rubygems-update 3.0.3 → 3.0.9

data/lib/rubygems/request.rb

@@ -283,7 +283,7 @@ class Gem::Request
     end
     ua << ")"
 
-    ua << " #{RUBY_ENGINE}" if defined?(RUBY_ENGINE) and RUBY_ENGINE != 'ruby'
+    ua << " #{RUBY_ENGINE}" if RUBY_ENGINE != 'ruby'
 
     ua
   end

data/lib/rubygems/request_set/gem_dependency_api.rb

@@ -43,11 +43,12 @@ class Gem::RequestSet::GemDependencyAPI
     :mri_20       => %w[ruby],
     :mri_21       => %w[ruby],
     :rbx          => %w[rbx],
-    :ruby         => %w[ruby rbx maglev],
-    :ruby_18      => %w[ruby rbx maglev],
-    :ruby_19      => %w[ruby rbx maglev],
-    :ruby_20      => %w[ruby rbx maglev],
-    :ruby_21      => %w[ruby rbx maglev],
+    :truffleruby  => %w[truffleruby],
+    :ruby         => %w[ruby rbx maglev truffleruby],
+    :ruby_18      => %w[ruby rbx maglev truffleruby],
+    :ruby_19      => %w[ruby rbx maglev truffleruby],
+    :ruby_20      => %w[ruby rbx maglev truffleruby],
+    :ruby_21      => %w[ruby rbx maglev truffleruby],
   }.freeze
 
   mswin     = Gem::Platform.new 'x86-mswin32'
@@ -85,6 +86,7 @@ class Gem::RequestSet::GemDependencyAPI
     :ruby_19      => Gem::Platform::RUBY,
     :ruby_20      => Gem::Platform::RUBY,
     :ruby_21      => Gem::Platform::RUBY,
+    :truffleruby  => Gem::Platform::RUBY,
     :x64_mingw    => x64_mingw,
     :x64_mingw_20 => x64_mingw,
     :x64_mingw_21 => x64_mingw
@@ -126,6 +128,7 @@ class Gem::RequestSet::GemDependencyAPI
     :ruby_19      => tilde_gt_1_9_0,
     :ruby_20      => tilde_gt_2_0_0,
     :ruby_21      => tilde_gt_2_1_0,
+    :truffleruby  => gt_eq_0,
     :x64_mingw    => gt_eq_0,
     :x64_mingw_20 => tilde_gt_2_0_0,
     :x64_mingw_21 => tilde_gt_2_1_0,
@@ -779,7 +782,7 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
   # You may also provide +engine:+ and +engine_version:+ options to restrict
   # this gem dependencies file to a particular ruby engine and its engine
   # version.  This matching is performed by using the RUBY_ENGINE and
-  # engine_specific VERSION constants.  (For JRuby, JRUBY_VERSION).
+  # RUBY_ENGINE_VERSION constants.
 
   def ruby(version, options = {})
     engine         = options[:engine]
@@ -806,11 +809,9 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
     end
 
     if engine_version
-      my_engine_version = Object.const_get "#{Gem.ruby_engine.upcase}_VERSION"
-
-      if engine_version != my_engine_version
+      if engine_version != RUBY_ENGINE_VERSION
         message =
-          "Your Ruby engine version is #{Gem.ruby_engine} #{my_engine_version}, " +
+          "Your Ruby engine version is #{Gem.ruby_engine} #{RUBY_ENGINE_VERSION}, " +
           "but your #{gem_deps_file} requires #{engine} #{engine_version}"
 
         raise Gem::RubyVersionMismatch, message

data/lib/rubygems/requirement.rb

@@ -2,10 +2,6 @@
 require "rubygems/version"
 require "rubygems/deprecate"
 
-# If we're being loaded after yaml was already required, then
-# load our yaml + workarounds now.
-Gem.load_yaml if defined? ::YAML
-
 ##
 # A Requirement is a set of one or more version restrictions. It supports a
 # few (<tt>=, !=, >, <, >=, <=, ~></tt>) different restriction operators.

data/lib/rubygems/resolver.rb

@@ -124,7 +124,10 @@ class Gem::Resolver
 
     data = yield
     $stderr.printf "%10s (%d entries)\n", stage.to_s.upcase, data.size
-    PP.pp data, $stderr unless data.empty?
+    unless data.empty?
+      require 'pp'
+      PP.pp data, $stderr
+    end
   end
 
