer_test_case
 
+  attr_writer :bin_dir
+
+  ##
+  # Available through requiring rubygems/installer_test_case
+
+  attr_writer :build_args
+
+  ##
+  # Available through requiring rubygems/installer_test_case
+
   attr_writer :gem_dir
 
   ##
   # Available through requiring rubygems/installer_test_case
 
+  attr_writer :force
+
+  ##
+  # Available through requiring rubygems/installer_test_case
+
   attr_writer :format
 
   ##
@@ -54,47 +69,68 @@ end
 
 class Gem::InstallerTestCase < Gem::TestCase
 
+  ##
+  # Creates the following instance variables:
+  #
+  # @spec::
+  #   a spec named 'a', intended for regular installs
+  # @user_spec::
+  #   a spec named 'b', intended for user installs
+
+  # @gem::
+  #   the path to a built gem from @spec
+  # @user_spec::
+  #   the path to a built gem from @user_spec
+  #
+  # @installer::
+  #   a Gem::Installer for the @spec that installs into @gemhome
+  # @user_installer::
+  #   a Gem::Installer for the @user_spec that installs into Gem.user_dir
+
   def setup
     super
 
-    @installer_tmp = File.join @tempdir, 'installer'
-    FileUtils.mkdir_p @installer_tmp
+    @spec = quick_gem 'a' do |spec|
+      util_make_exec spec
+    end
 
-    Gem.use_paths @installer_tmp
-    Gem.ensure_gem_subdirectories @installer_tmp
+    @user_spec = quick_gem 'b' do |spec|
+      util_make_exec spec
+    end
 
-    @spec = quick_gem 'a'
-    util_make_exec @spec
     util_build_gem @spec
-    @gem = @spec.cache_file
-
-    @user_spec = quick_gem 'b'
-    util_make_exec @user_spec
     util_build_gem @user_spec
-    @user_gem = @user_spec.cache_file
 
-    Gem.use_paths @gemhome
+    @gem = @spec.cache_file
+    @user_gem = @user_spec.cache_file
 
     @installer      = util_installer @spec, @gemhome
     @user_installer = util_installer @user_spec, Gem.user_dir, :user
-
-    Gem.use_paths @gemhome
   end
 
-  def util_gem_bindir spec = @spec
+  def util_gem_bindir spec = @spec # :nodoc:
     # TODO: deprecate
     spec.bin_dir
   end
 
-  def util_gem_dir spec = @spec
+  def util_gem_dir spec = @spec # :nodoc:
     # TODO: deprecate
     spec.gem_dir
   end
 
+  ##
+  # The path where installed executables live
+
   def util_inst_bindir
     File.join @gemhome, "bin"
   end
 
+  ##
+  # Adds an executable named "executable" to +spec+ with the given +shebang+.
+  #
+  # The executable is also written to the bin dir in @tmpdir and the installed
+  # gem directory for +spec+.
+
   def util_make_exec(spec = @spec, shebang = "#!/usr/bin/ruby")
     spec.executables = %w[executable]
     spec.files << 'bin/executable'
@@ -110,6 +146,14 @@ class Gem::InstallerTestCase < Gem::TestCase
     end
   end
 
+  ##
+  # Builds the @spec gem and returns an installer for it.  The built gem
+  # includes:
+  #
+  #   bin/executable
+  #   lib/code.rb
+  #   ext/a/mkrf_conf.rb
+
   def util_setup_gem(ui = @ui) # HACK fix use_ui to make this automatic
     @spec.files << File.join('lib', 'code.rb')
     @spec.extensions << File.join('ext', 'a', 'mkrf_conf.rb')
@@ -129,16 +173,24 @@ class Gem::InstallerTestCase < Gem::TestCase
       end
 
       use_ui ui do
-        FileUtils.rm @gem
+        FileUtils.rm_f @gem
 
-        @gem = Gem::Builder.new(@spec).build
+        @gem = Gem::Package.build @spec
       end
     end
 
