rubygems-update 2.7.11 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rubygems-update might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.rubocop.yml +66 -0
- data/.travis.yml +22 -18
- data/CONTRIBUTING.md +141 -0
- data/History.txt +289 -19
- data/MAINTAINERS.txt +1 -0
- data/Manifest.txt +16 -11
- data/POLICIES.md +92 -0
- data/README.md +47 -26
- data/Rakefile +47 -207
- data/{UPGRADING.rdoc → UPGRADING.md} +31 -32
- data/appveyor.yml +20 -45
- data/bin/gem +1 -2
- data/bin/update_rubygems +2 -3
- data/bundler/CHANGELOG.md +54 -0
- data/bundler/bundler.gemspec +7 -1
- data/bundler/lib/bundler.rb +26 -8
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli.rb +63 -21
- data/bundler/lib/bundler/cli/add.rb +15 -5
- data/bundler/lib/bundler/cli/binstubs.rb +8 -2
- data/bundler/lib/bundler/cli/doctor.rb +47 -1
- data/bundler/lib/bundler/cli/install.rb +8 -5
- data/bundler/lib/bundler/cli/list.rb +41 -5
- data/bundler/lib/bundler/cli/outdated.rb +7 -1
- data/bundler/lib/bundler/cli/pristine.rb +4 -0
- data/bundler/lib/bundler/cli/remove.rb +18 -0
- data/bundler/lib/bundler/definition.rb +15 -16
- data/bundler/lib/bundler/dependency.rb +2 -2
- data/bundler/lib/bundler/dsl.rb +19 -3
- data/bundler/lib/bundler/feature_flag.rb +7 -0
- data/bundler/lib/bundler/gem_version_promoter.rb +4 -2
- data/bundler/lib/bundler/injector.rb +168 -9
- data/bundler/lib/bundler/installer.rb +29 -6
- data/bundler/lib/bundler/installer/parallel_installer.rb +5 -0
- data/bundler/lib/bundler/plugin.rb +10 -3
- data/bundler/lib/bundler/plugin/events.rb +61 -0
- data/bundler/lib/bundler/resolver.rb +2 -2
- data/bundler/lib/bundler/runtime.rb +8 -2
- data/bundler/lib/bundler/settings.rb +24 -3
- data/bundler/lib/bundler/settings/validator.rb +23 -0
- data/bundler/lib/bundler/shared_helpers.rb +19 -3
- data/bundler/lib/bundler/source.rb +9 -9
- data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +1 -0
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/man/bundle-add.ronn +13 -2
- data/bundler/man/bundle-config.ronn +21 -0
- data/bundler/man/bundle-install.ronn +1 -1
- data/bundler/man/bundle-list.ronn +19 -1
- data/bundler/man/bundle-outdated.ronn +4 -0
- data/bundler/man/bundle-remove.ronn +23 -0
- data/bundler/man/bundle-update.ronn +1 -1
- data/lib/rubygems.rb +70 -96
- data/lib/rubygems/available_set.rb +1 -1
- data/lib/rubygems/basic_specification.rb +12 -12
- data/lib/rubygems/bundler_version_finder.rb +3 -3
- data/lib/rubygems/command.rb +22 -15
- data/lib/rubygems/command_manager.rb +20 -11
- data/lib/rubygems/commands/build_command.rb +27 -8
- data/lib/rubygems/commands/cert_command.rb +45 -24
- data/lib/rubygems/commands/check_command.rb +1 -1
- data/lib/rubygems/commands/cleanup_command.rb +14 -7
- data/lib/rubygems/commands/contents_command.rb +14 -15
- data/lib/rubygems/commands/dependency_command.rb +17 -17
- data/lib/rubygems/commands/environment_command.rb +20 -1
- data/lib/rubygems/commands/fetch_command.rb +2 -3
- data/lib/rubygems/commands/generate_index_command.rb +2 -3
- data/lib/rubygems/commands/help_command.rb +12 -13
- data/lib/rubygems/commands/info_command.rb +33 -0
- data/lib/rubygems/commands/install_command.rb +21 -17
- data/lib/rubygems/commands/list_command.rb +0 -1
- data/lib/rubygems/commands/lock_command.rb +3 -4
- data/lib/rubygems/commands/open_command.rb +16 -10
- data/lib/rubygems/commands/owner_command.rb +20 -11
- data/lib/rubygems/commands/pristine_command.rb +23 -16
- data/lib/rubygems/commands/push_command.rb +17 -8
- data/lib/rubygems/commands/query_command.rb +24 -24
- data/lib/rubygems/commands/rdoc_command.rb +3 -4
- data/lib/rubygems/commands/search_command.rb +0 -1
- data/lib/rubygems/commands/server_command.rb +1 -2
- data/lib/rubygems/commands/setup_command.rb +78 -38
- data/lib/rubygems/commands/signin_command.rb +2 -1
- data/lib/rubygems/commands/signout_command.rb +2 -2
- data/lib/rubygems/commands/sources_command.rb +11 -12
- data/lib/rubygems/commands/specification_command.rb +7 -7
- data/lib/rubygems/commands/uninstall_command.rb +41 -19
- data/lib/rubygems/commands/unpack_command.rb +16 -7
- data/lib/rubygems/commands/update_command.rb +28 -23
- data/lib/rubygems/commands/which_command.rb +4 -5
- data/lib/rubygems/commands/yank_command.rb +1 -2
- data/lib/rubygems/compatibility.rb +1 -21
- data/lib/rubygems/config_file.rb +36 -36
- data/lib/rubygems/core_ext/kernel_require.rb +6 -6
- data/lib/rubygems/core_ext/kernel_warn.rb +45 -0
- data/lib/rubygems/defaults.rb +31 -12
- data/lib/rubygems/dependency.rb +14 -14
