RubyGems - rubygems-update - Versions diffs - 2.0.17 → 2.1.0.rc.1 - Mend

rubygems-update 2.0.17 → 2.1.0.rc.1

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (154) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +2 -0
data/.autotest +1 -1
data/History.txt +82 -153
data/Manifest.txt +35 -9
data/Rakefile +35 -36
data/lib/rubygems.rb +106 -18
data/lib/rubygems/available_set.rb +68 -0
data/lib/rubygems/basic_specification.rb +139 -0
data/lib/rubygems/command_manager.rb +37 -40
data/lib/rubygems/commands/cert_command.rb +78 -29
data/lib/rubygems/commands/cleanup_command.rb +2 -2
data/lib/rubygems/commands/contents_command.rb +101 -58
data/lib/rubygems/commands/dependency_command.rb +94 -53
data/lib/rubygems/commands/environment_command.rb +70 -53
data/lib/rubygems/commands/fetch_command.rb +1 -2
data/lib/rubygems/commands/help_command.rb +85 -55
data/lib/rubygems/commands/install_command.rb +84 -42
data/lib/rubygems/commands/outdated_command.rb +2 -12
data/lib/rubygems/commands/owner_command.rb +6 -0
data/lib/rubygems/commands/pristine_command.rb +26 -16
data/lib/rubygems/commands/sources_command.rb +85 -70
data/lib/rubygems/commands/uninstall_command.rb +32 -2
data/lib/rubygems/commands/update_command.rb +111 -75
data/lib/rubygems/config_file.rb +15 -3
data/lib/rubygems/core_ext/kernel_require.rb +9 -31
data/lib/rubygems/defaults.rb +8 -0
data/lib/rubygems/dependency.rb +4 -2
data/lib/rubygems/dependency_installer.rb +180 -170
data/lib/rubygems/dependency_resolver.rb +191 -526
data/lib/rubygems/dependency_resolver/activation_request.rb +109 -0
data/lib/rubygems/dependency_resolver/api_set.rb +65 -0
data/lib/rubygems/dependency_resolver/api_specification.rb +36 -0
data/lib/rubygems/dependency_resolver/composed_set.rb +18 -0
data/lib/rubygems/dependency_resolver/current_set.rb +16 -0
data/lib/rubygems/dependency_resolver/dependency_conflict.rb +85 -0
data/lib/rubygems/dependency_resolver/dependency_request.rb +51 -0
data/lib/rubygems/dependency_resolver/index_set.rb +59 -0
data/lib/rubygems/dependency_resolver/index_specification.rb +53 -0
data/lib/rubygems/dependency_resolver/installed_specification.rb +38 -0
data/lib/rubygems/dependency_resolver/installer_set.rb +130 -0
data/lib/rubygems/exceptions.rb +88 -1
data/lib/rubygems/ext/builder.rb +1 -1
data/lib/rubygems/gem_runner.rb +17 -9
data/lib/rubygems/gemcutter_utilities.rb +72 -42
data/lib/rubygems/install_default_message.rb +12 -0
data/lib/rubygems/install_update_options.rb +3 -0
data/lib/rubygems/installer.rb +55 -30
data/lib/rubygems/name_tuple.rb +18 -7
data/lib/rubygems/package.rb +50 -25
data/lib/rubygems/package/tar_test_case.rb +9 -9
data/lib/rubygems/package/tar_writer.rb +35 -12
data/lib/rubygems/package_task.rb +2 -5
data/lib/rubygems/path_support.rb +10 -0
data/lib/rubygems/platform.rb +9 -3
data/lib/rubygems/psych_additions.rb +1 -1
data/lib/rubygems/remote_fetcher.rb +9 -276
data/lib/rubygems/request.rb +267 -0
data/lib/rubygems/request_set.rb +123 -125
data/lib/rubygems/request_set/gem_dependency_api.rb +39 -0
data/lib/rubygems/security.rb +32 -23
data/lib/rubygems/security/policy.rb +35 -9
data/lib/rubygems/security/signer.rb +2 -2
data/lib/rubygems/server.rb +8 -16
data/lib/rubygems/source.rb +25 -14
data/lib/rubygems/source/installed.rb +28 -0
