RubyGems - rubygems-update - Versions diffs - 2.0.17 → 2.1.0.rc.1 - Mend

rubygems-update 2.0.17 → 2.1.0.rc.1

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (154) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +2 -0
data/.autotest +1 -1
data/History.txt +82 -153
data/Manifest.txt +35 -9
data/Rakefile +35 -36
data/lib/rubygems.rb +106 -18
data/lib/rubygems/available_set.rb +68 -0
data/lib/rubygems/basic_specification.rb +139 -0
data/lib/rubygems/command_manager.rb +37 -40
data/lib/rubygems/commands/cert_command.rb +78 -29
data/lib/rubygems/commands/cleanup_command.rb +2 -2
data/lib/rubygems/commands/contents_command.rb +101 -58
data/lib/rubygems/commands/dependency_command.rb +94 -53
data/lib/rubygems/commands/environment_command.rb +70 -53
data/lib/rubygems/commands/fetch_command.rb +1 -2
data/lib/rubygems/commands/help_command.rb +85 -55
data/lib/rubygems/commands/install_command.rb +84 -42
data/lib/rubygems/commands/outdated_command.rb +2 -12
data/lib/rubygems/commands/owner_command.rb +6 -0
data/lib/rubygems/commands/pristine_command.rb +26 -16
data/lib/rubygems/commands/sources_command.rb +85 -70
data/lib/rubygems/commands/uninstall_command.rb +32 -2
data/lib/rubygems/commands/update_command.rb +111 -75
data/lib/rubygems/config_file.rb +15 -3
data/lib/rubygems/core_ext/kernel_require.rb +9 -31
data/lib/rubygems/defaults.rb +8 -0
data/lib/rubygems/dependency.rb +4 -2
data/lib/rubygems/dependency_installer.rb +180 -170
data/lib/rubygems/dependency_resolver.rb +191 -526
data/lib/rubygems/dependency_resolver/activation_request.rb +109 -0
data/lib/rubygems/dependency_resolver/api_set.rb +65 -0
data/lib/rubygems/dependency_resolver/api_specification.rb +36 -0
data/lib/rubygems/dependency_resolver/composed_set.rb +18 -0
data/lib/rubygems/dependency_resolver/current_set.rb +16 -0
data/lib/rubygems/dependency_resolver/dependency_conflict.rb +85 -0
data/lib/rubygems/dependency_resolver/dependency_request.rb +51 -0
data/lib/rubygems/dependency_resolver/index_set.rb +59 -0
data/lib/rubygems/dependency_resolver/index_specification.rb +53 -0
data/lib/rubygems/dependency_resolver/installed_specification.rb +38 -0
data/lib/rubygems/dependency_resolver/installer_set.rb +130 -0
data/lib/rubygems/exceptions.rb +88 -1
data/lib/rubygems/ext/builder.rb +1 -1
data/lib/rubygems/gem_runner.rb +17 -9
data/lib/rubygems/gemcutter_utilities.rb +72 -42
data/lib/rubygems/install_default_message.rb +12 -0
data/lib/rubygems/install_update_options.rb +3 -0
data/lib/rubygems/installer.rb +55 -30
data/lib/rubygems/name_tuple.rb +18 -7
data/lib/rubygems/package.rb +50 -25
data/lib/rubygems/package/tar_test_case.rb +9 -9
data/lib/rubygems/package/tar_writer.rb +35 -12
data/lib/rubygems/package_task.rb +2 -5
data/lib/rubygems/path_support.rb +10 -0
data/lib/rubygems/platform.rb +9 -3
data/lib/rubygems/psych_additions.rb +1 -1
data/lib/rubygems/remote_fetcher.rb +9 -276
data/lib/rubygems/request.rb +267 -0
data/lib/rubygems/request_set.rb +123 -125
data/lib/rubygems/request_set/gem_dependency_api.rb +39 -0
data/lib/rubygems/security.rb +32 -23
data/lib/rubygems/security/policy.rb +35 -9
data/lib/rubygems/security/signer.rb +2 -2
data/lib/rubygems/server.rb +8 -16
data/lib/rubygems/source.rb +25 -14
data/lib/rubygems/source/installed.rb +28 -0
data/lib/rubygems/source/local.rb +122 -0
data/lib/rubygems/source/specific_file.rb +28 -0
data/lib/rubygems/source_local.rb +2 -89
data/lib/rubygems/source_specific_file.rb +2 -26
data/lib/rubygems/spec_fetcher.rb +11 -11
data/lib/rubygems/specification.rb +186 -198
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem +88 -30
data/lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem +90 -0
data/lib/rubygems/ssl_certs/{GeoTrustGlobalCA.pem → GeoTrust_Global_CA.pem} +20 -20
data/lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem +57 -0
data/lib/rubygems/stub_specification.rb +119 -0
data/lib/rubygems/test_case.rb +117 -49
