rubygems-update 3.1.4 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODE_OF_CONDUCT.md +55 -19
- data/CONTRIBUTING.md +24 -10
- data/History.txt +370 -177
- data/Manifest.txt +43 -77
- data/POLICIES.md +2 -9
- data/README.md +1 -1
- data/Rakefile +42 -80
- data/bin/update_rubygems +1 -1
- data/bundler/CHANGELOG.md +1563 -1426
- data/bundler/README.md +6 -8
- data/bundler/UPGRADING.md +18 -32
- data/bundler/bundler.gemspec +3 -3
- data/bundler/exe/bundle +3 -0
- data/bundler/lib/bundler.rb +25 -7
- data/bundler/lib/bundler/build_metadata.rb +4 -12
- data/bundler/lib/bundler/cli.rb +58 -21
- data/bundler/lib/bundler/cli/add.rb +1 -1
- data/bundler/lib/bundler/cli/binstubs.rb +6 -2
- data/bundler/lib/bundler/cli/cache.rb +1 -7
- data/bundler/lib/bundler/cli/clean.rb +1 -1
- data/bundler/lib/bundler/cli/common.rb +14 -0
- data/bundler/lib/bundler/cli/console.rb +1 -1
- data/bundler/lib/bundler/cli/doctor.rb +1 -1
- data/bundler/lib/bundler/cli/exec.rb +4 -4
- data/bundler/lib/bundler/cli/fund.rb +36 -0
- data/bundler/lib/bundler/cli/gem.rb +84 -11
- data/bundler/lib/bundler/cli/info.rb +15 -4
- data/bundler/lib/bundler/cli/init.rb +2 -2
- data/bundler/lib/bundler/cli/inject.rb +1 -1
- data/bundler/lib/bundler/cli/install.rb +9 -16
- data/bundler/lib/bundler/cli/issue.rb +2 -2
- data/bundler/lib/bundler/cli/list.rb +12 -10
- data/bundler/lib/bundler/cli/outdated.rb +88 -67
- data/bundler/lib/bundler/cli/plugin.rb +10 -0
- data/bundler/lib/bundler/cli/pristine.rb +5 -0
- data/bundler/lib/bundler/cli/show.rb +1 -1
- data/bundler/lib/bundler/cli/update.rb +2 -0
- data/bundler/lib/bundler/compact_index_client.rb +1 -1
- data/bundler/lib/bundler/compact_index_client/cache.rb +1 -1
- data/bundler/lib/bundler/compact_index_client/updater.rb +5 -5
- data/bundler/lib/bundler/definition.rb +47 -61
- data/bundler/lib/bundler/dep_proxy.rb +1 -1
- data/bundler/lib/bundler/dependency.rb +0 -9
- data/bundler/lib/bundler/dsl.rb +5 -9
- data/bundler/lib/bundler/endpoint_specification.rb +1 -1
- data/bundler/lib/bundler/env.rb +1 -1
- data/bundler/lib/bundler/environment_preserver.rb +26 -2
- data/bundler/lib/bundler/errors.rb +1 -0
- data/bundler/lib/bundler/feature_flag.rb +0 -3
- data/bundler/lib/bundler/fetcher.rb +4 -3
- data/bundler/lib/bundler/fetcher/base.rb +1 -1
- data/bundler/lib/bundler/fetcher/compact_index.rb +1 -1
- data/bundler/lib/bundler/fetcher/downloader.rb +1 -1
- data/bundler/lib/bundler/fetcher/index.rb +3 -4
- data/bundler/lib/bundler/friendly_errors.rb +22 -13
- data/bundler/lib/bundler/gem_helper.rb +32 -17
- data/bundler/lib/bundler/gem_helpers.rb +6 -1
- data/bundler/lib/bundler/gem_version_promoter.rb +2 -2
- data/bundler/lib/bundler/graph.rb +1 -1
- data/bundler/lib/bundler/index.rb +6 -2
- data/bundler/lib/bundler/injector.rb +22 -4
- data/bundler/lib/bundler/inline.rb +1 -1
- data/bundler/lib/bundler/installer.rb +35 -32
- data/bundler/lib/bundler/installer/gem_installer.rb +3 -3
- data/bundler/lib/bundler/installer/parallel_installer.rb +10 -10
- data/bundler/lib/bundler/installer/standalone.rb +2 -2
- data/bundler/lib/bundler/lazy_specification.rb +20 -9
- data/bundler/lib/bundler/lockfile_generator.rb +1 -1
- data/bundler/lib/bundler/lockfile_parser.rb +1 -1
- data/bundler/lib/bundler/man/.document +1 -0
- data/bundler/{man/bundle-add.ronn → lib/bundler/man/bundle-add.1.ronn} +0 -0
- data/bundler/{man/bundle-binstubs.ronn → lib/bundler/man/bundle-binstubs.1.ronn} +2 -4
- data/bundler/{man/bundle-cache.ronn → lib/bundler/man/bundle-cache.1.ronn} +0 -0
- data/bundler/{man/bundle-check.ronn → lib/bundler/man/bundle-check.1.ronn} +0 -0
- data/bundler/{man/bundle-clean.ronn → lib/bundler/man/bundle-clean.1.ronn} +0 -0
- data/bundler/{man/bundle-config.ronn → lib/bundler/man/bundle-config.1.ronn} +19 -30
- data/bundler/{man/bundle-doctor.ronn → lib/bundler/man/bundle-doctor.1.ronn} +0 -0
- data/bundler/{man/bundle-exec.ronn → lib/bundler/man/bundle-exec.1.ronn} +0 -0
- data/bundler/{man/bundle-gem.ronn → lib/bundler/man/bundle-gem.1.ronn} +30 -7
- data/bundler/{man/bundle-info.ronn → lib/bundler/man/bundle-info.1.ronn} +0 -0
- data/bundler/{man/bundle-init.ronn → lib/bundler/man/bundle-init.1.ronn} +0 -0
- data/bundler/{man/bundle-inject.ronn → lib/bundler/man/bundle-inject.1.ronn} +0 -0
- data/bundler/{man/bundle-install.ronn → lib/bundler/man/bundle-install.1.ronn} +25 -3
- data/bundler/{man/bundle-list.ronn → lib/bundler/man/bundle-list.1.ronn} +6 -6
- data/bundler/{man/bundle-lock.ronn → lib/bundler/man/bundle-lock.1.ronn} +0 -0
- data/bundler/{man/bundle-open.ronn → lib/bundler/man/bundle-open.1.ronn} +0 -0
- data/bundler/{man/bundle-outdated.ronn → lib/bundler/man/bundle-outdated.1.ronn} +0 -0
- data/bundler/{man/bundle-platform.ronn → lib/bundler/man/bundle-platform.1.ronn} +0 -0
- data/bundler/{man/bundle-pristine.ronn → lib/bundler/man/bundle-pristine.1.ronn} +0 -0
- data/bundler/{man/bundle-remove.ronn → lib/bundler/man/bundle-remove.1.ronn} +0 -0
- data/bundler/{man/bundle-show.ronn → lib/bundler/man/bundle-show.1.ronn} +0 -0
- data/bundler/{man/bundle-update.ronn → lib/bundler/man/bundle-update.1.ronn} +0 -0
- data/bundler/{man/bundle-viz.ronn → lib/bundler/man/bundle-viz.1.ronn} +0 -0
- data/bundler/{man/bundle.ronn → lib/bundler/man/bundle.1.ronn} +0 -0
- data/bundler/{man → lib/bundler/man}/gemfile.5.ronn +4 -4
- data/bundler/lib/bundler/mirror.rb +2 -2
- data/bundler/lib/bundler/plugin.rb +30 -5
- data/bundler/lib/bundler/plugin/api/source.rb +1 -1
- data/bundler/lib/bundler/plugin/dsl.rb +1 -1
- data/bundler/lib/bundler/plugin/index.rb +10 -1
- data/bundler/lib/bundler/plugin/installer.rb +1 -1
- data/bundler/lib/bundler/plugin/installer/rubygems.rb +1 -1
- data/bundler/lib/bundler/plugin/source_list.rb +1 -1
- data/bundler/lib/bundler/psyched_yaml.rb +0 -15
