RubyGems - rubygems-update - Versions diffs - 2.7.11 → 3.0.9 - Mend

rubygems-update 2.7.11 → 3.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (359) hide show

checksums.yaml +4 -4
data/.rubocop.yml +67 -0
data/.travis.yml +24 -18
data/CODE_OF_CONDUCT.md +10 -8
data/CONTRIBUTING.md +148 -0
data/History.txt +458 -8
data/MAINTAINERS.txt +1 -0
data/Manifest.txt +16 -9
data/POLICIES.md +92 -0
data/README.md +53 -26
data/Rakefile +77 -211
data/{UPGRADING.rdoc → UPGRADING.md} +31 -32
data/appveyor.yml +20 -45
data/bin/gem +1 -2
data/bin/update_rubygems +2 -3
data/bundler/CHANGELOG.md +65 -0
data/bundler/bundler.gemspec +7 -1
data/bundler/lib/bundler/build_metadata.rb +1 -1
data/bundler/lib/bundler/cli/add.rb +15 -5
data/bundler/lib/bundler/cli/binstubs.rb +8 -2
data/bundler/lib/bundler/cli/doctor.rb +47 -1
data/bundler/lib/bundler/cli/install.rb +8 -5
data/bundler/lib/bundler/cli/list.rb +41 -5
data/bundler/lib/bundler/cli/outdated.rb +7 -1
data/bundler/lib/bundler/cli/pristine.rb +4 -0
data/bundler/lib/bundler/cli/remove.rb +18 -0
data/bundler/lib/bundler/cli.rb +63 -21
data/bundler/lib/bundler/definition.rb +15 -16
data/bundler/lib/bundler/dependency.rb +2 -2
data/bundler/lib/bundler/dsl.rb +19 -3
data/bundler/lib/bundler/feature_flag.rb +7 -0
data/bundler/lib/bundler/gem_version_promoter.rb +4 -2
data/bundler/lib/bundler/injector.rb +168 -9
data/bundler/lib/bundler/installer/parallel_installer.rb +5 -0
data/bundler/lib/bundler/installer.rb +29 -6
data/bundler/lib/bundler/plugin/events.rb +61 -0
data/bundler/lib/bundler/plugin.rb +10 -3
data/bundler/lib/bundler/resolver.rb +2 -2
data/bundler/lib/bundler/rubygems_gem_installer.rb +7 -0
data/bundler/lib/bundler/runtime.rb +8 -2
data/bundler/lib/bundler/settings/validator.rb +23 -0
data/bundler/lib/bundler/settings.rb +24 -3
data/bundler/lib/bundler/shared_helpers.rb +19 -3
data/bundler/lib/bundler/source/metadata.rb +2 -3
data/bundler/lib/bundler/source.rb +9 -9
data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +1 -0
data/bundler/lib/bundler/version.rb +1 -1
data/bundler/lib/bundler.rb +26 -8
data/bundler/man/bundle-add.ronn +13 -2
data/bundler/man/bundle-config.ronn +21 -0
data/bundler/man/bundle-install.ronn +1 -1
data/bundler/man/bundle-list.ronn +19 -1
data/bundler/man/bundle-outdated.ronn +4 -0
data/bundler/man/bundle-remove.ronn +23 -0
data/bundler/man/bundle-update.ronn +1 -1
data/bundler/man/bundle.ronn +3 -0
data/lib/rubygems/available_set.rb +1 -1
data/lib/rubygems/basic_specification.rb +12 -12
data/lib/rubygems/bundler_version_finder.rb +3 -3
data/lib/rubygems/command.rb +22 -15
data/lib/rubygems/command_manager.rb +22 -5
data/lib/rubygems/commands/build_command.rb +41 -7
data/lib/rubygems/commands/cert_command.rb +45 -24
data/lib/rubygems/commands/check_command.rb +1 -1
data/lib/rubygems/commands/cleanup_command.rb +14 -7
data/lib/rubygems/commands/contents_command.rb +14 -15
data/lib/rubygems/commands/dependency_command.rb +17 -17
data/lib/rubygems/commands/environment_command.rb +20 -1
data/lib/rubygems/commands/fetch_command.rb +2 -3
data/lib/rubygems/commands/generate_index_command.rb +2 -3
data/lib/rubygems/commands/help_command.rb +12 -13
data/lib/rubygems/commands/info_command.rb +33 -0
data/lib/rubygems/commands/install_command.rb +21 -17
data/lib/rubygems/commands/list_command.rb +0 -1
data/lib/rubygems/commands/lock_command.rb +3 -4
data/lib/rubygems/commands/open_command.rb +16 -10
data/lib/rubygems/commands/owner_command.rb +21 -7
data/lib/rubygems/commands/pristine_command.rb +23 -16
data/lib/rubygems/commands/push_command.rb +19 -8
data/lib/rubygems/commands/query_command.rb +24 -24
data/lib/rubygems/commands/rdoc_command.rb +3 -4
data/lib/rubygems/commands/search_command.rb +0 -1
data/lib/rubygems/commands/server_command.rb +1 -2
data/lib/rubygems/commands/setup_command.rb +86 -48
data/lib/rubygems/commands/signin_command.rb +2 -1
data/lib/rubygems/commands/signout_command.rb +2 -2
data/lib/rubygems/commands/sources_command.rb +11 -12
data/lib/rubygems/commands/specification_command.rb +7 -7
data/lib/rubygems/commands/uninstall_command.rb +50 -18
data/lib/rubygems/commands/unpack_command.rb +16 -7
data/lib/rubygems/commands/update_command.rb +28 -23
data/lib/rubygems/commands/which_command.rb +5 -8
data/lib/rubygems/commands/yank_command.rb +1 -2