- data/lib/rubygems/dependency_installer.rb +29 -31
- data/lib/rubygems/dependency_list.rb +8 -9
- data/lib/rubygems/deprecate.rb +2 -3
- data/lib/rubygems/doctor.rb +5 -6
- data/lib/rubygems/errors.rb +3 -3
- data/lib/rubygems/exceptions.rb +11 -4
- data/lib/rubygems/ext.rb +0 -1
- data/lib/rubygems/ext/build_error.rb +0 -1
- data/lib/rubygems/ext/builder.rb +50 -23
- data/lib/rubygems/ext/cmake_builder.rb +2 -2
- data/lib/rubygems/ext/configure_builder.rb +2 -3
- data/lib/rubygems/ext/ext_conf_builder.rb +8 -7
- data/lib/rubygems/ext/rake_builder.rb +16 -18
- data/lib/rubygems/gem_runner.rb +2 -2
- data/lib/rubygems/gemcutter_utilities.rb +40 -13
- data/lib/rubygems/indexer.rb +19 -12
- data/lib/rubygems/install_default_message.rb +0 -1
- data/lib/rubygems/install_message.rb +0 -1
- data/lib/rubygems/install_update_options.rb +2 -28
- data/lib/rubygems/installer.rb +95 -75
- data/lib/rubygems/installer_test_case.rb +0 -14
- data/lib/rubygems/local_remote_options.rb +5 -4
- data/lib/rubygems/mock_gem_ui.rb +3 -4
- data/lib/rubygems/name_tuple.rb +4 -4
- data/lib/rubygems/package.rb +90 -73
- data/lib/rubygems/package/digest_io.rb +3 -4
- data/lib/rubygems/package/file_source.rb +3 -4
- data/lib/rubygems/package/io_source.rb +1 -2
- data/lib/rubygems/package/old.rb +8 -16
- data/lib/rubygems/package/source.rb +0 -1
- data/lib/rubygems/package/tar_header.rb +2 -2
- data/lib/rubygems/package/tar_reader.rb +2 -4
- data/lib/rubygems/package/tar_reader/entry.rb +20 -4
- data/lib/rubygems/package/tar_test_case.rb +2 -8
- data/lib/rubygems/package/tar_writer.rb +13 -15
- data/lib/rubygems/package_task.rb +0 -1
- data/lib/rubygems/path_support.rb +16 -6
- data/lib/rubygems/platform.rb +4 -5
- data/lib/rubygems/psych_tree.rb +1 -1
- data/lib/rubygems/rdoc.rb +0 -311
- data/lib/rubygems/remote_fetcher.rb +34 -48
- data/lib/rubygems/request.rb +16 -15
- data/lib/rubygems/request/connection_pools.rb +24 -13
- data/lib/rubygems/request/http_pool.rb +3 -4
- data/lib/rubygems/request/https_pool.rb +1 -3
- data/lib/rubygems/request_set.rb +52 -25
- data/lib/rubygems/request_set/gem_dependency_api.rb +36 -40
- data/lib/rubygems/request_set/lockfile.rb +12 -12
- data/lib/rubygems/request_set/lockfile/parser.rb +18 -29
- data/lib/rubygems/request_set/lockfile/tokenizer.rb +9 -9
- data/lib/rubygems/requirement.rb +16 -16
- data/lib/rubygems/resolver.rb +10 -15
- data/lib/rubygems/resolver/activation_request.rb +6 -6
- data/lib/rubygems/resolver/api_set.rb +5 -6
- data/lib/rubygems/resolver/api_specification.rb +2 -3
- data/lib/rubygems/resolver/best_set.rb +5 -6
- data/lib/rubygems/resolver/composed_set.rb +5 -6
- data/lib/rubygems/resolver/conflict.rb +5 -5
- data/lib/rubygems/resolver/current_set.rb +1 -2
- data/lib/rubygems/resolver/dependency_request.rb +4 -4
- data/lib/rubygems/resolver/git_set.rb +5 -6
- data/lib/rubygems/resolver/git_specification.rb +4 -5
- data/lib/rubygems/resolver/index_set.rb +5 -6
- data/lib/rubygems/resolver/index_specification.rb +3 -4
- data/lib/rubygems/resolver/installed_specification.rb +3 -4
- data/lib/rubygems/resolver/installer_set.rb +12 -12
- data/lib/rubygems/resolver/local_specification.rb +1 -2
- data/lib/rubygems/resolver/lock_set.rb +5 -6
- data/lib/rubygems/resolver/lock_specification.rb +7 -8
- data/lib/rubygems/resolver/requirement_list.rb +1 -1
- data/lib/rubygems/resolver/set.rb +2 -2
- data/lib/rubygems/resolver/source_set.rb +4 -5
- data/lib/rubygems/resolver/spec_specification.rb +1 -2
- data/lib/rubygems/resolver/specification.rb +10 -7
- data/lib/rubygems/resolver/stats.rb +1 -1
- data/lib/rubygems/resolver/vendor_set.rb +4 -5
- data/lib/rubygems/resolver/vendor_specification.rb +2 -3
- data/lib/rubygems/safe_yaml.rb +18 -10
- data/lib/rubygems/security.rb +21 -22
- data/lib/rubygems/security/policies.rb +1 -2
- data/lib/rubygems/security/policy.rb +25 -25
- data/lib/rubygems/security/signer.rb +72 -24
- data/lib/rubygems/security/trust_dir.rb +10 -10
- data/lib/rubygems/server.rb +21 -21
- data/lib/rubygems/source.rb +16 -25
- data/lib/rubygems/source/git.rb +9 -10
- data/lib/rubygems/source/installed.rb +3 -4
- data/lib/rubygems/source/local.rb +7 -7
- data/lib/rubygems/source/lock.rb +4 -4
- data/lib/rubygems/source/specific_file.rb +5 -5
- data/lib/rubygems/source/vendor.rb +2 -3
- data/lib/rubygems/source_list.rb +2 -2
- data/lib/rubygems/source_local.rb +0 -1
- data/lib/rubygems/spec_fetcher.rb +5 -6
- data/lib/rubygems/specification.rb +199 -536
- data/lib/rubygems/specification_policy.rb +407 -0
