rubygems-update 2.0.0.rc.1 → 2.0.0.rc.2

data/test/rubygems/test_gem_security_policy.rb

@@ -31,8 +31,10 @@ class TestGemSecurityPolicy < Gem::TestCase
     @sha1 = OpenSSL::Digest::SHA1
     @trust_dir = Gem::Security.trust_dir.dir # HACK use the object
 
+    @no        = Gem::Security::NoSecurity
     @almost_no = Gem::Security::AlmostNoSecurity
     @low       = Gem::Security::LowSecurity
+    @medium    = Gem::Security::MediumSecurity
     @high      = Gem::Security::HighSecurity
 
     @chain = Gem::Security::Policy.new(
@@ -84,6 +86,14 @@ class TestGemSecurityPolicy < Gem::TestCase
     assert @chain.check_chain chain, Time.now
   end
 
+  def test_check_chain_empty_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_chain [], Time.now
+    end
+
+    assert_equal 'empty signing chain', e.message
+  end
+
   def test_check_chain_invalid
     chain = [PUBLIC_CERT, CHILD_CERT, INVALIDCHILD_CERT]
 
@@ -96,6 +106,14 @@ class TestGemSecurityPolicy < Gem::TestCase
                  "was not issued by #{CHILD_CERT.subject}", e.message
   end
 
+  def test_check_chain_no_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_chain nil, Time.now
+    end
+
+    assert_equal 'missing signing chain', e.message
+  end
+
   def test_check_cert
     assert @low.check_cert(PUBLIC_CERT, nil, Time.now)
   end
@@ -134,10 +152,28 @@ class TestGemSecurityPolicy < Gem::TestCase
     assert @low.check_cert(CHILD_CERT, PUBLIC_CERT, Time.now)
   end
 
+  def test_check_cert_no_signer
+    e = assert_raises Gem::Security::Exception do
+      @high.check_cert(nil, nil, Time.now)
+    end
+
+    assert_equal 'missing signing certificate', e.message
+  end
+
   def test_check_key
     assert @almost_no.check_key(PUBLIC_CERT, PRIVATE_KEY)
   end
 
+  def test_check_key_no_signer
+    assert @almost_no.check_key(nil, nil)
+
+    e = assert_raises Gem::Security::Exception do
+      @high.check_key(nil, nil)
+    end
+
+    assert_equal 'missing key or signature', e.message
+  end
+
   def test_check_key_wrong_key
     e = assert_raises Gem::Security::Exception do
       @almost_no.check_key(PUBLIC_CERT, ALTERNATE_KEY)
@@ -153,6 +189,14 @@ class TestGemSecurityPolicy < Gem::TestCase
     assert @chain.check_root chain, Time.now
   end
 
+  def test_check_root_empty_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_root [], Time.now
+    end
+
+    assert_equal 'missing root certificate', e.message
+  end
+
   def test_check_root_invalid_signer
     chain = [INVALID_SIGNER_CERT]
 
@@ -177,6 +221,14 @@ class TestGemSecurityPolicy < Gem::TestCase
                  e.message
   end
 
+  def test_check_root_no_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_root nil, Time.now
+    end
+
+    assert_equal 'missing signing chain', e.message
+  end
+
   def test_check_trust
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
@@ -189,6 +241,14 @@ class TestGemSecurityPolicy < Gem::TestCase
     assert @high.check_trust [PUBLIC_CERT, CHILD_CERT], @sha1, @trust_dir
   end
 
+  def test_check_trust_empty_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_trust [], @sha1, @trust_dir
+    end
+
+    assert_equal 'missing root certificate', e.message
+  end
+
   def test_check_trust_mismatch
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
@@ -200,6 +260,14 @@ class TestGemSecurityPolicy < Gem::TestCase
                  "does not match signing root certificate checksum", e.message
   end
 
