rubygems-update 3.2.26 → 3.2.30

Sign up to get free protection for your applications and to get access to all the features.
Files changed (159) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +60 -0
  3. data/Manifest.txt +12 -3
  4. data/bundler/CHANGELOG.md +50 -1
  5. data/bundler/README.md +1 -1
  6. data/bundler/lib/bundler/build_metadata.rb +2 -2
  7. data/bundler/lib/bundler/cli/check.rb +1 -1
  8. data/bundler/lib/bundler/cli/gem.rb +19 -2
  9. data/bundler/lib/bundler/cli/info.rb +11 -4
  10. data/bundler/lib/bundler/cli/issue.rb +4 -3
  11. data/bundler/lib/bundler/cli/remove.rb +1 -2
  12. data/bundler/lib/bundler/cli.rb +1 -0
  13. data/bundler/lib/bundler/compact_index_client.rb +2 -2
  14. data/bundler/lib/bundler/definition.rb +16 -6
  15. data/bundler/lib/bundler/digest.rb +71 -0
  16. data/bundler/lib/bundler/errors.rb +18 -2
  17. data/bundler/lib/bundler/fetcher.rb +2 -1
  18. data/bundler/lib/bundler/friendly_errors.rb +5 -30
  19. data/bundler/lib/bundler/gem_helper.rb +6 -17
  20. data/bundler/lib/bundler/installer.rb +0 -1
  21. data/bundler/lib/bundler/plugin/installer.rb +2 -0
  22. data/bundler/lib/bundler/plugin.rb +23 -6
  23. data/bundler/lib/bundler/rubygems_ext.rb +4 -0
  24. data/bundler/lib/bundler/rubygems_gem_installer.rb +20 -4
  25. data/bundler/lib/bundler/rubygems_integration.rb +28 -9
  26. data/bundler/lib/bundler/runtime.rb +1 -1
  27. data/bundler/lib/bundler/settings.rb +9 -1
  28. data/bundler/lib/bundler/source/git.rb +22 -4
  29. data/bundler/lib/bundler/source/rubygems.rb +43 -72
  30. data/bundler/lib/bundler/source.rb +2 -0
  31. data/bundler/lib/bundler/source_list.rb +4 -0
  32. data/bundler/lib/bundler/spec_set.rb +1 -1
  33. data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt +2 -1
  34. data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +1 -1
  35. data/bundler/lib/bundler/vendor/connection_pool/LICENSE +20 -0
  36. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +19 -21
  37. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
  38. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +57 -0
  39. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +39 -74
  40. data/bundler/lib/bundler/vendor/fileutils/LICENSE.txt +22 -0
  41. data/bundler/lib/bundler/vendor/molinillo/LICENSE +9 -0
  42. data/bundler/lib/bundler/vendor/net-http-persistent/README.rdoc +82 -0
  43. data/bundler/lib/bundler/vendor/thor/LICENSE.md +20 -0
  44. data/bundler/lib/bundler/vendor/uri/LICENSE.txt +22 -0
  45. data/bundler/lib/bundler/version.rb +1 -1
  46. data/bundler/lib/bundler/worker.rb +2 -2
  47. data/bundler/lib/bundler.rb +13 -18
  48. data/lib/rubygems/command_manager.rb +3 -3
  49. data/lib/rubygems/commands/build_command.rb +3 -3
  50. data/lib/rubygems/commands/cert_command.rb +15 -8
  51. data/lib/rubygems/commands/check_command.rb +4 -4
  52. data/lib/rubygems/commands/cleanup_command.rb +3 -3
  53. data/lib/rubygems/commands/contents_command.rb +2 -2
  54. data/lib/rubygems/commands/dependency_command.rb +3 -3
  55. data/lib/rubygems/commands/environment_command.rb +1 -1
  56. data/lib/rubygems/commands/fetch_command.rb +3 -3
  57. data/lib/rubygems/commands/generate_index_command.rb +2 -2
  58. data/lib/rubygems/commands/help_command.rb +1 -1
  59. data/lib/rubygems/commands/info_command.rb +2 -2
  60. data/lib/rubygems/commands/install_command.rb +12 -11
  61. data/lib/rubygems/commands/list_command.rb +2 -2
  62. data/lib/rubygems/commands/lock_command.rb +1 -1
  63. data/lib/rubygems/commands/mirror_command.rb +1 -1
  64. data/lib/rubygems/commands/open_command.rb +2 -2
  65. data/lib/rubygems/commands/outdated_command.rb +4 -4
  66. data/lib/rubygems/commands/owner_command.rb +4 -4
  67. data/lib/rubygems/commands/pristine_command.rb +5 -5
  68. data/lib/rubygems/commands/push_command.rb +4 -4
  69. data/lib/rubygems/commands/query_command.rb +3 -3
  70. data/lib/rubygems/commands/rdoc_command.rb +3 -3
  71. data/lib/rubygems/commands/search_command.rb +2 -2
  72. data/lib/rubygems/commands/server_command.rb +3 -3
  73. data/lib/rubygems/commands/setup_command.rb +6 -6
  74. data/lib/rubygems/commands/signin_command.rb +2 -2
  75. data/lib/rubygems/commands/signout_command.rb +1 -1
  76. data/lib/rubygems/commands/sources_command.rb +4 -4
  77. data/lib/rubygems/commands/specification_command.rb +4 -4
