rubygems-update 2.0.0.rc.1 → 2.0.0.rc.2

data/test/rubygems/test_gem_commands_push_command.rb

@@ -46,6 +46,7 @@ class TestGemCommandsPushCommand < Gem::TestCase
 
   def send_battery
     use_ui @ui do
+      @cmd.instance_variable_set :@host, @host
       @cmd.send_gem(@path)
     end
 
@@ -133,7 +134,7 @@ class TestGemCommandsPushCommand < Gem::TestCase
   end
 
   def test_raises_error_with_no_arguments
-    def @cmd.sign_in; end
+    def @cmd.sign_in(*); end
     assert_raises Gem::CommandLineError do
       @cmd.execute
     end

data/test/rubygems/test_gem_config_file.rb

@@ -164,6 +164,38 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal 2048, @cfg.bulk_threshold
   end
 
+  def test_check_credentials_permissions
+    skip 'chmod not supported' if win_platform?
+
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    use_ui @ui do
+      assert_raises Gem::MockGemUi::TermError do
+        @cfg.load_api_keys
+      end
+    end
+
+    assert_empty @ui.output
+
+    expected = <<-EXPECTED
+ERROR:  Your gem push credentials file located at:
+
+\t#{@cfg.credentials_path}
+
+has file permissions of 0644 but 0600 is required.
+
+You should reset your credentials at:
+
+\thttps://rubygems.org/profile/edit
+
+if you believe they were disclosed to a third party.
+    EXPECTED
+
+    assert_equal expected, @ui.error
+  end
+
   def test_handle_arguments
     args = %w[--backtrace --bunch --of --args here]
 
@@ -215,6 +247,32 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal true, @cfg.backtrace
   end
 
+  def test_load_api_keys
+    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
+    FileUtils.mkdir File.dirname(temp_cred)
+    File.open temp_cred, 'w', 0600 do |fp|
+      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
+      fp.puts ":other: a5fdbb6ba150cbb83aad2bb2fede64c"
+    end
+
+    util_config_file
+
+    assert_equal({:rubygems => '701229f217cdf23b1344c7b4b54ca97',
+                  :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
+  end
+
+  def test_load_api_keys_bad_permission
+    skip 'chmod not supported' if win_platform?
+
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    assert_raises Gem::MockGemUi::TermError do
+      @cfg.load_api_keys
+    end
+  end
+
   def test_really_verbose
     assert_equal false, @cfg.really_verbose
 
@@ -227,6 +285,46 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal true, @cfg.really_verbose
   end
 
+  def test_rubygems_api_key_equals
+    @cfg.rubygems_api_key = 'x'
+
+    assert_equal 'x', @cfg.rubygems_api_key
+
+    expected = {
+      :rubygems_api_key => 'x',
+    }
+
+    assert_equal expected, YAML.load_file(@cfg.credentials_path)
+
+    unless win_platform? then
+      stat = File.stat @cfg.credentials_path
+
+      assert_equal 0600, stat.mode & 0600
+    end
+  end
+
+  def test_rubygems_api_key_equals_bad_permission
+    skip 'chmod not supported' if win_platform?
+
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    assert_raises Gem::MockGemUi::TermError do
+      @cfg.rubygems_api_key = 'y'
+    end
+
+    expected = {
+      :rubygems_api_key => 'x',
+    }
+
+    assert_equal expected, YAML.load_file(@cfg.credentials_path)
+
+    stat = File.stat @cfg.credentials_path
+
+    assert_equal 0644, stat.mode & 0644
+  end
+
   def test_write
     @cfg.backtrace = true
     @cfg.update_sources = false
@@ -287,40 +385,6 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal %w[http://even-more-gems.example.com], Gem.sources
   end
 
-  def test_load_rubygems_api_key_from_credentials
-    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
-    FileUtils.mkdir File.dirname(temp_cred)
-    File.open temp_cred, 'w' do |fp|
-      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
-    end
-
-    util_config_file
-
-    assert_equal "701229f217cdf23b1344c7b4b54ca97", @cfg.rubygems_api_key
-  end
-
-  def test_load_api_keys_from_config
-    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
-    FileUtils.mkdir File.dirname(temp_cred)
-    File.open temp_cred, 'w' do |fp|
-      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
-      fp.puts ":other: a5fdbb6ba150cbb83aad2bb2fede64c"
-    end
-
-    util_config_file
-
-    assert_equal({:rubygems => '701229f217cdf23b1344c7b4b54ca97',
-                  :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
-  end
-
-  def test_save_credentials_file_with_strict_permissions
-    util_config_file
-    FileUtils.mkdir File.dirname(@cfg.credentials_path)
-    @cfg.rubygems_api_key = '701229f217cdf23b1344c7b4b54ca97'
-    mode = 0100600 & (~File.umask)
-    assert_equal mode, File.stat(@cfg.credentials_path).mode unless win_platform?
-  end
-
   def test_ignore_invalid_config_file
     File.open @temp_conf, 'w' do |fp|
       fp.puts "some-non-yaml-hash-string"

data/test/rubygems/test_gem_dependency_installer.rb

@@ -500,16 +500,21 @@ class TestGemDependencyInstaller < Gem::TestCase
     util_setup_gems
 