+  def test_check_trust_no_chain
+    e = assert_raises Gem::Security::Exception do
+      @chain.check_trust nil, @sha1, @trust_dir
+    end
+
+    assert_equal 'missing signing chain', e.message
+  end
+
   def test_check_trust_no_trust
     e = assert_raises Gem::Security::Exception do
       @high.check_trust [PUBLIC_CERT], @sha1, @trust_dir
@@ -220,73 +288,108 @@ class TestGemSecurityPolicy < Gem::TestCase
   def test_verify
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    assert @almost_no.verify [PUBLIC_CERT]
+    assert @almost_no.verify [PUBLIC_CERT], nil, *dummy_signatures
   end
 
   def test_verify_chain_signatures
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, PRIVATE_KEY) }
-
-    assert @high.verify [PUBLIC_CERT], nil, digest, signature
+    assert @high.verify [PUBLIC_CERT], nil, *dummy_signatures
   end
 
   def test_verify_chain_key
-    assert @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY
+    @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY, *dummy_signatures
   end
 
-  def test_verify_signatures_chain
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, CHILD_KEY) }
+  def test_verify_no_digests
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    _, signatures = dummy_signatures
 
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, {}, signatures
+    end
+
+    assert_equal 'no digests provided (probable bug)', e.message
+  end
+
+  def test_verify_no_digests_no_security
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    _, signatures = dummy_signatures
+
+    e = assert_raises Gem::Security::Exception do
+      @no.verify [PUBLIC_CERT], nil, {}, signatures
+    end
+
+    assert_equal 'missing digest for 0', e.message
+  end
+
+  def test_verify_not_enough_signatures
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    digests, signatures = dummy_signatures
+
+    data = digest 'goodbye'
+
+    signatures[1] = PRIVATE_KEY.sign @sha1.new, data.digest
+
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, digests, signatures
+    end
+
+    assert_equal 'missing digest for 1', e.message
+  end
+
+  def test_verify_wrong_digest_type
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    sha512 = OpenSSL::Digest::SHA512
+
+    data = sha512.new
+    data << 'hello'
+
+    digests    = { 'SHA512' => { 0 => data } }
+    signature  = PRIVATE_KEY.sign sha512.new, data.digest
+    signatures = { 0 => signature }
+
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, digests, signatures
+    end
+
+    assert_equal 'no digests provided (probable bug)', e.message
+  end
+
+  def test_verify_signatures_chain
     @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT]
 
-    assert @chain.verify_signatures @spec, digest, signature
+    assert @chain.verify_signatures @spec, *dummy_signatures(CHILD_KEY)
   end
 
   def test_verify_signatures_data
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    @almost_no.verify_signatures @spec, digest, signature
+    @almost_no.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures_root
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, CHILD_KEY) }
-
     @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT]
 
-    assert @root.verify_signatures @spec, digest, signature
+    assert @root.verify_signatures @spec, *dummy_signatures(CHILD_KEY)
   end
 
   def test_verify_signatures_signer
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    assert @low.verify_signatures @spec, digest, signature
+    assert @low.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures_trust
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, PRIVATE_KEY) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    assert @high.verify_signatures @spec, digest, signature
+    assert @high.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures
@@ -372,5 +475,14 @@ class TestGemSecurityPolicy < Gem::TestCase
     key.sign @sha1.new, data.digest
   end
 
+  def dummy_signatures key = PRIVATE_KEY
+    data = digest 'hello'
+
+    digests    = { 'SHA1' => { 0 => data } }
+    signatures = { 0 => sign(data, key) }
+
+    return digests, signatures
+  end
+
 end
 

data/test/rubygems/test_gem_specification.rb

@@ -118,6 +118,15 @@ end
     assert_equal @current_version, new_spec.specification_version
   end
 
+  def test_self_from_yaml
+    @a1.instance_variable_set :@specification_version, nil
+
+    spec = Gem::Specification.from_yaml @a1.to_yaml
+
+    assert_equal Gem::Specification::NONEXISTENT_SPECIFICATION_VERSION,
+                 spec.specification_version
+  end
+
   def test_self_from_yaml_syck_date_bug
     # This is equivalent to (and totally valid) psych 1.0 output and
     # causes parse errors on syck.