- data/bundler/lib/bundler/remote_specification.rb +5 -2
- data/bundler/lib/bundler/resolver.rb +32 -10
- data/bundler/lib/bundler/resolver/spec_group.rb +27 -6
- data/bundler/lib/bundler/retry.rb +1 -1
- data/bundler/lib/bundler/ruby_version.rb +1 -1
- data/bundler/lib/bundler/rubygems_ext.rb +53 -9
- data/bundler/lib/bundler/rubygems_gem_installer.rb +3 -9
- data/bundler/lib/bundler/rubygems_integration.rb +25 -54
- data/bundler/lib/bundler/runtime.rb +4 -14
- data/bundler/lib/bundler/settings.rb +49 -46
- data/bundler/lib/bundler/shared_helpers.rb +2 -2
- data/bundler/lib/bundler/similarity_detector.rb +1 -1
- data/bundler/lib/bundler/source.rb +1 -1
- data/bundler/lib/bundler/source/git.rb +5 -5
- data/bundler/lib/bundler/source/git/git_proxy.rb +57 -60
- data/bundler/lib/bundler/source/path.rb +7 -3
- data/bundler/lib/bundler/source/path/installer.rb +8 -10
- data/bundler/lib/bundler/source/rubygems.rb +13 -16
- data/bundler/lib/bundler/source/rubygems/remote.rb +1 -1
- data/bundler/lib/bundler/source_list.rb +2 -2
- data/bundler/lib/bundler/spec_set.rb +2 -1
- data/bundler/lib/bundler/stub_specification.rb +17 -5
- data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +57 -47
- data/bundler/lib/bundler/templates/newgem/Gemfile.tt +9 -1
- data/bundler/lib/bundler/templates/newgem/README.md.tt +1 -2
- data/bundler/lib/bundler/templates/newgem/Rakefile.tt +19 -5
- data/bundler/lib/bundler/templates/newgem/bin/console.tt +1 -0
- data/bundler/lib/bundler/templates/newgem/circleci/config.yml.tt +13 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf.rb.tt +2 -0
- data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt +18 -0
- data/bundler/lib/bundler/templates/newgem/gitlab-ci.yml.tt +9 -0
- data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +4 -2
- data/bundler/lib/bundler/templates/newgem/lib/newgem/version.rb.tt +2 -0
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +14 -6
- data/bundler/lib/bundler/templates/newgem/rubocop.yml.tt +10 -0
- data/bundler/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +2 -0
- data/bundler/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +2 -1
- data/bundler/lib/bundler/templates/newgem/test/{newgem_test.rb.tt → minitest/newgem_test.rb.tt} +2 -0
- data/bundler/lib/bundler/templates/newgem/test/{test_helper.rb.tt → minitest/test_helper.rb.tt} +2 -0
- data/bundler/lib/bundler/templates/newgem/test/test-unit/newgem_test.rb.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/test/test-unit/test_helper.rb.tt +6 -0
- data/bundler/lib/bundler/ui/shell.rb +5 -5
- data/bundler/lib/bundler/uri_credentials_filter.rb +3 -1
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo.rb +0 -1
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +34 -1
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +2 -2
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +1 -1
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +1 -1
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +38 -40
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +75 -189
- data/bundler/lib/bundler/vendor/thor/lib/thor.rb +0 -7
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_link.rb +2 -1
- data/bundler/lib/bundler/vendor/thor/lib/thor/base.rb +9 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/version.rb +1 -1
- data/bundler/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +154 -0
- data/bundler/lib/bundler/vendored_persistent.rb +0 -7
- data/bundler/lib/bundler/vendored_tmpdir.rb +4 -0
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler/worker.rb +1 -1
- data/bundler/lib/bundler/yaml_serializer.rb +1 -1
- data/bundler/man/bundle-add.1 +1 -1
- data/bundler/man/bundle-binstubs.1 +5 -3
- data/bundler/man/bundle-cache.1 +1 -1
- data/bundler/man/bundle-check.1 +1 -1
- data/bundler/man/bundle-clean.1 +1 -1
- data/bundler/man/bundle-config.1 +16 -25
- data/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/man/bundle-exec.1 +1 -1
- data/bundler/man/bundle-gem.1 +25 -3
- data/bundler/man/bundle-info.1 +1 -1
- data/bundler/man/bundle-init.1 +1 -1
- data/bundler/man/bundle-inject.1 +1 -1
- data/bundler/man/bundle-install.1 +30 -3
- data/bundler/man/bundle-list.1 +7 -7
- data/bundler/man/bundle-lock.1 +1 -1
- data/bundler/man/bundle-open.1 +1 -1
- data/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/man/bundle-platform.1 +1 -1
- data/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/man/bundle-remove.1 +1 -1
- data/bundler/man/bundle-show.1 +1 -1
- data/bundler/man/bundle-update.1 +1 -1
- data/bundler/man/bundle-viz.1 +1 -1
- data/bundler/man/bundle.1 +1 -1
- data/bundler/man/gemfile.5 +4 -4
- data/lib/rubygems.rb +83 -159
- data/lib/rubygems/available_set.rb +4 -6
- data/lib/rubygems/basic_specification.rb +11 -9
- data/lib/rubygems/bundler_version_finder.rb +14 -9
- data/lib/rubygems/command.rb +16 -16
- data/lib/rubygems/command_manager.rb +5 -6
- data/lib/rubygems/commands/build_command.rb +40 -20
- data/lib/rubygems/commands/cert_command.rb +2 -10
- data/lib/rubygems/commands/check_command.rb +0 -2
- data/lib/rubygems/commands/cleanup_command.rb +11 -7
- data/lib/rubygems/commands/contents_command.rb +4 -6
- data/lib/rubygems/commands/dependency_command.rb +6 -8
- data/lib/rubygems/commands/environment_command.rb +1 -3
- data/lib/rubygems/commands/fetch_command.rb +2 -4
- data/lib/rubygems/commands/generate_index_command.rb +0 -2
- data/lib/rubygems/commands/help_command.rb +3 -3
- data/lib/rubygems/commands/info_command.rb +8 -5
- data/lib/rubygems/commands/install_command.rb +3 -5
- data/lib/rubygems/commands/list_command.rb +8 -7
- data/lib/rubygems/commands/lock_command.rb +1 -3
- data/lib/rubygems/commands/mirror_command.rb +0 -2
- data/lib/rubygems/commands/open_command.rb +0 -4
- data/lib/rubygems/commands/outdated_command.rb +0 -2
- data/lib/rubygems/commands/owner_command.rb +9 -3