     @installer = Gem::Installer.new @gem
   end
 
+  ##
+  # Creates an installer for +spec+ that will install into +gem_home+.  If
+  # +user+ is true a user-install will be performed.
+
   def util_installer(spec, gem_home, user=false)
-    Gem::Installer.new spec.cache_file, :user_install => user
+    Gem::Installer.new(spec.cache_file,
+                       :install_dir => gem_home,
+                       :user_install => user)
   end
+
 end
+

data/lib/rubygems/mock_gem_ui.rb

@@ -6,6 +6,17 @@ require 'rubygems/user_interaction'
 # retrieval during tests.
 
 class Gem::MockGemUi < Gem::StreamUI
+  ##
+  # Raised when you haven't provided enough input to your MockGemUi
+
+  class InputEOFError < RuntimeError
+
+    def initialize question
+      super "Out of input for MockGemUi on #{question.inspect}"
+    end
+
+  end
+
   class TermError < RuntimeError
     attr_reader :exit_code
 
@@ -44,6 +55,12 @@ class Gem::MockGemUi < Gem::StreamUI
     @terminated = false
   end
 
+  def ask question
+    raise InputEOFError, question if @ins.eof?
+
+    super
+  end
+
   def input
     @ins.string
   end

data/lib/rubygems/name_tuple.rb

@@ -0,0 +1,110 @@
+##
+#
+# Represents a gem of name +name+ at +version+ of +platform+. These
+# wrap the data returned from the indexes.
+
+require 'rubygems/platform'
+
+class Gem::NameTuple
+  def initialize(name, version, platform="ruby")
+    @name = name
+    @version = version
+
+    unless platform.kind_of? Gem::Platform
+      platform = "ruby" if !platform or platform.empty?
+    end
+
+    @platform = platform
+  end
+
+  attr_reader :name, :version, :platform
+
+  ##
+  # Turn an array of [name, version, platform] into an array of
+  # NameTuple objects.
+
+  def self.from_list list
+    list.map { |t| new(*t) }
+  end
+
+  ##
+  # Turn an array of NameTuple objects back into an array of
+  # [name, version, platform] tuples.
+
+  def self.to_basic list
+    list.map { |t| t.to_a }
+  end
+
+  ##
+  # A null NameTuple, ie name=nil, version=0
+
+  def self.null
+    new nil, Gem::Version.new(0), nil
+  end
+
+  ##
+  # Indicate if this NameTuple matches the current platform.
+
+  def match_platform?
+    Gem::Platform.match @platform
+  end
+
+  ##
+  # Indicate if this NameTuple is for a prerelease version.
+  def prerelease?
+    @version.prerelease?
+  end
+
+  ##
+  # Return the name that the gemspec file would be
+
+  def spec_name
+    case @platform
+    when nil, 'ruby', ''
+      "#{@name}-#{@version}.gemspec"
+    else
+      "#{@name}-#{@version}-#{@platform}.gemspec"
+    end
+  end
+
+  ##
+  # Convert back to the [name, version, platform] tuple
+
+  def to_a
+    [@name, @version, @platform]
+  end
+
+  def to_s
+    "#<Gem::NameTuple #{@name}, #{@version}, #{@platform}>"
+  end
+
+  def <=> other
+    to_a <=> other.to_a
+  end
+
+  include Comparable
+
+  ##
+  # Compare with +other+. Supports another NameTuple or an Array
+  # in the [name, version, platform] format.
+
+  def == other
+    case other
+    when self.class
+      @name == other.name and
+        @version == other.version and
+        @platform == other.platform
+    when Array
+      to_a == other
+    else
+      false
+    end
+  end
+
+  alias_method :eql?, :==
+
+  def hash
+    to_a.hash
+  end
+
+end