  78. data/lib/rubygems/commands/stale_command.rb +1 -1
  79. data/lib/rubygems/commands/uninstall_command.rb +3 -3
  80. data/lib/rubygems/commands/unpack_command.rb +5 -5
  81. data/lib/rubygems/commands/update_command.rb +9 -9
  82. data/lib/rubygems/commands/which_command.rb +1 -1
  83. data/lib/rubygems/commands/yank_command.rb +4 -4
  84. data/lib/rubygems/config_file.rb +1 -1
  85. data/lib/rubygems/core_ext/tcpsocket_init.rb +2 -2
  86. data/lib/rubygems/defaults.rb +1 -1
  87. data/lib/rubygems/dependency_installer.rb +8 -8
  88. data/lib/rubygems/dependency_list.rb +1 -1
  89. data/lib/rubygems/doctor.rb +2 -2
  90. data/lib/rubygems/errors.rb +1 -2
  91. data/lib/rubygems/exceptions.rb +1 -1
  92. data/lib/rubygems/gem_runner.rb +3 -3
  93. data/lib/rubygems/gemcutter_utilities.rb +2 -2
  94. data/lib/rubygems/indexer.rb +2 -2
  95. data/lib/rubygems/install_default_message.rb +2 -2
  96. data/lib/rubygems/install_message.rb +2 -2
  97. data/lib/rubygems/install_update_options.rb +2 -2
  98. data/lib/rubygems/installer.rb +8 -8
  99. data/lib/rubygems/local_remote_options.rb +1 -1
  100. data/lib/rubygems/mock_gem_ui.rb +1 -1
  101. data/lib/rubygems/package/tar_reader.rb +1 -1
  102. data/lib/rubygems/package.rb +36 -46
  103. data/lib/rubygems/package_task.rb +2 -2
  104. data/lib/rubygems/platform.rb +2 -1
  105. data/lib/rubygems/query_utils.rb +4 -4
  106. data/lib/rubygems/rdoc.rb +1 -1
  107. data/lib/rubygems/remote_fetcher.rb +16 -22
  108. data/lib/rubygems/request/connection_pools.rb +1 -1
  109. data/lib/rubygems/request/http_pool.rb +1 -1
  110. data/lib/rubygems/request.rb +7 -5
  111. data/lib/rubygems/request_set/lockfile/tokenizer.rb +1 -1
  112. data/lib/rubygems/request_set/lockfile.rb +1 -1
  113. data/lib/rubygems/request_set.rb +5 -5
  114. data/lib/rubygems/requirement.rb +1 -1
  115. data/lib/rubygems/resolver/git_specification.rb +1 -1
  116. data/lib/rubygems/resolver/installer_set.rb +3 -3
  117. data/lib/rubygems/resolver/molinillo/LICENSE +9 -0
  118. data/lib/rubygems/resolver/molinillo.rb +1 -1
  119. data/lib/rubygems/resolver/set.rb +0 -1
  120. data/lib/rubygems/resolver/specification.rb +1 -1
  121. data/lib/rubygems/resolver.rb +31 -31
  122. data/lib/rubygems/s3_uri_signer.rb +4 -5
  123. data/lib/rubygems/security/policy.rb +6 -4
  124. data/lib/rubygems/security/signer.rb +4 -5
  125. data/lib/rubygems/security.rb +54 -20
  126. data/lib/rubygems/security_option.rb +2 -2
  127. data/lib/rubygems/server.rb +2 -2
  128. data/lib/rubygems/source/git.rb +2 -2
  129. data/lib/rubygems/source.rb +7 -7
  130. data/lib/rubygems/spec_fetcher.rb +5 -5
  131. data/lib/rubygems/specification.rb +12 -12
  132. data/lib/rubygems/specification_policy.rb +2 -2
  133. data/lib/rubygems/uninstaller.rb +6 -6
  134. data/lib/rubygems/uri.rb +111 -0
  135. data/lib/rubygems/user_interaction.rb +3 -3
  136. data/lib/rubygems/util/licenses.rb +1 -1
  137. data/lib/rubygems/util.rb +1 -1
  138. data/lib/rubygems/validator.rb +2 -2
  139. data/lib/rubygems/version_option.rb +1 -1
  140. data/lib/rubygems.rb +16 -16
  141. data/rubygems-update.gemspec +1 -1
  142. data/test/rubygems/helper.rb +4 -12
  143. data/test/rubygems/private_ec_key.pem +9 -0
  144. data/test/rubygems/test_gem.rb +59 -71
  145. data/test/rubygems/test_gem_commands_cert_command.rb +63 -4
  146. data/test/rubygems/test_gem_commands_install_command.rb +25 -0
  147. data/test/rubygems/test_gem_package.rb +27 -26
  148. data/test/rubygems/test_gem_platform.rb +1 -0
  149. data/test/rubygems/test_gem_remote_fetcher.rb +30 -0
  150. data/test/rubygems/test_gem_request.rb +35 -9
  151. data/test/rubygems/test_gem_resolver_installer_set.rb +18 -0
  152. data/test/rubygems/test_gem_security.rb +32 -4
  153. data/test/rubygems/test_gem_source_fetch_problem.rb +10 -0
  154. data/test/rubygems/test_gem_specification.rb +228 -232
  155. data/test/rubygems/test_gem_uri.rb +39 -0
  156. metadata +18 -9
  157. data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/monotonic_time.rb +0 -66
  158. data/lib/rubygems/uri_parser.rb +0 -34
  159. data/lib/rubygems/uri_parsing.rb +0 -23
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
- require 'rubygems/dependency'
3
- require 'rubygems/exceptions'
4
- require 'rubygems/util/list'
2
+ require_relative 'dependency'
3
+ require_relative 'exceptions'
4
+ require_relative 'util/list'
5
5
 
