RubyGems - rubygems-update - Versions diffs - 2.7.10 → 3.0.0 - Mend

rubygems-update 2.7.10 → 3.0.0

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (345) hide show

checksums.yaml +4 -4
data/.rubocop.yml +66 -0
data/.travis.yml +22 -18
data/CONTRIBUTING.md +141 -0
data/History.txt +291 -14
data/MAINTAINERS.txt +1 -0
data/Manifest.txt +13 -9
data/POLICIES.md +92 -0
data/README.md +47 -26
data/Rakefile +47 -207
data/{UPGRADING.rdoc → UPGRADING.md} +31 -32
data/appveyor.yml +20 -45
data/bin/gem +1 -2
data/bin/update_rubygems +2 -3
data/bundler/CHANGELOG.md +54 -0
data/bundler/bundler.gemspec +7 -1
data/bundler/lib/bundler.rb +26 -8
data/bundler/lib/bundler/build_metadata.rb +2 -2
data/bundler/lib/bundler/cli.rb +63 -21
data/bundler/lib/bundler/cli/add.rb +15 -5
data/bundler/lib/bundler/cli/binstubs.rb +8 -2
data/bundler/lib/bundler/cli/doctor.rb +47 -1
data/bundler/lib/bundler/cli/install.rb +8 -5
data/bundler/lib/bundler/cli/list.rb +41 -5
data/bundler/lib/bundler/cli/outdated.rb +7 -1
data/bundler/lib/bundler/cli/pristine.rb +4 -0
data/bundler/lib/bundler/cli/remove.rb +18 -0
data/bundler/lib/bundler/definition.rb +15 -16
data/bundler/lib/bundler/dependency.rb +2 -2
data/bundler/lib/bundler/dsl.rb +19 -3
data/bundler/lib/bundler/feature_flag.rb +7 -0
data/bundler/lib/bundler/gem_version_promoter.rb +4 -2
data/bundler/lib/bundler/injector.rb +168 -9
data/bundler/lib/bundler/installer.rb +29 -6
data/bundler/lib/bundler/installer/parallel_installer.rb +5 -0
data/bundler/lib/bundler/plugin.rb +10 -3
data/bundler/lib/bundler/plugin/events.rb +61 -0
data/bundler/lib/bundler/resolver.rb +2 -2
data/bundler/lib/bundler/runtime.rb +8 -2
data/bundler/lib/bundler/settings.rb +24 -3
data/bundler/lib/bundler/settings/validator.rb +23 -0
data/bundler/lib/bundler/shared_helpers.rb +19 -3
data/bundler/lib/bundler/source.rb +9 -9
data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +1 -0
data/bundler/lib/bundler/version.rb +1 -1
data/bundler/man/bundle-add.ronn +13 -2
data/bundler/man/bundle-config.ronn +21 -0
data/bundler/man/bundle-install.ronn +1 -1
data/bundler/man/bundle-list.ronn +19 -1
data/bundler/man/bundle-outdated.ronn +4 -0
data/bundler/man/bundle-remove.ronn +23 -0
data/bundler/man/bundle-update.ronn +1 -1
data/lib/rubygems.rb +70 -96
data/lib/rubygems/available_set.rb +1 -1
data/lib/rubygems/basic_specification.rb +12 -12
data/lib/rubygems/bundler_version_finder.rb +3 -3
data/lib/rubygems/command.rb +22 -15
data/lib/rubygems/command_manager.rb +20 -11
data/lib/rubygems/commands/build_command.rb +27 -8
data/lib/rubygems/commands/cert_command.rb +45 -24
data/lib/rubygems/commands/check_command.rb +1 -1
data/lib/rubygems/commands/cleanup_command.rb +14 -7
data/lib/rubygems/commands/contents_command.rb +14 -15
data/lib/rubygems/commands/dependency_command.rb +17 -17
data/lib/rubygems/commands/environment_command.rb +20 -1
data/lib/rubygems/commands/fetch_command.rb +2 -3
data/lib/rubygems/commands/generate_index_command.rb +2 -3
data/lib/rubygems/commands/help_command.rb +12 -13
data/lib/rubygems/commands/info_command.rb +33 -0
data/lib/rubygems/commands/install_command.rb +21 -17
data/lib/rubygems/commands/list_command.rb +0 -1
data/lib/rubygems/commands/lock_command.rb +3 -4
data/lib/rubygems/commands/open_command.rb +16 -10
data/lib/rubygems/commands/owner_command.rb +20 -11
data/lib/rubygems/commands/pristine_command.rb +23 -16
data/lib/rubygems/commands/push_command.rb +17 -8
data/lib/rubygems/commands/query_command.rb +24 -24
data/lib/rubygems/commands/rdoc_command.rb +3 -4
data/lib/rubygems/commands/search_command.rb +0 -1
data/lib/rubygems/commands/server_command.rb +1 -2
data/lib/rubygems/commands/setup_command.rb +78 -38
data/lib/rubygems/commands/signin_command.rb +2 -1
data/lib/rubygems/commands/signout_command.rb +2 -2
data/lib/rubygems/commands/sources_command.rb +11 -12
data/lib/rubygems/commands/specification_command.rb +7 -7
data/lib/rubygems/commands/uninstall_command.rb +41 -19
data/lib/rubygems/commands/unpack_command.rb +16 -7
data/lib/rubygems/commands/update_command.rb +28 -23
data/lib/rubygems/commands/which_command.rb +4 -5