data/lib/rubygems/compatibility.rb +1 -21
data/lib/rubygems/config_file.rb +36 -36
data/lib/rubygems/core_ext/kernel_require.rb +6 -6
data/lib/rubygems/core_ext/kernel_warn.rb +45 -0
data/lib/rubygems/defaults.rb +31 -19
data/lib/rubygems/dependency.rb +15 -15
data/lib/rubygems/dependency_installer.rb +30 -33
data/lib/rubygems/dependency_list.rb +9 -10
data/lib/rubygems/deprecate.rb +2 -3
data/lib/rubygems/doctor.rb +5 -6
data/lib/rubygems/errors.rb +3 -3
data/lib/rubygems/exceptions.rb +11 -8
data/lib/rubygems/ext/build_error.rb +0 -1
data/lib/rubygems/ext/builder.rb +50 -23
data/lib/rubygems/ext/cmake_builder.rb +2 -2
data/lib/rubygems/ext/configure_builder.rb +2 -3
data/lib/rubygems/ext/ext_conf_builder.rb +8 -7
data/lib/rubygems/ext/rake_builder.rb +16 -18
data/lib/rubygems/ext.rb +0 -1
data/lib/rubygems/gem_runner.rb +2 -2
data/lib/rubygems/gemcutter_utilities.rb +46 -12
data/lib/rubygems/indexer.rb +19 -12
data/lib/rubygems/install_default_message.rb +0 -1
data/lib/rubygems/install_message.rb +0 -1
data/lib/rubygems/install_update_options.rb +3 -29
data/lib/rubygems/installer.rb +97 -55
data/lib/rubygems/installer_test_case.rb +2 -16
data/lib/rubygems/local_remote_options.rb +5 -4
data/lib/rubygems/mock_gem_ui.rb +3 -4
data/lib/rubygems/name_tuple.rb +4 -4
data/lib/rubygems/package/digest_io.rb +3 -4
data/lib/rubygems/package/file_source.rb +3 -4
data/lib/rubygems/package/io_source.rb +1 -2
data/lib/rubygems/package/old.rb +8 -16
data/lib/rubygems/package/source.rb +0 -1
data/lib/rubygems/package/tar_header.rb +13 -4
data/lib/rubygems/package/tar_reader/entry.rb +20 -4
data/lib/rubygems/package/tar_reader.rb +2 -4
data/lib/rubygems/package/tar_test_case.rb +2 -8
data/lib/rubygems/package/tar_writer.rb +13 -15
data/lib/rubygems/package.rb +90 -63
data/lib/rubygems/package_task.rb +0 -1
data/lib/rubygems/path_support.rb +16 -6
data/lib/rubygems/platform.rb +4 -5
data/lib/rubygems/psych_tree.rb +1 -1
data/lib/rubygems/rdoc.rb +2 -313
data/lib/rubygems/remote_fetcher.rb +29 -82
data/lib/rubygems/request/connection_pools.rb +24 -13
data/lib/rubygems/request/http_pool.rb +3 -4
data/lib/rubygems/request/https_pool.rb +1 -3
data/lib/rubygems/request.rb +17 -16
data/lib/rubygems/request_set/gem_dependency_api.rb +46 -49
data/lib/rubygems/request_set/lockfile/parser.rb +18 -29
data/lib/rubygems/request_set/lockfile/tokenizer.rb +9 -9
data/lib/rubygems/request_set/lockfile.rb +12 -12
data/lib/rubygems/request_set.rb +52 -25
data/lib/rubygems/requirement.rb +32 -21
data/lib/rubygems/resolver/activation_request.rb +6 -6
data/lib/rubygems/resolver/api_set.rb +5 -6
data/lib/rubygems/resolver/api_specification.rb +2 -3
data/lib/rubygems/resolver/best_set.rb +5 -6
data/lib/rubygems/resolver/composed_set.rb +5 -6
data/lib/rubygems/resolver/conflict.rb +5 -5
data/lib/rubygems/resolver/current_set.rb +1 -2
data/lib/rubygems/resolver/dependency_request.rb +4 -4
data/lib/rubygems/resolver/git_set.rb +5 -6
data/lib/rubygems/resolver/git_specification.rb +4 -5
data/lib/rubygems/resolver/index_set.rb +5 -6
data/lib/rubygems/resolver/index_specification.rb +3 -4
data/lib/rubygems/resolver/installed_specification.rb +3 -4
data/lib/rubygems/resolver/installer_set.rb +12 -12
data/lib/rubygems/resolver/local_specification.rb +1 -2
data/lib/rubygems/resolver/lock_set.rb +5 -6
data/lib/rubygems/resolver/lock_specification.rb +7 -8
data/lib/rubygems/resolver/requirement_list.rb +1 -1
data/lib/rubygems/resolver/set.rb +2 -2
data/lib/rubygems/resolver/source_set.rb +4 -5
data/lib/rubygems/resolver/spec_specification.rb +1 -2
data/lib/rubygems/resolver/specification.rb +10 -7
data/lib/rubygems/resolver/stats.rb +1 -1
data/lib/rubygems/resolver/vendor_set.rb +4 -5
data/lib/rubygems/resolver/vendor_specification.rb +2 -3
data/lib/rubygems/resolver.rb +14 -16
data/lib/rubygems/s3_uri_signer.rb +183 -0
data/lib/rubygems/safe_yaml.rb +18 -10
data/lib/rubygems/security/policies.rb +1 -2
data/lib/rubygems/security/policy.rb +25 -25
data/lib/rubygems/security/signer.rb +72 -24
data/lib/rubygems/security/trust_dir.rb +10 -10
data/lib/rubygems/security.rb +21 -22
data/lib/rubygems/security_option.rb +0 -1
data/lib/rubygems/server.rb +21 -21
data/lib/rubygems/source/git.rb +9 -10
data/lib/rubygems/source/installed.rb +3 -4