data/lib/rubygems/package.rb

@@ -3,16 +3,54 @@
 # Copyright (C) 2004 Mauricio Julio Fernández Pradier
 # See LICENSE.txt for additional licensing information.
 #++
+#
+# Example using a Gem::Package
+#
+# Builds a .gem file given a Gem::Specification. A .gem file is a tarball
+# which contains a data.tar.gz and metadata.gz, and possibly signatures.
+#
+#   require 'rubygems'
+#   require 'rubygems/package'
+#
+#   spec = Gem::Specification.new do |s|
+#     s.summary = "Ruby based make-like utility."
+#     s.name = 'rake'
+#     s.version = PKG_VERSION
+#     s.requirements << 'none'
+#     s.files = PKG_FILES
+#     s.description = <<-EOF
+#   Rake is a Make-like program implemented in Ruby. Tasks
+#   and dependencies are specified in standard Ruby syntax.
+#     EOF
+#   end
+#
+#   Gem::Package.build spec
+#
+# Reads a .gem file.
+#
+#   require 'rubygems'
+#   require 'rubygems/package'
+#
+#   the_gem = Gem::Package.new(path_to_dot_gem)
+#   the_gem.contents # get the files in the gem
+#   the_gem.extract_files destination_directory # extract the gem into a directory
+#   the_gem.spec # get the spec out of the gem
+#   the_gem.verify # check the gem is OK (contains valid gem specification, contains a not corrupt contents archive)
+#
+# #files are the files in the .gem tar file, not the ruby files in the gem
+# #extract_files and #contents automatically call #verify
 
+require 'rubygems/security'
 require 'rubygems/specification'
+require 'rubygems/user_interaction'
+require 'zlib'
 
-module Gem::Package
+class Gem::Package
+
+  include Gem::UserInteraction
+
+  class Error < Gem::Exception; end
 
-  class Error < StandardError; end
-  class NonSeekableIO < Error; end
-  class ClosedIO < Error; end
-  class BadCheckSum < Error; end
-  class TooLongFileName < Error; end
   class FormatError < Error
     attr_reader :path
 
@@ -26,57 +64,490 @@ module Gem::Package
 
   end
 
+  class PathError < Error
+    def initialize destination, destination_dir
+      super "installing into parent path %s of %s is not allowed" %
+              [destination, destination_dir]
+    end
+  end
+
+  class NonSeekableIO < Error; end
+
+  class TooLongFileName < Error; end
+
   ##
   # Raised when a tar file is corrupt
 