data/lib/rubygems/uninstaller.rb +14 -9
data/lib/rubygems/uri_formatter.rb +39 -0
data/lib/rubygems/util/list.rb +44 -0
data/lib/rubygems/version.rb +15 -5
data/lib/rubygems/version_option.rb +8 -2
data/test/rubygems/ca_cert.pem +23 -0
data/test/rubygems/client.pem +49 -0
data/test/rubygems/encrypted_private_key.pem +30 -0
data/test/rubygems/invalid_client.pem +49 -0
data/test/rubygems/specifications/bar-0.0.2.gemspec +9 -0
data/test/rubygems/specifications/foo-0.0.1.gemspec +0 -0
data/test/rubygems/test_gem.rb +76 -454
data/test/rubygems/test_gem_command_manager.rb +23 -21
data/test/rubygems/test_gem_commands_cert_command.rb +154 -14
data/test/rubygems/test_gem_commands_cleanup_command.rb +15 -0
data/test/rubygems/test_gem_commands_contents_command.rb +32 -4
data/test/rubygems/test_gem_commands_environment_command.rb +9 -1
data/test/rubygems/test_gem_commands_fetch_command.rb +2 -28
data/test/rubygems/test_gem_commands_help_command.rb +6 -3
data/test/rubygems/test_gem_commands_install_command.rb +2 -65
data/test/rubygems/test_gem_commands_owner_command.rb +49 -0
data/test/rubygems/test_gem_commands_pristine_command.rb +30 -0
data/test/rubygems/test_gem_commands_sources_command.rb +1 -1
data/test/rubygems/test_gem_commands_uninstall_command.rb +33 -0
data/test/rubygems/test_gem_commands_update_command.rb +2 -1
data/test/rubygems/test_gem_config_file.rb +12 -0
data/test/rubygems/test_gem_dependency_installer.rb +58 -65
data/test/rubygems/test_gem_dependency_resolver.rb +6 -3
data/test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb +36 -0
data/test/rubygems/test_gem_ext_builder.rb +2 -4
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +7 -2
data/test/rubygems/test_gem_gem_runner.rb +17 -13
data/test/rubygems/test_gem_gemcutter_utilities.rb +6 -19
data/test/rubygems/test_gem_impossible_dependencies_error.rb +41 -0
data/test/rubygems/test_gem_install_update_options.rb +4 -1
data/test/rubygems/test_gem_installer.rb +31 -2
data/test/rubygems/test_gem_name_tuple.rb +22 -0
data/test/rubygems/test_gem_package.rb +122 -11
data/test/rubygems/test_gem_package_old.rb +8 -0
data/test/rubygems/test_gem_package_tar_reader.rb +9 -8
data/test/rubygems/test_gem_package_tar_reader_entry.rb +1 -1
data/test/rubygems/test_gem_package_tar_writer.rb +78 -56
data/test/rubygems/test_gem_package_task.rb +2 -23
data/test/rubygems/test_gem_path_support.rb +17 -0
data/test/rubygems/test_gem_platform.rb +18 -0
data/test/rubygems/test_gem_remote_fetcher.rb +106 -385
data/test/rubygems/test_gem_request.rb +239 -0
data/test/rubygems/test_gem_requirement.rb +9 -11
data/test/rubygems/test_gem_security.rb +58 -2
data/test/rubygems/test_gem_security_policy.rb +42 -1
data/test/rubygems/test_gem_security_signer.rb +13 -1
data/test/rubygems/test_gem_security_trust_dir.rb +5 -1
data/test/rubygems/test_gem_server.rb +1 -105
data/test/rubygems/test_gem_source.rb +4 -14
data/test/rubygems/test_gem_source_local.rb +4 -4
data/test/rubygems/test_gem_source_specific_file.rb +1 -1
data/test/rubygems/test_gem_spec_fetcher.rb +0 -12
data/test/rubygems/test_gem_specification.rb +452 -28
data/test/rubygems/test_gem_stub_specification.rb +30 -0
data/test/rubygems/test_gem_uninstaller.rb +14 -0
data/test/rubygems/test_gem_uri_formatter.rb +20 -0
data/test/rubygems/test_gem_version.rb +23 -13
data/test/rubygems/test_gem_version_option.rb +63 -1
data/test/rubygems/test_require.rb +0 -12
data/util/create_encrypted_key.rb +16 -0
metadata +161 -23
metadata.gz.sig +0 -0
data/CVE-2013-4287.txt +0 -36
data/CVE-2013-4363.txt +0 -45
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem +0 -25
data/lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem +0 -14
data/lib/rubygems/ssl_certs/DigiCertHighAssuranceEVRootCA.pem +0 -23
data/lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem +0 -28
data/test/rubygems/test_bundled_ca.rb +0 -59
data/util/update_bundled_ca_certificates.rb +0 -103