- data/lib/rubygems/commands/pristine_command.rb +11 -5
- data/lib/rubygems/commands/push_command.rb +10 -46
- data/lib/rubygems/commands/query_command.rb +14 -344
- data/lib/rubygems/commands/rdoc_command.rb +0 -2
- data/lib/rubygems/commands/search_command.rb +7 -7
- data/lib/rubygems/commands/server_command.rb +3 -1
- data/lib/rubygems/commands/setup_command.rb +131 -58
- data/lib/rubygems/commands/signin_command.rb +0 -2
- data/lib/rubygems/commands/signout_command.rb +0 -2
- data/lib/rubygems/commands/sources_command.rb +6 -4
- data/lib/rubygems/commands/specification_command.rb +8 -4
- data/lib/rubygems/commands/stale_command.rb +1 -3
- data/lib/rubygems/commands/uninstall_command.rb +1 -3
- data/lib/rubygems/commands/unpack_command.rb +1 -3
- data/lib/rubygems/commands/update_command.rb +59 -14
- data/lib/rubygems/commands/which_command.rb +0 -2
- data/lib/rubygems/commands/yank_command.rb +4 -6
- data/lib/rubygems/config_file.rb +11 -4
- data/lib/rubygems/core_ext/kernel_require.rb +29 -36
- data/lib/rubygems/core_ext/kernel_warn.rb +12 -13
- data/lib/rubygems/defaults.rb +101 -7
- data/lib/rubygems/dependency.rb +3 -8
- data/lib/rubygems/dependency_installer.rb +5 -78
- data/lib/rubygems/dependency_list.rb +7 -9
- data/lib/rubygems/deprecate.rb +46 -1
- data/lib/rubygems/doctor.rb +4 -4
- data/lib/rubygems/errors.rb +3 -14
- data/lib/rubygems/exceptions.rb +2 -33
- data/lib/rubygems/ext.rb +6 -6
- data/lib/rubygems/ext/build_error.rb +2 -0
- data/lib/rubygems/ext/builder.rb +14 -35
- data/lib/rubygems/ext/cmake_builder.rb +5 -7
- data/lib/rubygems/ext/configure_builder.rb +4 -6
- data/lib/rubygems/ext/ext_conf_builder.rb +21 -19
- data/lib/rubygems/ext/rake_builder.rb +3 -5
- data/lib/rubygems/gem_runner.rb +3 -10
- data/lib/rubygems/gemcutter_utilities.rb +91 -15
- data/lib/rubygems/indexer.rb +1 -22
- data/lib/rubygems/install_update_options.rb +7 -7
- data/lib/rubygems/installer.rb +59 -57
- data/lib/rubygems/installer_test_case.rb +25 -11
- data/lib/rubygems/installer_uninstaller_utils.rb +24 -0
- data/lib/rubygems/local_remote_options.rb +1 -1
- data/lib/rubygems/mock_gem_ui.rb +0 -6
- data/lib/rubygems/name_tuple.rb +3 -7
- data/lib/rubygems/openssl.rb +7 -0
- data/lib/rubygems/package.rb +14 -25
- data/lib/rubygems/package/digest_io.rb +0 -2
- data/lib/rubygems/package/file_source.rb +0 -2
- data/lib/rubygems/package/io_source.rb +0 -2
- data/lib/rubygems/package/old.rb +1 -3
- data/lib/rubygems/package/tar_header.rb +4 -6
- data/lib/rubygems/package/tar_reader.rb +0 -3
- data/lib/rubygems/package/tar_reader/entry.rb +0 -3
- data/lib/rubygems/package/tar_test_case.rb +2 -4
- data/lib/rubygems/package/tar_writer.rb +2 -12
- data/lib/rubygems/package_task.rb +1 -7
- data/lib/rubygems/path_support.rb +1 -3
- data/lib/rubygems/platform.rb +21 -12
- data/lib/rubygems/psych_tree.rb +0 -2
- data/lib/rubygems/query_utils.rb +353 -0
- data/lib/rubygems/rdoc.rb +0 -12
- data/lib/rubygems/remote_fetcher.rb +10 -27
- data/lib/rubygems/request.rb +4 -11
- data/lib/rubygems/request/connection_pools.rb +1 -5
- data/lib/rubygems/request/http_pool.rb +0 -2
- data/lib/rubygems/request/https_pool.rb +0 -2
- data/lib/rubygems/request_set.rb +5 -7
- data/lib/rubygems/request_set/gem_dependency_api.rb +5 -7
- data/lib/rubygems/request_set/lockfile.rb +8 -12
- data/lib/rubygems/request_set/lockfile/parser.rb +0 -2
- data/lib/rubygems/request_set/lockfile/tokenizer.rb +1 -3
- data/lib/rubygems/requirement.rb +20 -21
- data/lib/rubygems/resolver.rb +8 -11
- data/lib/rubygems/resolver/activation_request.rb +9 -3
- data/lib/rubygems/resolver/api_set.rb +3 -5
- data/lib/rubygems/resolver/api_specification.rb +20 -7
- data/lib/rubygems/resolver/best_set.rb +0 -2
- data/lib/rubygems/resolver/composed_set.rb +3 -5
- data/lib/rubygems/resolver/conflict.rb +2 -4
- data/lib/rubygems/resolver/current_set.rb +0 -2
- data/lib/rubygems/resolver/dependency_request.rb +1 -3
- data/lib/rubygems/resolver/git_set.rb +0 -2
- data/lib/rubygems/resolver/git_specification.rb +0 -2
- data/lib/rubygems/resolver/index_set.rb +1 -3
- data/lib/rubygems/resolver/index_specification.rb +11 -2
- data/lib/rubygems/resolver/installed_specification.rb +0 -2
- data/lib/rubygems/resolver/installer_set.rb +4 -7
- data/lib/rubygems/resolver/local_specification.rb +0 -2
- data/lib/rubygems/resolver/lock_set.rb +2 -4
- data/lib/rubygems/resolver/lock_specification.rb +0 -2
- data/lib/rubygems/resolver/molinillo/lib/molinillo.rb +6 -5
- data/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/resolution_state.rb +7 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/specification_provider.rb +1 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb +39 -5
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb +1 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb +7 -6
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb +4 -3
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/vertex.rb +43 -10
- data/lib/rubygems/resolver/molinillo/lib/molinillo/errors.rb +75 -7
- data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/specification_provider.rb +1 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/ui.rb +3 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb +506 -165
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolver.rb +3 -2
- data/lib/rubygems/resolver/molinillo/lib/molinillo/state.rb +8 -4
- data/lib/rubygems/resolver/requirement_list.rb +0 -2
- data/lib/rubygems/resolver/set.rb +0 -2
- data/lib/rubygems/resolver/source_set.rb +0 -2
- data/lib/rubygems/resolver/spec_specification.rb +0 -2
- data/lib/rubygems/resolver/specification.rb +1 -3
- data/lib/rubygems/resolver/stats.rb +0 -2
- data/lib/rubygems/resolver/vendor_set.rb +0 -2
- data/lib/rubygems/resolver/vendor_specification.rb +0 -2
- data/lib/rubygems/s3_uri_signer.rb +2 -8