data/lib/rubygems/source/local.rb +122 -0
data/lib/rubygems/source/specific_file.rb +28 -0
data/lib/rubygems/source_local.rb +2 -89
data/lib/rubygems/source_specific_file.rb +2 -26
data/lib/rubygems/spec_fetcher.rb +11 -11
data/lib/rubygems/specification.rb +186 -198
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem +88 -30
data/lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem +90 -0
data/lib/rubygems/ssl_certs/{GeoTrustGlobalCA.pem → GeoTrust_Global_CA.pem} +20 -20
data/lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem +57 -0
data/lib/rubygems/stub_specification.rb +119 -0
data/lib/rubygems/test_case.rb +117 -49
data/lib/rubygems/uninstaller.rb +14 -9
data/lib/rubygems/uri_formatter.rb +39 -0
data/lib/rubygems/util/list.rb +44 -0
data/lib/rubygems/version.rb +15 -5
data/lib/rubygems/version_option.rb +8 -2
data/test/rubygems/ca_cert.pem +23 -0
data/test/rubygems/client.pem +49 -0
data/test/rubygems/encrypted_private_key.pem +30 -0
data/test/rubygems/invalid_client.pem +49 -0
data/test/rubygems/specifications/bar-0.0.2.gemspec +9 -0
data/test/rubygems/specifications/foo-0.0.1.gemspec +0 -0
data/test/rubygems/test_gem.rb +76 -454
data/test/rubygems/test_gem_command_manager.rb +23 -21
data/test/rubygems/test_gem_commands_cert_command.rb +154 -14
data/test/rubygems/test_gem_commands_cleanup_command.rb +15 -0
data/test/rubygems/test_gem_commands_contents_command.rb +32 -4
data/test/rubygems/test_gem_commands_environment_command.rb +9 -1
data/test/rubygems/test_gem_commands_fetch_command.rb +2 -28
data/test/rubygems/test_gem_commands_help_command.rb +6 -3
data/test/rubygems/test_gem_commands_install_command.rb +2 -65
data/test/rubygems/test_gem_commands_owner_command.rb +49 -0
data/test/rubygems/test_gem_commands_pristine_command.rb +30 -0
data/test/rubygems/test_gem_commands_sources_command.rb +1 -1
data/test/rubygems/test_gem_commands_uninstall_command.rb +33 -0
data/test/rubygems/test_gem_commands_update_command.rb +2 -1
data/test/rubygems/test_gem_config_file.rb +12 -0
data/test/rubygems/test_gem_dependency_installer.rb +58 -65
data/test/rubygems/test_gem_dependency_resolver.rb +6 -3
data/test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb +36 -0
data/test/rubygems/test_gem_ext_builder.rb +2 -4
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +7 -2
data/test/rubygems/test_gem_gem_runner.rb +17 -13
data/test/rubygems/test_gem_gemcutter_utilities.rb +6 -19
data/test/rubygems/test_gem_impossible_dependencies_error.rb +41 -0
data/test/rubygems/test_gem_install_update_options.rb +4 -1
data/test/rubygems/test_gem_installer.rb +31 -2
data/test/rubygems/test_gem_name_tuple.rb +22 -0
data/test/rubygems/test_gem_package.rb +122 -11
data/test/rubygems/test_gem_package_old.rb +8 -0
data/test/rubygems/test_gem_package_tar_reader.rb +9 -8
data/test/rubygems/test_gem_package_tar_reader_entry.rb +1 -1
data/test/rubygems/test_gem_package_tar_writer.rb +78 -56
data/test/rubygems/test_gem_package_task.rb +2 -23
data/test/rubygems/test_gem_path_support.rb +17 -0
data/test/rubygems/test_gem_platform.rb +18 -0
data/test/rubygems/test_gem_remote_fetcher.rb +106 -385
data/test/rubygems/test_gem_request.rb +239 -0
data/test/rubygems/test_gem_requirement.rb +9 -11