data/lib/rubygems/install_default_message.rb ADDED

@@ -0,0 +1,12 @@
+require 'rubygems'
+require 'rubygems/user_interaction'
+##
+# A post-install hook that displays "Successfully installed
+# some_gem-1.0 as a default gem"
+Gem.post_install do |installer|
+  ui = Gem::DefaultUserInteraction.ui
+  ui.say "Successfully installed #{installer.spec.full_name} as a default gem"
+end

data/lib/rubygems/install_update_options.rb CHANGED

@@ -26,6 +26,9 @@ module Gem::InstallUpdateOptions
     OptionParser.accept Gem::Security::Policy do |value|
       require 'rubygems/security'
+      raise OptionParser::InvalidArgument, 'OpenSSL not installed' unless
+        defined?(Gem::Security::HighSecurity)
       value = Gem::Security::Policies[value]
       valid = Gem::Security::Policies.keys.sort
       message = "#{value} (#{valid.join ', '} are valid)"

data/lib/rubygems/installer.rb CHANGED

@@ -9,7 +9,6 @@ require 'rubygems/package'
 require 'rubygems/ext'
 require 'rubygems/user_interaction'
 require 'fileutils'
-require 'thread'
 ##
 # The installer installs the files contained in the .gem into the Gem.home.
@@ -32,14 +31,6 @@ class Gem::Installer
   ENV_PATHS = %w[/usr/bin/env /bin/env]
-  ##
-  # The builder shells-out to run various commands after changing the
-  # directory.  This means multiple installations cannot be allowed to build
-  # extensions in parallel as they may change each other's directories leading
-  # to broken extensions or failed installations.
-  CHDIR_MUTEX = Mutex.new # :nodoc:
   ##
   # Raised when there is an error while building extensions.
   #
@@ -93,8 +84,8 @@ class Gem::Installer
   # :env_shebang:: Use /usr/bin/env in bin wrappers.
   # :force:: Overrides all version checks and security policy checks, except
   #          for a signed-gems-only policy.
-  # :format_executable:: Format the executable the same as the ruby executable.
-  #                      If your ruby is ruby18, foo_exec will be installed as
+  # :format_executable:: Format the executable the same as the Ruby executable.
+  #                      If your Ruby is ruby18, foo_exec will be installed as
   #                      foo_exec18.
   # :ignore_dependencies:: Don't raise if a dependency is missing.
   # :install_dir:: The directory to install the gem into.
@@ -153,7 +144,7 @@ class Gem::Installer
       io.gets # blankline
       # TODO detect a specially formatted comment instead of trying
-      # to run a regexp against ruby code.
+      # to run a regexp against Ruby code.
       next unless io.gets =~ /This file was generated by RubyGems/
       ruby_executable = true
@@ -222,15 +213,20 @@ class Gem::Installer
     FileUtils.mkdir_p gem_dir
-    extract_files
+    if @options[:install_as_default]
+      extract_bin
+      write_default_spec
+    else
+      extract_files
-    build_extensions
-    write_build_info_file
-    run_post_build_hooks
+      build_extensions
+      write_build_info_file
+      run_post_build_hooks
-    generate_bin
-    write_spec
-    write_cache_file
+      generate_bin
+      write_spec
+      write_cache_file
+    end
     say spec.post_install_message unless spec.post_install_message.nil?
@@ -335,6 +331,14 @@ class Gem::Installer
     File.join gem_home, "specifications", "#{spec.full_name}.gemspec"
   end
+  ##
