rubygems-update 2.1.0.rc.1 → 2.1.0.rc.2

data/lib/rubygems/commands/update_command.rb

@@ -52,6 +52,15 @@ class Gem::Commands::UpdateCommand < Gem::Command
     "--document --no-force --install-dir #{Gem.dir}"
   end
 
+  def description # :nodoc:
+    <<-EOF
+The update command will update your gems to the latest version.
+
+The update comamnd does not remove the previous version.  Use the cleanup
+command to remove old versions.
+    EOF
+  end
+
   def usage # :nodoc:
     "#{program_name} GEMNAME [GEMNAME ...]"
   end

data/lib/rubygems/commands/which_command.rb

@@ -23,6 +23,17 @@ class Gem::Commands::WhichCommand < Gem::Command
     "--no-gems-first --no-all"
   end
 
+  def description # :nodoc:
+    <<-EOF
+The which command is like the shell which command and shows you where
+the file you wish to require lives.
+
+You can use the which command to help determine why you are requiring a
+version you did not expect or to look at the content of a file you are
+requiring to see why it does not behave as you expect.
+    EOF
+  end
+
   def execute
     found = false
 

data/lib/rubygems/commands/yank_command.rb

@@ -9,7 +9,21 @@ class Gem::Commands::YankCommand < Gem::Command
   include Gem::GemcutterUtilities
 
   def description # :nodoc:
-    'Remove a specific gem version release from RubyGems.org'
+    <<-EOF
+The yank command removes a gem you pushed to a server from the server's
+index.
+
+Note that if you push a gem to rubygems.org the yank command does not
+prevent other people from downloading the gem via the download link.
+
+Once you have pushed a gem several downloads will happen automatically
+via the webhooks.  If you accidentally pushed passwords or other sensitive
+data you will need to change them immediately and yank your gem.
+
+If you are yanking a gem due to intellectual property reasons contact
+http://help.rubygems.org for permanant removal.  Be sure to mention this
+as the reason for the removal request.
+    EOF
   end
 
   def arguments # :nodoc:
@@ -21,7 +35,7 @@ class Gem::Commands::YankCommand < Gem::Command
   end
 
   def initialize
-    super 'yank', description
+    super 'yank', 'Remove a pushed gem from the index'
 
     add_version_option("remove")
     add_platform_option("remove")

data/lib/rubygems/core_ext/kernel_require.rb

@@ -8,6 +8,8 @@ require 'monitor'
 
 module Kernel
 
+  RUBYGEMS_ACTIVATION_MONITOR = Monitor.new # :nodoc:
+
   if defined?(gem_original_require) then
     # Ruby ships with a custom_require, override its require
     remove_method :require
@@ -33,10 +35,8 @@ module Kernel
   # The normal <tt>require</tt> functionality of returning false if
   # that file has already been loaded is preserved.
 
-  ACTIVATION_MONITOR = Monitor.new
-
   def require path
-    ACTIVATION_MONITOR.enter
+    RUBYGEMS_ACTIVATION_MONITOR.enter
 
     spec = Gem.find_unresolved_default_spec(path)
     if spec
@@ -118,7 +118,7 @@ module Kernel
 
     raise load_error
   ensure
-    ACTIVATION_MONITOR.exit
+    RUBYGEMS_ACTIVATION_MONITOR.exit
   end
 
   private :require

data/lib/rubygems/defaults.rb

@@ -134,4 +134,11 @@ module Gem
   def self.default_cert_path
     File.join Gem.user_home, ".gem", "gem-public_cert.pem"
   end
+
+  ##
+  # Whether to expect full paths in default gems - true for non-MRI
+  # ruby implementations
+  def self.default_gems_use_full_paths?
+    ruby_engine != 'ruby'
+  end
 end

data/lib/rubygems/dependency_installer.rb

@@ -5,8 +5,7 @@ require 'rubygems/package'
 require 'rubygems/installer'
 require 'rubygems/spec_fetcher'
 require 'rubygems/user_interaction'
-require 'rubygems/source/local'
-require 'rubygems/source/specific_file'
+require 'rubygems/source'
 require 'rubygems/available_set'
 
 ##
@@ -251,7 +250,6 @@ class Gem::DependencyInstaller
   def find_spec_by_name_and_version gem_name,
                                     version = Gem::Requirement.default,
                                     prerelease = false
-
     set = Gem::AvailableSet.new
 
     if consider_local?
@@ -269,7 +267,6 @@ class Gem::DependencyInstaller
 
     if set.empty?
       dep = Gem::Dependency.new gem_name, version
-      # HACK Dependency objects should be immutable
       dep.prerelease = true if prerelease
 
       set = find_gems_with_sources(dep)

data/lib/rubygems/ext/builder.rb

@@ -4,8 +4,23 @@
 # See LICENSE.txt for permissions.
 #++
 
+require 'rubygems/user_interaction'
+require 'thread'
+
 class Gem::Ext::Builder
 