   class TarInvalidError < Error; end
 
-  # FIX: zenspider said: does it really take an IO?
-  # passed to a method called open?!? that seems stupid.
-  def self.open(io, mode = "r", signer = nil, &block)
-    tar_type = case mode
-               when 'r' then TarInput
-               when 'w' then TarOutput
-               else
-                 raise "Unknown Package open mode"
-               end
-
-    tar_type.open(io, signer, &block)
-  end
-
-  def self.pack(src, destname, signer = nil)
-    TarOutput.open(destname, signer) do |outp|
-      dir_class.chdir(src) do
-        outp.metadata = (file_class.read("RPA/metadata") rescue nil)
-        find_class.find('.') do |entry|
-          case
-          when file_class.file?(entry)
-            entry.sub!(%r{\./}, "")
-            next if entry =~ /\ARPA\//
-            stat = File.stat(entry)
-            outp.add_file_simple(entry, stat.mode, stat.size) do |os|
-              file_class.open(entry, "rb") do |f|
-                os.write(f.read(4096)) until f.eof?
-              end
-            end
-          when file_class.dir?(entry)
-            entry.sub!(%r{\./}, "")
-            next if entry == "RPA"
-            outp.mkdir(entry, file_class.stat(entry).mode)
-          else
-            raise "Don't know how to pack this yet!"
+  attr_accessor :build_time # :nodoc:
+
+  ##
+  # Checksums for the contents of the package
+
+  attr_reader :checksums
+
+  ##
+  # The files in this package.  This is not the contents of the gem, just the
+  # files in the top-level container.
+
+  attr_reader :files
+
+  ##
+  # The security policy used for verifying the contents of this package.
+
+  attr_accessor :security_policy
+
+  ##
+  # Sets the Gem::Specification to use to build this package.
+
+  attr_writer :spec
+
+  def self.build spec, skip_validation=false
+    gem_file = spec.file_name
+
+    package = new gem_file
+    package.spec = spec
+    package.build skip_validation
+
+    gem_file
+  end
+
+  ##
+  # Creates a new Gem::Package for the file at +gem+.
+  #
+  # If +gem+ is an existing file in the old format a Gem::Package::Old will be
+  # returned.
+
+  def self.new gem
+    return super unless Gem::Package == self
+    return super unless File.exist? gem
+
+    start = File.read gem, 20
+
+    return super unless start
+    return super unless start.include? 'MD5SUM ='
+
+    Gem::Package::Old.new gem
+  end
+
+  ##
+  # Creates a new package that will read or write to the file +gem+.
+
+  def initialize gem # :notnew:
+    @gem = gem
+
+    @build_time      = Time.now
+    @checksums       = {}
+    @contents        = nil
+    @digests         = Hash.new { |h, algorithm| h[algorithm] = {} }
+    @files           = nil
+    @security_policy = nil
+    @signatures      = {}
+    @signer          = nil
+    @spec            = nil
+  end
+
+  ##
+  # Adds a checksum for each entry in the gem to checksums.yaml.gz.
+
+  def add_checksums tar
+    Gem.load_yaml
+
+    checksums_by_algorithm = Hash.new { |h, algorithm| h[algorithm] = {} }
+
+    @checksums.each do |name, digests|
+      digests.each do |algorithm, digest|
+        checksums_by_algorithm[algorithm][name] = digest.hexdigest
+      end
+    end
+
+    tar.add_file_signed 'checksums.yaml.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        YAML.dump checksums_by_algorithm, gz_io
+      end
+    end
+  end
+
+  ##
+  # Adds the files listed in the packages's Gem::Specification to data.tar.gz
+  # and adds this file to the +tar+.
+
+  def add_contents tar # :nodoc:
+    digests = tar.add_file_signed 'data.tar.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        Gem::Package::TarWriter.new gz_io do |data_tar|
+          add_files data_tar
+        end
+      end
+    end
+
+    @checksums['data.tar.gz'] = digests
+  end
+
+  ##
+  # Adds files included the package's Gem::Specification to the +tar+ file
+
+  def add_files tar # :nodoc:
+    @spec.files.each do |file|
+      stat = File.stat file
+
+      tar.add_file_simple file, stat.mode, stat.size do |dst_io|
+        open file, 'rb' do |src_io|
+          dst_io.write src_io.read 16384 until src_io.eof?
+        end
+      end
+    end
+  end
+
+  ##
+  # Adds the package's Gem::Specification to the +tar+ file
+
+  def add_metadata tar # :nodoc:
+    digests = tar.add_file_signed 'metadata.gz', 0444, @signer do |io|
+      gzip_to io do |gz_io|
+        gz_io.write @spec.to_yaml
+      end
+    end
+
+    @checksums['metadata.gz'] = digests
+  end
+
+  ##
+  # Builds this package based on the specification set by #spec=
+
+  def build skip_validation = false
+    Gem.load_yaml
+    require 'rubygems/security'
+
+    @spec.validate unless skip_validation
+    @spec.mark_version
+
+    setup_signer
+
+    open @gem, 'wb' do |gem_io|
+      Gem::Package::TarWriter.new gem_io do |gem|
+        add_metadata gem
+        add_contents gem
+        add_checksums gem
+      end
+    end
+
+    say <<-EOM
+  Successfully built RubyGem
+  Name: #{@spec.name}
+  Version: #{@spec.version}
+  File: #{File.basename @spec.cache_file}
+EOM
+  ensure
+    @signer = nil
+  end
+
+  ##
+  # A list of file names contained in this gem
+
+  def contents
+    return @contents if @contents
+
+    verify unless @spec
+
+    @contents = []
+
+    open @gem, 'rb' do |io|
+      gem_tar = Gem::Package::TarReader.new io
+
+      gem_tar.each do |entry|
+        next unless entry.full_name == 'data.tar.gz'
+
+        open_tar_gz entry do |pkg_tar|
+          pkg_tar.each do |contents_entry|
+            @contents << contents_entry.full_name
           end
         end
+
+        return @contents
+      end
+    end
+  end
+
+  ##
+  # Creates a digest of the TarEntry +entry+ from the digest algorithm set by