+  # The location of of the default spec file for default gems.
+  #
+  def default_spec_file
+    File.join gem_home, "specifications/default", "#{spec.full_name}.gemspec"
+  end
   ##
   # Writes the .gemspec specification (in Ruby) to the gem home's
   # specifications directory.
@@ -346,6 +350,16 @@ class Gem::Installer
     end
   end
+  ##
+  # Writes the full .gemspec specification (in Ruby) to the gem home's
+  # specifications/default directory.
+  def write_default_spec
+    File.open(default_spec_file, "w") do |file|
+      file.puts spec.to_ruby
+    end
+  end
   ##
   # Creates windows .bat files for easy running of commands
@@ -547,13 +561,13 @@ class Gem::Installer
       :bin_dir      => nil,
       :env_shebang  => false,
       :force        => false,
-      :install_dir  => Gem.dir,
       :only_install_dir => false
     }.merge options
     @env_shebang         = options[:env_shebang]
     @force               = options[:force]
-    @gem_home            = options[:install_dir]
+    @install_dir         = options[:install_dir]
+    @gem_home            = options[:install_dir] || Gem.dir
     @ignore_dependencies = options[:ignore_dependencies]
     @format_executable   = options[:format_executable]
     @security_policy     = options[:security_policy]
@@ -628,7 +642,7 @@ TEXT
   end
   ##
-  # return the stub script text used to launch the true ruby script
+  # return the stub script text used to launch the true Ruby script
   def windows_stub_script(bindir, bin_file_name)
     ruby = File.basename(Gem.ruby).chomp('"')
@@ -684,13 +698,11 @@ TEXT
       begin
         FileUtils.mkdir_p dest_path
-        CHDIR_MUTEX.synchronize do
-          Dir.chdir extension_dir do
-            results = builder.build(extension, gem_dir, dest_path,
-                                    results, @build_args)
+        Dir.chdir extension_dir do
+          results = builder.build(extension, gem_dir, dest_path,
+                                  results, @build_args)
-            say results.join("\n") if Gem.configuration.really_verbose
-          end
+          say results.join("\n") if Gem.configuration.really_verbose
         end
       rescue
         extension_build_error(extension_dir, results.join("\n"), $@)
@@ -727,6 +739,15 @@ EOF
     @package.extract_files gem_dir
   end
+  ##
+  # Extracts only the bin/ files from the gem into the gem directory.
+  # This is used by default gems to allow a gem-aware stub to function
+  # without the full gem installed.
+  def extract_bin
+    @package.extract_files gem_dir, "bin/*"
+  end
   ##
   # Prefix and suffix the program filename the same as ruby.
@@ -750,7 +771,7 @@ EOF
   ##
   # Performs various checks before installing the gem such as the install
-  # repository is writable and its directories exist, required ruby and
+  # repository is writable and its directories exist, required Ruby and
   # rubygems versions are met and that dependencies are installed.
   #
   # Version and dependency checks are skipped if this install is forced.
@@ -767,7 +788,11 @@ EOF
     ensure_loadable_spec
-    Gem.ensure_gem_subdirectories gem_home
+    if options[:install_as_default]
+      Gem.ensure_default_gem_subdirectories gem_home
+    else
+      Gem.ensure_gem_subdirectories gem_home
+    end
     return true if @force