metadata

@@ -1,23 +1,15 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rubygems-update
-version: !ruby/object:Gem::Version 
-  hash: 2757333137
-  prerelease: 6
-  segments: 
-  - 2
-  - 0
-  - 0
-  - rc
-  - 1
-  version: 2.0.0.rc.1
+version: !ruby/object:Gem::Version
+  version: 2.0.0.rc.2
 platform: ruby
-authors: 
+authors:
 - Jim Weirich
 - Chad Fowler
 - Eric Hodel
 autorequire: 
 bindir: bin
-cert_chain: 
+cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
   MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
@@ -40,162 +32,151 @@ cert_chain:
   Q8Tno9S3e4XGGP1ZWfLrTWEJbavFfhGHut2iMRwfC7s/YILAHNATopaJdH9DNpd1
   U81zGHMUBOvz/VGT6wJwYJ3emS2nfA2NOHFfgA==
   -----END CERTIFICATE-----
-
-date: 2013-01-08 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-02-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: minitest
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 4
-        - 1
-        version: "4.1"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
   type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rdoc
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 3
-        - 10
-        version: "3.10"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: builder
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 1
-        segments: 
-        - 2
-        - 1
-        version: "2.1"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: hoe-seattlerb
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: hoe-seattlerb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: session
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 2
-        - 4
-        version: "2.4"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: session
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: ZenTest
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 17
-        segments: 
-        - 4
-        - 5
-        version: "4.5"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: ZenTest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.5'
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 61
-        segments: 
-        - 0
-        - 9
-        - 3
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
         version: 0.9.3
   type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: hoe
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 3
-        - 1
-        version: "3.1"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.3
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
   type: :development
-  version_requirements: *id008
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
 description: |-
   RubyGems is a package management framework for Ruby.
-  
+
   This gem is an update for the RubyGems software. You must have an
   installation of RubyGems before this update can be applied.
-  
+
   See Gem for information on RubyGems (or `ri Gem`)
-  
+
   To upgrade to the latest RubyGems, run:
-  
+
     $ gem update --system  # you might need to be an administrator or root
-  
+
   See UPGRADING.rdoc for more details and alternative instructions.
-  
+
   -----
-  
+
   If you don't have RubyGems installed, you can still do it manually:
-  
+
   * Download from: https://rubygems.org/pages/download
   * Unpack into a directory and cd there
   * Install with: ruby setup.rb  # you may need admin/root privilege
-  
+
   For more details and other options, see:
-  
+
     ruby setup.rb --help
-email: 
+email:
 - rubygems-developers@rubyforge.org
-executables: 
+executables:
 - update_rubygems
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - History.txt
 - LICENSE.txt
 - MIT.txt
@@ -203,9 +184,9 @@ extra_rdoc_files:
 - README.rdoc
 - UPGRADING.rdoc
 - hide_lib_for_update/note.txt
-files: 
-- .autotest
-- .document
+files:
+- ".autotest"
+- ".document"
 - History.txt
 - LICENSE.txt
 - MIT.txt
@@ -310,6 +291,7 @@ files:
 - lib/rubygems/source_specific_file.rb
 - lib/rubygems/spec_fetcher.rb
 - lib/rubygems/specification.rb
+- lib/rubygems/ssl_certs/.document
 - lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem
 - lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem
 - lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem
@@ -458,45 +440,34 @@ files:
 - test/rubygems/wrong_key_cert_32.pem
 - util/CL2notes
 - util/create_certs.rb
-- .gemtest
-homepage: http://guides.rubygems.org
+- ".gemtest"
+homepage: http://rubygems.org
 licenses: []
-
+metadata: {}
 post_install_message: 
-rdoc_options: 
-- --main
+rdoc_options:
+- "--main"
 - README.rdoc
-- --title=RubyGems 2.0.0.rc.1 Documentation
-require_paths: 
+- "--title=RubyGems 2.0.0.rc.2 Documentation"
+require_paths:
 - hide_lib_for_update
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: rubygems
-rubygems_version: 1.8.24
+rubygems_version: 2.0.0.rc.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: RubyGems is a package management framework for Ruby
-test_files: 
+test_files:
 - test/rubygems/test_config.rb
 - test/rubygems/test_deprecate.rb
 - test/rubygems/test_gem.rb