data/lib/rubygems/source/local.rb +7 -7
data/lib/rubygems/source/lock.rb +4 -4
data/lib/rubygems/source/specific_file.rb +5 -5
data/lib/rubygems/source/vendor.rb +2 -3
data/lib/rubygems/source.rb +16 -25
data/lib/rubygems/source_list.rb +2 -2
data/lib/rubygems/source_local.rb +0 -1
data/lib/rubygems/spec_fetcher.rb +5 -6
data/lib/rubygems/specification.rb +219 -558
data/lib/rubygems/specification_policy.rb +407 -0
data/lib/rubygems/stub_specification.rb +12 -17
data/lib/rubygems/test_case.rb +161 -75
data/lib/rubygems/test_utilities.rb +20 -35
data/lib/rubygems/text.rb +6 -6
data/lib/rubygems/uninstaller.rb +38 -27
data/lib/rubygems/uri_formatter.rb +1 -2
data/lib/rubygems/user_interaction.rb +37 -89
data/lib/rubygems/util/licenses.rb +27 -1
data/lib/rubygems/util/list.rb +1 -1
data/lib/rubygems/util.rb +32 -14
data/lib/rubygems/validator.rb +4 -5
data/lib/rubygems/version.rb +15 -15
data/lib/rubygems/version_option.rb +2 -3
data/lib/rubygems.rb +71 -102
data/rubygems-update.gemspec +43 -0
data/setup.rb +2 -8
data/test/rubygems/ca_cert.pem +74 -65
data/test/rubygems/client.pem +103 -45
data/test/rubygems/rubygems_plugin.rb +0 -1
data/test/rubygems/simple_gem.rb +1 -1
data/test/rubygems/ssl_cert.pem +78 -17
data/test/rubygems/ssl_key.pem +25 -13
data/test/rubygems/test_bundled_ca.rb +1 -1
data/test/rubygems/test_config.rb +7 -2
data/test/rubygems/test_gem.rb +205 -132
data/test/rubygems/test_gem_bundler_version_finder.rb +4 -0
data/test/rubygems/test_gem_command.rb +0 -1
data/test/rubygems/test_gem_command_manager.rb +18 -3
data/test/rubygems/test_gem_commands_build_command.rb +220 -15
data/test/rubygems/test_gem_commands_cert_command.rb +69 -8
data/test/rubygems/test_gem_commands_check_command.rb +1 -1
data/test/rubygems/test_gem_commands_cleanup_command.rb +27 -1
data/test/rubygems/test_gem_commands_contents_command.rb +1 -2
data/test/rubygems/test_gem_commands_dependency_command.rb +33 -34
data/test/rubygems/test_gem_commands_environment_command.rb +1 -0
data/test/rubygems/test_gem_commands_fetch_command.rb +0 -1
data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -1
data/test/rubygems/test_gem_commands_help_command.rb +7 -4
data/test/rubygems/test_gem_commands_info_command.rb +44 -0
data/test/rubygems/test_gem_commands_install_command.rb +79 -12
data/test/rubygems/test_gem_commands_lock_command.rb +0 -1
data/test/rubygems/test_gem_commands_open_command.rb +29 -0
data/test/rubygems/test_gem_commands_outdated_command.rb +0 -1
data/test/rubygems/test_gem_commands_owner_command.rb +93 -57
data/test/rubygems/test_gem_commands_pristine_command.rb +65 -30
data/test/rubygems/test_gem_commands_push_command.rb +54 -0
data/test/rubygems/test_gem_commands_query_command.rb +102 -100
data/test/rubygems/test_gem_commands_search_command.rb +0 -1
data/test/rubygems/test_gem_commands_server_command.rb +0 -1
data/test/rubygems/test_gem_commands_setup_command.rb +50 -15
data/test/rubygems/test_gem_commands_signin_command.rb +1 -1
data/test/rubygems/test_gem_commands_sources_command.rb +0 -1
data/test/rubygems/test_gem_commands_specification_command.rb +2 -3
data/test/rubygems/test_gem_commands_stale_command.rb +3 -2
data/test/rubygems/test_gem_commands_uninstall_command.rb +161 -8
data/test/rubygems/test_gem_commands_unpack_command.rb +17 -1
data/test/rubygems/test_gem_commands_update_command.rb +19 -2
data/test/rubygems/test_gem_commands_which_command.rb +0 -1
data/test/rubygems/test_gem_commands_yank_command.rb +0 -1
data/test/rubygems/test_gem_config_file.rb +4 -2
data/test/rubygems/test_gem_dependency.rb +0 -1
data/test/rubygems/test_gem_dependency_installer.rb +8 -5
data/test/rubygems/test_gem_dependency_list.rb +6 -7
data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -1
data/test/rubygems/test_gem_doctor.rb +1 -2
data/test/rubygems/test_gem_ext_builder.rb +10 -23
data/test/rubygems/test_gem_ext_cmake_builder.rb +5 -4
data/test/rubygems/test_gem_ext_configure_builder.rb +3 -3
data/test/rubygems/test_gem_ext_ext_conf_builder.rb +8 -9
data/test/rubygems/test_gem_ext_rake_builder.rb +20 -5
data/test/rubygems/test_gem_gem_runner.rb +0 -1
data/test/rubygems/test_gem_gemcutter_utilities.rb +32 -6
data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -1
data/test/rubygems/test_gem_indexer.rb +16 -10