6
6
  ##
7
7
  # Given a set of Gem::Dependency objects as +needed+ and a way to query the
@@ -10,7 +10,7 @@ require 'rubygems/util/list'
10
10
  # all the requirements.
11
11
 
12
12
  class Gem::Resolver
13
- require 'rubygems/resolver/molinillo'
13
+ require_relative 'resolver/molinillo'
14
14
 
15
15
  ##
16
16
  # If the DEBUG_RESOLVER environment variable is set then debugging mode is
@@ -318,30 +318,30 @@ class Gem::Resolver
318
318
  private :amount_constrained
319
319
  end
320
320
 
321
- require 'rubygems/resolver/activation_request'
322
- require 'rubygems/resolver/conflict'
323
- require 'rubygems/resolver/dependency_request'
324
- require 'rubygems/resolver/requirement_list'
325
- require 'rubygems/resolver/stats'
326
-
327
- require 'rubygems/resolver/set'
328
- require 'rubygems/resolver/api_set'
329
- require 'rubygems/resolver/composed_set'
330
- require 'rubygems/resolver/best_set'
331
- require 'rubygems/resolver/current_set'
332
- require 'rubygems/resolver/git_set'
333
- require 'rubygems/resolver/index_set'
334
- require 'rubygems/resolver/installer_set'
335
- require 'rubygems/resolver/lock_set'
336
- require 'rubygems/resolver/vendor_set'
337
- require 'rubygems/resolver/source_set'
338
-
339
- require 'rubygems/resolver/specification'
340
- require 'rubygems/resolver/spec_specification'
341
- require 'rubygems/resolver/api_specification'
342
- require 'rubygems/resolver/git_specification'
343
- require 'rubygems/resolver/index_specification'
344
- require 'rubygems/resolver/installed_specification'
345
- require 'rubygems/resolver/local_specification'
346
- require 'rubygems/resolver/lock_specification'
347
- require 'rubygems/resolver/vendor_specification'
321
+ require_relative 'resolver/activation_request'
322
+ require_relative 'resolver/conflict'
323
+ require_relative 'resolver/dependency_request'
324
+ require_relative 'resolver/requirement_list'
325
+ require_relative 'resolver/stats'
326
+
327
+ require_relative 'resolver/set'
328
+ require_relative 'resolver/api_set'
329
+ require_relative 'resolver/composed_set'
330
+ require_relative 'resolver/best_set'
331
+ require_relative 'resolver/current_set'
332
+ require_relative 'resolver/git_set'
333
+ require_relative 'resolver/index_set'
334
+ require_relative 'resolver/installer_set'
335
+ require_relative 'resolver/lock_set'
336
+ require_relative 'resolver/vendor_set'
337
+ require_relative 'resolver/source_set'
338
+
339
+ require_relative 'resolver/specification'
340
+ require_relative 'resolver/spec_specification'
341
+ require_relative 'resolver/api_specification'
342
+ require_relative 'resolver/git_specification'
343
+ require_relative 'resolver/index_specification'
344
+ require_relative 'resolver/installed_specification'
345
+ require_relative 'resolver/local_specification'
346
+ require_relative 'resolver/lock_specification'
347
+ require_relative 'resolver/vendor_specification'
@@ -1,5 +1,4 @@
1
- require 'digest'
2
- require 'rubygems/openssl'
1
+ require_relative 'openssl'
3
2
 