data/test/rubygems/test_gem_security.rb +58 -2
data/test/rubygems/test_gem_security_policy.rb +42 -1
data/test/rubygems/test_gem_security_signer.rb +13 -1
data/test/rubygems/test_gem_security_trust_dir.rb +5 -1
data/test/rubygems/test_gem_server.rb +1 -105
data/test/rubygems/test_gem_source.rb +4 -14
data/test/rubygems/test_gem_source_local.rb +4 -4
data/test/rubygems/test_gem_source_specific_file.rb +1 -1
data/test/rubygems/test_gem_spec_fetcher.rb +0 -12
data/test/rubygems/test_gem_specification.rb +452 -28
data/test/rubygems/test_gem_stub_specification.rb +30 -0
data/test/rubygems/test_gem_uninstaller.rb +14 -0
data/test/rubygems/test_gem_uri_formatter.rb +20 -0
data/test/rubygems/test_gem_version.rb +23 -13
data/test/rubygems/test_gem_version_option.rb +63 -1
data/test/rubygems/test_require.rb +0 -12
data/util/create_encrypted_key.rb +16 -0
metadata +161 -23
metadata.gz.sig +0 -0
data/CVE-2013-4287.txt +0 -36
data/CVE-2013-4363.txt +0 -45
data/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem +0 -25
data/lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem +0 -14
data/lib/rubygems/ssl_certs/DigiCertHighAssuranceEVRootCA.pem +0 -23
data/lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem +0 -28
data/test/rubygems/test_bundled_ca.rb +0 -59
data/util/update_bundled_ca_certificates.rb +0 -103

data/lib/rubygems/request_set.rb CHANGED

@@ -5,178 +5,176 @@ require 'rubygems/dependency_list'
 require 'rubygems/installer'
 require 'tsort'
-module Gem
-  class RequestSet
+class Gem::RequestSet
-    include TSort
+  include TSort
-    def initialize(*deps)
-      @dependencies = deps
+  ##
+  # Array of gems to install even if already installed
-      yield self if block_given?
-    end
+  attr_reader :always_install
-    attr_reader :dependencies
+  attr_reader :dependencies
-    # Declare that a gem of name +name+ with +reqs+ requirements
-    # is needed.
-    #
-    def gem(name, *reqs)
-      @dependencies << Gem::Dependency.new(name, reqs)
-    end
+  attr_accessor :development
-    # Add +deps+ Gem::Depedency objects to the set.
-    #
-    def import(deps)
-      @dependencies += deps
-    end
+  ##
+  # Treat missing dependencies as silent errors
-    # Resolve the requested dependencies and return an Array of
-    # Specification objects to be activated.
-    #
-    def resolve(set=nil)
-      r = Gem::DependencyResolver.new(@dependencies, set)
-      @requests = r.resolve
-    end
+  attr_accessor :soft_missing
-    # Resolve the requested dependencies against the gems
-    # available via Gem.path and return an Array of Specification
-    # objects to be activated.
-    #
-    def resolve_current
-      resolve DependencyResolver::CurrentSet.new
-    end
+  def initialize *deps
+    @dependencies = deps
-    # Load a dependency management file.
-    #
-    def load_gemdeps(path)
-      gf = GemDepedencyAPI.new(self, path)
-      gf.load
-    end
+    @always_install = []
+    @development    = false
+    @soft_missing   = false
-    def specs
-      @specs ||= @requests.map { |r| r.full_spec }
-    end
+    yield self if block_given?
+  end
-    def tsort_each_node(&block)
-      @requests.each(&block)
-    end
+  ##
+  # Declare that a gem of name +name+ with +reqs+ requirements is needed.