data/lib/rubygems/commands/yank_command.rb +1 -2
data/lib/rubygems/compatibility.rb +1 -21
data/lib/rubygems/config_file.rb +36 -36
data/lib/rubygems/core_ext/kernel_require.rb +6 -6
data/lib/rubygems/core_ext/kernel_warn.rb +45 -0
data/lib/rubygems/defaults.rb +31 -12
data/lib/rubygems/dependency.rb +14 -14
data/lib/rubygems/dependency_installer.rb +29 -31
data/lib/rubygems/dependency_list.rb +8 -9
data/lib/rubygems/deprecate.rb +2 -3
data/lib/rubygems/doctor.rb +5 -6
data/lib/rubygems/errors.rb +3 -3
data/lib/rubygems/exceptions.rb +11 -4
data/lib/rubygems/ext.rb +0 -1
data/lib/rubygems/ext/build_error.rb +0 -1
data/lib/rubygems/ext/builder.rb +50 -23
data/lib/rubygems/ext/cmake_builder.rb +2 -2
data/lib/rubygems/ext/configure_builder.rb +2 -3
data/lib/rubygems/ext/ext_conf_builder.rb +8 -7
data/lib/rubygems/ext/rake_builder.rb +16 -18
data/lib/rubygems/gem_runner.rb +2 -2
data/lib/rubygems/gemcutter_utilities.rb +40 -13
data/lib/rubygems/indexer.rb +19 -12
data/lib/rubygems/install_default_message.rb +0 -1
data/lib/rubygems/install_message.rb +0 -1
data/lib/rubygems/install_update_options.rb +2 -28
data/lib/rubygems/installer.rb +95 -75
data/lib/rubygems/installer_test_case.rb +0 -14
data/lib/rubygems/local_remote_options.rb +5 -4
data/lib/rubygems/mock_gem_ui.rb +3 -4
data/lib/rubygems/name_tuple.rb +4 -4
data/lib/rubygems/package.rb +90 -73
data/lib/rubygems/package/digest_io.rb +3 -4
data/lib/rubygems/package/file_source.rb +3 -4
data/lib/rubygems/package/io_source.rb +1 -2
data/lib/rubygems/package/old.rb +8 -16
data/lib/rubygems/package/source.rb +0 -1
data/lib/rubygems/package/tar_header.rb +2 -2
data/lib/rubygems/package/tar_reader.rb +2 -4
data/lib/rubygems/package/tar_reader/entry.rb +20 -4
data/lib/rubygems/package/tar_test_case.rb +2 -8
data/lib/rubygems/package/tar_writer.rb +13 -15
data/lib/rubygems/package_task.rb +0 -1
data/lib/rubygems/path_support.rb +16 -6
data/lib/rubygems/platform.rb +4 -5
data/lib/rubygems/psych_tree.rb +1 -1
data/lib/rubygems/rdoc.rb +0 -311
data/lib/rubygems/remote_fetcher.rb +34 -48
data/lib/rubygems/request.rb +16 -15
data/lib/rubygems/request/connection_pools.rb +24 -13
data/lib/rubygems/request/http_pool.rb +3 -4
data/lib/rubygems/request/https_pool.rb +1 -3
data/lib/rubygems/request_set.rb +52 -25
data/lib/rubygems/request_set/gem_dependency_api.rb +36 -40
data/lib/rubygems/request_set/lockfile.rb +12 -12
data/lib/rubygems/request_set/lockfile/parser.rb +18 -29
data/lib/rubygems/request_set/lockfile/tokenizer.rb +9 -9
data/lib/rubygems/requirement.rb +16 -16
data/lib/rubygems/resolver.rb +10 -15
data/lib/rubygems/resolver/activation_request.rb +6 -6
data/lib/rubygems/resolver/api_set.rb +5 -6
data/lib/rubygems/resolver/api_specification.rb +2 -3
data/lib/rubygems/resolver/best_set.rb +5 -6
data/lib/rubygems/resolver/composed_set.rb +5 -6
data/lib/rubygems/resolver/conflict.rb +5 -5
data/lib/rubygems/resolver/current_set.rb +1 -2
data/lib/rubygems/resolver/dependency_request.rb +4 -4
data/lib/rubygems/resolver/git_set.rb +5 -6
data/lib/rubygems/resolver/git_specification.rb +4 -5
data/lib/rubygems/resolver/index_set.rb +5 -6
data/lib/rubygems/resolver/index_specification.rb +3 -4
data/lib/rubygems/resolver/installed_specification.rb +3 -4
data/lib/rubygems/resolver/installer_set.rb +12 -12
data/lib/rubygems/resolver/local_specification.rb +1 -2
data/lib/rubygems/resolver/lock_set.rb +5 -6
data/lib/rubygems/resolver/lock_specification.rb +7 -8
data/lib/rubygems/resolver/requirement_list.rb +1 -1
data/lib/rubygems/resolver/set.rb +2 -2
data/lib/rubygems/resolver/source_set.rb +4 -5
data/lib/rubygems/resolver/spec_specification.rb +1 -2
data/lib/rubygems/resolver/specification.rb +10 -7
data/lib/rubygems/resolver/stats.rb +1 -1
data/lib/rubygems/resolver/vendor_set.rb +4 -5
data/lib/rubygems/resolver/vendor_specification.rb +2 -3
data/lib/rubygems/safe_yaml.rb +18 -10
data/lib/rubygems/security.rb +21 -22
data/lib/rubygems/security/policies.rb +1 -2
data/lib/rubygems/security/policy.rb +25 -25
data/lib/rubygems/security/signer.rb +72 -24
data/lib/rubygems/security/trust_dir.rb +10 -10