   ##

data/lib/rubygems/s3_uri_signer.rb

@@ -0,0 +1,183 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+
+##
+# S3URISigner implements AWS SigV4 for S3 Source to avoid a dependency on the aws-sdk-* gems
+# More on AWS SigV4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
+class Gem::S3URISigner
+
+  class ConfigurationError < Gem::Exception
+
+    def initialize(message)
+      super message
+    end
+
+    def to_s # :nodoc:
+      "#{super}"
+    end
+
+  end
+
+  class InstanceProfileError < Gem::Exception
+
+    def initialize(message)
+      super message
+    end
+
+    def to_s # :nodoc:
+      "#{super}"
+    end
+
+  end
+
+  attr_accessor :uri
+
+  def initialize(uri)
+    @uri = uri
+  end
+
+  ##
+  # Signs S3 URI using query-params according to the reference: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
+  def sign(expiration = 86400)
+    s3_config = fetch_s3_config
+
+    current_time = Time.now.utc
+    date_time = current_time.strftime("%Y%m%dT%H%m%SZ")
+    date = date_time[0,8]
+
+    credential_info = "#{date}/#{s3_config.region}/s3/aws4_request"
+    canonical_host = "#{uri.host}.s3.#{s3_config.region}.amazonaws.com"
+
+    query_params = generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
+    canonical_request = generate_canonical_request(canonical_host, query_params)
+    string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
+    signature = generate_signature(s3_config, date, string_to_sign)
+
+    URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
+  end
+
+  private
+
+  S3Config = Struct.new :access_key_id, :secret_access_key, :security_token, :region
+
+  def generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
+    canonical_params = {}
+    canonical_params["X-Amz-Algorithm"] = "AWS4-HMAC-SHA256"
+    canonical_params["X-Amz-Credential"] = "#{s3_config.access_key_id}/#{credential_info}"
+    canonical_params["X-Amz-Date"] = date_time
+    canonical_params["X-Amz-Expires"] = expiration.to_s
+    canonical_params["X-Amz-SignedHeaders"] = "host"
+    canonical_params["X-Amz-Security-Token"] = s3_config.security_token if s3_config.security_token
+
+    # Sorting is required to generate proper signature
+    canonical_params.sort.to_h.map do |key, value|
+      "#{base64_uri_escape(key)}=#{base64_uri_escape(value)}"
+    end.join("&")
+  end
+
+  def generate_canonical_request(canonical_host, query_params)
+    [
+      "GET",
+      uri.path,
+      query_params,
+      "host:#{canonical_host}",
+      "", # empty params
+      "host",
+      "UNSIGNED-PAYLOAD",
+    ].join("\n")
+  end
+
+  def generate_string_to_sign(date_time, credential_info, canonical_request)
+    [
+      "AWS4-HMAC-SHA256",
+      date_time,
+      credential_info,
+      Digest::SHA256.hexdigest(canonical_request)
+    ].join("\n")
+  end
+
+  def generate_signature(s3_config, date, string_to_sign)
+    date_key = OpenSSL::HMAC.digest("sha256", "AWS4" + s3_config.secret_access_key, date)
+    date_region_key = OpenSSL::HMAC.digest("sha256", date_key, s3_config.region)
+    date_region_service_key = OpenSSL::HMAC.digest("sha256", date_region_key, "s3")
+    signing_key = OpenSSL::HMAC.digest("sha256", date_region_service_key, "aws4_request")
+    OpenSSL::HMAC.hexdigest("sha256", signing_key, string_to_sign)
+  end
+
+  ##
+  # Extracts S3 configuration for S3 bucket
+  def fetch_s3_config
+    return S3Config.new(uri.user, uri.password, nil, "us-east-1") if uri.user && uri.password
+
+    s3_source = Gem.configuration[:s3_source] || Gem.configuration["s3_source"]
+    host = uri.host
+    raise ConfigurationError.new("no s3_source key exists in .gemrc") unless s3_source
+
+    auth = s3_source[host] || s3_source[host.to_sym]
+    raise ConfigurationError.new("no key for host #{host} in s3_source in .gemrc") unless auth
+
+    provider = auth[:provider] || auth["provider"]
+    case provider
+    when "env"
+      id = ENV["AWS_ACCESS_KEY_ID"]
+      secret = ENV["AWS_SECRET_ACCESS_KEY"]
+      security_token = ENV["AWS_SESSION_TOKEN"]
+    when "instance_profile"
+      credentials = ec2_metadata_credentials_json
+      id = credentials["AccessKeyId"]
+      secret = credentials["SecretAccessKey"]
+      security_token = credentials["Token"]
+    else
+      id = auth[:id] || auth["id"]
+      secret = auth[:secret] || auth["secret"]
+      security_token = auth[:security_token] || auth["security_token"]
+    end
+
+    raise ConfigurationError.new("s3_source for #{host} missing id or secret") unless id && secret
+
+    region = auth[:region] || auth["region"] || "us-east-1"
+    S3Config.new(id, secret, security_token, region)
+  end
+
+  def base64_uri_escape(str)
+    str.gsub(/[\+\/=\n]/, BASE64_URI_TRANSLATE)
+  end
+
+  def ec2_metadata_credentials_json
+    require 'net/http'
+    require 'rubygems/request'
+    require 'rubygems/request/connection_pools'
+    require 'json'
+
+    iam_info = ec2_metadata_request(EC2_IAM_INFO)
+    # Expected format: arn:aws:iam::<id>:instance-profile/<role_name>
+    role_name = iam_info['InstanceProfileArn'].split('/').last
+    ec2_metadata_request(EC2_IAM_SECURITY_CREDENTIALS + role_name)
+  end
+
+  def ec2_metadata_request(url)
+    uri = URI(url)
+    @request_pool ||= create_request_pool(uri)
+    request = Gem::Request.new(uri, Net::HTTP::Get, nil, @request_pool)
+    response = request.fetch
+
+    case response
+    when Net::HTTPOK then
+      JSON.parse(response.body)
+    else
+      raise InstanceProfileError.new("Unable to fetch AWS metadata from #{uri}: #{response.message} #{response.code}")
+    end
+  end
+
+  def create_request_pool(uri)
+    proxy_uri = Gem::Request.proxy_uri(Gem::Request.get_proxy_from_env(uri.scheme))
+    certs = Gem::Request.get_cert_files
+    Gem::Request::ConnectionPools.new(proxy_uri, certs).pool_for(uri)
+  end
+
+  BASE64_URI_TRANSLATE = { "+" => "%2B", "/" => "%2F", "=" => "%3D", "\n" => "" }.freeze
+  EC2_IAM_INFO = "http://169.254.169.254/latest/meta-data/iam/info".freeze
+  EC2_IAM_SECURITY_CREDENTIALS = "http://169.254.169.254/latest/meta-data/iam/security-credentials/".freeze
+
+end