     FileUtils.mv @a1_gem, @tempdir
+    FileUtils.mv @b1_gem, @tempdir
+
+    inst = Gem::Installer.new @a1.file_name
+    inst.install
+
     gemhome2 = File.join @tempdir, 'gemhome2'
     Dir.mkdir gemhome2
     inst = nil
 
     Dir.chdir @tempdir do
       inst = Gem::DependencyInstaller.new :install_dir => gemhome2
-      inst.install 'a'
+      inst.install 'b'
     end
 
-    assert_equal %w[a-1], inst.installed_gems.map { |s| s.full_name }
+    assert_equal %w[a-1 b-1], inst.installed_gems.map { |s| s.full_name }
 
     assert File.exist?(File.join(gemhome2, 'specifications', @a1.spec_name))
     assert File.exist?(File.join(gemhome2, 'cache', @a1.file_name))
@@ -794,6 +799,19 @@ class TestGemDependencyInstaller < Gem::TestCase
     assert_equal Gem::Source.new(@gem_repo), s.source
   end
 
+  def test_find_spec_by_name_and_version_bad_gem
+    FileUtils.touch 'rdoc.gem'
+
+    inst = Gem::DependencyInstaller.new
+
+    e = assert_raises Gem::Package::FormatError do
+      inst.find_spec_by_name_and_version 'rdoc.gem'
+    end
+
+    full_path = File.join @tempdir, 'rdoc.gem'
+    assert_equal "package metadata is missing in #{full_path}", e.message
+  end
+
   def test_find_spec_by_name_and_version_directory
     Dir.mkdir 'rdoc'
 
@@ -808,6 +826,20 @@ class TestGemDependencyInstaller < Gem::TestCase
                  e.message
   end
 
+  def test_find_spec_by_name_and_version_file
+    FileUtils.touch 'rdoc'
+
+    inst = Gem::DependencyInstaller.new
+
+    e = assert_raises Gem::SpecificGemNotFoundException do
+      inst.find_spec_by_name_and_version 'rdoc'
+    end
+
+    assert_equal "Could not find a valid gem 'rdoc' (>= 0) " +
+                 "locally or in a repository",
+                 e.message
+  end
+
   def test_find_gems_with_sources_local
     util_setup_gems
 

data/test/rubygems/test_gem_gemcutter_utilities.rb

@@ -77,9 +77,24 @@ class TestGemGemcutterUtilities < Gem::TestCase
 
   def test_sign_in_with_host
     api_key     = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
+
+    util_sign_in [api_key, 200, 'OK'], 'http://example.com', :param
+
+    assert_match "Enter your http://example.com credentials.",
+                 @sign_in_ui.output
+    assert @fetcher.last_request["authorization"]
+    assert_match %r{Signed in.}, @sign_in_ui.output
+
+    credentials = YAML.load_file Gem.configuration.credentials_path
+    assert_equal api_key, credentials[:rubygems_api_key]
+  end
+
+  def test_sign_in_with_host_ENV
+    api_key     = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
     util_sign_in [api_key, 200, 'OK'], 'http://example.com'
 
-    assert_match %r{Enter your RubyGems.org credentials.}, @sign_in_ui.output
+    assert_match "Enter your http://example.com credentials.",
+                 @sign_in_ui.output
     assert @fetcher.last_request["authorization"]
     assert_match %r{Signed in.}, @sign_in_ui.output
 
@@ -125,14 +140,14 @@ class TestGemGemcutterUtilities < Gem::TestCase
     assert_match %r{Access Denied.}, @sign_in_ui.output
   end
 
-  def util_sign_in response, host = nil
+  def util_sign_in response, host = nil, style = :ENV
     skip 'Always uses $stdin on windows' if Gem.win_platform?
 
     email    = 'you@example.com'
     password = 'secret'
 
     if host
-      ENV['RUBYGEMS_HOST'] = host
+      ENV['RUBYGEMS_HOST'] = host if style == :ENV
     else
       host = Gem.host
     end
@@ -144,7 +159,11 @@ class TestGemGemcutterUtilities < Gem::TestCase
     @sign_in_ui = Gem::MockGemUi.new "#{email}\n#{password}\n"
 
     use_ui @sign_in_ui do
-      @cmd.sign_in
+      if style == :param then
+        @cmd.sign_in host
+      else
+        @cmd.sign_in
+      end
     end
   end
 

data/test/rubygems/test_gem_installer.rb

@@ -964,6 +964,33 @@ load Gem.bin_path('a', 'executable', version)
     assert_match %r|I am a shiny gem!|, @ui.output
   end
 