data/lib/rubygems/server.rb +21 -21
data/lib/rubygems/source.rb +16 -25
data/lib/rubygems/source/git.rb +9 -10
data/lib/rubygems/source/installed.rb +3 -4
data/lib/rubygems/source/local.rb +7 -7
data/lib/rubygems/source/lock.rb +4 -4
data/lib/rubygems/source/specific_file.rb +5 -5
data/lib/rubygems/source/vendor.rb +2 -3
data/lib/rubygems/source_list.rb +2 -2
data/lib/rubygems/source_local.rb +0 -1
data/lib/rubygems/spec_fetcher.rb +5 -6
data/lib/rubygems/specification.rb +199 -536
data/lib/rubygems/specification_policy.rb +407 -0
data/lib/rubygems/stub_specification.rb +11 -15
data/lib/rubygems/test_case.rb +141 -66
data/lib/rubygems/test_utilities.rb +20 -35
data/lib/rubygems/text.rb +6 -6
data/lib/rubygems/uninstaller.rb +37 -26
data/lib/rubygems/uri_formatter.rb +1 -2
data/lib/rubygems/user_interaction.rb +38 -93
data/lib/rubygems/util.rb +20 -14
data/lib/rubygems/util/licenses.rb +27 -1
data/lib/rubygems/util/list.rb +1 -1
data/lib/rubygems/validator.rb +4 -5
data/lib/rubygems/version.rb +15 -15
data/lib/rubygems/version_option.rb +2 -3
data/rubygems-update.gemspec +43 -0
data/setup.rb +2 -8
data/test/rubygems/rubygems_plugin.rb +0 -1
data/test/rubygems/simple_gem.rb +1 -1
data/test/rubygems/test_config.rb +7 -2
data/test/rubygems/test_gem.rb +161 -130
data/test/rubygems/test_gem_command.rb +0 -1
data/test/rubygems/test_gem_command_manager.rb +8 -3
data/test/rubygems/test_gem_commands_build_command.rb +219 -15
data/test/rubygems/test_gem_commands_cert_command.rb +69 -8
data/test/rubygems/test_gem_commands_check_command.rb +1 -1
data/test/rubygems/test_gem_commands_cleanup_command.rb +27 -1
data/test/rubygems/test_gem_commands_contents_command.rb +1 -2
data/test/rubygems/test_gem_commands_dependency_command.rb +33 -34
data/test/rubygems/test_gem_commands_environment_command.rb +1 -0
data/test/rubygems/test_gem_commands_fetch_command.rb +0 -1
data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -1
data/test/rubygems/test_gem_commands_help_command.rb +7 -4
data/test/rubygems/test_gem_commands_info_command.rb +44 -0
data/test/rubygems/test_gem_commands_install_command.rb +79 -12
data/test/rubygems/test_gem_commands_lock_command.rb +0 -1
data/test/rubygems/test_gem_commands_open_command.rb +29 -0
data/test/rubygems/test_gem_commands_outdated_command.rb +0 -1
data/test/rubygems/test_gem_commands_owner_command.rb +93 -57
data/test/rubygems/test_gem_commands_pristine_command.rb +65 -30
data/test/rubygems/test_gem_commands_push_command.rb +39 -0
data/test/rubygems/test_gem_commands_query_command.rb +102 -100
data/test/rubygems/test_gem_commands_search_command.rb +0 -1
data/test/rubygems/test_gem_commands_server_command.rb +0 -1
data/test/rubygems/test_gem_commands_setup_command.rb +39 -8
data/test/rubygems/test_gem_commands_signin_command.rb +1 -1
data/test/rubygems/test_gem_commands_sources_command.rb +0 -1
data/test/rubygems/test_gem_commands_specification_command.rb +2 -3
data/test/rubygems/test_gem_commands_stale_command.rb +3 -2
data/test/rubygems/test_gem_commands_uninstall_command.rb +81 -7
data/test/rubygems/test_gem_commands_unpack_command.rb +17 -1
data/test/rubygems/test_gem_commands_update_command.rb +19 -2
data/test/rubygems/test_gem_commands_which_command.rb +0 -1
data/test/rubygems/test_gem_commands_yank_command.rb +0 -1
data/test/rubygems/test_gem_config_file.rb +4 -2
data/test/rubygems/test_gem_dependency.rb +0 -1
data/test/rubygems/test_gem_dependency_installer.rb +8 -5
data/test/rubygems/test_gem_dependency_list.rb +6 -7
data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -1
data/test/rubygems/test_gem_doctor.rb +1 -2
data/test/rubygems/test_gem_ext_builder.rb +10 -23
data/test/rubygems/test_gem_ext_cmake_builder.rb +5 -4
data/test/rubygems/test_gem_ext_configure_builder.rb +3 -3
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +8 -9
data/test/rubygems/test_gem_ext_rake_builder.rb +20 -5
data/test/rubygems/test_gem_gem_runner.rb +0 -1
data/test/rubygems/test_gem_gemcutter_utilities.rb +32 -6
data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -1
data/test/rubygems/test_gem_indexer.rb +1 -2
data/test/rubygems/test_gem_install_update_options.rb +1 -20