+  # the security policy.
+
+  def digest entry # :nodoc:
+    return unless @checksums
+
+    @checksums.each_key do |algorithm|
+      digester = OpenSSL::Digest.new algorithm
+
+      digester << entry.read(16384) until entry.eof?
+
+      entry.rewind
+
+      @digests[algorithm][entry.full_name] = digester
+    end
+
+    @digests
+  end
+
+  ##
+  # Extracts the files in this package into +destination_dir+
+
+  def extract_files destination_dir
+    verify unless @spec
+
+    FileUtils.mkdir_p destination_dir
+
+    open @gem, 'rb' do |io|
+      reader = Gem::Package::TarReader.new io
+
+      reader.each do |entry|
+        next unless entry.full_name == 'data.tar.gz'
+
+        extract_tar_gz entry, destination_dir
+
+        return # ignore further entries
+      end
+    end
+  end
+
+  ##
+  # Extracts all the files in the gzipped tar archive +io+ into
+  # +destination_dir+.
+  #
+  # If an entry in the archive contains a relative path above
+  # +destination_dir+ or an absolute path is encountered an exception is
+  # raised.
+
+  def extract_tar_gz io, destination_dir # :nodoc:
+    open_tar_gz io do |tar|
+      tar.each do |entry|
+        destination = install_location entry.full_name, destination_dir
+
+        FileUtils.rm_rf destination
+
+        FileUtils.mkdir_p File.dirname destination
+
+        open destination, 'wb', entry.header.mode do |out|
+          out.write entry.read
+          out.fsync rescue nil # for filesystems without fsync(2)
+        end
+
+        say destination if Gem.configuration.really_verbose
+      end
+    end
+  end
+
+  ##
+  # Gzips content written to +gz_io+ to +io+.
+  #--
+  # Also sets the gzip modification time to the package build time to ease
+  # testing.
+
+  def gzip_to io # :yields: gz_io
+    gz_io = Zlib::GzipWriter.new io, Zlib::BEST_COMPRESSION
+    gz_io.mtime = @build_time
+
+    yield gz_io
+  ensure
+    gz_io.close
+  end
+
+  ##
+  # Returns the full path for installing +filename+.
+  #
+  # If +filename+ is not inside +destination_dir+ an exception is raised.
+
+  def install_location filename, destination_dir # :nodoc:
+    raise Gem::Package::PathError.new(filename, destination_dir) if
+      filename.start_with? '/'
+
+    destination = File.join destination_dir, filename
+    destination = File.expand_path destination
+
+    raise Gem::Package::PathError.new(destination, destination_dir) unless
+      destination.start_with? destination_dir
+
+    destination.untaint
+    destination
+  end
+
+  ##
+  # Loads a Gem::Specification from the TarEntry +entry+
+
+  def load_spec entry # :nodoc:
+    case entry.full_name
+    when 'metadata' then
+      @spec = Gem::Specification.from_yaml entry.read
+    when 'metadata.gz' then
+      args = [entry]
+      args << { :external_encoding => Encoding::UTF_8 } if
+        Object.const_defined? :Encoding
+
+      Zlib::GzipReader.wrap(*args) do |gzio|
+        @spec = Gem::Specification.from_yaml gzio.read
+      end
+    end
+  end
+
+  ##
+  # Opens +io+ as a gzipped tar archive
+
+  def open_tar_gz io # :nodoc:
+    Zlib::GzipReader.wrap io do |gzio|
+      tar = Gem::Package::TarReader.new gzio
+
+      yield tar
+    end
+  end
+
+  ##
+  # Reads and loads checksums.yaml.gz from the tar file +gem+
+
+  def read_checksums gem
+    Gem.load_yaml
+
+    @checksums = gem.seek 'checksums.yaml.gz' do |entry|
+      Zlib::GzipReader.wrap entry do |gz_io|
+        YAML.load gz_io.read
+      end
+    end
+  end
+
+  ##
+  # Prepares the gem for signing and checksum generation.  If a signing
+  # certificate and key are not present only checksum generation is set up.
+
+  def setup_signer
+    if @spec.signing_key then
+      @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain
+      @spec.signing_key = nil
+      @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
+    else
+      @signer = Gem::Security::Signer.new nil, nil
+      @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if
+        @signer.cert_chain
+    end
+  end
+
+  ##
+  # The spec for this gem.
+  #
+  # If this is a package for a built gem the spec is loaded from the
+  # gem and returned.  If this is a package for a gem being built the provided
+  # spec is returned.
+
+  def spec
+    verify unless @spec
+
+    @spec
+  end
+
+  ##
+  # Verifies that this gem:
+  #
+  # * Contains a valid gem specification
+  # * Contains a contents archive
+  # * The contents archive is not corrupt
+  #
+  # After verification the gem specification from the gem is available from
+  # #spec
+
+  def verify
+    @files     = []
+    @spec      = nil
+
+    open @gem, 'rb' do |io|
+      Gem::Package::TarReader.new io do |reader|
+        read_checksums reader
+
+        verify_files reader
+      end
+    end
+
+    verify_checksums @digests, @checksums
+
+    @security_policy.verify_signatures @spec, @digests, @signatures if
+      @security_policy
+
+    true
+  rescue Errno::ENOENT => e
+    raise Gem::Package::FormatError.new e.message
+  rescue Gem::Package::TarInvalidError => e
+    raise Gem::Package::FormatError.new e.message, @gem
+  end
+
+  ##
+  # Verifies the +checksums+ against the +digests+.  This check is not
+  # cryptographically secure.  Missing checksums are ignored.
+
+  def verify_checksums digests, checksums # :nodoc:
+    return unless checksums
+
+    checksums.sort.each do |algorithm, gem_digests|
+      gem_digests.sort.each do |file_name, gem_hexdigest|
+        computed_digest = digests[algorithm][file_name]
+
+        unless computed_digest.hexdigest == gem_hexdigest then
+          raise Gem::Package::FormatError.new \
+            "#{algorithm} checksum mismatch for #{file_name}", @gem
+        end
       end
     end
   end
 