data/lib/rubygems/name_tuple.rb CHANGED

@@ -42,6 +42,20 @@ class Gem::NameTuple
     new nil, Gem::Version.new(0), nil
   end
+  ##
+  # Returns the full name (name-version) of this Gem.  Platform information is
+  # included if it is not the default Ruby platform.  This mimics the behavior
+  # of Gem::Specification#full_name.
+  def full_name
+    case @platform
+    when nil, 'ruby', ''
+      "#{@name}-#{@version}"
+    else
+      "#{@name}-#{@version}-#{@platform}"
+    end
+  end
   ##
   # Indicate if this NameTuple matches the current platform.
@@ -59,12 +73,7 @@ class Gem::NameTuple
   # Return the name that the gemspec file would be
   def spec_name
-    case @platform
-    when nil, 'ruby', ''
-      "#{@name}-#{@version}.gemspec"
-    else
-      "#{@name}-#{@version}-#{@platform}.gemspec"
-    end
+    "#{full_name}.gemspec"
   end
   ##
@@ -74,10 +83,12 @@ class Gem::NameTuple
     [@name, @version, @platform]
   end
-  def to_s
+  def inspect # :nodoc:
     "#<Gem::NameTuple #{@name}, #{@version}, #{@platform}>"
   end
+  alias to_s inspect # :nodoc:
   def <=> other
     to_a <=> other.to_a
   end