- data/lib/rubygems/safe_yaml.rb +4 -4
- data/lib/rubygems/security.rb +27 -34
- data/lib/rubygems/security/policy.rb +4 -8
- data/lib/rubygems/security/signer.rb +5 -7
- data/lib/rubygems/security/trust_dir.rb +1 -3
- data/lib/rubygems/server.rb +9 -11
- data/lib/rubygems/source.rb +13 -7
- data/lib/rubygems/source/git.rb +7 -8
- data/lib/rubygems/source/installed.rb +0 -2
- data/lib/rubygems/source/local.rb +2 -4
- data/lib/rubygems/source/lock.rb +0 -2
- data/lib/rubygems/source/specific_file.rb +0 -2
- data/lib/rubygems/source/vendor.rb +0 -2
- data/lib/rubygems/source_list.rb +4 -7
- data/lib/rubygems/spec_fetcher.rb +19 -18
- data/lib/rubygems/specification.rb +101 -118
- data/lib/rubygems/specification_policy.rb +79 -29
- data/lib/rubygems/ssl_certs/{index.rubygems.org → rubygems.org}/GlobalSignRootCA.pem +0 -0
- data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem +21 -0
- data/lib/rubygems/stub_specification.rb +1 -5
- data/lib/rubygems/syck_hack.rb +0 -2
- data/lib/rubygems/test_case.rb +79 -122
- data/lib/rubygems/test_utilities.rb +6 -14
- data/lib/rubygems/uninstaller.rb +35 -16
- data/lib/rubygems/uri_formatter.rb +2 -3
- data/lib/rubygems/uri_parser.rb +0 -2
- data/lib/rubygems/user_interaction.rb +1 -26
- data/lib/rubygems/util.rb +8 -2
- data/lib/rubygems/util/licenses.rb +4 -6
- data/lib/rubygems/util/list.rb +0 -2
- data/lib/rubygems/validator.rb +1 -3
- data/lib/rubygems/version.rb +4 -6
- data/lib/rubygems/version_option.rb +6 -0
- data/rubygems-update.gemspec +2 -2
- data/setup.rb +2 -7
- data/test/rubygems/plugin/load/rubygems_plugin.rb +0 -2
- data/test/rubygems/rubygems/commands/crash_command.rb +0 -2
- data/test/rubygems/rubygems_plugin.rb +0 -2
- data/test/rubygems/specifications/bar-0.0.2.gemspec +0 -2
- data/test/rubygems/specifications/rubyforge-0.0.1.gemspec +0 -2
- data/test/rubygems/test_bundled_ca.rb +42 -45
- data/test/rubygems/test_config.rb +0 -2
- data/test/rubygems/test_deprecate.rb +40 -7
- data/test/rubygems/test_gem.rb +82 -79
- data/test/rubygems/test_gem_available_set.rb +3 -5
- data/test/rubygems/test_gem_bundler_version_finder.rb +19 -3
- data/test/rubygems/test_gem_command.rb +24 -7
- data/test/rubygems/test_gem_command_manager.rb +36 -5
- data/test/rubygems/test_gem_commands_build_command.rb +233 -15
- data/test/rubygems/test_gem_commands_cert_command.rb +4 -6
- data/test/rubygems/test_gem_commands_check_command.rb +0 -2
- data/test/rubygems/test_gem_commands_cleanup_command.rb +14 -5
- data/test/rubygems/test_gem_commands_contents_command.rb +50 -19
- data/test/rubygems/test_gem_commands_dependency_command.rb +0 -2
- data/test/rubygems/test_gem_commands_environment_command.rb +21 -23
- data/test/rubygems/test_gem_commands_fetch_command.rb +0 -2
- data/test/rubygems/test_gem_commands_generate_index_command.rb +1 -7
- data/test/rubygems/test_gem_commands_help_command.rb +15 -4
- data/test/rubygems/test_gem_commands_info_command.rb +6 -8
- data/test/rubygems/test_gem_commands_install_command.rb +32 -34
- data/test/rubygems/test_gem_commands_list_command.rb +0 -2
- data/test/rubygems/test_gem_commands_lock_command.rb +0 -2
- data/test/rubygems/test_gem_commands_mirror.rb +1 -3
- data/test/rubygems/test_gem_commands_open_command.rb +4 -6
- data/test/rubygems/test_gem_commands_outdated_command.rb +0 -2
- data/test/rubygems/test_gem_commands_owner_command.rb +59 -5
- data/test/rubygems/test_gem_commands_pristine_command.rb +43 -12
- data/test/rubygems/test_gem_commands_push_command.rb +38 -9
- data/test/rubygems/test_gem_commands_query_command.rb +12 -12
- data/test/rubygems/test_gem_commands_search_command.rb +0 -2
- data/test/rubygems/test_gem_commands_server_command.rb +0 -2
- data/test/rubygems/test_gem_commands_setup_command.rb +165 -124
- data/test/rubygems/test_gem_commands_signin_command.rb +33 -9
- data/test/rubygems/test_gem_commands_signout_command.rb +0 -7
- data/test/rubygems/test_gem_commands_sources_command.rb +60 -2
- data/test/rubygems/test_gem_commands_specification_command.rb +46 -20
- data/test/rubygems/test_gem_commands_stale_command.rb +0 -2
- data/test/rubygems/test_gem_commands_uninstall_command.rb +1 -3
- data/test/rubygems/test_gem_commands_unpack_command.rb +0 -2
- data/test/rubygems/test_gem_commands_update_command.rb +116 -7
- data/test/rubygems/test_gem_commands_which_command.rb +3 -5
- data/test/rubygems/test_gem_commands_yank_command.rb +44 -8
- data/test/rubygems/test_gem_config_file.rb +7 -12
- data/test/rubygems/test_gem_dependency.rb +0 -2
- data/test/rubygems/test_gem_dependency_installer.rb +90 -193
- data/test/rubygems/test_gem_dependency_list.rb +10 -12
- data/test/rubygems/test_gem_dependency_resolution_error.rb +1 -3
- data/test/rubygems/test_gem_doctor.rb +28 -2
- data/test/rubygems/test_gem_ext_builder.rb +26 -47
- data/test/rubygems/test_gem_ext_cmake_builder.rb +16 -23
- data/test/rubygems/test_gem_ext_configure_builder.rb +4 -20
- data/test/rubygems/test_gem_ext_ext_conf_builder.rb +9 -29
- data/test/rubygems/test_gem_ext_rake_builder.rb +14 -24
- data/test/rubygems/test_gem_gem_runner.rb +44 -1
- data/test/rubygems/test_gem_gemcutter_utilities.rb +8 -5
- data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -2
- data/test/rubygems/test_gem_indexer.rb +9 -15
- data/test/rubygems/test_gem_install_update_options.rb +14 -4
- data/test/rubygems/test_gem_installer.rb +256 -59
- data/test/rubygems/test_gem_local_remote_options.rb +0 -2
- data/test/rubygems/test_gem_name_tuple.rb +0 -2
- data/test/rubygems/test_gem_package.rb +38 -31
- data/test/rubygems/test_gem_package_old.rb +4 -6
- data/test/rubygems/test_gem_package_tar_header.rb +18 -1
- data/test/rubygems/test_gem_package_tar_reader.rb +0 -2
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +0 -2
- data/test/rubygems/test_gem_package_tar_writer.rb +4 -6