-    def tsort_each_child(node)
-      node.spec.dependencies.each do |dep|
-        next if dep.type == :development
-        match = @requests.find { |r| dep.match? r.spec.name, r.spec.version }
-        if match
-          begin
-            yield match
-          rescue TSort::Cyclic
-          end
-        else
-          raise Gem::DependencyError, "Unresolved depedency found during sorting - #{dep}"
-        end
-      end
-    end
+  def gem name, *reqs
+    @dependencies << Gem::Dependency.new(name, reqs)
+  end
+  ##
+  # Add +deps+ Gem::Dependency objects to the set.
+  def import deps
+    @dependencies += deps
+  end
-    def sorted_requests
-      @sorted ||= strongly_connected_components.flatten
+  def install options, &block
+    if dir = options[:install_dir]
+      return install_into dir, false, options, &block
     end
-    def specs_in(dir)
-      Dir["#{dir}/specifications/*.gemspec"].map do |g|
-        Gem::Specification.load g
+    cache_dir = options[:cache_dir] || Gem.dir
+    specs = []
+    sorted_requests.each do |req|
+      if req.installed? and
+         @always_install.none? { |spec| spec == req.spec.spec } then
+        yield req, nil if block_given?
+        next
       end
-    end
-    def install_into(dir, force=true, &b)
-      existing = force ? [] : specs_in(dir)
+      path = req.download cache_dir
-      dir = File.expand_path dir
+      inst = Gem::Installer.new path, options
-      installed = []
+      yield req, inst if block_given?
-      sorted_requests.each do |req|
-        if existing.find { |s| s.full_name == req.spec.full_name }
-          b.call req, nil if b
-          next
-        end
+      specs << inst.install
+    end
-        path = req.download(dir)
+    specs
+  end
-        inst = Gem::Installer.new path, :install_dir => dir,
-                                        :only_install_dir => true
+  def install_into dir, force = true, options = {}
+    existing = force ? [] : specs_in(dir)
+    existing.delete_if { |s| @always_install.include? s }
-        b.call req, inst if b
+    dir = File.expand_path dir
-        inst.install
+    installed = []
-        installed << req
+    sorted_requests.each do |req|
+      if existing.find { |s| s.full_name == req.spec.full_name }
+        yield req, nil if block_given?
+        next
       end
-      installed
-    end
+      path = req.download(dir)
-    def install(options, &b)
-      if dir = options[:install_dir]
-        return install_into(dir, false, &b)
+      unless path then # already installed
+        yield req, nil if block_given?
+        next
       end
-      cache_dir = options[:cache_dir] || Gem.dir
+      options[:install_dir] = dir
+      options[:only_install_dir] = true
-      specs = []
+      inst = Gem::Installer.new path, options
-      sorted_requests.each do |req|
-        if req.installed?
-          b.call req, nil if b
-          next
-        end
+      yield req, inst if block_given?
-        path = req.download cache_dir
+      inst.install
-        inst = Gem::Installer.new path, options
+      installed << req
+    end
-        b.call req, inst if b
+    installed
+  end
-        specs << inst.install
-      end
+  ##
+  # Load a dependency management file.
-      specs
-    end
+  def load_gemdeps path
+    gf = Gem::RequestSet::GemDepedencyAPI.new self, path
+    gf.load
+  end
-    # A semi-compatible DSL for Bundler's Gemfile format
-    #
-    class GemDepedencyAPI
-      def initialize(set, path)
-        @set = set
-        @path = path
-      end
+  ##
+  # Resolve the requested dependencies and return an Array of Specification
+  # objects to be activated.
-      def load
-        instance_eval File.read(@path).untaint, @path, 1
-      end
+  def resolve set = nil
+    resolver = Gem::DependencyResolver.new @dependencies, set
+    resolver.development  = @development
+    resolver.soft_missing = @soft_missing
-      # DSL
+    @requests = resolver.resolve
+  end
-      def source(url)
-      end
+  ##
+  # Resolve the requested dependencies against the gems available via Gem.path
+  # and return an Array of Specification objects to be activated.