data/lib/rubygems/package.rb CHANGED

@@ -37,7 +37,7 @@
 #   the_gem.spec # get the spec out of the gem
 #   the_gem.verify # check the gem is OK (contains valid gem specification, contains a not corrupt contents archive)
 #
-# #files are the files in the .gem tar file, not the ruby files in the gem
+# #files are the files in the .gem tar file, not the Ruby files in the gem
 # #extract_files and #contents automatically call #verify
 require 'rubygems/security'
@@ -280,11 +280,16 @@ EOM
     algorithms = if @checksums then
                    @checksums.keys
                  else
-                   [Gem::Security::DIGEST_NAME]
+                   [Gem::Security::DIGEST_NAME].compact
                  end
     algorithms.each do |algorithm|
-      digester = OpenSSL::Digest.new algorithm
+      digester =
+        if defined?(OpenSSL::Digest) then
+          OpenSSL::Digest.new algorithm
+        else
+          Digest.const_get(algorithm).new
+        end
       digester << entry.read(16384) until entry.eof?
@@ -298,8 +303,11 @@ EOM
   ##
   # Extracts the files in this package into +destination_dir+
+  #
+  # If +pattern+ is specified, only entries matching that glob will be
+  # extracted.
-  def extract_files destination_dir
+  def extract_files destination_dir, pattern = "*"
     verify unless @spec
     FileUtils.mkdir_p destination_dir
@@ -310,7 +318,7 @@ EOM
       reader.each do |entry|
         next unless entry.full_name == 'data.tar.gz'
-        extract_tar_gz entry, destination_dir
+        extract_tar_gz entry, destination_dir, pattern
         return # ignore further entries
       end
@@ -324,10 +332,15 @@ EOM
   # If an entry in the archive contains a relative path above
   # +destination_dir+ or an absolute path is encountered an exception is
   # raised.
+  #
+  # If +pattern+ is specified, only entries matching that glob will be
+  # extracted.
-  def extract_tar_gz io, destination_dir # :nodoc:
+  def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
     open_tar_gz io do |tar|
       tar.each do |entry|
+        next unless File.fnmatch pattern, entry.full_name
         destination = install_location entry.full_name, destination_dir
         FileUtils.rm_rf destination
@@ -428,12 +441,13 @@ EOM
   # certificate and key are not present only checksum generation is set up.
   def setup_signer
+    passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
     if @spec.signing_key then
-      @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain
+      @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain, passphrase
       @spec.signing_key = nil
       @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
     else
-      @signer = Gem::Security::Signer.new nil, nil
+      @signer = Gem::Security::Signer.new nil, nil, passphrase
       @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if
         @signer.cert_chain
     end
@@ -509,28 +523,39 @@ EOM
     end
   end
+  ##
+  # Verifies +entry+ in a .gem file.
+  def verify_entry entry
+    file_name = entry.full_name
+    @files << file_name
+    case file_name
+    when /\.sig$/ then
+      @signatures[$`] = entry.read if @security_policy
+      return
+    else
+      digest entry
+    end
+    case file_name
+    when /^metadata(.gz)?$/ then
+      load_spec entry
+    when 'data.tar.gz' then
+      verify_gz entry
+    end
+  rescue => e
+    message = "package is corrupt, exception while verifying: " +
+              "#{e.message} (#{e.class})"
+    raise Gem::Package::FormatError.new message, @gem
+  end
   ##
   # Verifies the files of the +gem+
   def verify_files gem
     gem.each do |entry|
-      file_name = entry.full_name
-      @files << file_name
-      case file_name
-      when /\.sig$/ then
-        @signatures[$`] = entry.read if @security_policy
-        next
-      else
-        digest entry
-      end
-      case file_name
-      when /^metadata(.gz)?$/ then
-        load_spec entry
-      when 'data.tar.gz' then
-        verify_gz entry
-      end
+      verify_entry entry
     end
     unless @spec then

data/lib/rubygems/package/tar_test_case.rb CHANGED

@@ -71,7 +71,7 @@ class Gem::Package::TarTestCase < Gem::TestCase
     SP(Z(to_oct(sum, 6)))
   end
-  def header(type, fname, dname, length, mode, checksum = nil)
+  def header(type, fname, dname, length, mode, mtime, checksum = nil)
     checksum ||= " " * 8
     arr = [                  # struct tarfile_entry_posix
@@ -80,7 +80,7 @@ class Gem::Package::TarTestCase < Gem::TestCase
       Z(to_oct(0, 7)),       # char uid[8];        ditto
       Z(to_oct(0, 7)),       # char gid[8];        ditto
       Z(to_oct(length, 11)), # char size[12];      0 padded, octal, null
-      Z(to_oct(0, 11)),      # char mtime[12];     0 padded, octal, null
+      Z(to_oct(mtime, 11)),  # char mtime[12];     0 padded, octal, null
       checksum,              # char checksum[8];   0 padded, octal, null, space
       type,                  # char typeflag[1];   file: "0"  dir: "5"
       "\0" * 100,            # char linkname[100]; ASCII + (Z unless filled)
@@ -105,16 +105,16 @@ class Gem::Package::TarTestCase < Gem::TestCase
     ret
   end
-  def tar_dir_header(name, prefix, mode)
-    h = header("5", name, prefix, 0, mode)
+  def tar_dir_header(name, prefix, mode, mtime)
+    h = header("5", name, prefix, 0, mode, mtime)
     checksum = calc_checksum(h)
-    header("5", name, prefix, 0, mode, checksum)
+    header("5", name, prefix, 0, mode, mtime, checksum)
   end
-  def tar_file_header(fname, dname, mode, length)
-    h = header("0", fname, dname, length, mode)
+  def tar_file_header(fname, dname, mode, length, mtime)
+    h = header("0", fname, dname, length, mode, mtime)
     checksum = calc_checksum(h)
-    header("0", fname, dname, length, mode, checksum)
+    header("0", fname, dname, length, mode, mtime, checksum)
   end
   def to_oct(n, pad_size)
@@ -130,7 +130,7 @@ class Gem::Package::TarTestCase < Gem::TestCase
   end
   def util_dir_entry
-    util_entry tar_dir_header("foo", "bar", 0)
+    util_entry tar_dir_header("foo", "bar", 0, Time.now)
   end
 end