data/test/rubygems/test_gem_install_update_options.rb +1 -20
data/test/rubygems/test_gem_installer.rb +154 -119
data/test/rubygems/test_gem_local_remote_options.rb +3 -3
data/test/rubygems/test_gem_name_tuple.rb +0 -1
data/test/rubygems/test_gem_package.rb +77 -31
data/test/rubygems/test_gem_package_old.rb +0 -1
data/test/rubygems/test_gem_package_tar_header.rb +42 -2
data/test/rubygems/test_gem_package_tar_reader.rb +0 -1
data/test/rubygems/test_gem_package_tar_reader_entry.rb +11 -0
data/test/rubygems/test_gem_package_tar_writer.rb +43 -7
data/test/rubygems/test_gem_package_task.rb +2 -2
data/test/rubygems/test_gem_path_support.rb +28 -11
data/test/rubygems/test_gem_platform.rb +4 -5
data/test/rubygems/test_gem_rdoc.rb +1 -136
data/test/rubygems/test_gem_remote_fetcher.rb +241 -141
data/test/rubygems/test_gem_request.rb +9 -9
data/test/rubygems/test_gem_request_connection_pools.rb +24 -3
data/test/rubygems/test_gem_request_set.rb +5 -5
data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +82 -64
data/test/rubygems/test_gem_request_set_lockfile.rb +1 -2
data/test/rubygems/test_gem_request_set_lockfile_parser.rb +4 -9
data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +1 -1
data/test/rubygems/test_gem_requirement.rb +24 -4
data/test/rubygems/test_gem_resolver.rb +13 -17
data/test/rubygems/test_gem_resolver_activation_request.rb +0 -1
data/test/rubygems/test_gem_resolver_api_set.rb +0 -1
data/test/rubygems/test_gem_resolver_api_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_best_set.rb +0 -1
data/test/rubygems/test_gem_resolver_composed_set.rb +0 -1
data/test/rubygems/test_gem_resolver_conflict.rb +0 -1
data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -1
data/test/rubygems/test_gem_resolver_git_set.rb +0 -1
data/test/rubygems/test_gem_resolver_git_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_index_set.rb +0 -1
data/test/rubygems/test_gem_resolver_index_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_installer_set.rb +2 -3
data/test/rubygems/test_gem_resolver_local_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_lock_set.rb +0 -1
data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -1
data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -1
data/test/rubygems/test_gem_resolver_specification.rb +1 -2
data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -1
data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -1
data/test/rubygems/test_gem_security.rb +1 -3
data/test/rubygems/test_gem_security_policy.rb +5 -6
data/test/rubygems/test_gem_security_signer.rb +4 -3
data/test/rubygems/test_gem_security_trust_dir.rb +1 -2
data/test/rubygems/test_gem_server.rb +4 -4
data/test/rubygems/test_gem_source.rb +0 -13
data/test/rubygems/test_gem_source_fetch_problem.rb +0 -1
data/test/rubygems/test_gem_source_git.rb +0 -1
data/test/rubygems/test_gem_source_installed.rb +0 -1
data/test/rubygems/test_gem_source_lock.rb +0 -1
data/test/rubygems/test_gem_source_vendor.rb +0 -1
data/test/rubygems/test_gem_spec_fetcher.rb +0 -1
data/test/rubygems/test_gem_specification.rb +366 -198
data/test/rubygems/test_gem_stream_ui.rb +15 -32
data/test/rubygems/test_gem_stub_specification.rb +0 -2
data/test/rubygems/test_gem_text.rb +4 -0
data/test/rubygems/test_gem_uninstaller.rb +42 -3
data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -1
data/test/rubygems/test_gem_uri_formatter.rb +0 -1
data/test/rubygems/test_gem_util.rb +31 -11
data/test/rubygems/test_gem_validator.rb +0 -1
data/test/rubygems/test_gem_version.rb +11 -11
data/test/rubygems/test_gem_version_option.rb +0 -1
data/test/rubygems/test_remote_fetch_error.rb +0 -1
data/test/rubygems/test_require.rb +67 -52
data/util/CL2notes +1 -2
data/util/ci +20 -12
data/util/cops/deprecations.rb +52 -0
data/util/create_certs.rb +6 -7
data/util/create_certs.sh +27 -0
data/util/create_encrypted_key.rb +4 -5
data/util/patch_with_prs.rb +1 -1
data/util/rubocop +8 -0
data/util/update_bundled_ca_certificates.rb +12 -13
data/util/update_changelog.rb +1 -1
metadata +61 -51
data/.autotest +0 -71
data/.document +0 -5
data/CONTRIBUTING.rdoc +0 -130
data/CVE-2013-4287.txt +0 -35
data/CVE-2013-4363.txt +0 -45
data/CVE-2015-3900.txt +0 -40
data/POLICIES.rdoc +0 -74
data/test/rubygems/fix_openssl_warnings.rb +0 -13

data/lib/rubygems/security/policy.rb CHANGED Viewed