4
3
  ##
5
4
  # S3URISigner implements AWS SigV4 for S3 Source to avoid a dependency on the aws-sdk-* gems
@@ -87,7 +86,7 @@ class Gem::S3URISigner
87
86
  "AWS4-HMAC-SHA256",
88
87
  date_time,
89
88
  credential_info,
90
- Digest::SHA256.hexdigest(canonical_request),
89
+ OpenSSL::Digest::SHA256.hexdigest(canonical_request),
91
90
  ].join("\n")
92
91
  end
93
92
 
@@ -140,8 +139,8 @@ class Gem::S3URISigner
140
139
 
141
140
  def ec2_metadata_credentials_json
142
141
  require 'net/http'
143
- require 'rubygems/request'
144
- require 'rubygems/request/connection_pools'
142
+ require_relative 'request'
143
+ require_relative 'request/connection_pools'
145
144
  require 'json'
146
145
 
147
146
  iam_info = ec2_metadata_request(EC2_IAM_INFO)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
- require 'rubygems/user_interaction'
2
+ require_relative '../user_interaction'
3
3
 
4
4
  ##
5
5
  # A Gem::Security::Policy object encapsulates the settings for verifying
@@ -115,9 +115,11 @@ class Gem::Security::Policy
115
115
  raise Gem::Security::Exception, 'missing key or signature'
116
116
  end
117
117
 
118
+ public_key = Gem::Security.get_public_key(key)
119
+
118
120
  raise Gem::Security::Exception,
119
121
  "certificate #{signer.subject} does not match the signing key" unless
120
- signer.public_key.to_pem == key.public_key.to_pem
122
+ signer.public_key.to_pem == public_key.to_pem
121
123
 
122
124
  true
123
125
  end
@@ -164,9 +166,9 @@ class Gem::Security::Policy
164
166
  end
165
167
 
166
168
  save_cert = OpenSSL::X509::Certificate.new File.read path
167
- save_dgst = digester.digest save_cert.public_key.to_s
169
+ save_dgst = digester.digest save_cert.public_key.to_pem
168
170
 
169
- pkey_str = root.public_key.to_s
171
+ pkey_str = root.public_key.to_pem
170
172
  cert_dgst = digester.digest pkey_str
171
173
 
172
174
  raise Gem::Security::Exception,
@@ -2,7 +2,7 @@
2
2
  ##
3
3
  # Basic OpenSSL-based package signing class.
4
4
 
5
- require "rubygems/user_interaction"
5
+ require_relative "../user_interaction"
6
6
 
7
7
  class Gem::Security::Signer
8
8
  include Gem::UserInteraction
@@ -83,8 +83,8 @@ class Gem::Security::Signer
83
83
  @digest_name = Gem::Security::DIGEST_NAME
84
84
  @digest_algorithm = Gem::Security.create_digest(@digest_name)
85
85
 
86
- if @key && !@key.is_a?(OpenSSL::PKey::RSA)
87
- @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
86
+ if @key && !@key.is_a?(OpenSSL::PKey::PKey)
87
+ @key = OpenSSL::PKey.read(File.read(@key), @passphrase)
88
88
  end
89
89
 
90
90
  if @cert_chain
@@ -177,8 +177,7 @@ class Gem::Security::Signer
177
177
  disk_cert = File.read(disk_cert_path) rescue nil
178
178
 