- data/test/rubygems/test_gem_package_task.rb +46 -13
- data/test/rubygems/test_gem_path_support.rb +0 -2
- data/test/rubygems/test_gem_platform.rb +63 -6
- data/test/rubygems/test_gem_rdoc.rb +0 -2
- data/test/rubygems/test_gem_remote_fetcher.rb +168 -211
- data/test/rubygems/test_gem_request.rb +13 -17
- data/test/rubygems/test_gem_request_connection_pools.rb +0 -4
- data/test/rubygems/test_gem_request_set.rb +20 -22
- data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +3 -5
- data/test/rubygems/test_gem_request_set_lockfile.rb +4 -6
- data/test/rubygems/test_gem_request_set_lockfile_parser.rb +9 -11
- data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +118 -120
- data/test/rubygems/test_gem_requirement.rb +10 -4
- data/test/rubygems/test_gem_resolver.rb +6 -8
- data/test/rubygems/test_gem_resolver_activation_request.rb +0 -2
- data/test/rubygems/test_gem_resolver_api_set.rb +11 -13
- data/test/rubygems/test_gem_resolver_api_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_best_set.rb +2 -4
- data/test/rubygems/test_gem_resolver_composed_set.rb +0 -2
- data/test/rubygems/test_gem_resolver_conflict.rb +1 -3
- data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -2
- data/test/rubygems/test_gem_resolver_git_set.rb +0 -2
- data/test/rubygems/test_gem_resolver_git_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_index_set.rb +2 -4
- data/test/rubygems/test_gem_resolver_index_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_installer_set.rb +7 -9
- data/test/rubygems/test_gem_resolver_local_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_lock_set.rb +3 -5
- data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -2
- data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -2
- data/test/rubygems/test_gem_resolver_specification.rb +0 -4
- data/test/rubygems/test_gem_resolver_vendor_set.rb +1 -3
- data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -2
- data/test/rubygems/test_gem_security.rb +22 -24
- data/test/rubygems/test_gem_security_policy.rb +7 -12
- data/test/rubygems/test_gem_security_signer.rb +10 -12
- data/test/rubygems/test_gem_security_trust_dir.rb +4 -6
- data/test/rubygems/test_gem_server.rb +10 -14
- data/test/rubygems/test_gem_silent_ui.rb +0 -2
- data/test/rubygems/test_gem_source.rb +17 -16
- data/test/rubygems/test_gem_source_fetch_problem.rb +0 -2
- data/test/rubygems/test_gem_source_git.rb +12 -13
- data/test/rubygems/test_gem_source_installed.rb +7 -9
- data/test/rubygems/test_gem_source_list.rb +1 -2
- data/test/rubygems/test_gem_source_local.rb +8 -10
- data/test/rubygems/test_gem_source_lock.rb +10 -12
- data/test/rubygems/test_gem_source_specific_file.rb +7 -9
- data/test/rubygems/test_gem_source_subpath_problem.rb +49 -0
- data/test/rubygems/test_gem_source_vendor.rb +7 -9
- data/test/rubygems/test_gem_spec_fetcher.rb +11 -4
- data/test/rubygems/test_gem_specification.rb +156 -125
- data/test/rubygems/test_gem_stream_ui.rb +3 -3
- data/test/rubygems/test_gem_stub_specification.rb +4 -6
- data/test/rubygems/test_gem_text.rb +1 -3
- data/test/rubygems/test_gem_uninstaller.rb +134 -12
- data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -2
- data/test/rubygems/test_gem_uri_formatter.rb +0 -2
- data/test/rubygems/test_gem_util.rb +7 -7
- data/test/rubygems/test_gem_validator.rb +1 -3
- data/test/rubygems/test_gem_version.rb +1 -3
- data/test/rubygems/test_gem_version_option.rb +1 -3
- data/test/rubygems/test_kernel.rb +25 -10
- data/test/rubygems/test_project_sanity.rb +7 -2
- data/test/rubygems/test_remote_fetch_error.rb +0 -2
- data/test/rubygems/test_require.rb +291 -56
- metadata +62 -97
- data/.bundle/config +0 -2
- data/.rubocop.yml +0 -91
- data/Gemfile +0 -8
- data/Gemfile.lock +0 -43
- data/bundler/CODE_OF_CONDUCT.md +0 -136
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/compatibility.rb +0 -26
- data/bundler/man/bundle-add.1.txt +0 -58
- data/bundler/man/bundle-binstubs.1.txt +0 -48
- data/bundler/man/bundle-cache.1.txt +0 -78
- data/bundler/man/bundle-check.1.txt +0 -33
- data/bundler/man/bundle-clean.1.txt +0 -26
- data/bundler/man/bundle-config.1.txt +0 -528
- data/bundler/man/bundle-doctor.1.txt +0 -44
- data/bundler/man/bundle-exec.1.txt +0 -178
- data/bundler/man/bundle-gem.1.txt +0 -91
- data/bundler/man/bundle-info.1.txt +0 -21
- data/bundler/man/bundle-init.1.txt +0 -34
- data/bundler/man/bundle-inject.1.txt +0 -32
- data/bundler/man/bundle-install.1.txt +0 -401
- data/bundler/man/bundle-list.1.txt +0 -43
- data/bundler/man/bundle-lock.1.txt +0 -93
- data/bundler/man/bundle-open.1.txt +0 -29
- data/bundler/man/bundle-outdated.1.txt +0 -131
- data/bundler/man/bundle-platform.1.txt +0 -57
- data/bundler/man/bundle-pristine.1.txt +0 -44
- data/bundler/man/bundle-remove.1.txt +0 -34
- data/bundler/man/bundle-show.1.txt +0 -27
- data/bundler/man/bundle-update.1.txt +0 -390
- data/bundler/man/bundle-viz.1.txt +0 -39
- data/bundler/man/bundle.1.txt +0 -116
- data/bundler/man/gemfile.5.txt +0 -649
- data/lib/rubygems/source_local.rb +0 -7
- data/lib/rubygems/source_specific_file.rb +0 -6
- data/lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem +0 -23
- data/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem +0 -25
- data/lib/ubygems.rb +0 -14
- data/tmp/.keep +0 -0
- data/util/CL2notes +0 -55
- data/util/bisect +0 -10
- data/util/ci.sh +0 -62
- data/util/cops/deprecations.rb +0 -52
- data/util/create_certs.rb +0 -171
- data/util/create_certs.sh +0 -27
- data/util/create_encrypted_key.rb +0 -16
- data/util/generate_spdx_license_list.rb +0 -63
- data/util/patch_with_prs.rb +0 -77
- data/util/rubocop +0 -8
- data/util/update_bundled_ca_certificates.rb +0 -139
- data/util/update_changelog.rb +0 -64
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
|
2
|
+
|
3
|
+
require_relative 'dependency_graph'