@@ -24,7 +24,7 @@ class Gem::Security::Policy
   # Create a new Gem::Security::Policy object with the given mode and
   # options.
-  def initialize name, policy = {}, opt = {}
+  def initialize(name, policy = {}, opt = {})
     require 'openssl'
     @name = name
@@ -55,7 +55,7 @@ class Gem::Security::Policy
   # Verifies each certificate in +chain+ has signed the following certificate
   # and is valid for the given +time+.
-  def check_chain chain, time
+  def check_chain(chain, time)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     raise Gem::Security::Exception, 'empty signing chain' if chain.empty?
@@ -74,7 +74,7 @@ class Gem::Security::Policy
   # Verifies that +data+ matches the +signature+ created by +public_key+ and
   # the +digest+ algorithm.
-  def check_data public_key, digest, signature, data
+  def check_data(public_key, digest, signature, data)
     raise Gem::Security::Exception, "invalid signature" unless
       public_key.verify digest.new, signature, data.digest
@@ -85,22 +85,22 @@ class Gem::Security::Policy
   # Ensures that +signer+ is valid for +time+ and was signed by the +issuer+.
   # If the +issuer+ is +nil+ no verification is performed.
-  def check_cert signer, issuer, time
+  def check_cert(signer, issuer, time)
     raise Gem::Security::Exception, 'missing signing certificate' unless
       signer
     message = "certificate #{signer.subject}"
-    if not_before = signer.not_before and not_before > time then
+    if not_before = signer.not_before and not_before > time
       raise Gem::Security::Exception,
             "#{message} not valid before #{not_before}"
     end
-    if not_after = signer.not_after and not_after < time then
+    if not_after = signer.not_after and not_after < time
       raise Gem::Security::Exception, "#{message} not valid after #{not_after}"
     end
-    if issuer and not signer.verify issuer.public_key then
+    if issuer and not signer.verify issuer.public_key
       raise Gem::Security::Exception,
             "#{message} was not issued by #{issuer.subject}"
     end
@@ -111,8 +111,8 @@ class Gem::Security::Policy
   ##
   # Ensures the public key of +key+ matches the public key in +signer+
-  def check_key signer, key
-    unless signer and key then
+  def check_key(signer, key)
+    unless signer and key
       return true unless @only_signed
       raise Gem::Security::Exception, 'missing key or signature'
@@ -129,7 +129,7 @@ class Gem::Security::Policy
   # Ensures the root certificate in +chain+ is self-signed and valid for
   # +time+.
-  def check_root chain, time
+  def check_root(chain, time)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     root = chain.first
@@ -148,7 +148,7 @@ class Gem::Security::Policy
   # Ensures the root of +chain+ has a trusted certificate in +trust_dir+ and
   # the digests of the two certificates match according to +digester+
-  def check_trust chain, digester, trust_dir
+  def check_trust(chain, digester, trust_dir)
     raise Gem::Security::Exception, 'missing signing chain' unless chain
     root = chain.first
@@ -157,7 +157,7 @@ class Gem::Security::Policy
     path = Gem::Security.trust_dir.cert_path root
-    unless File.exist? path then
+    unless File.exist? path
       message = "root cert #{root.subject} is not trusted".dup
       message << " (root of signing cert #{chain.last.subject})" if
@@ -183,7 +183,7 @@ class Gem::Security::Policy
   ##
   # Extracts the email or subject from +certificate+
-  def subject certificate # :nodoc:
+  def subject(certificate) # :nodoc:
     certificate.extensions.each do |extension|
       next unless extension.oid == 'subjectAltName'
@@ -196,9 +196,9 @@ class Gem::Security::Policy
   def inspect # :nodoc:
     ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
      "signed-only: %p trusted-only: %p]") % [
-      @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
-      @only_signed, @only_trusted,
-    ]
+       @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
+       @only_signed, @only_trusted,
+     ]
   end
   ##
@@ -208,13 +208,13 @@ class Gem::Security::Policy
   #
   # If +key+ is given it is used to validate the signing certificate.
-  def verify chain, key = nil, digests = {}, signatures = {},
-             full_name = '(unknown)'
-    if signatures.empty? then
-      if @only_signed then
+  def verify(chain, key = nil, digests = {}, signatures = {},
+             full_name = '(unknown)')
+    if signatures.empty?
+      if @only_signed
         raise Gem::Security::Exception,
           "unsigned gems are not allowed by the #{name} policy"
-      elsif digests.empty? then
+      elsif digests.empty?