179
179
  disk_key_path = File.join(Gem.default_key_path)
180
- disk_key =
181
- OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
180
+ disk_key = OpenSSL::PKey.read(File.read(disk_key_path), @passphrase) rescue nil
182
181
 
183
182
  return unless disk_key
184
183
 
@@ -5,7 +5,7 @@
5
5
  # See LICENSE.txt for permissions.
6
6
  #++
7
7
 
8
- require 'rubygems/exceptions'
8
+ require_relative 'exceptions'
9
9
  require_relative 'openssl'
10
10
 
11
11
  ##
@@ -152,6 +152,7 @@ require_relative 'openssl'
152
152
  # certificate for EMAIL_ADDR
153
153
  # -C, --certificate CERT Signing certificate for --sign
154
154
  # -K, --private-key KEY Key for --sign or --build
155
+ # -A, --key-algorithm ALGORITHM Select key algorithm for --build from RSA, DSA, or EC. Defaults to RSA.
155
156
  # -s, --sign CERT Signs CERT with the key from -K
156
157
  # and the certificate from -C
157
158
  # -d, --days NUMBER_OF_DAYS Days before the certificate expires
@@ -317,7 +318,6 @@ require_relative 'openssl'
317
318
  # * Honor extension restrictions
318
319
  # * Might be better to store the certificate chain as a PKCS#7 or PKCS#12
319
320
  # file, instead of an array embedded in the metadata.
320
- # * Flexible signature and key algorithms, not hard-coded to RSA and SHA1.
321
321
  #
322
322
  # == Original author
323
323
  #
@@ -337,17 +337,19 @@ module Gem::Security
337
337
  DIGEST_NAME = 'SHA256' # :nodoc:
338
338
 
339
339
  ##
340
- # Algorithm for creating the key pair used to sign gems
340
+ # Length of keys created by RSA and DSA keys
341
341
 
342
- KEY_ALGORITHM =
343
- if defined?(OpenSSL::PKey::RSA)
344
- OpenSSL::PKey::RSA
345
- end
342
+ RSA_DSA_KEY_LENGTH = 3072
346
343
 
347
344
  ##
348
- # Length of keys created by KEY_ALGORITHM
345
+ # Default algorithm to use when building a key pair
349
346
 
350
- KEY_LENGTH = 3072
347
+ DEFAULT_KEY_ALGORITHM = 'RSA'
348
+
349
+ ##
350
+ # Named curve used for Elliptic Curve
351
+
352
+ EC_NAME = 'secp384r1'
351
353
 
352
354
  ##
353
355
  # Cipher used to encrypt the key pair used to sign gems.
@@ -400,7 +402,7 @@ module Gem::Security
400
402
  serial = 1)
401
403
  cert = OpenSSL::X509::Certificate.new
402
404
 
403
- cert.public_key = key.public_key
405
+ cert.public_key = get_public_key(key)
404
406
  cert.version = 2
405
407
  cert.serial = serial
406
408
 
@@ -418,6 +420,24 @@ module Gem::Security
418
420
  cert
419
421
  end
420
422
 
423
+ ##
424
+ # Gets the right public key from a PKey instance
425
+
426
+ def self.get_public_key(key)
427
+ return key.public_key unless key.is_a?(OpenSSL::PKey::EC)
428
+
429
+ ec_key = OpenSSL::PKey::EC.new(key.group.curve_name)
430
+ ec_key.public_key = key.public_key
431
+ ec_key
432
+ end
433
+
434
+ ##
435
+ # In Ruby 2.3 EC doesn't implement the private_key? but not the private? method
436
+
437
+ if defined?(OpenSSL::PKey::EC) && Gem::Version.new(String.new(RUBY_VERSION)) < Gem::Version.new("2.4.0")
438
+ OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
439
+ end
440
+
421
441
  ##
422
442
  # Creates a self-signed certificate with an issuer and subject from +email+,
423
443
  # a subject alternative name of +email+ and the given +extensions+ for the
@@ -459,11 +479,25 @@ module Gem::Security
459
479
  end
460
480
 