|
3
4
|
|
4
5
|
module Gem::Resolver::Molinillo
|
5
6
|
# This class encapsulates a dependency resolver.
|
@@ -8,7 +9,7 @@ module Gem::Resolver::Molinillo
|
|
8
9
|
#
|
9
10
|
#
|
10
11
|
class Resolver
|
11
|
-
|
12
|
+
require_relative 'resolution'
|
12
13
|
|
13
14
|
# @return [SpecificationProvider] the specification provider used
|
14
15
|
# in the resolution process
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Gem::Resolver::Molinillo
|
3
4
|
# A state that a {Resolution} can be in
|
4
5
|
# @attr [String] name the name of the current requirement
|
@@ -7,7 +8,8 @@ module Gem::Resolver::Molinillo
|
|
7
8
|
# @attr [Object] requirement the current requirement
|
8
9
|
# @attr [Object] possibilities the possibilities to satisfy the current requirement
|
9
10
|
# @attr [Integer] depth the depth of the resolution
|
10
|
-
# @attr [
|
11
|
+
# @attr [Hash] conflicts unresolved conflicts, indexed by dependency name
|
12
|
+
# @attr [Array<UnwindDetails>] unused_unwind_options unwinds for previous conflicts that weren't explored
|
11
13
|
ResolutionState = Struct.new(
|
12
14
|
:name,
|
13
15
|
:requirements,
|
@@ -15,14 +17,15 @@ module Gem::Resolver::Molinillo
|
|
15
17
|
:requirement,
|
16
18
|
:possibilities,
|
17
19
|
:depth,
|
18
|
-
:conflicts
|
20
|
+
:conflicts,
|
21
|
+
:unused_unwind_options
|
19
22
|
)
|
20
23
|
|
21
24
|
class ResolutionState
|
22
25
|
# Returns an empty resolution state
|
23
26
|
# @return [ResolutionState] an empty state
|
24
27
|
def self.empty
|
25
|
-
new(nil, [], DependencyGraph.new, nil, nil, 0,
|
28
|
+
new(nil, [], DependencyGraph.new, nil, nil, 0, {}, [])
|
26
29
|
end
|
27
30
|
end
|
28
31
|
|
@@ -40,7 +43,8 @@ module Gem::Resolver::Molinillo
|
|
40
43
|
requirement,
|
41
44
|
[possibilities.pop],
|
42
45
|
depth + 1,
|
43
|
-
conflicts.dup
|
46
|
+
conflicts.dup,
|
47
|
+
unused_unwind_options.dup
|
44
48
|
).tap do |state|
|
45
49
|
state.activated.tag(state)
|
46
50
|
end
|
@@ -4,7 +4,6 @@
|
|
4
4
|
# Kind off like BestSet but filters the sources for gems
|
5
5
|
|
6
6
|
class Gem::Resolver::SourceSet < Gem::Resolver::Set
|
7
|
-
|
8
7
|
##
|
9
8
|
# Creates a SourceSet for the given +sources+ or Gem::sources if none are
|
10
9
|
# specified. +sources+ must be a Gem::SourceList.
|
@@ -43,5 +42,4 @@ class Gem::Resolver::SourceSet < Gem::Resolver::Set
|
|
43
42
|
link = @links[name]
|
44
43
|
@sets[link] ||= Gem::Source.new(link).dependency_resolver_set if link
|
45
44
|
end
|
46
|
-
|
47
45
|
end
|
@@ -4,7 +4,6 @@
|
|
4
4
|
# Resolver specifications that are backed by a Gem::Specification.
|
5
5
|
|
6
6
|
class Gem::Resolver::SpecSpecification < Gem::Resolver::Specification
|
7
|
-
|
8
7
|
##
|
9
8
|
# A SpecSpecification is created for a +set+ for a Gem::Specification in
|
10
9
|
# +spec+. The +source+ is either where the +spec+ came from, or should be
|
@@ -52,5 +51,4 @@ class Gem::Resolver::SpecSpecification < Gem::Resolver::Specification
|
|
52
51
|
def version
|
53
52
|
spec.version
|
54
53
|
end
|
55
|
-
|
56
54
|
end
|
@@ -5,7 +5,6 @@
|
|
5
5
|
# dependency resolution in the resolver is included.
|
6
6
|
|
7
7
|
class Gem::Resolver::Specification
|
8
|
-
|
9
8
|
##
|
10
9
|
# The dependencies of the gem for this specification
|
11
10
|
|
@@ -105,11 +104,10 @@ class Gem::Resolver::Specification
|
|
105
104
|
# Returns true if this specification is installable on this platform.
|
106
105
|
|
107
106
|
def installable_platform?
|
108
|
-
Gem::Platform.
|
107
|
+
Gem::Platform.match_spec? spec
|
109
108
|
end
|
110
109
|
|
111
110
|
def local? # :nodoc:
|
112
111
|
false
|
113
112
|
end
|
114
|
-
|
115
113
|
end
|
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
class Gem::Resolver::Stats
|
3
|
-
|
4
3
|
def initialize
|
5
4
|
@max_depth = 0
|
6
5
|
@max_requirements = 0
|
@@ -43,5 +42,4 @@ class Gem::Resolver::Stats
|
|
43
42
|
$stdout.printf PATTERN, "Backtracking #", @backtracking
|
44
43
|
$stdout.printf PATTERN, "Iteration #", @iterations
|
45
44
|
end
|
46
|
-
|
47
45
|
end
|
@@ -15,7 +15,6 @@
|
|
15
15
|
# rake.gemspec (watching the given name).
|
16
16
|
|
17
17
|
class Gem::Resolver::VendorSet < Gem::Resolver::Set
|
18
|
-
|
19
18
|
##
|
20
19
|
# The specifications for this set.
|
21
20
|
|
@@ -83,5 +82,4 @@ class Gem::Resolver::VendorSet < Gem::Resolver::Set
|
|
83
82
|
end
|
84
83
|
end
|
85
84
|
end
|
86
|
-
|
87
85
|
end
|
@@ -5,7 +5,6 @@
|
|
5
5
|
# option.
|
6
6
|
|
7
7
|
class Gem::Resolver::VendorSpecification < Gem::Resolver::SpecSpecification
|
8
|
-
|
9
8
|
def ==(other) # :nodoc:
|
10
9
|
self.class === other and
|
11
10
|
@set == other.set and
|
@@ -20,5 +19,4 @@ class Gem::Resolver::VendorSpecification < Gem::Resolver::SpecSpecification
|
|
20
19
|
def install(options = {})
|
21
20
|
yield nil
|
22
21
|
end
|
23
|
-
|
24
22
|
end
|
@@ -1,14 +1,12 @@
|
|
1
1
|
require 'base64'
|
2
2
|
require 'digest'
|
3
|
-
require 'openssl'
|
3
|
+
require 'rubygems/openssl'
|
4
4
|
|
5
5
|
##
|
6
6
|
# S3URISigner implements AWS SigV4 for S3 Source to avoid a dependency on the aws-sdk-* gems
|
7
7
|
# More on AWS SigV4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
|
8
8
|
class Gem::S3URISigner
|
9
|
-
|
10
9
|
class ConfigurationError < Gem::Exception
|
11
|
-
|
12
10
|
def initialize(message)
|
13
11
|
super message
|
14
12
|
end
|
@@ -16,11 +14,9 @@ class Gem::S3URISigner
|
|
16
14
|
def to_s # :nodoc:
|
17
15
|
"#{super}"
|
18
16
|
end
|
19
|
-
|
20
17
|
end
|
21
18
|
|
22
19
|
class InstanceProfileError < Gem::Exception
|
23
|
-
|
24
20
|
def initialize(message)
|
25
21
|
super message
|
26
22
|
end
|
@@ -28,7 +24,6 @@ class Gem::S3URISigner
|
|
28
24
|
def to_s # :nodoc:
|
29
25
|
"#{super}"
|
30
26
|
end
|
31
|
-
|
32
27
|
end
|
33
28
|
|
34
29
|
attr_accessor :uri
|
@@ -93,7 +88,7 @@ class Gem::S3URISigner
|
|
93
88
|
"AWS4-HMAC-SHA256",
|
94
89
|
date_time,
|
95
90
|
credential_info,
|
96
|
-
Digest::SHA256.hexdigest(canonical_request)
|
91
|
+
Digest::SHA256.hexdigest(canonical_request),
|
97
92
|
].join("\n")
|
98
93
|
end
|
99
94
|
|
@@ -179,5 +174,4 @@ class Gem::S3URISigner
|
|
179
174
|
BASE64_URI_TRANSLATE = { "+" => "%2B", "/" => "%2F", "=" => "%3D", "\n" => "" }.freeze
|
180
175
|
EC2_IAM_INFO = "http://169.254.169.254/latest/meta-data/iam/info".freeze
|
181
176
|
EC2_IAM_SECURITY_CREDENTIALS = "http://169.254.169.254/latest/meta-data/iam/security-credentials/".freeze
|
182
|
-
|
183
177
|
end
|
data/lib/rubygems/safe_yaml.rb
CHANGED
@@ -7,7 +7,7 @@ module Gem
|
|
7
7
|
# Psych.safe_load
|
8
8
|
|
9
9
|
module SafeYAML
|
10
|
-
PERMITTED_CLASSES = %w
|
10
|
+
PERMITTED_CLASSES = %w[
|
11
11
|
Symbol
|
12
12
|
Time
|
13
13
|
Date
|
@@ -19,12 +19,12 @@ module Gem
|
|
19
19
|
Gem::Version::Requirement
|
20
20
|
YAML::Syck::DefaultKey
|
21
21
|
Syck::DefaultKey
|
22
|
-
|
22
|
+
].freeze
|
23
23
|
|
24
|
-
PERMITTED_SYMBOLS = %w
|
24
|
+
PERMITTED_SYMBOLS = %w[
|
25
25
|
development
|
26
26
|
runtime
|
27
|
-
|
27
|
+
].freeze
|
28
28
|
|
29
29
|
if ::YAML.respond_to? :safe_load
|
30
30
|
def self.safe_load(input)
|
data/lib/rubygems/security.rb
CHANGED
@@ -6,14 +6,7 @@
|
|
6
6
|
#++
|
7
7
|
|
8
8
|
require 'rubygems/exceptions'
|
9
|
-
|
10
|
-
|
11
|
-
begin
|
12
|
-
require 'openssl'
|
13
|
-
rescue LoadError => e
|
14
|
-
raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
|
15
|
-
e.message =~ / -- openssl$/
|
16
|
-
end
|
9
|
+
require_relative 'openssl'
|
17
10
|
|
18
11
|
##
|
19
12
|
# = Signing gems
|
@@ -62,11 +55,11 @@ end
|
|
62
55
|
#
|
63
56
|
# $ tar tf your-gem-1.0.gem
|
64
57
|
# metadata.gz
|
65
|
-
# metadata.gz.sum
|
66
58
|
# metadata.gz.sig # metadata signature
|
67
59
|
# data.tar.gz
|
68
|
-
# data.tar.gz.sum
|
69
60
|
# data.tar.gz.sig # data signature
|
61
|
+
# checksums.yaml.gz
|
62
|
+
# checksums.yaml.gz.sig # checksums signature
|
70
63
|
#
|
71
64
|
# === Manually signing gems
|
72
65
|
#
|
@@ -161,6 +154,8 @@ end
|
|
161
154
|
# -K, --private-key KEY Key for --sign or --build
|
162
155
|
# -s, --sign CERT Signs CERT with the key from -K
|
163
156
|
# and the certificate from -C
|
157
|
+
# -d, --days NUMBER_OF_DAYS Days before the certificate expires
|
158
|
+
# -R, --re-sign Re-signs the certificate from -C with the key from -K
|
164
159
|
#
|
165
160
|
# We've already covered the <code>--build</code> option, and the
|
166
161
|
# <code>--add</code>, <code>--list</code>, and <code>--remove</code> commands
|
@@ -265,7 +260,7 @@ end
|
|
265
260
|
# 2. Grab the public key from the gemspec
|
266
261
|
#
|
267
262
|
# gem spec some_signed_gem-1.0.gem cert_chain | \
|
268
|
-
# ruby -ryaml -e 'puts YAML.
|
263
|
+
# ruby -ryaml -e 'puts YAML.load($stdin)' > public_key.crt
|
269
264
|
#
|
270
265
|
# 3. Generate a SHA1 hash of the data.tar.gz
|
271
266
|
#
|
@@ -336,28 +331,10 @@ module Gem::Security
|
|
336
331
|
|
337
332
|
class Exception < Gem::Exception; end
|
338
333
|
|
339
|
-
##
|
340
|
-
# Digest algorithm used to sign gems
|
341
|
-
|
342
|
-
DIGEST_ALGORITHM =
|
343
|
-
if defined?(OpenSSL::Digest::SHA256)
|
344
|
-
OpenSSL::Digest::SHA256
|
345
|
-
elsif defined?(OpenSSL::Digest::SHA1)
|
346
|
-
OpenSSL::Digest::SHA1
|
347
|
-
else
|
348
|
-
require 'digest'
|
349
|
-
Digest::SHA512
|
350
|
-
end
|
351
|
-
|
352
334
|
##
|
353
335
|
# Used internally to select the signing digest from all computed digests
|
354
336
|
|
355
|
-
DIGEST_NAME = # :nodoc:
|
356
|
-
if DIGEST_ALGORITHM.method_defined? :name
|
357
|
-
DIGEST_ALGORITHM.new.name
|
358
|
-
else
|
359
|
-
DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
|
360
|
-
end
|
337
|
+
DIGEST_NAME = 'SHA256' # :nodoc:
|
361
338
|
|
362
339
|
##
|
363
340
|
# Algorithm for creating the key pair used to sign gems
|
@@ -465,6 +442,22 @@ module Gem::Security
|
|
465
442
|
sign certificate, key, certificate, age, extensions, serial
|
466
443
|
end
|
467
444
|
|
445
|
+
##
|
446
|
+
# Creates a new digest instance using the specified +algorithm+. The default
|
447
|
+
# is SHA256.
|
448
|
+
|
449
|
+
if defined?(OpenSSL::Digest)
|
450
|
+
def self.create_digest(algorithm = DIGEST_NAME)
|
451
|
+
OpenSSL::Digest.new(algorithm)
|
452
|
+
end
|
453
|
+
else
|
454
|
+
require 'digest'
|
455
|
+
|
456
|
+
def self.create_digest(algorithm = DIGEST_NAME)
|
457
|
+
Digest.const_get(algorithm).new
|
458
|
+
end
|
459
|
+
end
|
460
|
+
|
468
461
|
##
|
469
462
|
# Creates a new key pair of the specified +length+ and +algorithm+. The
|
470
463
|
# default is a 3072 bit RSA key.
|
@@ -483,7 +476,7 @@ module Gem::Security
|
|
483
476
|
|
484
477
|
dcs = dcs.split '.'