data/test/rubygems/test_gem_installer.rb +69 -203
data/test/rubygems/test_gem_local_remote_options.rb +3 -3
data/test/rubygems/test_gem_name_tuple.rb +0 -1
data/test/rubygems/test_gem_package.rb +59 -50
data/test/rubygems/test_gem_package_old.rb +0 -1
data/test/rubygems/test_gem_package_tar_header.rb +1 -2
data/test/rubygems/test_gem_package_tar_reader.rb +0 -1
data/test/rubygems/test_gem_package_tar_reader_entry.rb +11 -0
data/test/rubygems/test_gem_package_tar_writer.rb +40 -7
data/test/rubygems/test_gem_package_task.rb +2 -2
data/test/rubygems/test_gem_path_support.rb +28 -11
data/test/rubygems/test_gem_platform.rb +4 -5
data/test/rubygems/test_gem_rdoc.rb +1 -2
data/test/rubygems/test_gem_remote_fetcher.rb +111 -130
data/test/rubygems/test_gem_request.rb +5 -5
data/test/rubygems/test_gem_request_connection_pools.rb +24 -3
data/test/rubygems/test_gem_request_set.rb +5 -5
data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +2 -7
data/test/rubygems/test_gem_request_set_lockfile.rb +1 -2
data/test/rubygems/test_gem_request_set_lockfile_parser.rb +4 -9
data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +1 -1
data/test/rubygems/test_gem_requirement.rb +18 -4
data/test/rubygems/test_gem_resolver.rb +13 -17
data/test/rubygems/test_gem_resolver_activation_request.rb +0 -1
data/test/rubygems/test_gem_resolver_api_set.rb +0 -1
data/test/rubygems/test_gem_resolver_api_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_best_set.rb +0 -1
data/test/rubygems/test_gem_resolver_composed_set.rb +0 -1
data/test/rubygems/test_gem_resolver_conflict.rb +0 -1
data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -1
data/test/rubygems/test_gem_resolver_git_set.rb +0 -1
data/test/rubygems/test_gem_resolver_git_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_index_set.rb +0 -1
data/test/rubygems/test_gem_resolver_index_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_installer_set.rb +2 -3
data/test/rubygems/test_gem_resolver_local_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_lock_set.rb +0 -1
data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -1
data/test/rubygems/test_gem_resolver_specification.rb +1 -2
data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -1
data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -1
data/test/rubygems/test_gem_security.rb +1 -3
data/test/rubygems/test_gem_security_policy.rb +4 -5
data/test/rubygems/test_gem_security_signer.rb +4 -3
data/test/rubygems/test_gem_security_trust_dir.rb +1 -2
data/test/rubygems/test_gem_server.rb +4 -4
data/test/rubygems/test_gem_source.rb +0 -13
data/test/rubygems/test_gem_source_fetch_problem.rb +0 -1
data/test/rubygems/test_gem_source_git.rb +0 -1
data/test/rubygems/test_gem_source_installed.rb +0 -1
data/test/rubygems/test_gem_source_lock.rb +0 -1
data/test/rubygems/test_gem_source_vendor.rb +0 -1
data/test/rubygems/test_gem_spec_fetcher.rb +0 -1
data/test/rubygems/test_gem_specification.rb +334 -198
data/test/rubygems/test_gem_stream_ui.rb +13 -30
data/test/rubygems/test_gem_stub_specification.rb +0 -2
data/test/rubygems/test_gem_text.rb +4 -5
data/test/rubygems/test_gem_uninstaller.rb +21 -1
data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -1
data/test/rubygems/test_gem_uri_formatter.rb +0 -1
data/test/rubygems/test_gem_util.rb +6 -11
data/test/rubygems/test_gem_validator.rb +0 -1
data/test/rubygems/test_gem_version.rb +11 -11
data/test/rubygems/test_gem_version_option.rb +0 -1
data/test/rubygems/test_remote_fetch_error.rb +0 -1
data/test/rubygems/test_require.rb +67 -52
data/util/CL2notes +1 -2
data/util/ci +15 -12
data/util/create_certs.rb +6 -7
data/util/create_encrypted_key.rb +0 -1
data/util/patch_with_prs.rb +1 -1
data/util/rubocop +8 -0
data/util/update_bundled_ca_certificates.rb +12 -13
data/util/update_changelog.rb +1 -1
metadata +61 -53
data/.autotest +0 -71
data/.document +0 -5
data/CONTRIBUTING.rdoc +0 -130
data/CVE-2013-4287.txt +0 -35
data/CVE-2013-4363.txt +0 -45
data/CVE-2015-3900.txt +0 -40
data/POLICIES.rdoc +0 -74
data/test/rubygems/fix_openssl_warnings.rb +0 -13

data/lib/rubygems/security/policy.rb CHANGED