data/lib/rubygems/security_option.rb

@@ -19,7 +19,6 @@ end
 
 module Gem::SecurityOption
   def add_security_option
-    # TODO: use @parser.accept
     OptionParser.accept Gem::Security::Policy do |value|
       require 'rubygems/security'
 

data/lib/rubygems/specification.rb

@@ -18,7 +18,7 @@ require 'rubygems/util/list'
 require 'stringio'
 
 ##
-# The Specification class contains the information for a Gem.  Typically
+# The Specification class contains the information for a gem.  Typically
 # defined in a .gemspec file or a Rakefile, and looks like this:
 #
 #   Gem::Specification.new do |s|
@@ -364,8 +364,7 @@ class Gem::Specification < Gem::BasicSpecification
 
   ##
   # The metadata holds extra data for this gem that may be useful to other
-  # consumers and is settable by gem authors without requiring an update to
-  # the rubygems software.
+  # consumers and is settable by gem authors.
   #
   # Metadata items have the following restrictions:
   #
@@ -656,8 +655,8 @@ class Gem::Specification < Gem::BasicSpecification
   #  # This gem will work with 1.8.6 or greater...
   #  spec.required_ruby_version = '>= 1.8.6'
   #
-  #  # Only with ruby 2.0.x
-  #  spec.required_ruby_version = '~> 2.0'
+  #  # Only with final releases of major version 2 where minor version is at least 3
+  #  spec.required_ruby_version = '~> 2.3'
   #
   #  # Only prereleases or final releases after 2.6.0.preview2
   #  spec.required_ruby_version = '> 2.6.0.preview2'
@@ -745,9 +744,6 @@ class Gem::Specification < Gem::BasicSpecification
   def self._all # :nodoc:
     unless defined?(@@all) && @@all
       @@all = stubs.map(&:to_spec)
-      if @@all.any?(&:nil?) # TODO: remove once we're happy
-        raise "pid: #{$$} nil spec! included in #{stubs.inspect}"
-      end
 