- data/lib/rubygems/ssl_certs/{rubygems.org → index.rubygems.org}/GlobalSignRootCA.pem +0 -0
- data/lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem +23 -0
- data/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem +25 -0
- data/lib/rubygems/stub_specification.rb +11 -15
- data/lib/rubygems/test_case.rb +141 -66
- data/lib/rubygems/test_utilities.rb +20 -35
- data/lib/rubygems/text.rb +6 -6
- data/lib/rubygems/uninstaller.rb +37 -26
- data/lib/rubygems/uri_formatter.rb +1 -2
- data/lib/rubygems/user_interaction.rb +38 -93
- data/lib/rubygems/util.rb +20 -14
- data/lib/rubygems/util/licenses.rb +27 -1
- data/lib/rubygems/util/list.rb +1 -1
- data/lib/rubygems/validator.rb +4 -5
- data/lib/rubygems/version.rb +15 -15
- data/lib/rubygems/version_option.rb +2 -3
- data/rubygems-update.gemspec +43 -0
- data/setup.rb +2 -8
- data/test/rubygems/rubygems_plugin.rb +0 -1
- data/test/rubygems/simple_gem.rb +1 -1
- data/test/rubygems/test_bundled_ca.rb +4 -7
- data/test/rubygems/test_config.rb +7 -2
- data/test/rubygems/test_gem.rb +161 -130
- data/test/rubygems/test_gem_command.rb +0 -1
- data/test/rubygems/test_gem_command_manager.rb +8 -3
- data/test/rubygems/test_gem_commands_build_command.rb +219 -15
- data/test/rubygems/test_gem_commands_cert_command.rb +69 -8
- data/test/rubygems/test_gem_commands_check_command.rb +1 -1
- data/test/rubygems/test_gem_commands_cleanup_command.rb +27 -1
- data/test/rubygems/test_gem_commands_contents_command.rb +1 -2
- data/test/rubygems/test_gem_commands_dependency_command.rb +33 -34
- data/test/rubygems/test_gem_commands_environment_command.rb +1 -0
- data/test/rubygems/test_gem_commands_fetch_command.rb +0 -1
- data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -1
- data/test/rubygems/test_gem_commands_help_command.rb +7 -4
- data/test/rubygems/test_gem_commands_info_command.rb +44 -0
- data/test/rubygems/test_gem_commands_install_command.rb +79 -12
- data/test/rubygems/test_gem_commands_lock_command.rb +0 -1
- data/test/rubygems/test_gem_commands_open_command.rb +29 -0
- data/test/rubygems/test_gem_commands_outdated_command.rb +0 -1
- data/test/rubygems/test_gem_commands_owner_command.rb +93 -57
- data/test/rubygems/test_gem_commands_pristine_command.rb +65 -30
- data/test/rubygems/test_gem_commands_push_command.rb +39 -0
- data/test/rubygems/test_gem_commands_query_command.rb +102 -100
- data/test/rubygems/test_gem_commands_search_command.rb +0 -1
- data/test/rubygems/test_gem_commands_server_command.rb +0 -1
- data/test/rubygems/test_gem_commands_setup_command.rb +39 -8
- data/test/rubygems/test_gem_commands_signin_command.rb +1 -1
- data/test/rubygems/test_gem_commands_sources_command.rb +0 -1
- data/test/rubygems/test_gem_commands_specification_command.rb +2 -3
- data/test/rubygems/test_gem_commands_stale_command.rb +3 -2
- data/test/rubygems/test_gem_commands_uninstall_command.rb +81 -7
- data/test/rubygems/test_gem_commands_unpack_command.rb +17 -1
- data/test/rubygems/test_gem_commands_update_command.rb +19 -2
- data/test/rubygems/test_gem_commands_which_command.rb +0 -1
- data/test/rubygems/test_gem_commands_yank_command.rb +0 -1
- data/test/rubygems/test_gem_config_file.rb +4 -2
- data/test/rubygems/test_gem_dependency.rb +0 -1
- data/test/rubygems/test_gem_dependency_installer.rb +8 -5
- data/test/rubygems/test_gem_dependency_list.rb +6 -7
- data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -1
- data/test/rubygems/test_gem_doctor.rb +1 -2
- data/test/rubygems/test_gem_ext_builder.rb +10 -23
- data/test/rubygems/test_gem_ext_cmake_builder.rb +5 -4
- data/test/rubygems/test_gem_ext_configure_builder.rb +3 -3
- data/test/rubygems/test_gem_ext_ext_conf_builder.rb +8 -9
- data/test/rubygems/test_gem_ext_rake_builder.rb +20 -5
- data/test/rubygems/test_gem_gem_runner.rb +0 -1
- data/test/rubygems/test_gem_gemcutter_utilities.rb +32 -6
- data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -1
- data/test/rubygems/test_gem_indexer.rb +1 -2
- data/test/rubygems/test_gem_install_update_options.rb +1 -20
- data/test/rubygems/test_gem_installer.rb +69 -203
- data/test/rubygems/test_gem_local_remote_options.rb +3 -3
- data/test/rubygems/test_gem_name_tuple.rb +0 -1
- data/test/rubygems/test_gem_package.rb +59 -50
- data/test/rubygems/test_gem_package_old.rb +0 -1
- data/test/rubygems/test_gem_package_tar_header.rb +1 -2
- data/test/rubygems/test_gem_package_tar_reader.rb +0 -1
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +11 -0
- data/test/rubygems/test_gem_package_tar_writer.rb +40 -7
- data/test/rubygems/test_gem_package_task.rb +2 -2