         # lack of signatures is irrelevant if there is nothing to check
         # against
       else
@@ -232,7 +232,7 @@ class Gem::Security::Policy
       file_digests.values.first.name == Gem::Security::DIGEST_NAME
     end
-    if @verify_data then
+    if @verify_data
       raise Gem::Security::Exception, 'no digests provided (probable bug)' if
         signer_digests.nil? or signer_digests.empty?
     else
@@ -249,9 +249,9 @@ class Gem::Security::Policy
     check_root chain, time if @verify_root
-    if @only_trusted then
+    if @only_trusted
       check_trust chain, digester, trust_dir
-    elsif signatures.empty? and digests.empty? then
+    elsif signatures.empty? and digests.empty?
       # trust is irrelevant if there's no signatures to verify
     else
       alert_warning "#{subject signer} is not trusted for #{full_name}"
@@ -280,7 +280,7 @@ class Gem::Security::Policy
   # Extracts the certificate chain from the +spec+ and calls #verify to ensure
   # the signatures and certificate chain is valid according to the policy..
-  def verify_signatures spec, digests, signatures
+  def verify_signatures(spec, digests, signatures)
     chain = spec.cert_chain.map do |cert_pem|
       OpenSSL::X509::Certificate.new cert_pem
     end

data/lib/rubygems/security/signer.rb CHANGED Viewed

@@ -2,8 +2,12 @@
 ##
 # Basic OpenSSL-based package signing class.
+require "rubygems/user_interaction"
 class Gem::Security::Signer
+  include Gem::UserInteraction
   ##
   # The chain of certificates for signing including the signing certificate
@@ -25,21 +29,54 @@ class Gem::Security::Signer
   attr_reader :digest_name # :nodoc:
+  ##
+  # Gem::Security::Signer options
+  attr_reader :options
+  DEFAULT_OPTIONS = {
+    expiration_length_days: 365
+  }.freeze
+  ##
+  # Attemps to re-sign an expired cert with a given private key
+  def self.re_sign_cert(expired_cert, expired_cert_path, private_key)
+    return unless expired_cert.not_after < Time.now
+    expiry = expired_cert.not_after.strftime('%Y%m%d%H%M%S')
+    expired_cert_file = "#{File.basename(expired_cert_path)}.expired.#{expiry}"
+    new_expired_cert_path = File.join(Gem.user_home, ".gem", expired_cert_file)
+    Gem::Security.write(expired_cert, new_expired_cert_path)
+    re_signed_cert = Gem::Security.re_sign(
+      expired_cert,
+      private_key,
+      (Gem::Security::ONE_DAY * Gem.configuration.cert_expiration_length_days)
+    )
+    Gem::Security.write(re_signed_cert, expired_cert_path)
+    yield(expired_cert_path, new_expired_cert_path) if block_given?
+  end
   ##
   # Creates a new signer with an RSA +key+ or path to a key, and a certificate
   # +chain+ containing X509 certificates, encoding certificates or paths to
   # certificates.
-  def initialize key, cert_chain, passphrase = nil
+  def initialize(key, cert_chain, passphrase = nil, options = {})
     @cert_chain = cert_chain
     @key        = key
+    @passphrase = passphrase
+    @options = DEFAULT_OPTIONS.merge(options)
-    unless @key then
+    unless @key
       default_key  = File.join Gem.default_key_path
       @key = default_key if File.exist? default_key
     end
-    unless @cert_chain then
+    unless @cert_chain
       default_cert = File.join Gem.default_cert_path
       @cert_chain = [default_cert] if File.exist? default_cert
     end
@@ -47,10 +84,12 @@ class Gem::Security::Signer
     @digest_algorithm = Gem::Security::DIGEST_ALGORITHM
     @digest_name      = Gem::Security::DIGEST_NAME
-    @key = OpenSSL::PKey::RSA.new File.read(@key), passphrase if
-      @key and not OpenSSL::PKey::RSA === @key
+    if @key && !@key.is_a?(OpenSSL::PKey::RSA)
+      @passphrase ||= ask_for_password("Enter PEM pass phrase:")
+      @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
+    end
-    if @cert_chain then
+    if @cert_chain
       @cert_chain = @cert_chain.compact.map do |cert|
         next cert if OpenSSL::X509::Certificate === cert
@@ -67,10 +106,10 @@ class Gem::Security::Signer
   # Extracts the full name of +cert+.  If the certificate has a subjectAltName
   # this value is preferred, otherwise the subject is used.
-  def extract_name cert # :nodoc:
+  def extract_name(cert) # :nodoc:
     subject_alt_name = cert.extensions.find { |e| 'subjectAltName' == e.oid }
-    if subject_alt_name then
+    if subject_alt_name
       /\Aemail:/ =~ subject_alt_name.value
       $' || subject_alt_name.value
@@ -99,13 +138,15 @@ class Gem::Security::Signer
   ##
   # Sign data with given digest algorithm
-  def sign data
+  def sign(data)
     return unless @key
     raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty?