|
485
478
|
|
486
|
-
name = "CN=#{cn}/#{dcs.map {
|
479
|
+
name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
|
487
480
|
|
488
481
|
OpenSSL::X509::Name.parse name
|
489
482
|
end
|
@@ -526,7 +519,7 @@ module Gem::Security
|
|
526
519
|
|
527
520
|
##
|
528
521
|
# Sign the public key from +certificate+ with the +signing_key+ and
|
529
|
-
# +signing_cert+, using the Gem::Security::
|
522
|
+
# +signing_cert+, using the Gem::Security::DIGEST_NAME. Uses the
|
530
523
|
# default certificate validity range and extensions.
|
531
524
|
#
|
532
525
|
# Returns the newly signed certificate.
|
@@ -553,7 +546,7 @@ module Gem::Security
|
|
553
546
|
signed = create_cert signee_subject, signee_key, age, extensions, serial
|
554
547
|
signed.issuer = signing_cert.subject
|
555
548
|
|
556
|
-
signed.sign signing_key, Gem::Security::
|
549
|
+
signed.sign signing_key, Gem::Security::DIGEST_NAME
|
557
550
|
end
|
558
551
|
|
559
552
|
##
|
@@ -598,7 +591,7 @@ module Gem::Security
|
|
598
591
|
|
599
592
|
end
|
600
593
|
|
601
|
-
if
|
594
|
+
if Gem::HAVE_OPENSSL
|
602
595
|
require 'rubygems/security/policy'
|
603
596
|
require 'rubygems/security/policies'
|
604
597
|
require 'rubygems/security/trust_dir'
|
@@ -8,7 +8,6 @@ require 'rubygems/user_interaction'
|
|
8
8
|
# Gem::Security::Policies.
|
9
9
|
|
10
10
|
class Gem::Security::Policy
|
11
|
-
|
12
11
|
include Gem::UserInteraction
|
13
12
|
|
14
13
|
attr_reader :name
|
@@ -25,8 +24,6 @@ class Gem::Security::Policy
|
|
25
24
|
# options.
|
26
25
|
|
27
26
|
def initialize(name, policy = {}, opt = {})
|
28
|
-
require 'openssl'
|
29
|
-
|
30
27
|
@name = name
|
31
28
|
|
32
29
|
@opt = opt
|
@@ -76,7 +73,7 @@ class Gem::Security::Policy
|
|
76
73
|
|
77
74
|
def check_data(public_key, digest, signature, data)
|
78
75
|
raise Gem::Security::Exception, "invalid signature" unless
|
79
|
-
public_key.verify digest
|
76
|
+
public_key.verify digest, signature, data.digest
|
80
77
|
|
81
78
|
true
|
82
79
|
end
|
@@ -139,7 +136,7 @@ class Gem::Security::Policy
|
|
139
136
|
raise Gem::Security::Exception,
|
140
137
|
"root certificate #{root.subject} is not self-signed " +
|
141
138
|
"(issuer #{root.issuer})" if
|
142
|
-
root.issuer
|
139
|
+
root.issuer != root.subject
|
143
140
|
|
144
141
|
check_cert root, root, time
|
145
142
|
end
|
@@ -197,7 +194,7 @@ class Gem::Security::Policy
|
|
197
194
|
("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
|
198
195
|
"signed-only: %p trusted-only: %p]") % [
|
199
196
|
@name, @verify_chain, @verify_data, @verify_root, @verify_signer,
|
200
|
-
@only_signed, @only_trusted
|
197
|
+
@only_signed, @only_trusted
|
201
198
|
]
|
202
199
|
end
|
203
200
|
|
@@ -224,7 +221,7 @@ class Gem::Security::Policy
|
|
224
221
|
end
|
225
222
|
|
226
223
|
opt = @opt
|
227
|
-
digester = Gem::Security
|
224
|
+
digester = Gem::Security.create_digest
|
228
225
|
trust_dir = opt[:trust_dir]
|
229
226
|
time = Time.now
|
230
227
|
|
@@ -291,5 +288,4 @@ class Gem::Security::Policy
|
|
291
288
|
end
|
292
289
|
|
293
290
|
alias to_s name # :nodoc:
|
294
|
-
|
295
291
|
end
|
@@ -5,7 +5,6 @@
|
|
5
5
|
require "rubygems/user_interaction"
|
6
6
|
|
7
7
|
class Gem::Security::Signer
|
8
|
-
|
9
8
|
include Gem::UserInteraction
|
10
9
|
|
11
10
|
##
|
@@ -35,11 +34,11 @@ class Gem::Security::Signer
|
|
35
34
|
attr_reader :options
|
36
35
|
|
37
36
|
DEFAULT_OPTIONS = {
|
38
|
-
expiration_length_days: 365
|
37
|
+
expiration_length_days: 365,
|
39
38
|
}.freeze
|
40
39
|
|
41
40
|
##
|
42
|
-
#
|
41
|
+
# Attempts to re-sign an expired cert with a given private key
|
43
42
|
def self.re_sign_cert(expired_cert, expired_cert_path, private_key)
|
44
43
|
return unless expired_cert.not_after < Time.now
|
45
44
|
|
@@ -81,8 +80,8 @@ class Gem::Security::Signer
|
|
81
80
|
@cert_chain = [default_cert] if File.exist? default_cert
|
82
81
|
end
|
83
82
|
|
84
|
-
@digest_algorithm = Gem::Security::DIGEST_ALGORITHM
|
85
83
|
@digest_name = Gem::Security::DIGEST_NAME
|
84
|
+
@digest_algorithm = Gem::Security.create_digest(@digest_name)
|
86
85
|
|
87
86
|
if @key && !@key.is_a?(OpenSSL::PKey::RSA)
|
88
87
|
@key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
|
@@ -106,10 +105,10 @@ class Gem::Security::Signer
|
|
106
105
|
# this value is preferred, otherwise the subject is used.
|
107
106
|
|
108
107
|
def extract_name(cert) # :nodoc:
|
109
|
-
subject_alt_name = cert.extensions.find {
|
108
|
+
subject_alt_name = cert.extensions.find {|e| 'subjectAltName' == e.oid }
|
110
109
|
|
111
110
|
if subject_alt_name
|
112
|
-
/\Aemail:/ =~ subject_alt_name.value
|
111
|
+
/\Aemail:/ =~ subject_alt_name.value # rubocop:disable Performance/StartWith
|
113
112
|
|
114
113
|
$' || subject_alt_name.value
|
115
114
|
else
|
@@ -202,5 +201,4 @@ class Gem::Security::Signer
|
|
202
201
|
end
|
203
202
|
end
|
204
203
|
end
|
205
|
-
|
206
204
|
end
|