- data/test/rubygems/test_gem_path_support.rb +28 -11
- data/test/rubygems/test_gem_platform.rb +4 -5
- data/test/rubygems/test_gem_rdoc.rb +1 -2
- data/test/rubygems/test_gem_remote_fetcher.rb +111 -130
- data/test/rubygems/test_gem_request.rb +5 -5
- data/test/rubygems/test_gem_request_connection_pools.rb +24 -3
- data/test/rubygems/test_gem_request_set.rb +5 -5
- data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +2 -7
- data/test/rubygems/test_gem_request_set_lockfile.rb +1 -2
- data/test/rubygems/test_gem_request_set_lockfile_parser.rb +4 -9
- data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +1 -1
- data/test/rubygems/test_gem_requirement.rb +18 -4
- data/test/rubygems/test_gem_resolver.rb +13 -17
- data/test/rubygems/test_gem_resolver_activation_request.rb +0 -1
- data/test/rubygems/test_gem_resolver_api_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_api_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_best_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_composed_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_conflict.rb +0 -1
- data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -1
- data/test/rubygems/test_gem_resolver_git_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_git_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_index_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_index_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_installer_set.rb +2 -3
- data/test/rubygems/test_gem_resolver_local_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_lock_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -1
- data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -1
- data/test/rubygems/test_gem_resolver_specification.rb +1 -2
- data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -1
- data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -1
- data/test/rubygems/test_gem_security.rb +1 -3
- data/test/rubygems/test_gem_security_policy.rb +4 -5
- data/test/rubygems/test_gem_security_signer.rb +4 -3
- data/test/rubygems/test_gem_security_trust_dir.rb +1 -2
- data/test/rubygems/test_gem_server.rb +4 -4
- data/test/rubygems/test_gem_source.rb +0 -13
- data/test/rubygems/test_gem_source_fetch_problem.rb +0 -1
- data/test/rubygems/test_gem_source_git.rb +0 -1
- data/test/rubygems/test_gem_source_installed.rb +0 -1
- data/test/rubygems/test_gem_source_lock.rb +0 -1
- data/test/rubygems/test_gem_source_vendor.rb +0 -1
- data/test/rubygems/test_gem_spec_fetcher.rb +0 -1
- data/test/rubygems/test_gem_specification.rb +334 -198
- data/test/rubygems/test_gem_stream_ui.rb +13 -30
- data/test/rubygems/test_gem_stub_specification.rb +0 -2
- data/test/rubygems/test_gem_text.rb +4 -5
- data/test/rubygems/test_gem_uninstaller.rb +21 -1
- data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -1
- data/test/rubygems/test_gem_uri_formatter.rb +0 -1
- data/test/rubygems/test_gem_util.rb +6 -11
- data/test/rubygems/test_gem_validator.rb +0 -1
- data/test/rubygems/test_gem_version.rb +11 -11
- data/test/rubygems/test_gem_version_option.rb +0 -1
- data/test/rubygems/test_remote_fetch_error.rb +0 -1
- data/test/rubygems/test_require.rb +67 -52
- data/util/CL2notes +1 -2
- data/util/ci +15 -12
- data/util/create_certs.rb +6 -7
- data/util/create_encrypted_key.rb +0 -1
- data/util/patch_with_prs.rb +1 -1
- data/util/rubocop +8 -0
- data/util/update_bundled_ca_certificates.rb +15 -14
- data/util/update_changelog.rb +1 -1
- metadata +67 -59
- data/.autotest +0 -71
- data/.document +0 -5
- data/CONTRIBUTING.rdoc +0 -130
- data/CVE-2013-4287.txt +0 -35
- data/CVE-2013-4363.txt +0 -45
- data/CVE-2015-3900.txt +0 -40
- data/POLICIES.rdoc +0 -74
- data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem +0 -21
- data/test/rubygems/fix_openssl_warnings.rb +0 -13
data/lib/rubygems/mock_gem_ui.rb
CHANGED
@@ -12,7 +12,7 @@ class Gem::MockGemUi < Gem::StreamUI
|
|
12
12
|
|
13
13
|
class InputEOFError < RuntimeError
|
14
14
|
|
15
|
-
def initialize
|
15
|
+
def initialize(question)
|
16
16
|
super "Out of input for MockGemUi on #{question.inspect}"
|
17
17
|
end
|
18
18
|
|
@@ -21,7 +21,7 @@ class Gem::MockGemUi < Gem::StreamUI
|
|
21
21
|
class TermError < RuntimeError
|
22
22
|
attr_reader :exit_code
|
23
23
|
|
24
|
-
def initialize
|
24
|
+
def initialize(exit_code)
|
25
25
|
super
|
26
26
|
@exit_code = exit_code
|
27
27
|
end
|
@@ -56,7 +56,7 @@ class Gem::MockGemUi < Gem::StreamUI
|
|
56
56
|
@terminated = false
|
57
57
|
end
|
58
58
|
|
59
|
-
def ask
|
59
|
+
def ask(question)
|
60
60
|
raise InputEOFError, question if @ins.eof?