@@ -24,7 +24,7 @@ class Gem::Security::Policy
   # Create a new Gem::Security::Policy object with the given mode and
   # options.
-  def initialize name, policy = {}, opt = {}
+  def initialize(name, policy = {}, opt = {})
     require 'openssl'
     @name = name
@@ -55,7 +55,7 @@ class Gem::Security::Policy
   # Verifies each certificate in +chain+ has signed the following certificate
   # and is valid for the given +time+.
-  def check_chain chain, time
+  def check_chain(chain, time)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     raise Gem::Security::Exception, 'empty signing chain' if chain.empty?
@@ -74,7 +74,7 @@ class Gem::Security::Policy
   # Verifies that +data+ matches the +signature+ created by +public_key+ and
   # the +digest+ algorithm.
-  def check_data public_key, digest, signature, data
+  def check_data(public_key, digest, signature, data)
     raise Gem::Security::Exception, "invalid signature" unless
       public_key.verify digest.new, signature, data.digest
@@ -85,22 +85,22 @@ class Gem::Security::Policy
   # Ensures that +signer+ is valid for +time+ and was signed by the +issuer+.
   # If the +issuer+ is +nil+ no verification is performed.
-  def check_cert signer, issuer, time
+  def check_cert(signer, issuer, time)
     raise Gem::Security::Exception, 'missing signing certificate' unless
       signer
     message = "certificate #{signer.subject}"
-    if not_before = signer.not_before and not_before > time then
+    if not_before = signer.not_before and not_before > time
       raise Gem::Security::Exception,
             "#{message} not valid before #{not_before}"
     end
-    if not_after = signer.not_after and not_after < time then
+    if not_after = signer.not_after and not_after < time
       raise Gem::Security::Exception, "#{message} not valid after #{not_after}"
     end
-    if issuer and not signer.verify issuer.public_key then
+    if issuer and not signer.verify issuer.public_key
       raise Gem::Security::Exception,
             "#{message} was not issued by #{issuer.subject}"
     end
@@ -111,8 +111,8 @@ class Gem::Security::Policy
   ##
   # Ensures the public key of +key+ matches the public key in +signer+
-  def check_key signer, key
-    unless signer and key then
+  def check_key(signer, key)
+    unless signer and key
       return true unless @only_signed
       raise Gem::Security::Exception, 'missing key or signature'
@@ -129,7 +129,7 @@ class Gem::Security::Policy
   # Ensures the root certificate in +chain+ is self-signed and valid for
   # +time+.
-  def check_root chain, time
+  def check_root(chain, time)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     root = chain.first
@@ -148,7 +148,7 @@ class Gem::Security::Policy
   # Ensures the root of +chain+ has a trusted certificate in +trust_dir+ and
   # the digests of the two certificates match according to +digester+
-  def check_trust chain, digester, trust_dir
+  def check_trust(chain, digester, trust_dir)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     root = chain.first
@@ -157,7 +157,7 @@ class Gem::Security::Policy
     path = Gem::Security.trust_dir.cert_path root
-    unless File.exist? path then
+    unless File.exist? path
       message = "root cert #{root.subject} is not trusted".dup
       message << " (root of signing cert #{chain.last.subject})" if
@@ -183,7 +183,7 @@ class Gem::Security::Policy
   ##
   # Extracts the email or subject from +certificate+
-  def subject certificate # :nodoc:
+  def subject(certificate) # :nodoc:
     certificate.extensions.each do |extension|
       next unless extension.oid == 'subjectAltName'
@@ -196,9 +196,9 @@ class Gem::Security::Policy
   def inspect # :nodoc:
     ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
      "signed-only: %p trusted-only: %p]") % [
-      @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
-      @only_signed, @only_trusted,
-    ]
+       @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
+       @only_signed, @only_trusted,
+     ]
   end
   ##
@@ -208,13 +208,13 @@ class Gem::Security::Policy
   #
   # If +key+ is given it is used to validate the signing certificate.
-  def verify chain, key = nil, digests = {}, signatures = {},
-             full_name = '(unknown)'
-    if signatures.empty? then
-      if @only_signed then
+  def verify(chain, key = nil, digests = {}, signatures = {},
+             full_name = '(unknown)')
+    if signatures.empty?