-    if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then
-      re_sign_key
+    if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now
+      re_sign_key(
+        expiration_length: (Gem::Security::ONE_DAY * options[:expiration_length_days])
+      )
     end
     full_name = extract_name @cert_chain.last
@@ -121,6 +162,7 @@ class Gem::Security::Signer
   # The key will be re-signed if:
   # * The expired certificate is self-signed
   # * The expired certificate is saved at ~/.gem/gem-public_cert.pem
+  #   and the private key is saved at ~/.gem/gem-private_key.pem
   # * There is no file matching the expiry date at
   #   ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S
   #
@@ -128,25 +170,32 @@ class Gem::Security::Signer
   # be saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the
   # expiry time (not after) is used for the timestamp.
-  def re_sign_key # :nodoc:
+  def re_sign_key(expiration_length: Gem::Security::ONE_YEAR) # :nodoc:
     old_cert = @cert_chain.last
-    disk_cert_path = File.join Gem.default_cert_path
-    disk_cert = File.read disk_cert_path rescue nil
-    disk_key  =
-      File.read File.join(Gem.default_key_path) rescue nil
+    disk_cert_path = File.join(Gem.default_cert_path)
+    disk_cert = File.read(disk_cert_path) rescue nil
-    if disk_key == @key.to_pem and disk_cert == old_cert.to_pem then
-      expiry = old_cert.not_after.strftime '%Y%m%d%H%M%S'
+    disk_key_path = File.join(Gem.default_key_path)
+    disk_key =
+      OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
+    return unless disk_key
+    if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem
+      expiry = old_cert.not_after.strftime('%Y%m%d%H%M%S')
       old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
-      old_cert_path = File.join Gem.user_home, ".gem", old_cert_file
+      old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file)
-      unless File.exist? old_cert_path then
-        Gem::Security.write old_cert, old_cert_path
+      unless File.exist?(old_cert_path)
+        Gem::Security.write(old_cert, old_cert_path)
-        cert = Gem::Security.re_sign old_cert, @key
+        cert = Gem::Security.re_sign(old_cert, @key, expiration_length)
-        Gem::Security.write cert, disk_cert_path
+        Gem::Security.write(cert, disk_cert_path)
+        alert("Your cert: #{disk_cert_path} has been auto re-signed with the key: #{disk_key_path}")
+        alert("Your expired cert will be located at: #{old_cert_path}")
         @cert_chain = [cert]
       end
@@ -154,4 +203,3 @@ class Gem::Security::Signer
   end
 end

data/lib/rubygems/security/trust_dir.rb CHANGED Viewed

@@ -11,7 +11,7 @@ class Gem::Security::TrustDir
   DEFAULT_PERMISSIONS = {
     :trust_dir    => 0700,
     :trusted_cert => 0600,
-  }
+  }.freeze
   ##
   # The directory where trusted certificates will be stored.
@@ -22,7 +22,7 @@ class Gem::Security::TrustDir
   # Creates a new TrustDir using +dir+ where the directory and file
   # permissions will be checked according to +permissions+
-  def initialize dir, permissions = DEFAULT_PERMISSIONS
+  def initialize(dir, permissions = DEFAULT_PERMISSIONS)
     @dir = dir
     @permissions = permissions
@@ -32,7 +32,7 @@ class Gem::Security::TrustDir
   ##
   # Returns the path to the trusted +certificate+
-  def cert_path certificate
+  def cert_path(certificate)
     name_path certificate.subject
   end
@@ -59,7 +59,7 @@ class Gem::Security::TrustDir
   # Returns the issuer certificate of the given +certificate+ if it exists in
   # the trust directory.
-  def issuer_of certificate
+  def issuer_of(certificate)
     path = name_path certificate.issuer
     return unless File.exist? path
@@ -70,7 +70,7 @@ class Gem::Security::TrustDir
   ##
   # Returns the path to the trusted certificate with the given ASN.1 +name+
-  def name_path name
+  def name_path(name)
     digest = @digester.hexdigest name.to_s
     File.join @dir, "cert-#{digest}.pem"
@@ -79,7 +79,7 @@ class Gem::Security::TrustDir
   ##
   # Loads the given +certificate_file+
-  def load_certificate certificate_file
+  def load_certificate(certificate_file)
     pem = File.read certificate_file
     OpenSSL::X509::Certificate.new pem
@@ -88,13 +88,14 @@ class Gem::Security::TrustDir
   ##
   # Add a certificate to trusted certificate list.
-  def trust_cert certificate
+  def trust_cert(certificate)
     verify
     destination = cert_path certificate
-    File.open destination, 'wb', @permissions[:trusted_cert] do |io|
+    File.open destination, 'wb', 0600 do |io|
       io.write certificate.to_pem
+      io.chmod(@permissions[:trusted_cert])
     end
   end
@@ -104,7 +105,7 @@ class Gem::Security::TrustDir
   # permissions.
   def verify
-    if File.exist? @dir then
+    if File.exist? @dir
       raise Gem::Security::Exception,
         "trust directory #{@dir} is not a directory" unless
           File.directory? @dir
@@ -116,4 +117,3 @@ class Gem::Security::TrustDir
   end
 end

data/lib/rubygems/security.rb CHANGED Viewed

@@ -340,9 +340,9 @@ module Gem::Security
   # Digest algorithm used to sign gems
   DIGEST_ALGORITHM =
-    if defined?(OpenSSL::Digest::SHA256) then
+    if defined?(OpenSSL::Digest::SHA256)
       OpenSSL::Digest::SHA256
-    elsif defined?(OpenSSL::Digest::SHA1) then
+    elsif defined?(OpenSSL::Digest::SHA1)
       OpenSSL::Digest::SHA1
     else
       require 'digest'
@@ -353,7 +353,7 @@ module Gem::Security
   # Used internally to select the signing digest from all computed digests
   DIGEST_NAME = # :nodoc:
-    if DIGEST_ALGORITHM.method_defined? :name then
+    if DIGEST_ALGORITHM.method_defined? :name
       DIGEST_ALGORITHM.new.name
     else
       DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
@@ -363,7 +363,7 @@ module Gem::Security
   # Algorithm for creating the key pair used to sign gems
   KEY_ALGORITHM =
-    if defined?(OpenSSL::PKey::RSA) then
+    if defined?(OpenSSL::PKey::RSA)
       OpenSSL::PKey::RSA
     end
@@ -401,9 +401,9 @@ module Gem::Security
     'keyUsage'             =>
       'keyEncipherment,dataEncipherment,digitalSignature',
     'subjectKeyIdentifier' => 'hash',
-  }
+  }.freeze
-  def self.alt_name_or_x509_entry certificate, x509_entry
+  def self.alt_name_or_x509_entry(certificate, x509_entry)
     alt_name = certificate.extensions.find do |extension|
       extension.oid == "#{x509_entry}AltName"