|
61
61
|
|
62
62
|
super
|
@@ -86,4 +86,3 @@ class Gem::MockGemUi < Gem::StreamUI
|
|
86
86
|
end
|
87
87
|
|
88
88
|
end
|
89
|
-
|
data/lib/rubygems/name_tuple.rb
CHANGED
@@ -24,7 +24,7 @@ class Gem::NameTuple
|
|
24
24
|
# Turn an array of [name, version, platform] into an array of
|
25
25
|
# NameTuple objects.
|
26
26
|
|
27
|
-
def self.from_list
|
27
|
+
def self.from_list(list)
|
28
28
|
list.map { |t| new(*t) }
|
29
29
|
end
|
30
30
|
|
@@ -32,7 +32,7 @@ class Gem::NameTuple
|
|
32
32
|
# Turn an array of NameTuple objects back into an array of
|
33
33
|
# [name, version, platform] tuples.
|
34
34
|
|
35
|
-
def self.to_basic
|
35
|
+
def self.to_basic(list)
|
36
36
|
list.map { |t| t.to_a }
|
37
37
|
end
|
38
38
|
|
@@ -90,7 +90,7 @@ class Gem::NameTuple
|
|
90
90
|
|
91
91
|
alias to_s inspect # :nodoc:
|
92
92
|
|
93
|
-
def <=>
|
93
|
+
def <=>(other)
|
94
94
|
[@name, @version, @platform == Gem::Platform::RUBY ? -1 : 1] <=>
|
95
95
|
[other.name, other.version,
|
96
96
|
other.platform == Gem::Platform::RUBY ? -1 : 1]
|
@@ -102,7 +102,7 @@ class Gem::NameTuple
|
|
102
102
|
# Compare with +other+. Supports another NameTuple or an Array
|
103
103
|
# in the [name, version, platform] format.
|
104
104
|
|
105
|
-
def ==
|
105
|
+
def ==(other)
|
106
106
|
case other
|
107
107
|
when self.class
|
108
108
|
@name == other.name and
|
data/lib/rubygems/package.rb
CHANGED
@@ -55,7 +55,7 @@ class Gem::Package
|
|
55
55
|
class FormatError < Error
|
56
56
|
attr_reader :path
|
57
57
|
|
58
|
-
def initialize
|
58
|
+
def initialize(message, source = nil)
|
59
59
|
if source
|
60
60
|
@path = source.path
|
61
61
|
|
@@ -68,7 +68,7 @@ class Gem::Package
|
|
68
68
|
end
|
69
69
|
|
70
70
|
class PathError < Error
|
71
|
-
def initialize
|
71
|
+
def initialize(destination, destination_dir)
|
72
72
|
super "installing into parent path %s of %s is not allowed" %
|
73
73
|
[destination, destination_dir]
|
74
74
|
end
|
@@ -107,12 +107,24 @@ class Gem::Package
|
|
107
107
|
|
108
108
|
attr_writer :spec
|
109
109
|
|
110
|
-
|
111
|
-
|
110
|
+
##
|
111
|
+
# Permission for directories
|
112
|
+
attr_accessor :dir_mode
|
113
|
+
|
114
|
+
##
|
115
|
+
# Permission for program files
|
116
|
+
attr_accessor :prog_mode
|
117
|
+
|
118
|
+
##
|
119
|
+
# Permission for other files
|
120
|
+
attr_accessor :data_mode
|
121
|
+
|
122
|
+
def self.build(spec, skip_validation = false, strict_validation = false, file_name = nil)
|
123
|
+
gem_file = file_name || spec.file_name
|
112
124
|
|
113
125
|
package = new gem_file
|
114
126
|
package.spec = spec
|
115
|
-
package.build skip_validation
|
127
|
+
package.build skip_validation, strict_validation
|
116
128
|
|
117
129
|
gem_file
|
118
130
|
end
|
@@ -124,7 +136,7 @@ class Gem::Package
|
|
124
136
|
# If +gem+ is an existing file in the old format a Gem::Package::Old will be
|
125
137
|
# returned.
|
126
138
|
|
127
|
-
def self.new
|
139
|
+
def self.new(gem, security_policy = nil)
|
128
140
|
gem = if gem.is_a?(Gem::Package::Source)
|
129
141
|
gem
|
130
142
|
elsif gem.respond_to? :read
|
@@ -145,10 +157,10 @@ class Gem::Package
|
|
145
157
|
##
|
146
158
|
# Creates a new package that will read or write to the file +gem+.
|
147
159
|
|
148
|
-
def initialize
|
160
|
+
def initialize(gem, security_policy) # :notnew:
|
149
161
|
@gem = gem
|
150
162
|
|
151
|
-
@build_time = Time.now
|
163
|
+
@build_time = ENV["SOURCE_DATE_EPOCH"] ? Time.at(ENV["SOURCE_DATE_EPOCH"].to_i).utc : Time.now
|
152
164
|
@checksums = {}
|
153
165
|
@contents = nil
|
154
166
|
@digests = Hash.new { |h, algorithm| h[algorithm] = {} }
|
@@ -162,14 +174,14 @@ class Gem::Package
|
|
162
174
|
##
|
163
175
|
# Copies this package to +path+ (if possible)
|
164
176
|
|
165
|
-
def copy_to
|
177
|
+
def copy_to(path)