+  ##
+  # Verifies the files of the +gem+
+
+  def verify_files gem
+    gem.each do |entry|
+      file_name = entry.full_name
+      @files << file_name
+
+      case file_name
+      when /\.sig$/ then
+        @signatures[$`] = entry.read if @security_policy
+        next
+      when 'checksums.yaml.gz' then
+        next # already handled
+      else
+        digest entry
+      end
+
+      case file_name
+      when /^metadata(.gz)?$/ then
+        load_spec entry
+      when 'data.tar.gz' then
+        verify_gz entry
+      end
+    end
+
+    unless @spec then
+      raise Gem::Package::FormatError.new 'package metadata is missing', @gem
+    end
+
+    unless @files.include? 'data.tar.gz' then
+      raise Gem::Package::FormatError.new \
+              'package content (data.tar.gz) is missing', @gem
+    end
+  end
+
+  ##
+  # Verifies that +entry+ is a valid gzipped file.
+
+  def verify_gz entry # :nodoc:
+    Zlib::GzipReader.wrap entry do |gzio|
+      gzio.read 16384 until gzio.eof? # gzip checksum verification
+    end
+  rescue Zlib::GzipFile::Error => e
+    raise Gem::Package::FormatError.new(e.message, entry.full_name)
+  end
+
 end
 
-require 'rubygems/package/f_sync_dir'
+require 'rubygems/package/digest_io'
+require 'rubygems/package/old'
 require 'rubygems/package/tar_header'
-require 'rubygems/package/tar_input'
-require 'rubygems/package/tar_output'
 require 'rubygems/package/tar_reader'
 require 'rubygems/package/tar_reader/entry'
 require 'rubygems/package/tar_writer'