       # After a reset, make sure already loaded specs
       # are still marked as activated.
@@ -940,7 +936,6 @@ class Gem::Specification < Gem::BasicSpecification
   # -- wilsonb
 
   def self.all=(specs)
-    raise "nil spec!" if specs.any?(&:nil?) # TODO: remove once we're happy
     @@stubs_by_name = specs.group_by(&:name)
     @@all = @@stubs = specs
   end
@@ -1311,6 +1306,8 @@ class Gem::Specification < Gem::BasicSpecification
   # Load custom marshal format, re-initializing defaults as needed
 
   def self._load(str)
+    Gem.load_yaml
+
     array = Marshal.load str
 
     spec = Gem::Specification.new
@@ -2287,7 +2284,6 @@ class Gem::Specification < Gem::BasicSpecification
 
     e = Gem::LoadError.new msg
     e.name = self.name
-    # TODO: e.requirement = dep.requirement
 
     raise e
   end
@@ -2352,18 +2348,18 @@ class Gem::Specification < Gem::BasicSpecification
 
   def ruby_code(obj)
     case obj
-    when String            then obj.dump + ".freeze"
-    when Array             then '[' + obj.map { |x| ruby_code x }.join(", ") + ']'
-    when Hash              then
+    when String             then obj.dump + ".freeze"
+    when Array              then '[' + obj.map { |x| ruby_code x }.join(", ") + ']'
+    when Hash               then
       seg = obj.keys.sort.map { |k| "#{k.to_s.dump} => #{obj[k].to_s.dump}" }
       "{ #{seg.join(', ')} }"
-    when Gem::Version      then obj.to_s.dump
-    when DateLike          then obj.strftime('%Y-%m-%d').dump
-    when Time              then obj.strftime('%Y-%m-%d').dump
-    when Numeric           then obj.inspect
-    when true, false, nil  then obj.inspect
-    when Gem::Platform     then "Gem::Platform.new(#{obj.to_a.inspect})"
-    when Gem::Requirement  then
+    when Gem::Version       then obj.to_s.dump
+    when DateLike           then obj.strftime('%Y-%m-%d').dump
+    when Time               then obj.strftime('%Y-%m-%d').dump
+    when Numeric            then obj.inspect
+    when true, false, nil   then obj.inspect
+    when Gem::Platform      then "Gem::Platform.new(#{obj.to_a.inspect})"
+    when Gem::Requirement   then
       list = obj.as_list
       "Gem::Requirement.new(#{ruby_code(list.size == 1 ? obj.to_s : list)})"
     else raise Gem::Exception, "ruby_code case not handled: #{obj.class}"
@@ -2482,6 +2478,7 @@ class Gem::Specification < Gem::BasicSpecification
   # still have their default values are omitted.
 
   def to_ruby
+    require 'openssl'
     mark_version
     result = []
     result << "# -*- encoding: utf-8 -*-"
@@ -2520,9 +2517,8 @@ class Gem::Specification < Gem::BasicSpecification
     @@attributes.each do |attr_name|
       next if handled.include? attr_name
       current_value = self.send(attr_name)
-      if current_value != default_value(attr_name) or
-         self.class.required_attribute? attr_name
-        result << "  s.#{attr_name} = #{ruby_code current_value}"
+      if current_value != default_value(attr_name) || self.class.required_attribute?(attr_name)
+        result << "  s.#{attr_name} = #{ruby_code current_value}" unless current_value.is_a?(OpenSSL::PKey::RSA)
       end
     end
 
@@ -2590,6 +2586,8 @@ class Gem::Specification < Gem::BasicSpecification
   end
 
   def to_yaml(opts = {}) # :nodoc:
+    Gem.load_yaml
+
     # Because the user can switch the YAML engine behind our
     # back, we have to check again here to make sure that our
     # psych code was properly loaded, and load it if not.

data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----

data/lib/rubygems/stub_specification.rb

@@ -110,8 +110,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
       begin
         saved_lineno = $.
 