+  include Gem::UserInteraction
+
+  ##
+  # The builder shells-out to run various commands after changing the
+  # directory.  This means multiple installations cannot be allowed to build
+  # extensions in parallel as they may change each other's directories leading
+  # to broken extensions or failed installations.
+
+  CHDIR_MUTEX = Mutex.new # :nodoc:
+
+  attr_accessor :build_args # :nodoc:
+
   def self.class_name
     name =~ /Ext::(.*)Builder/
     $1.downcase
@@ -63,5 +78,108 @@ class Gem::Ext::Builder
     end
   end
 
+  ##
+  # Creates a new extension builder for +spec+ using the given +build_args+.
+  # The gem for +spec+ is unpacked in +gem_dir+.
+
+  def initialize spec, build_args
+    @spec       = spec
+    @build_args = build_args
+    @gem_dir    = spec.gem_dir
+
+    @ran_rake   = nil
+  end
+
+  ##
+  # Chooses the extension builder class for +extension+
+
+  def builder_for extension # :nodoc:
+    case extension
+    when /extconf/ then
+      Gem::Ext::ExtConfBuilder
+    when /configure/ then
+      Gem::Ext::ConfigureBuilder
+    when /rakefile/i, /mkrf_conf/i then
+      @ran_rake = true
+      Gem::Ext::RakeBuilder
+    when /CMakeLists.txt/ then
+      Gem::Ext::CmakeBuilder
+    else
+      extension_dir = File.join @gem_dir, File.dirname(extension)
+
+      message = "No builder for extension '#{extension}'"
+      build_error extension_dir, message
+    end
+  end
+
+  ##
+  # Logs the build +output+ in +build_dir+, then raises ExtensionBuildError.
+
+  def build_error build_dir, output, backtrace = nil # :nodoc:
+    gem_make_out = File.join build_dir, 'gem_make.out'
+
+    open gem_make_out, 'wb' do |io| io.puts output end
+
+    message = <<-EOF
+ERROR: Failed to build gem native extension.
+
+    #{output}
+
+Gem files will remain installed in #{@gem_dir} for inspection.
+Results logged to #{gem_make_out}
+EOF
+
+    raise Gem::Installer::ExtensionBuildError, message, backtrace
+  end
+
+  def build_extension extension, dest_path # :nodoc:
+    results = []
+
+    extension ||= '' # I wish I knew why this line existed
+    extension_dir = File.join @gem_dir, File.dirname(extension)
+
+    builder = builder_for extension
+
+    begin
+      FileUtils.mkdir_p dest_path
+
+      CHDIR_MUTEX.synchronize do
+        Dir.chdir extension_dir do
+          results = builder.build(extension, @gem_dir, dest_path,
+                                  results, @build_args)
+
+          say results.join("\n") if Gem.configuration.really_verbose
+        end
+      end
+    rescue
+      build_error extension_dir, results.join("\n"), $@
+    end
+  end
+
+  ##
+  # Builds extensions.  Valid types of extensions are extconf.rb files,
+  # configure scripts and rakefiles or mkrf_conf files.
+
+  def build_extensions
+    return if @spec.extensions.empty?
+
+    if @build_args.empty?
+      say "Building native extensions.  This could take a while..."
+    else
+      say "Building native extensions with: '#{@build_args.join ' '}'"
+      say "This could take a while..."
+    end
+
+    dest_path = File.join @gem_dir, @spec.require_paths.first
+
+    @ran_rake = false # only run rake once
+
+    @spec.extensions.each do |extension|
+      break if @ran_rake
+
+      build_extension extension, dest_path
+    end
+  end
+
 end
 

data/lib/rubygems/installer.rb

@@ -661,73 +661,20 @@ TEXT
   # configure scripts and rakefiles or mkrf_conf files.
 
   def build_extensions
-    return if spec.extensions.empty?
+    builder = Gem::Ext::Builder.new spec, @build_args
 
-    if @build_args.empty?
-      say "Building native extensions.  This could take a while..."
-    else
-      say "Building native extensions with: '#{@build_args.join(' ')}'"
-      say "This could take a while..."
-    end
-
-    dest_path = File.join gem_dir, spec.require_paths.first
-    ran_rake = false # only run rake once
-
-    spec.extensions.each do |extension|
-      break if ran_rake
-      results = []
-
-      extension ||= ""
-      extension_dir = File.join gem_dir, File.dirname(extension)
-
-      builder = case extension
-                when /extconf/ then
-                  Gem::Ext::ExtConfBuilder
-                when /configure/ then
-                  Gem::Ext::ConfigureBuilder
-                when /rakefile/i, /mkrf_conf/i then
-                  ran_rake = true
-                  Gem::Ext::RakeBuilder
-                when /CMakeLists.txt/ then
-                  Gem::Ext::CmakeBuilder
-                else
-                  message = "No builder for extension '#{extension}'"
-                  extension_build_error extension_dir, message
-                end
-
-      begin
-        FileUtils.mkdir_p dest_path
-
-        Dir.chdir extension_dir do
-          results = builder.build(extension, gem_dir, dest_path,
-                                  results, @build_args)
-
-          say results.join("\n") if Gem.configuration.really_verbose
-        end
-      rescue
-        extension_build_error(extension_dir, results.join("\n"), $@)
-      end
-    end
+    builder.build_extensions
   end
 
   ##
   # Logs the build +output+ in +build_dir+, then raises ExtensionBuildError.
+  #
+  # TODO:  Delete this for RubyGems 3.  It remains for API compatibility
 
-  def extension_build_error(build_dir, output, backtrace = nil)
-    gem_make_out = File.join build_dir, 'gem_make.out'
-
-    open gem_make_out, 'wb' do |io| io.puts output end
-
-    message = <<-EOF
-ERROR: Failed to build gem native extension.
-
-    #{output}
-
-Gem files will remain installed in #{gem_dir} for inspection.
-Results logged to #{gem_make_out}
-EOF
+  def extension_build_error(build_dir, output, backtrace = nil) # :nodoc:
+    builder = Gem::Ext::Builder.new spec, @build_args
 
-    raise ExtensionBuildError, message, backtrace
+    builder.build_error build_dir, output, backtrace
   end
 
   ##

data/lib/rubygems/package_task.rb

@@ -96,12 +96,15 @@ class Gem::PackageTask < Rake::PackageTask
   def define
     super
 
-    task :package => [:gem]
-
     gem_file = File.basename gem_spec.cache_file
     gem_path = File.join package_dir, gem_file
     gem_dir  = File.join package_dir, gem_spec.full_name
 
+    task :package => [:gem]
+
+    directory package_dir
+    directory gem_dir
+
     desc "Build the gem file #{gem_file}"
     task :gem => [gem_path]
 

data/lib/rubygems/remote_fetcher.rb

@@ -325,7 +325,7 @@ class Gem::RemoteFetcher
 
   def request(uri, request_class, last_modified = nil)
     request = Gem::Request.new uri, request_class, last_modified, @proxy
-    
+
     request.fetch do |req|
       yield req if block_given?
     end

data/lib/rubygems/security/policy.rb

@@ -213,6 +213,9 @@ class Gem::Security::Policy
       if @only_signed then
         raise Gem::Security::Exception,
           "unsigned gems are not allowed by the #{name} policy"
+      elsif digests.empty? then
+        # lack of signatures is irrelevant if there is nothing to check
+        # against
       else
         alert_warning "#{full_name} is not signed"
       end
@@ -246,6 +249,8 @@ class Gem::Security::Policy
 
     if @only_trusted then
       check_trust chain, digester, trust_dir
+    elsif signatures.empty? and digests.empty? then
+      # trust is irrelevant if there's no signatures to verify
     else
       alert_warning "#{subject signer} is not trusted for #{full_name}"
     end

data/lib/rubygems/security/signer.rb

@@ -62,6 +62,22 @@ class Gem::Security::Signer
     end
   end
 
+  ##
+  # Extracts the full name of +cert+.  If the certificate has a subjectAltName
+  # this value is preferred, otherwise the subject is used.
+
+  def extract_name cert # :nodoc:
+    subject_alt_name = cert.extensions.find { |e| 'subjectAltName' == e.oid }
+
+    if subject_alt_name then
+      /\Aemail:/ =~ subject_alt_name.value
+
+      $' || subject_alt_name.value
+    else
+      cert.subject
+    end
+  end
+
   ##
   # Loads any missing issuers in the cert chain from the trusted certificates.
   #
@@ -89,7 +105,9 @@ class Gem::Security::Signer
       re_sign_key
     end
 
-    Gem::Security::SigningPolicy.verify @cert_chain, @key
+    full_name = extract_name @cert_chain.last
+
+    Gem::Security::SigningPolicy.verify @cert_chain, @key, {}, {}, full_name
 
     @key.sign @digest_algorithm.new, data
   end

data/lib/rubygems/source.rb

@@ -26,15 +26,17 @@ class Gem::Source
 
   def <=>(other)
     case other
-    when Gem::Source::Installed, Gem::Source::Local then
+    when Gem::Source::Installed,
+         Gem::Source::Local,
+         Gem::Source::SpecificFile then
       -1
     when Gem::Source then
       if !@uri
         return 0 unless other.uri
-        return -1
+        return 1
       end
 
-      return 1 if !other.uri
+      return -1 if !other.uri
 
       @uri.to_s <=> other.uri.to_s
     else
@@ -158,3 +160,5 @@ class Gem::Source
 end
 
 require 'rubygems/source/installed'
+require 'rubygems/source/specific_file'
+require 'rubygems/source/local'