     end
@@ -419,8 +419,8 @@ module Gem::Security
   #
   # The +extensions+ restrict the key to the indicated uses.
-  def self.create_cert subject, key, age = ONE_YEAR, extensions = EXTENSIONS,
-                       serial = 1
+  def self.create_cert(subject, key, age = ONE_YEAR, extensions = EXTENSIONS,
+                       serial = 1)
     cert = OpenSSL::X509::Certificate.new
     cert.public_key = key.public_key
@@ -446,7 +446,7 @@ module Gem::Security
   # a subject alternative name of +email+ and the given +extensions+ for the
   # +key+.
-  def self.create_cert_email email, key, age = ONE_YEAR, extensions = EXTENSIONS
+  def self.create_cert_email(email, key, age = ONE_YEAR, extensions = EXTENSIONS)
     subject = email_to_name email
     extensions = extensions.merge "subjectAltName" => "email:#{email}"
@@ -458,8 +458,8 @@ module Gem::Security
   # Creates a self-signed certificate with an issuer and subject of +subject+
   # and the given +extensions+ for the +key+.
-  def self.create_cert_self_signed subject, key, age = ONE_YEAR,
-                                   extensions = EXTENSIONS, serial = 1
+  def self.create_cert_self_signed(subject, key, age = ONE_YEAR,
+                                   extensions = EXTENSIONS, serial = 1)
     certificate = create_cert subject, key, age, extensions
     sign certificate, key, certificate, age, extensions, serial
@@ -469,14 +469,14 @@ module Gem::Security
   # Creates a new key pair of the specified +length+ and +algorithm+.  The
   # default is a 3072 bit RSA key.
-  def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM
+  def self.create_key(length = KEY_LENGTH, algorithm = KEY_ALGORITHM)
     algorithm.new length
   end
   ##
   # Turns +email_address+ into an OpenSSL::X509::Name
-  def self.email_to_name email_address
+  def self.email_to_name(email_address)
     email_address = email_address.gsub(/[^\w@.-]+/i, '_')
     cn, dcs = email_address.split '@'
@@ -494,15 +494,15 @@ module Gem::Security
   #--
   # TODO increment serial
-  def self.re_sign expired_certificate, private_key, age = ONE_YEAR,
-                   extensions = EXTENSIONS
+  def self.re_sign(expired_certificate, private_key, age = ONE_YEAR,
+                   extensions = EXTENSIONS)
     raise Gem::Security::Exception,
           "incorrect signing key for re-signing " +
           "#{expired_certificate.subject}" unless
       expired_certificate.public_key.to_pem == private_key.public_key.to_pem
     unless expired_certificate.subject.to_s ==
-           expired_certificate.issuer.to_s then
+           expired_certificate.issuer.to_s
       subject = alt_name_or_x509_entry expired_certificate, :subject
       issuer  = alt_name_or_x509_entry expired_certificate, :issuer
@@ -531,8 +531,8 @@ module Gem::Security
   #
   # Returns the newly signed certificate.
-  def self.sign certificate, signing_key, signing_cert,
-                age = ONE_YEAR, extensions = EXTENSIONS, serial = 1
+  def self.sign(certificate, signing_key, signing_cert,
+                age = ONE_YEAR, extensions = EXTENSIONS, serial = 1)
     signee_subject = certificate.subject
     signee_key     = certificate.public_key
@@ -571,7 +571,7 @@ module Gem::Security
   ##
   # Enumerates the trusted certificates via Gem::Security::TrustDir.
-  def self.trusted_certificates &block
+  def self.trusted_certificates(&block)
     trust_dir.each_certificate(&block)
   end
@@ -580,7 +580,7 @@ module Gem::Security
   # +permissions+. If passed +cipher+ and +passphrase+ those arguments will be
   # passed to +to_pem+.
-  def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER
+  def self.write(pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER)
     path = File.expand_path path
     File.open path, 'wb', permissions do |io|
@@ -598,11 +598,10 @@ module Gem::Security
 end
-if defined?(OpenSSL::SSL) then
+if defined?(OpenSSL::SSL)
   require 'rubygems/security/policy'
   require 'rubygems/security/policies'
   require 'rubygems/security/trust_dir'
 end
 require 'rubygems/security/signer'

data/lib/rubygems/security_option.rb CHANGED Viewed

@@ -19,7 +19,6 @@ end
 module Gem::SecurityOption
   def add_security_option
-    # TODO: use @parser.accept
     OptionParser.accept Gem::Security::Policy do |value|
       require 'rubygems/security'