-        # TODO It should be use `File.open`, but bundler-1.16.1 example expects Kernel#open.
-        open loaded_from, OPEN_MODE do |file|
+        File.open loaded_from, OPEN_MODE do |file|
           begin
             file.readline # discard encoding line
             stubline = file.readline.chomp

data/lib/rubygems/test_case.rb

@@ -115,6 +115,8 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
 
   attr_accessor :uri # :nodoc:
 
+  TEST_PATH = ENV.fetch('RUBYGEMS_TEST_PATH', File.expand_path('../../../test/rubygems', __FILE__))
+
   def assert_activate(expected, *specs)
     specs.each do |spec|
       case spec
@@ -138,6 +140,12 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
     assert File.exist?(path), msg
   end
 
+  def assert_directory_exists(path, msg = nil)
+    msg = message(msg) { "Expected path '#{path}' to be a directory" }
+    assert_path_exists path
+    assert File.directory?(path), msg
+  end
+
   ##
   # Sets the ENABLE_SHARED entry in RbConfig::CONFIG to +value+ and restores
   # the original value when the block ends
@@ -254,6 +262,7 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
     @orig_gem_env_requirements = ENV.to_hash
 
     ENV['GEM_VENDOR'] = nil
+    ENV['GEMRC'] = nil
     ENV['SOURCE_DATE_EPOCH'] = nil
 
     @current_dir = Dir.pwd
@@ -744,13 +753,18 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
   # Removes all installed gems from +@gemhome+.
 
   def util_clear_gems
-    FileUtils.rm_rf File.join(@gemhome, "gems") # TODO: use Gem::Dirs
+    FileUtils.rm_rf File.join(@gemhome, "gems")
     FileUtils.mkdir File.join(@gemhome, "gems")
     FileUtils.rm_rf File.join(@gemhome, "specifications")
     FileUtils.mkdir File.join(@gemhome, "specifications")
     Gem::Specification.reset
   end
 
+  def util_clear_default_gems
+    FileUtils.rm_rf @default_spec_dir
+    FileUtils.mkdir @default_spec_dir
+  end
+
   ##
   # Install the provided specs
 
@@ -924,9 +938,6 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
   # location are returned.
 
   def util_gem(name, version, deps = nil, &block)
-    # TODO: deprecate
-    raise "deps or block, not both" if deps and block
-
     if deps
       block = proc do |s|
         # Since Hash#each is unordered in 1.8, sort
@@ -1057,6 +1068,8 @@ Also, a list:
     Gem.instance_variable_set :@platforms, nil
     Gem::Platform.instance_variable_set :@local, nil
 
+    yield if block_given?
+
     platform
   end
 
@@ -1353,9 +1366,8 @@ Also, a list:
   end
 
   @@ruby = rubybin
-  gempath = File.expand_path('../../../test/rubygems', __FILE__)
-  @@good_rake = "#{rubybin} #{escape_path(gempath, 'good_rake.rb')}"
-  @@bad_rake = "#{rubybin} #{escape_path(gempath, 'bad_rake.rb')}"
+  @@good_rake = "#{rubybin} #{escape_path(TEST_PATH, 'good_rake.rb')}"
+  @@bad_rake = "#{rubybin} #{escape_path(TEST_PATH, 'bad_rake.rb')}"
 
   ##
   # Construct a new Gem::Dependency.
@@ -1543,14 +1555,12 @@ Also, a list:
 
   def self.cert_path(cert_name)
     if 32 == (Time.at(2**32) rescue 32)
-      cert_file =
-        File.expand_path "../../../test/rubygems/#{cert_name}_cert_32.pem",
-                         __FILE__
+      cert_file = "#{TEST_PATH}/#{cert_name}_cert_32.pem"
 
       return cert_file if File.exist? cert_file
     end
 
-    File.expand_path "../../../test/rubygems/#{cert_name}_cert.pem", __FILE__
+    "#{TEST_PATH}/#{cert_name}_cert.pem"
   end
 
   ##
@@ -1568,7 +1578,7 @@ Also, a list:
   # Returns the path to the key named +key_name+ from <tt>test/rubygems</tt>
 
   def self.key_path(key_name)
-    File.expand_path "../../../test/rubygems/#{key_name}_key.pem", __FILE__
+    "#{TEST_PATH}/#{key_name}_key.pem"
   end
 
   # :stopdoc: