rubygems-update 3.0.4 → 3.0.5

data/lib/rubygems/request.rb

@@ -283,7 +283,7 @@ class Gem::Request
     end
     ua << ")"
 
-    ua << " #{RUBY_ENGINE}" if defined?(RUBY_ENGINE) and RUBY_ENGINE != 'ruby'
+    ua << " #{RUBY_ENGINE}" if RUBY_ENGINE != 'ruby'
 
     ua
   end

data/lib/rubygems/request_set/gem_dependency_api.rb

@@ -782,7 +782,7 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
   # You may also provide +engine:+ and +engine_version:+ options to restrict
   # this gem dependencies file to a particular ruby engine and its engine
   # version.  This matching is performed by using the RUBY_ENGINE and
-  # engine_specific VERSION constants.  (For JRuby, JRUBY_VERSION).
+  # RUBY_ENGINE_VERSION constants.
 
   def ruby(version, options = {})
     engine         = options[:engine]
@@ -809,11 +809,9 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
     end
 
     if engine_version
-      my_engine_version = Object.const_get "#{Gem.ruby_engine.upcase}_VERSION"
-
-      if engine_version != my_engine_version
+      if engine_version != RUBY_ENGINE_VERSION
         message =
-          "Your Ruby engine version is #{Gem.ruby_engine} #{my_engine_version}, " +
+          "Your Ruby engine version is #{Gem.ruby_engine} #{RUBY_ENGINE_VERSION}, " +
           "but your #{gem_deps_file} requires #{engine} #{engine_version}"
 
         raise Gem::RubyVersionMismatch, message

data/lib/rubygems/s3_uri_signer.rb

@@ -0,0 +1,175 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+
+##
+# S3URISigner implements AWS SigV4 for S3 Source to avoid a dependency on the aws-sdk-* gems
+# More on AWS SigV4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
+class Gem::S3URISigner
+
+  class ConfigurationError < Gem::Exception
+
+    def initialize(message)
+      super message
+    end
+
+    def to_s # :nodoc:
+      "#{super}"
+    end
+
+  end
+
+  class InstanceProfileError < Gem::Exception
+
+    def initialize(message)
+      super message
+    end
+
+    def to_s # :nodoc:
+      "#{super}"
+    end
+
+  end
+
+  attr_accessor :uri
+
+  def initialize(uri)
+    @uri = uri
+  end
+
+  ##
+  # Signs S3 URI using query-params according to the reference: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
+  def sign(expiration = 86400)
+    s3_config = fetch_s3_config
+
+    current_time = Time.now.utc
+    date_time = current_time.strftime("%Y%m%dT%H%m%SZ")
+    date = date_time[0,8]
+
+    credential_info = "#{date}/#{s3_config.region}/s3/aws4_request"
+    canonical_host = "#{uri.host}.s3.#{s3_config.region}.amazonaws.com"
+
+    query_params = generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
+    canonical_request = generate_canonical_request(canonical_host, query_params)
+    string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
+    signature = generate_signature(s3_config, date, string_to_sign)
+
+    URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
+  end
+
+  private
+
+  S3Config = Struct.new :access_key_id, :secret_access_key, :security_token, :region
+
+  def generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
+    canonical_params = {}
+    canonical_params["X-Amz-Algorithm"] = "AWS4-HMAC-SHA256"
+    canonical_params["X-Amz-Credential"] = "#{s3_config.access_key_id}/#{credential_info}"
+    canonical_params["X-Amz-Date"] = date_time
+    canonical_params["X-Amz-Expires"] = expiration.to_s
+    canonical_params["X-Amz-SignedHeaders"] = "host"
+    canonical_params["X-Amz-Security-Token"] = s3_config.security_token if s3_config.security_token
+
+    # Sorting is required to generate proper signature
+    canonical_params.sort.to_h.map do |key, value|
+      "#{base64_uri_escape(key)}=#{base64_uri_escape(value)}"
+    end.join("&")
+  end
+
+  def generate_canonical_request(canonical_host, query_params)
+    [
+      "GET",
+      uri.path,
+      query_params,
+      "host:#{canonical_host}",
+      "", # empty params
+      "host",
+      "UNSIGNED-PAYLOAD",
+    ].join("\n")
+  end
+
+  def generate_string_to_sign(date_time, credential_info, canonical_request)
+    [
+      "AWS4-HMAC-SHA256",
+      date_time,
+      credential_info,
+      Digest::SHA256.hexdigest(canonical_request)
+    ].join("\n")
+  end
+
+  def generate_signature(s3_config, date, string_to_sign)
+    date_key = OpenSSL::HMAC.digest("sha256", "AWS4" + s3_config.secret_access_key, date)
+    date_region_key = OpenSSL::HMAC.digest("sha256", date_key, s3_config.region)
+    date_region_service_key = OpenSSL::HMAC.digest("sha256", date_region_key, "s3")
+    signing_key = OpenSSL::HMAC.digest("sha256", date_region_service_key, "aws4_request")
+    OpenSSL::HMAC.hexdigest("sha256", signing_key, string_to_sign)
+  end
+
+  ##
+  # Extracts S3 configuration for S3 bucket
+  def fetch_s3_config
+    return S3Config.new(uri.user, uri.password, nil, "us-east-1") if uri.user && uri.password
+
+    s3_source = Gem.configuration[:s3_source] || Gem.configuration["s3_source"]
+    host = uri.host
+    raise ConfigurationError.new("no s3_source key exists in .gemrc") unless s3_source
+
+    auth = s3_source[host] || s3_source[host.to_sym]
+    raise ConfigurationError.new("no key for host #{host} in s3_source in .gemrc") unless auth
+
+    provider = auth[:provider] || auth["provider"]
+    case provider
+    when "env"
+      id = ENV["AWS_ACCESS_KEY_ID"]
+      secret = ENV["AWS_SECRET_ACCESS_KEY"]
+      security_token = ENV["AWS_SESSION_TOKEN"]
+    when "instance_profile"
+      credentials = ec2_metadata_credentials_json
+      id = credentials["AccessKeyId"]
+      secret = credentials["SecretAccessKey"]
+      security_token = credentials["Token"]
+    else
+      id = auth[:id] || auth["id"]
+      secret = auth[:secret] || auth["secret"]
+      security_token = auth[:security_token] || auth["security_token"]
+    end
+
+    raise ConfigurationError.new("s3_source for #{host} missing id or secret") unless id && secret
+
+    region = auth[:region] || auth["region"] || "us-east-1"
+    S3Config.new(id, secret, security_token, region)
+  end
+
+  def base64_uri_escape(str)
+    str.gsub(/[\+\/=\n]/, BASE64_URI_TRANSLATE)
+  end
+
+  def ec2_metadata_credentials_json
+    require 'net/http'
+    require 'rubygems/request'
+    require 'rubygems/request/connection_pools'
+    require 'json'
+
+    metadata_uri = URI(EC2_METADATA_CREDENTIALS)
+    @request_pool ||= create_request_pool(metadata_uri)
+    request = Gem::Request.new(metadata_uri, Net::HTTP::Get, nil, @request_pool)
+    response = request.fetch
+
+    case response
+    when Net::HTTPOK then
+      JSON.parse(response.body)
+    else
+      raise InstanceProfileError.new("Unable to fetch AWS credentials from #{metadata_uri}: #{response.message} #{response.code}")
+    end
+  end
+
+  def create_request_pool(uri)
+    proxy_uri = Gem::Request.proxy_uri(Gem::Request.get_proxy_from_env(uri.scheme))
+    certs = Gem::Request.get_cert_files
+    Gem::Request::ConnectionPools.new(proxy_uri, certs).pool_for(uri)
+  end
+
+  BASE64_URI_TRANSLATE = { "+" => "%2B", "/" => "%2F", "=" => "%3D", "\n" => "" }.freeze
+  EC2_METADATA_CREDENTIALS = "http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance".freeze
+
+end

data/lib/rubygems/security_option.rb

@@ -19,7 +19,6 @@ end
 
 module Gem::SecurityOption
   def add_security_option
-    # TODO: use @parser.accept
     OptionParser.accept Gem::Security::Policy do |value|
       require 'rubygems/security'
 

data/lib/rubygems/specification.rb

@@ -2284,7 +2284,6 @@ class Gem::Specification < Gem::BasicSpecification
 
     e = Gem::LoadError.new msg
     e.name = self.name
-    # TODO: e.requirement = dep.requirement
 
     raise e
   end

data/lib/rubygems/stub_specification.rb

@@ -110,8 +110,7 @@ class Gem::StubSpecification < Gem::BasicSpecification
       begin
         saved_lineno = $.
 
-        # TODO It should be use `File.open`, but bundler-1.16.1 example expects Kernel#open.
-        open loaded_from, OPEN_MODE do |file|
+        File.open loaded_from, OPEN_MODE do |file|
           begin
             file.readline # discard encoding line
             stubline = file.readline.chomp

data/lib/rubygems/test_case.rb

@@ -140,6 +140,12 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
     assert File.exist?(path), msg
   end
 
+  def assert_directory_exists(path, msg = nil)
+    msg = message(msg) { "Expected path '#{path}' to be a directory" }
+    assert_path_exists path
+    assert File.directory?(path), msg
+  end
+
   ##
   # Sets the ENABLE_SHARED entry in RbConfig::CONFIG to +value+ and restores
   # the original value when the block ends
@@ -256,6 +262,7 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
     @orig_gem_env_requirements = ENV.to_hash
 
     ENV['GEM_VENDOR'] = nil
+    ENV['GEMRC'] = nil
     ENV['SOURCE_DATE_EPOCH'] = nil
 
     @current_dir = Dir.pwd
@@ -746,7 +753,7 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
   # Removes all installed gems from +@gemhome+.
 
   def util_clear_gems
-    FileUtils.rm_rf File.join(@gemhome, "gems") # TODO: use Gem::Dirs
+    FileUtils.rm_rf File.join(@gemhome, "gems")
     FileUtils.mkdir File.join(@gemhome, "gems")
     FileUtils.rm_rf File.join(@gemhome, "specifications")
     FileUtils.mkdir File.join(@gemhome, "specifications")
@@ -931,9 +938,6 @@ class Gem::TestCase < (defined?(Minitest::Test) ? Minitest::Test : MiniTest::Uni
   # location are returned.
 
   def util_gem(name, version, deps = nil, &block)
-    # TODO: deprecate
-    raise "deps or block, not both" if deps and block
-
     if deps
       block = proc do |s|
         # Since Hash#each is unordered in 1.8, sort

data/lib/rubygems/util.rb

@@ -128,4 +128,16 @@ module Gem::Util
     end
   end
 
+  ##
+  # Corrects +path+ (usually returned by `URI.parse().path` on Windows), that
+  # comes with a leading slash.
+
+  def self.correct_for_windows_path(path)
+    if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
+      path[1..-1]
+    else
+      path
+    end
+  end
+
 end

data/rubygems-update.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = "rubygems-update"
-  s.version = "3.0.4"
+  s.version = "3.0.5"
   s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
   s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
 

data/test/rubygems/test_gem.rb

@@ -156,7 +156,7 @@ class TestGem < Gem::TestCase
   end
 
   def assert_self_install_permissions
-    mask = /mingw|mswin/ =~ RUBY_PLATFORM ? 0700 : 0777
+    mask = win_platform? ? 0700 : 0777
     options = {
       :dir_mode => 0500,
       :prog_mode => 0510,
@@ -195,6 +195,9 @@ class TestGem < Gem::TestCase
       'gems/foo-1/bin/foo.cmd' => prog_mode,
       'gems/foo-1/data/foo.txt' => data_mode,
     }
+    # below is for intermittent errors on Appveyor & Travis 2019-01,
+    # see https://github.com/rubygems/rubygems/pull/2568
+    sleep 0.2
     result = {}
     Dir.chdir @gemhome do
       expected.each_key do |n|
@@ -541,7 +544,7 @@ class TestGem < Gem::TestCase
 
     Gem.ensure_gem_subdirectories @gemhome, 0750
 
-    assert File.directory? File.join(@gemhome, "cache")
+    assert_directory_exists File.join(@gemhome, "cache")
 
     assert_equal 0750, File::Stat.new(@gemhome).mode & 0777
     assert_equal 0750, File::Stat.new(File.join(@gemhome, "cache")).mode & 0777
@@ -570,7 +573,7 @@ class TestGem < Gem::TestCase
 
     Gem.ensure_gem_subdirectories gemdir
 
-    assert File.directory?(util_cache_dir)
+    assert_directory_exists util_cache_dir
   end
 
   unless win_platform? || Process.uid.zero?  # only for FS that support write protection

data/test/rubygems/test_gem_commands_environment_command.rb

@@ -90,17 +90,6 @@ class TestGemCommandsEnvironmentCommand < Gem::TestCase
     assert_equal '', @ui.error
   end
 
-  def test_execute_packageversion
-    @cmd.send :handle_options, %w[packageversion]
-
-    use_ui @ui do
-      @cmd.execute
-    end
-
-    assert_equal "#{Gem::RubyGemsPackageVersion}\n", @ui.output
-    assert_equal '', @ui.error
-  end
-
   def test_execute_remotesources
     orig_sources = Gem.sources.dup
     Gem.sources.replace %w[http://gems.example.com]

data/test/rubygems/test_gem_commands_push_command.rb

@@ -199,6 +199,21 @@ class TestGemCommandsPushCommand < Gem::TestCase
     send_battery
   end
 