-      def gem(name, *reqs)
-        # Ignore the opts for now.
-        reqs.pop if reqs.last.kind_of?(Hash)
+  def resolve_current
+    resolve Gem::DependencyResolver::CurrentSet.new
+  end
-        @set.gem name, *reqs
-      end
+  def sorted_requests
+    @sorted ||= strongly_connected_components.flatten
+  end
-      def platform(what)
-        if what == :ruby
-          yield
-        end
-      end
+  def specs
+    @specs ||= @requests.map { |r| r.full_spec }
+  end
+  def specs_in dir
+    Dir["#{dir}/specifications/*.gemspec"].map do |g|
+      Gem::Specification.load g
+    end
+  end
+  def tsort_each_node &block # :nodoc:
+    @requests.each(&block)
+  end
-      alias_method :platforms, :platform
+  def tsort_each_child node # :nodoc:
+    node.spec.dependencies.each do |dep|
+      next if dep.type == :development and not @development
-      def group(*what)
+      match = @requests.find { |r| dep.match? r.spec.name, r.spec.version }
+      if match
+        begin
+          yield match
+        rescue TSort::Cyclic
+        end
+      else
+        unless @soft_missing
+          raise Gem::DependencyError, "Unresolved depedency found during sorting - #{dep}"
+        end
       end
     end
   end
 end
+require 'rubygems/request_set/gem_dependency_api'

data/lib/rubygems/request_set/gem_dependency_api.rb ADDED

@@ -0,0 +1,39 @@
+##
+# A semi-compatible DSL for Bundler's Gemfile format
+class Gem::RequestSet::GemDepedencyAPI
+  def initialize set, path
+    @set = set
+    @path = path
+  end
+  def load
+    instance_eval File.read(@path).untaint, @path, 1
+  end
+  # :category: Bundler Gemfile DSL
+  def gem name, *reqs
+    # Ignore the opts for now.
+    reqs.pop if reqs.last.kind_of?(Hash)
+    @set.gem name, *reqs
+  end
+  def group *what
+  end
+  def platform what
+    if what == :ruby
+      yield
+    end
+  end
+  alias :platforms :platform
+  def source url
+  end
+end

data/lib/rubygems/security.rb CHANGED

@@ -12,20 +12,6 @@ begin
 rescue LoadError => e
   raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
                e.message =~ / -- openssl$/
-  module OpenSSL # :nodoc:
-    class Digest # :nodoc:
-      class SHA1 # :nodoc:
-        def name
-          'SHA1'
-        end
-      end
-    end
-    module PKey # :nodoc:
-      class RSA # :nodoc:
-      end
-    end
-  end
 end
 ##
@@ -352,23 +338,38 @@ module Gem::Security
   ##
   # Digest algorithm used to sign gems
-  DIGEST_ALGORITHM = OpenSSL::Digest::SHA1
+  DIGEST_ALGORITHM =
+    if defined?(OpenSSL::Digest) then
+      OpenSSL::Digest::SHA1
+    end
   ##
   # Used internally to select the signing digest from all computed digests
-  DIGEST_NAME = DIGEST_ALGORITHM.new.name # :nodoc:
+  DIGEST_NAME = # :nodoc:
+    if DIGEST_ALGORITHM then
+      DIGEST_ALGORITHM.new.name
+    end
   ##
   # Algorithm for creating the key pair used to sign gems
-  KEY_ALGORITHM = OpenSSL::PKey::RSA
+  KEY_ALGORITHM =
+    if defined?(OpenSSL::PKey) then
+      OpenSSL::PKey::RSA
+    end
   ##
   # Length of keys created by KEY_ALGORITHM
   KEY_LENGTH = 2048
+  ##
+  # Cipher used to encrypt the key pair used to sign gems.