data/lib/rubygems/package/tar_writer.rb CHANGED

@@ -4,6 +4,8 @@
 # See LICENSE.txt for additional licensing information.
 #++
+require 'digest'
 ##
 # Allows writing of tar files
@@ -121,7 +123,8 @@ class Gem::Package::TarWriter
     @io.pos = init_pos
     header = Gem::Package::TarHeader.new :name => name, :mode => mode,
-                                         :size => size, :prefix => prefix
+                                         :size => size, :prefix => prefix,
+                                         :mtime => Time.now
     @io.write header
     @io.pos = final_pos
@@ -140,7 +143,15 @@ class Gem::Package::TarWriter
   def add_file_digest name, mode, digest_algorithms # :yields: io
     digests = digest_algorithms.map do |digest_algorithm|
       digest = digest_algorithm.new
-      [digest.name, digest]
+      digest_name =
+        if digest.respond_to? :name then
+          digest.name
+        else
+          /::([^:]+)$/ =~ digest_algorithm.name
+          $1
+        end
+      [digest_name, digest]
     end
     digests = Hash[*digests.flatten]
@@ -165,22 +176,32 @@ class Gem::Package::TarWriter
   def add_file_signed name, mode, signer
     digest_algorithms = [
       signer.digest_algorithm,
-      OpenSSL::Digest::SHA512,
-    ].uniq
+      Digest::SHA512,
+    ].compact.uniq
     digests = add_file_digest name, mode, digest_algorithms do |io|
       yield io
     end
-    signature_digest = digests.values.find do |digest|
-      digest.name == signer.digest_name
+    signature_digest = digests.values.compact.find do |digest|
+      digest_name =
+        if digest.respond_to? :name then
+          digest.name
+        else
+          /::([^:]+)$/ =~ digest.class.name
+          $1
+        end
+      digest_name == signer.digest_name
     end
-    signature = signer.sign signature_digest.digest
+    if signer.key then
+      signature = signer.sign signature_digest.digest
-    add_file_simple "#{name}.sig", 0444, signature.length do |io|
-      io.write signature
-    end if signature
+      add_file_simple "#{name}.sig", 0444, signature.length do |io|
+        io.write signature
+      end
+    end
     digests
   end
@@ -195,7 +216,8 @@ class Gem::Package::TarWriter
     name, prefix = split_name name
     header = Gem::Package::TarHeader.new(:name => name, :mode => mode,
-                                         :size => size, :prefix => prefix).to_s
+                                         :size => size, :prefix => prefix,
+                                         :mtime => Time.now).to_s
     @io.write header
     os = BoundedStream.new @io, size
@@ -256,7 +278,8 @@ class Gem::Package::TarWriter
     header = Gem::Package::TarHeader.new :name => name, :mode => mode,
                                          :typeflag => "5", :size => 0,
-                                         :prefix => prefix
+                                         :prefix => prefix,
+                                         :mtime => Time.now
     @io.write header