|
166
178
|
FileUtils.cp @gem.path, path unless File.exist? path
|
167
179
|
end
|
168
180
|
|
169
181
|
##
|
170
182
|
# Adds a checksum for each entry in the gem to checksums.yaml.gz.
|
171
183
|
|
172
|
-
def add_checksums
|
184
|
+
def add_checksums(tar)
|
173
185
|
Gem.load_yaml
|
174
186
|
|
175
187
|
checksums_by_algorithm = Hash.new { |h, algorithm| h[algorithm] = {} }
|
@@ -191,7 +203,7 @@ class Gem::Package
|
|
191
203
|
# Adds the files listed in the packages's Gem::Specification to data.tar.gz
|
192
204
|
# and adds this file to the +tar+.
|
193
205
|
|
194
|
-
def add_contents
|
206
|
+
def add_contents(tar) # :nodoc:
|
195
207
|
digests = tar.add_file_signed 'data.tar.gz', 0444, @signer do |io|
|
196
208
|
gzip_to io do |gz_io|
|
197
209
|
Gem::Package::TarWriter.new gz_io do |data_tar|
|
@@ -206,13 +218,18 @@ class Gem::Package
|
|
206
218
|
##
|
207
219
|
# Adds files included the package's Gem::Specification to the +tar+ file
|
208
220
|
|
209
|
-
def add_files
|
221
|
+
def add_files(tar) # :nodoc:
|
210
222
|
@spec.files.each do |file|
|
211
223
|
stat = File.lstat file
|
212
224
|
|
213
225
|
if stat.symlink?
|
214
|
-
|
215
|
-
|
226
|
+
target_path = File.readlink(file)
|
227
|
+
|
228
|
+
unless target_path.start_with? '.'
|
229
|
+
relative_dir = File.dirname(file).sub("#{Dir.pwd}/", '')
|
230
|
+
target_path = File.join(relative_dir, target_path)
|
231
|
+
end
|
232
|
+
|
216
233
|
tar.add_symlink file, target_path, stat.mode
|
217
234
|
end
|
218
235
|
|
@@ -229,7 +246,7 @@ class Gem::Package
|
|
229
246
|
##
|
230
247
|
# Adds the package's Gem::Specification to the +tar+ file
|
231
248
|
|
232
|
-
def add_metadata
|
249
|
+
def add_metadata(tar) # :nodoc:
|
233
250
|
digests = tar.add_file_signed 'metadata.gz', 0444, @signer do |io|
|
234
251
|
gzip_to io do |gz_io|
|
235
252
|
gz_io.write @spec.to_yaml
|
@@ -242,14 +259,20 @@ class Gem::Package
|
|
242
259
|
##
|
243
260
|
# Builds this package based on the specification set by #spec=
|
244
261
|
|
245
|
-
def build
|
262
|
+
def build(skip_validation = false, strict_validation = false)
|
263
|
+
raise ArgumentError, "skip_validation = true and strict_validation = true are incompatible" if skip_validation && strict_validation
|
264
|
+
|
246
265
|
Gem.load_yaml
|
247
266
|
require 'rubygems/security'
|
248
267
|
|
249
268
|
@spec.mark_version
|
250
|
-
@spec.validate unless skip_validation
|
269
|
+
@spec.validate true, strict_validation unless skip_validation
|
251
270
|
|
252
|
-
setup_signer
|
271
|
+
setup_signer(
|
272
|
+
signer_options: {
|
273
|
+
expiration_length_days: Gem.configuration.cert_expiration_length_days
|
274
|
+
}
|
275
|
+
)
|
253
276
|
|
254
277
|
@gem.with_write_io do |gem_io|
|
255
278
|
Gem::Package::TarWriter.new gem_io do |gem|
|
@@ -263,7 +286,7 @@ class Gem::Package
|
|
263
286
|
Successfully built RubyGem
|
264
287
|
Name: #{@spec.name}
|
265
288
|
Version: #{@spec.version}
|
266
|
-
File: #{File.basename @
|
289
|
+
File: #{File.basename @gem.path}
|
267
290
|
EOM
|
268
291
|
ensure
|
269
292
|
@signer = nil
|
@@ -300,8 +323,8 @@ EOM
|
|
300
323
|
# Creates a digest of the TarEntry +entry+ from the digest algorithm set by
|
301
324
|
# the security policy.
|
302
325
|
|
303
|
-
def digest
|
304
|
-
algorithms = if @checksums
|
326
|
+
def digest(entry) # :nodoc:
|
327
|
+
algorithms = if @checksums
|
305
328
|
@checksums.keys
|
306
329
|
else
|
307
330
|
[Gem::Security::DIGEST_NAME].compact
|
@@ -309,7 +332,7 @@ EOM
|
|
309
332
|
|
310
333
|
algorithms.each do |algorithm|
|
311
334
|
digester =
|
312
|
-
if defined?(OpenSSL::Digest)
|
335
|
+
if defined?(OpenSSL::Digest)
|
313
336
|
OpenSSL::Digest.new algorithm
|
314
337
|
else
|
315
338
|
Digest.const_get(algorithm).new
|
@@ -331,10 +354,10 @@ EOM
|
|
331
354
|
# If +pattern+ is specified, only entries matching that glob will be
|
332
355
|
# extracted.
|
333
356
|
|
334
|
-
def extract_files
|
357
|
+
def extract_files(destination_dir, pattern = "*")
|
335
358
|
verify unless @spec
|
336
359
|
|
337
|
-
FileUtils.mkdir_p destination_dir
|
360
|
+
FileUtils.mkdir_p destination_dir, :mode => dir_mode && 0700
|
338
361
|
|
339
362
|
@gem.with_read_io do |io|
|
340
363
|
reader = Gem::Package::TarReader.new io
|
@@ -360,7 +383,8 @@ EOM
|
|
360
383
|
# If +pattern+ is specified, only entries matching that glob will be
|
361
384
|
# extracted.
|
362
385
|
|
363
|
-
def extract_tar_gz
|
386
|
+
def extract_tar_gz(io, destination_dir, pattern = "*") # :nodoc:
|
387
|
+
directories = [] if dir_mode
|
364
388
|
open_tar_gz io do |tar|
|
365
389
|
tar.each do |entry|
|
366
390
|
next unless File.fnmatch pattern, entry.full_name, File::FNM_DOTMATCH
|
@@ -370,19 +394,20 @@ EOM
|
|
370
394
|
FileUtils.rm_rf destination
|
371
395
|
|
372
396
|
mkdir_options = {}
|
373
|
-
mkdir_options[:mode] = entry.header.mode if entry.directory?
|
397
|
+
mkdir_options[:mode] = dir_mode ? 0700 : (entry.header.mode if entry.directory?)
|
374
398
|
mkdir =
|
375
|
-
if entry.directory?
|
399
|
+
if entry.directory?
|
376
400
|
destination
|
377
401
|
else
|
378
402
|
File.dirname destination
|
379
403
|
end
|
404
|
+
directories << mkdir if directories
|
380
405
|
|
381
406
|
mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name
|
382
407
|
|
383
408
|
File.open destination, 'wb' do |out|
|
384
409
|
out.write entry.read
|
385
|
-
FileUtils.chmod entry.header.mode, destination
|
410
|
+
FileUtils.chmod file_mode(entry.header.mode), destination
|
386
411
|
end if entry.file?
|
387
412
|
|
388
413
|
File.symlink(entry.header.linkname, destination) if entry.symlink?
|
@@ -390,6 +415,15 @@ EOM
|
|
390
415
|
verbose destination
|
391
416
|
end
|
392
417
|
end
|
418
|
+
|
419
|
+
if directories
|
420
|
+
directories.uniq!
|
421
|
+
File.chmod(dir_mode, *directories)
|
422
|
+
end
|
423
|
+
end
|
424
|
+
|
425
|
+
def file_mode(mode) # :nodoc:
|
426
|
+
((mode & 0111).zero? ? data_mode : prog_mode) || mode
|
393
427
|
end
|
394
428
|
|
395
429
|
##
|
@@ -398,7 +432,7 @@ EOM
|
|
398
432
|
# Also sets the gzip modification time to the package build time to ease
|
399
433
|
# testing.
|
400
434
|
|
401
|
-
def gzip_to
|
435
|
+
def gzip_to(io) # :yields: gz_io
|
402
436
|
gz_io = Zlib::GzipWriter.new io, Zlib::BEST_COMPRESSION
|
403
437
|
gz_io.mtime = @build_time
|
404
438
|
|
@@ -412,29 +446,16 @@ EOM
|
|
412
446
|
#
|
413
447
|
# If +filename+ is not inside +destination_dir+ an exception is raised.
|
414
448
|
|
415
|
-
def install_location
|
449
|
+
def install_location(filename, destination_dir) # :nodoc:
|
416
450
|
raise Gem::Package::PathError.new(filename, destination_dir) if
|
417
451
|
filename.start_with? '/'
|
418
452
|
|
419
|
-
destination_dir = realpath
|
420
|
-
|
421
|
-
|
422
|
-
destination = File.join destination_dir, filename
|
423
|
-
destination = File.expand_path destination
|
453
|
+
destination_dir = File.expand_path(File.realpath(destination_dir))
|
454
|
+
destination = File.expand_path(File.join(destination_dir, filename))
|
424
455
|
|
425
456
|
raise Gem::Package::PathError.new(destination, destination_dir) unless
|
426
457
|
destination.start_with? destination_dir + '/'
|
427
458
|
|
428
|
-
begin
|
429
|
-
real_destination = File.expand_path(File.realpath(destination))
|
430
|
-
rescue
|
431
|
-
# it's fine if the destination doesn't exist, because rm -rf'ing it can't cause any damage
|
432
|
-
nil
|
433
|
-
else
|
434
|
-
raise Gem::Package::PathError.new(real_destination, destination_dir) unless
|
435
|
-
real_destination.start_with? destination_dir + '/'
|
436
|
-
end
|
437
|
-
|
438
459
|
destination.untaint
|
439
460
|
destination
|
440
461
|
end
|
@@ -447,11 +468,11 @@ EOM
|
|
447
468
|
end
|
448
469
|
end
|
449
470
|
|
450
|
-
def mkdir_p_safe
|
451
|
-
destination_dir = realpath
|
471
|
+
def mkdir_p_safe(mkdir, mkdir_options, destination_dir, file_name)
|
472
|
+
destination_dir = File.realpath(File.expand_path(destination_dir))
|
452
473
|
parts = mkdir.split(File::SEPARATOR)
|
453
474
|
parts.reduce do |path, basename|
|
454
|
-
path = realpath
|
475
|
+
path = File.realpath(path) unless path == ""
|
455
476
|
path = File.expand_path(path + File::SEPARATOR + basename)
|
456
477
|
lstat = File.lstat path rescue nil
|
457
478
|
if !lstat || !lstat.directory?
|
@@ -466,15 +487,14 @@ EOM
|
|
466
487
|
##
|
467
488
|
# Loads a Gem::Specification from the TarEntry +entry+
|
468
489
|
|
469
|
-
def load_spec
|
490
|
+
def load_spec(entry) # :nodoc:
|
470
491
|
case entry.full_name
|
471
492
|
when 'metadata' then
|
472
493
|
@spec = Gem::Specification.from_yaml entry.read
|
473
494
|
when 'metadata.gz' then
|
474
495
|
args = [entry]
|
475
496
|
args << { :external_encoding => Encoding::UTF_8 } if
|
476
|
-
|
477
|
-
Zlib::GzipReader.method(:wrap).arity != 1
|
497
|
+
Zlib::GzipReader.method(:wrap).arity != 1
|
478
498
|
|
479
499
|
Zlib::GzipReader.wrap(*args) do |gzio|
|
480
500
|
@spec = Gem::Specification.from_yaml gzio.read
|
@@ -485,7 +505,7 @@ EOM
|
|
485
505
|
##
|
486
506
|
# Opens +io+ as a gzipped tar archive
|
487
507
|
|
488
|
-
def open_tar_gz
|
508
|
+
def open_tar_gz(io) # :nodoc:
|
489
509
|
Zlib::GzipReader.wrap io do |gzio|
|
490
510
|
tar = Gem::Package::TarReader.new gzio
|
491
511
|
|
@@ -496,7 +516,7 @@ EOM
|
|
496
516
|
##
|
497
517
|
# Reads and loads checksums.yaml.gz from the tar file +gem+
|
498
518
|
|
499
|
-
def read_checksums
|
519
|
+
def read_checksums(gem)
|
500
520
|
Gem.load_yaml
|
501
521
|
|
502
522
|
@checksums = gem.seek 'checksums.yaml.gz' do |entry|
|
@@ -510,10 +530,17 @@ EOM
|
|
510
530
|
# Prepares the gem for signing and checksum generation. If a signing
|
511
531
|
# certificate and key are not present only checksum generation is set up.
|
512
532
|
|
513
|
-
def setup_signer
|
533
|
+
def setup_signer(signer_options: {})
|
514
534
|
passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
|
515
|
-
if @spec.signing_key
|
516
|
-
@signer =
|
535
|
+
if @spec.signing_key
|
536
|
+
@signer =
|
537
|
+
Gem::Security::Signer.new(
|
538
|
+
@spec.signing_key,
|
539
|
+
@spec.cert_chain,
|
540
|
+
passphrase,
|
541
|
+
signer_options
|
542
|
+
)
|
543
|
+
|
517
544
|
@spec.signing_key = nil
|
518
545
|
@spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
|
519
546
|
else
|
@@ -578,14 +605,14 @@ EOM
|
|
578
605
|
# Verifies the +checksums+ against the +digests+. This check is not
|
579
606
|
# cryptographically secure. Missing checksums are ignored.
|
580
607
|
|
581
|
-
def verify_checksums
|
608
|
+
def verify_checksums(digests, checksums) # :nodoc:
|
582
609
|
return unless checksums
|
583
610
|
|
584
611
|
checksums.sort.each do |algorithm, gem_digests|
|
585
612
|
gem_digests.sort.each do |file_name, gem_hexdigest|
|
586
613
|
computed_digest = digests[algorithm][file_name]
|
587
614
|
|
588
|
-
unless computed_digest.hexdigest == gem_hexdigest
|
615
|
+
unless computed_digest.hexdigest == gem_hexdigest
|
589
616
|
raise Gem::Package::FormatError.new \
|
590
617
|
"#{algorithm} checksum mismatch for #{file_name}", @gem
|
591
618
|
end
|
@@ -596,7 +623,7 @@ EOM
|
|
596
623
|
##
|
597
624
|
# Verifies +entry+ in a .gem file.
|
598
625
|
|
599
|
-
def verify_entry
|
626
|
+
def verify_entry(entry)
|
600
627
|
file_name = entry.full_name
|
601
628
|
@files << file_name
|
602
629
|
|
@@ -623,16 +650,16 @@ EOM
|
|
623
650
|
##
|
624
651
|
# Verifies the files of the +gem+
|
625
652
|
|
626
|
-
def verify_files
|
653
|
+
def verify_files(gem)
|
627
654
|
gem.each do |entry|
|
628
655
|
verify_entry entry
|
629
656
|
end
|
630
657
|
|
631
|
-
unless @spec
|
658
|
+
unless @spec
|
632
659
|
raise Gem::Package::FormatError.new 'package metadata is missing', @gem
|
633
660
|
end
|
634
661
|
|
635
|
-
unless @files.include? 'data.tar.gz'
|
662
|
+
unless @files.include? 'data.tar.gz'
|
636
663
|
raise Gem::Package::FormatError.new \
|
637
664
|
'package content (data.tar.gz) is missing', @gem
|
638
665
|
end
|
@@ -645,7 +672,7 @@ EOM
|
|
645
672
|
##
|
646
673
|
# Verifies that +entry+ is a valid gzipped file.
|
647
674
|
|
648
|
-
def verify_gz
|
675
|
+
def verify_gz(entry) # :nodoc:
|
649
676
|
Zlib::GzipReader.wrap entry do |gzio|
|
650
677
|
gzio.read 16384 until gzio.eof? # gzip checksum verification
|
651
678
|
end
|
@@ -653,16 +680,6 @@ EOM
|
|
653
680
|
raise Gem::Package::FormatError.new(e.message, entry.full_name)
|
654
681
|
end
|
655
682
|
|
656
|
-
if File.respond_to? :realpath
|
657
|
-
def realpath file
|
658
|
-
File.realpath file
|
659
|
-
end
|
660
|
-
else
|
661
|
-
def realpath file
|
662
|
-
file
|
663
|
-
end
|
664
|
-
end
|
665
|
-
|
666
683
|
end
|
667
684
|
|
668
685
|
require 'rubygems/package/digest_io'
|