+  # Must be in the list returned by OpenSSL::Cipher.ciphers
+  KEY_CIPHER = OpenSSL::Cipher.new('AES-256-CBC') if defined?(OpenSSL::Cipher)
   ##
   # One year in seconds
@@ -563,13 +564,18 @@ module Gem::Security
   ##
   # Writes +pemmable+, which must respond to +to_pem+ to +path+ with the given
-  # +permissions+.
+  # +permissions+. If passed +cipher+ and +passphrase+ those arguments will be
+  # passed to +to_pem+.
-  def self.write pemmable, path, permissions = 0600
+  def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER
     path = File.expand_path path
     open path, 'wb', permissions do |io|
-      io.write pemmable.to_pem
+      if passphrase and cipher
+        io.write pemmable.to_pem cipher, passphrase
+      else
+        io.write pemmable.to_pem
+      end
     end
     path
@@ -579,8 +585,11 @@ module Gem::Security
 end
-require 'rubygems/security/policy'
-require 'rubygems/security/policies'
+if defined?(OpenSSL::SSL) then
+  require 'rubygems/security/policy'
+  require 'rubygems/security/policies'
+  require 'rubygems/security/trust_dir'
+end
 require 'rubygems/security/signer'
-require 'rubygems/security/trust_dir'

data/lib/rubygems/security/policy.rb CHANGED

@@ -1,3 +1,5 @@
+require 'rubygems/user_interaction'
 ##
 # A Gem::Security::Policy object encapsulates the settings for verifying
 # signed gem files.  This is the base class.  You can either declare an
@@ -6,6 +8,8 @@
 class Gem::Security::Policy
+  include Gem::UserInteraction
   attr_reader :name
   attr_accessor :only_signed
@@ -175,6 +179,19 @@ class Gem::Security::Policy
     true
   end
+  ##
+  # Extracts the email or subject from +certificate+
+  def subject certificate # :nodoc:
+    certificate.extensions.each do |extension|
+      next unless extension.oid == 'subjectAltName'
+      return extension.value
+    end
+    certificate.subject.to_s
+  end
   def inspect # :nodoc:
     ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
      "signed-only: %p trusted-only: %p]") % [
@@ -184,16 +201,21 @@ class Gem::Security::Policy
   end
   ##
-  # Verifies the certificate +chain+ is valid, the +digests+ match the
-  # signatures +signatures+ created by the signer depending on the +policy+
-  # settings.
+  # For +full_name+, verifies the certificate +chain+ is valid, the +digests+
+  # match the signatures +signatures+ created by the signer depending on the
+  # +policy+ settings.
   #
   # If +key+ is given it is used to validate the signing certificate.
-  def verify chain, key = nil, digests = {}, signatures = {}
-    if @only_signed and signatures.empty? then
-      raise Gem::Security::Exception,
-        "unsigned gems are not allowed by the #{name} policy"
+  def verify chain, key = nil, digests = {}, signatures = {},
+             full_name = '(unknown)'
+    if signatures.empty? then
+      if @only_signed then
+        raise Gem::Security::Exception,
+          "unsigned gems are not allowed by the #{name} policy"
+      else
+        alert_warning "#{full_name} is not signed"
+      end
     end
     opt       = @opt
@@ -222,7 +244,11 @@ class Gem::Security::Policy
     check_root chain, time if @verify_root
-    check_trust chain, digester, trust_dir if @only_trusted
+    if @only_trusted then
+      check_trust chain, digester, trust_dir
+    else
+      alert_warning "#{subject signer} is not trusted for #{full_name}"
+    end
     signatures.each do |file, _|
       digest = signer_digests[file]
@@ -252,7 +278,7 @@ class Gem::Security::Policy
       OpenSSL::X509::Certificate.new cert_pem
     end
-    verify chain, nil, digests, signatures
+    verify chain, nil, digests, signatures, spec.full_name
     true
   end