+  def test_install_extension_and_script
+    @spec.extensions << "extconf.rb"
+    write_file File.join(@tempdir, "extconf.rb") do |io|
+      io.write <<-RUBY
+        require "mkmf"
+        create_makefile("#{@spec.name}")
+      RUBY
+    end
+
+    rb = File.join("lib", "#{@spec.name}.rb")
+    @spec.files += [rb]
+    write_file File.join(@tempdir, rb) do |io|
+      io.write <<-RUBY
+        # #{@spec.name}.rb
+      RUBY
+    end
+
+    assert !File.exist?(File.join(@spec.gem_dir, rb))
+    use_ui @ui do
+      path = Gem::Package.build @spec
+
+      @installer = Gem::Installer.new path
+      @installer.install
+    end
+    assert File.exist?(File.join(@spec.gem_dir, rb))
+  end
+
   def test_installation_satisfies_dependency_eh
     quick_spec 'a'
 

data/test/rubygems/test_gem_package.rb

@@ -429,10 +429,17 @@ class TestGemPackage < Gem::Package::TarTestCase
 
       digest = OpenSSL::Digest::SHA1.new
       digest << metadata_gz
-      checksum = "#{digest.name}\t#{digest.hexdigest}\n"
 
-      tar.add_file 'metadata.gz.sum', 0444 do |io|
-        io.write checksum
+      checksums = {
+        'SHA1' => {
+          'metadata.gz' => digest.hexdigest,
+        },
+      }
+
+      tar.add_file 'checksums.yaml.gz', 0444 do |io|
+        Zlib::GzipWriter.wrap io do |gz_io|
+          gz_io.write YAML.dump checksums
+        end
       end
 
       tar.add_file 'data.tar.gz', 0444 do |io|
@@ -499,6 +506,50 @@ class TestGemPackage < Gem::Package::TarTestCase
 
     assert_equal 'unsigned gems are not allowed by the High Security policy',
                  e.message
+
+    refute package.instance_variable_get(:@spec), '@spec must not be loaded'
+    assert_empty package.instance_variable_get(:@files), '@files must empty'
+  end
+
+  def test_verify_security_policy_checksum_missing
+    @spec.cert_chain = [PUBLIC_CERT.to_pem]
+    @spec.signing_key = PRIVATE_KEY
+
+    build = Gem::Package.new @gem
+    build.spec = @spec
+    build.setup_signer
+
+    FileUtils.mkdir 'lib'
+    FileUtils.touch 'lib/code.rb'
+
+    open @gem, 'wb' do |gem_io|
+      Gem::Package::TarWriter.new gem_io do |gem|
+        build.add_metadata gem
+        build.add_contents gem
+
+        # write bogus data.tar.gz to foil signature
+        bogus_data = Gem.gzip 'hello'
+        gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io|
+          io.write bogus_data
+        end
+
+        # pre rubygems 2.0 gems do not add checksums
+      end
+    end
+
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    package = Gem::Package.new @gem
+    package.security_policy = Gem::Security::HighSecurity
+
+    e = assert_raises Gem::Security::Exception do
+      package.verify
+    end
+
+    assert_equal 'invalid signature', e.message
+
+    refute package.instance_variable_get(:@spec), '@spec must not be loaded'
+    assert_empty package.instance_variable_get(:@files), '@files must empty'
   end
 
   def test_verify_truncate

data/test/rubygems/test_gem_package_old.rb

@@ -18,6 +18,14 @@ class TestGemPackageOld < Gem::TestCase
     assert_equal %w[lib/foo.rb lib/test.rb lib/test/wow.rb], @package.contents
   end
 
+  def test_contents_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.contents
+    end
+  end
+
   def test_extract_files
     @package.extract_files @destination
 
@@ -29,9 +37,43 @@ class TestGemPackageOld < Gem::TestCase
     assert_equal mask, File.stat(extracted).mode unless win_platform?
   end
 
+  def test_extract_files_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.extract_files @destination
+    end
+  end
+
   def test_spec
     assert_equal 'testing', @package.spec.name
   end
 
+  def test_spec_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.spec
+    end
+  end
+
+  def test_verify
+    assert @package.verify
+
+    @package.security_policy = Gem::Security::NoSecurity
+
+    assert @package.verify
+
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    e = assert_raises Gem::Security::Exception do
+      @package.verify
+    end
+
+    assert_equal 'old format gems do not contain signatures ' +
+                 'and cannot be verified',
+                 e.message
+  end
+
 end