+  def test_sending_gem_with_env_var_api_key
+    @host = "http://privategemserver.example"
+
+    @spec, @path = util_gem "freebird", "1.0.1" do |spec|
+      spec.metadata['allowed_push_host'] = @host
+    end
+
+    @api_key = "PRIVKEY"
+    ENV["GEM_HOST_API_KEY"] = "PRIVKEY"
+
+    @response = "Successfully registered gem: freebird (1.0.1)"
+    @fetcher.data["#{@host}/api/v1/gems"]  = [@response, 200, 'OK']
+    send_battery
+  end
+
   def test_sending_gem_to_allowed_push_host_with_basic_credentials
     @sanitized_host = "http://privategemserver.example"
     @host           = "http://user:password@privategemserver.example"

data/test/rubygems/test_gem_commands_uninstall_command.rb

@@ -192,6 +192,62 @@ class TestGemCommandsUninstallCommand < Gem::InstallerTestCase
     assert File.exist? File.join(@gemhome, 'bin', 'executable')
   end
 
+  def test_uninstall_selection
+    ui = Gem::MockGemUi.new "1\n"
+
+    util_make_gems
+
+    list = Gem::Specification.find_all_by_name 'a'
+
+    @cmd.options[:args] = ['a']
+
+    use_ui ui do
+      @cmd.execute
+    end
+
+    updated_list = Gem::Specification.find_all_by_name('a')
+    assert_equal list.length - 1, updated_list.length
+
+    assert_match ' 1. a-1',          ui.output
+    assert_match ' 2. a-2',          ui.output
+    assert_match ' 3. a-3.a',        ui.output
+    assert_match ' 4. All versions', ui.output
+    assert_match 'uninstalled a-1',  ui.output
+  end
+
+  def test_uninstall_selection_multiple_gems
+    ui = Gem::MockGemUi.new "1\n"
+
+    util_make_gems
+
+    a_list = Gem::Specification.find_all_by_name('a')
+    b_list = Gem::Specification.find_all_by_name('b')
+    list   = a_list + b_list
+
+    @cmd.options[:args] = ['a', 'b']
+
+    use_ui ui do
+      @cmd.execute
+    end
+
+    updated_a_list = Gem::Specification.find_all_by_name('a')
+    updated_b_list = Gem::Specification.find_all_by_name('b')
+    updated_list   = updated_a_list + updated_b_list
+
+    assert_equal list.length - 2, updated_list.length
+
+    out = ui.output.split("\n")
+    assert_match 'uninstalled b-2',          out.shift
+    assert_match '',                         out.shift
+    assert_match 'Select gem to uninstall:', out.shift
+    assert_match ' 1. a-1',                  out.shift
+    assert_match ' 2. a-2',                  out.shift
+    assert_match ' 3. a-3.a',                out.shift
+    assert_match ' 4. All versions',         out.shift
+    assert_match 'uninstalled a-1',          out.shift
+    assert_empty                             out
+  end
+
   def test_execute_with_force_and_without_version_uninstalls_everything
     ui = Gem::MockGemUi.new "y\n"
 
@@ -246,7 +302,7 @@ class TestGemCommandsUninstallCommand < Gem::InstallerTestCase
     gemhome2 = "#{@gemhome}2"
 
     a_4, = util_gem 'a', 4
-    install_gem a_4, :install_dir => gemhome2
+    install_gem a_4
 
     Gem::Specification.dirs = [@gemhome, gemhome2]
 
@@ -264,6 +320,29 @@ class TestGemCommandsUninstallCommand < Gem::InstallerTestCase
     assert_equal %w[default-1], Gem::Specification.all_names.sort
   end
 
+  def test_execute_outside_gem_home
+    ui = Gem::MockGemUi.new "y\n"
+
+    gemhome2 = "#{@gemhome}2"
+
+    a_4, = util_gem 'a', 4
+    install_gem a_4 , :install_dir => gemhome2
+
+    Gem::Specification.dirs = [@gemhome, gemhome2]
+
+    assert_includes Gem::Specification.all_names, 'a-4'
+
+    @cmd.options[:args] = ['a:4']
+
+    e = assert_raises Gem::InstallError do
+      use_ui ui do
+        @cmd.execute
+      end
+    end
+
+    assert_includes e.message, "a is not installed in GEM_HOME"
+  end
+
   def test_handle_options
     @cmd.handle_options %w[]