+      if @only_signed
         raise Gem::Security::Exception,
           "unsigned gems are not allowed by the #{name} policy"
-      elsif digests.empty? then
+      elsif digests.empty?
         # lack of signatures is irrelevant if there is nothing to check
         # against
       else
@@ -232,7 +232,7 @@ class Gem::Security::Policy
       file_digests.values.first.name == Gem::Security::DIGEST_NAME
     end
-    if @verify_data then
+    if @verify_data
       raise Gem::Security::Exception, 'no digests provided (probable bug)' if
         signer_digests.nil? or signer_digests.empty?
     else
@@ -249,9 +249,9 @@ class Gem::Security::Policy
     check_root chain, time if @verify_root
-    if @only_trusted then
+    if @only_trusted
       check_trust chain, digester, trust_dir
-    elsif signatures.empty? and digests.empty? then
+    elsif signatures.empty? and digests.empty?
       # trust is irrelevant if there's no signatures to verify
     else
       alert_warning "#{subject signer} is not trusted for #{full_name}"
@@ -280,7 +280,7 @@ class Gem::Security::Policy
   # Extracts the certificate chain from the +spec+ and calls #verify to ensure
   # the signatures and certificate chain is valid according to the policy..
-  def verify_signatures spec, digests, signatures
+  def verify_signatures(spec, digests, signatures)
     chain = spec.cert_chain.map do |cert_pem|
       OpenSSL::X509::Certificate.new cert_pem
     end

data/lib/rubygems/security/signer.rb CHANGED

@@ -2,8 +2,12 @@
 ##
 # Basic OpenSSL-based package signing class.
+require "rubygems/user_interaction"
 class Gem::Security::Signer
+  include Gem::UserInteraction
   ##
   # The chain of certificates for signing including the signing certificate
@@ -25,21 +29,54 @@ class Gem::Security::Signer
   attr_reader :digest_name # :nodoc:
+  ##
+  # Gem::Security::Signer options
+  attr_reader :options
+  DEFAULT_OPTIONS = {
+    expiration_length_days: 365
+  }.freeze
+  ##
+  # Attemps to re-sign an expired cert with a given private key
+  def self.re_sign_cert(expired_cert, expired_cert_path, private_key)
+    return unless expired_cert.not_after < Time.now
+    expiry = expired_cert.not_after.strftime('%Y%m%d%H%M%S')
+    expired_cert_file = "#{File.basename(expired_cert_path)}.expired.#{expiry}"
+    new_expired_cert_path = File.join(Gem.user_home, ".gem", expired_cert_file)
+    Gem::Security.write(expired_cert, new_expired_cert_path)
+    re_signed_cert = Gem::Security.re_sign(
+      expired_cert,
+      private_key,
+      (Gem::Security::ONE_DAY * Gem.configuration.cert_expiration_length_days)
+    )
+    Gem::Security.write(re_signed_cert, expired_cert_path)
+    yield(expired_cert_path, new_expired_cert_path) if block_given?
+  end
   ##
   # Creates a new signer with an RSA +key+ or path to a key, and a certificate
   # +chain+ containing X509 certificates, encoding certificates or paths to
   # certificates.
-  def initialize key, cert_chain, passphrase = nil
+  def initialize(key, cert_chain, passphrase = nil, options = {})
     @cert_chain = cert_chain
     @key        = key
+    @passphrase = passphrase
+    @options = DEFAULT_OPTIONS.merge(options)
-    unless @key then
+    unless @key
       default_key  = File.join Gem.default_key_path
       @key = default_key if File.exist? default_key
     end
-    unless @cert_chain then
+    unless @cert_chain
       default_cert = File.join Gem.default_cert_path
       @cert_chain = [default_cert] if File.exist? default_cert
     end
@@ -47,10 +84,12 @@ class Gem::Security::Signer
     @digest_algorithm = Gem::Security::DIGEST_ALGORITHM
     @digest_name      = Gem::Security::DIGEST_NAME
-    @key = OpenSSL::PKey::RSA.new File.read(@key), passphrase if
-      @key and not OpenSSL::PKey::RSA === @key
+    if @key && !@key.is_a?(OpenSSL::PKey::RSA)
+      @passphrase ||= ask_for_password("Enter PEM pass phrase:")
+      @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
+    end
-    if @cert_chain then
+    if @cert_chain
       @cert_chain = @cert_chain.compact.map do |cert|
         next cert if OpenSSL::X509::Certificate === cert
@@ -67,10 +106,10 @@ class Gem::Security::Signer
   # Extracts the full name of +cert+.  If the certificate has a subjectAltName
   # this value is preferred, otherwise the subject is used.
-  def extract_name cert # :nodoc:
+  def extract_name(cert) # :nodoc:
     subject_alt_name = cert.extensions.find { |e| 'subjectAltName' == e.oid }
-    if subject_alt_name then
+    if subject_alt_name
       /\Aemail:/ =~ subject_alt_name.value
       $' || subject_alt_name.value
@@ -99,13 +138,15 @@ class Gem::Security::Signer
   ##
   # Sign data with given digest algorithm
-  def sign data
+  def sign(data)
     return unless @key
     raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty?
-    if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then
-      re_sign_key
+    if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now
+      re_sign_key(
+        expiration_length: (Gem::Security::ONE_DAY * options[:expiration_length_days])
+      )
     end
     full_name = extract_name @cert_chain.last
@@ -121,6 +162,7 @@ class Gem::Security::Signer
   # The key will be re-signed if:
   # * The expired certificate is self-signed
   # * The expired certificate is saved at ~/.gem/gem-public_cert.pem
+  #   and the private key is saved at ~/.gem/gem-private_key.pem
   # * There is no file matching the expiry date at
   #   ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S
   #
@@ -128,25 +170,32 @@ class Gem::Security::Signer
   # be saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the
   # expiry time (not after) is used for the timestamp.
-  def re_sign_key # :nodoc:
+  def re_sign_key(expiration_length: Gem::Security::ONE_YEAR) # :nodoc:
     old_cert = @cert_chain.last
-    disk_cert_path = File.join Gem.default_cert_path
-    disk_cert = File.read disk_cert_path rescue nil
-    disk_key  =
-      File.read File.join(Gem.default_key_path) rescue nil
+    disk_cert_path = File.join(Gem.default_cert_path)
+    disk_cert = File.read(disk_cert_path) rescue nil
-    if disk_key == @key.to_pem and disk_cert == old_cert.to_pem then
-      expiry = old_cert.not_after.strftime '%Y%m%d%H%M%S'
+    disk_key_path = File.join(Gem.default_key_path)
+    disk_key =
+      OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
+    return unless disk_key
+    if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem
+      expiry = old_cert.not_after.strftime('%Y%m%d%H%M%S')
       old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
-      old_cert_path = File.join Gem.user_home, ".gem", old_cert_file
+      old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file)
-      unless File.exist? old_cert_path then
-        Gem::Security.write old_cert, old_cert_path
+      unless File.exist?(old_cert_path)
+        Gem::Security.write(old_cert, old_cert_path)
-        cert = Gem::Security.re_sign old_cert, @key
+        cert = Gem::Security.re_sign(old_cert, @key, expiration_length)
-        Gem::Security.write cert, disk_cert_path
+        Gem::Security.write(cert, disk_cert_path)
+        alert("Your cert: #{disk_cert_path} has been auto re-signed with the key: #{disk_key_path}")
+        alert("Your expired cert will be located at: #{old_cert_path}")
         @cert_chain = [cert]
       end
@@ -154,4 +203,3 @@ class Gem::Security::Signer
   end
 end

data/lib/rubygems/security/trust_dir.rb CHANGED

@@ -11,7 +11,7 @@ class Gem::Security::TrustDir
   DEFAULT_PERMISSIONS = {
     :trust_dir    => 0700,
     :trusted_cert => 0600,
-  }
+  }.freeze
   ##
   # The directory where trusted certificates will be stored.
@@ -22,7 +22,7 @@ class Gem::Security::TrustDir
   # Creates a new TrustDir using +dir+ where the directory and file
   # permissions will be checked according to +permissions+
-  def initialize dir, permissions = DEFAULT_PERMISSIONS
+  def initialize(dir, permissions = DEFAULT_PERMISSIONS)
     @dir = dir
     @permissions = permissions
@@ -32,7 +32,7 @@ class Gem::Security::TrustDir
   ##
   # Returns the path to the trusted +certificate+
-  def cert_path certificate
+  def cert_path(certificate)
     name_path certificate.subject
   end
@@ -59,7 +59,7 @@ class Gem::Security::TrustDir
   # Returns the issuer certificate of the given +certificate+ if it exists in
   # the trust directory.
-  def issuer_of certificate
+  def issuer_of(certificate)
     path = name_path certificate.issuer
     return unless File.exist? path
@@ -70,7 +70,7 @@ class Gem::Security::TrustDir
   ##
   # Returns the path to the trusted certificate with the given ASN.1 +name+
-  def name_path name
+  def name_path(name)
     digest = @digester.hexdigest name.to_s
     File.join @dir, "cert-#{digest}.pem"
@@ -79,7 +79,7 @@ class Gem::Security::TrustDir
   ##
   # Loads the given +certificate_file+
-  def load_certificate certificate_file
+  def load_certificate(certificate_file)
     pem = File.read certificate_file
     OpenSSL::X509::Certificate.new pem
@@ -88,13 +88,14 @@ class Gem::Security::TrustDir
   ##
   # Add a certificate to trusted certificate list.
-  def trust_cert certificate
+  def trust_cert(certificate)
     verify
     destination = cert_path certificate
-    File.open destination, 'wb', @permissions[:trusted_cert] do |io|
+    File.open destination, 'wb', 0600 do |io|
       io.write certificate.to_pem
+      io.chmod(@permissions[:trusted_cert])
     end
   end
@@ -104,7 +105,7 @@ class Gem::Security::TrustDir
   # permissions.
   def verify
-    if File.exist? @dir then
+    if File.exist? @dir
       raise Gem::Security::Exception,
         "trust directory #{@dir} is not a directory" unless
           File.directory? @dir
@@ -116,4 +117,3 @@ class Gem::Security::TrustDir
   end
 end

data/lib/rubygems/server.rb CHANGED

@@ -35,7 +35,7 @@ class Gem::Server
   include ERB::Util
   include Gem::UserInteraction
-  SEARCH = <<-ERB
+  SEARCH = <<-ERB.freeze
       <form class="headerSearch" name="headerSearchForm" method="get" action="/rdoc">
         <div id="search" style="float:right">
           <label for="q">Filter/Search</label>
@@ -45,7 +45,7 @@ class Gem::Server
       </form>
   ERB
-  DOC_TEMPLATE = <<-'ERB'
+  DOC_TEMPLATE = <<-'ERB'.freeze
   <?xml version="1.0" encoding="iso-8859-1"?>
   <!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
@@ -129,7 +129,7 @@ class Gem::Server
   ERB
   # CSS is copy & paste from rdoc-style.css, RDoc V1.0.1 - 20041108
-  RDOC_CSS = <<-CSS
+  RDOC_CSS = <<-CSS.freeze
 body {
     font-family: Verdana,Arial,Helvetica,sans-serif;
     font-size:   90%;
@@ -339,7 +339,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
 .ruby-value   { color: #7fffd4; background: transparent; }
   CSS
-  RDOC_NO_DOCUMENTATION = <<-'ERB'
+  RDOC_NO_DOCUMENTATION = <<-'ERB'.freeze
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -373,7 +373,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
 </html>
   ERB
-  RDOC_SEARCH_TEMPLATE = <<-'ERB'
+  RDOC_SEARCH_TEMPLATE = <<-'ERB'.freeze
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -450,7 +450,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     @have_rdoc_4_plus = nil
   end
-  def add_date res
+  def add_date(res)
     res['date'] = @spec_dirs.map do |spec_dir|
       File.stat(spec_dir).mtime
     end.max
@@ -462,8 +462,8 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     end
   end
-  def doc_root gem_name
-    if have_rdoc_4_plus? then
+  def doc_root(gem_name)
+    if have_rdoc_4_plus?
       "/doc_root/#{u gem_name}/"
     else
       "/doc_root/#{u gem_name}/rdoc/index.html"
@@ -491,14 +491,14 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
-    if req.path =~ /\.gz$/ then
+    if req.path =~ /\.gz$/
       specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
     end
-    if req.request_method == 'HEAD' then
+    if req.request_method == 'HEAD'
       res['content-length'] = specs.length
     else
       res.body << specs
@@ -509,7 +509,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
   # Creates server sockets based on the addresses option.  If no addresses
   # were given a server socket for all interfaces is created.
-  def listen addresses = @addresses
+  def listen(addresses = @addresses)
     addresses = [nil] unless addresses
     listeners = 0
@@ -529,14 +529,14 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       end
     end
-    if @server.listeners.empty? then
+    if @server.listeners.empty?
       say "Unable to start a server."
       say "Check for running servers or your --bind and --port arguments"
       terminate_interaction 1
     end
   end
-  def prerelease_specs req, res
+  def prerelease_specs(req, res)
     reset_gems
     res['content-type'] = 'application/x-gzip'
@@ -552,14 +552,14 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
-    if req.path =~ /\.gz$/ then
+    if req.path =~ /\.gz$/
       specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
     end
-    if req.request_method == 'HEAD' then
+    if req.request_method == 'HEAD'
       res['content-length'] = specs.length
     else
       res.body << specs
@@ -579,13 +579,13 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       selector = full_name.inspect
-      if specs.empty? then
+      if specs.empty?
         res.status = 404
         res.body = "No gems found matching #{selector}"
-      elsif specs.length > 1 then
+      elsif specs.length > 1
         res.status = 500
         res.body = "Multiple gems found matching #{selector}"
-      elsif marshal_format then
+      elsif marshal_format
         res['content-type'] = 'application/x-deflate'
         res.body << Gem.deflate(Marshal.dump(specs.first))
       end
@@ -818,7 +818,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       '/gems' => '/cache/',
     }
-    if have_rdoc_4_plus? then
+    if have_rdoc_4_plus?
       @server.mount '/doc_root', RDoc::Servlet, '/doc_root'
     else
       file_handlers['/doc_root'] = '/doc/'
@@ -851,14 +851,14 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
-    if req.path =~ /\.gz$/ then
+    if req.path =~ /\.gz$/
       specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
     end
-    if req.request_method == 'HEAD' then
+    if req.request_method == 'HEAD'
       res['content-length'] = specs.length
     else
       res.body << specs