461
481
  ##
462
- # Creates a new key pair of the specified +length+ and +algorithm+. The
463
- # default is a 3072 bit RSA key.
464
-
465
- def self.create_key(length = KEY_LENGTH, algorithm = KEY_ALGORITHM)
466
- algorithm.new length
482
+ # Creates a new key pair of the specified +algorithm+. RSA, DSA, and EC
483
+ # are supported.
484
+
485
+ def self.create_key(algorithm)
486
+ if defined?(OpenSSL::PKey)
487
+ case algorithm.downcase
488
+ when 'dsa'
489
+ OpenSSL::PKey::DSA.new(RSA_DSA_KEY_LENGTH)
490
+ when 'rsa'
491
+ OpenSSL::PKey::RSA.new(RSA_DSA_KEY_LENGTH)
492
+ when 'ec'
493
+ domain_key = OpenSSL::PKey::EC.new(EC_NAME)
494
+ domain_key.generate_key
495
+ domain_key
496
+ else
497
+ raise Gem::Security::Exception,
498
+ "#{algorithm} algorithm not found. RSA, DSA, and EC algorithms are supported."
499
+ end
500
+ end
467
501
  end
468
502
 
469
503
  ##
@@ -492,7 +526,7 @@ module Gem::Security
492
526
  raise Gem::Security::Exception,
493
527
  "incorrect signing key for re-signing " +
494
528
  "#{expired_certificate.subject}" unless
495
- expired_certificate.public_key.to_pem == private_key.public_key.to_pem
529
+ expired_certificate.public_key.to_pem == get_public_key(private_key).to_pem
496
530
 
497
531
  unless expired_certificate.subject.to_s ==
498
532
  expired_certificate.issuer.to_s
@@ -592,9 +626,9 @@ module Gem::Security
592
626
  end
593
627
 
594
628
  if Gem::HAVE_OPENSSL
595
- require 'rubygems/security/policy'
596
- require 'rubygems/security/policies'
597
- require 'rubygems/security/trust_dir'
629
+ require_relative 'security/policy'
630
+ require_relative 'security/policies'
631
+ require_relative 'security/trust_dir'
598
632
  end
599
633
 
600
- require 'rubygems/security/signer'
634
+ require_relative 'security/signer'
@@ -5,7 +5,7 @@
5
5
  # See LICENSE.txt for permissions.
6
6
  #++
7
7
 
8
- require 'rubygems'
8
+ require_relative '../rubygems'
9
9
 
10
10
  # forward-declare
11
11
 
@@ -20,7 +20,7 @@ end
20
20
  module Gem::SecurityOption
21
21
  def add_security_option
22
22
  OptionParser.accept Gem::Security::Policy do |value|
23
- require 'rubygems/security'
23
+ require_relative 'security'
24
24
 
25
25
  raise OptionParser::InvalidArgument, 'OpenSSL not installed' unless
26
26
  defined?(Gem::Security::HighSecurity)
@@ -3,8 +3,8 @@ require 'zlib'
3
3
  require 'erb'
4
4
  require 'uri'
5
5
 
6
- require 'rubygems'
7
- require 'rubygems/rdoc'
6
+ require_relative '../rubygems'
7
+ require_relative 'rdoc'
8
8
 
9
9
  ##
10
10
  # Gem::Server and allows users to serve gems for consumption by
@@ -225,7 +225,7 @@ class Gem::Source::Git < Gem::Source
225
225
  # A hash for the git gem based on the git repository URI.
226
226
 
227
227
  def uri_hash # :nodoc:
228
- require 'digest' # required here to avoid deadlocking in Gem.activate_bin_path (because digest is a gem on 2.5+)
228
+ require_relative '../openssl'
229
229
 
230
230
  normalized =
231
231
  if @repository =~ %r{^\w+://(\w+@)?}
@@ -235,6 +235,6 @@ class Gem::Source::Git < Gem::Source
235
235
  @repository
236
236
  end
237
237
 
238
- Digest::SHA1.hexdigest normalized
238
+ OpenSSL::Digest::SHA1.hexdigest normalized
239
239
  end
240
240
  end
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "rubygems/text"
3
+ require_relative "text"
4
4
  ##
5
5
  # A Source knows how to list and fetch gems from a RubyGems marshal index.
6
6
  #
@@ -238,9 +238,9 @@ class Gem::Source
238
238
  end
239
239
  end
240
240
 
241
- require 'rubygems/source/git'
242
- require 'rubygems/source/installed'
243
- require 'rubygems/source/specific_file'
244
- require 'rubygems/source/local'
245
- require 'rubygems/source/lock'
246
- require 'rubygems/source/vendor'
241
+ require_relative 'source/git'
242
+ require_relative 'source/installed'
243
+ require_relative 'source/specific_file'
244
+ require_relative 'source/local'
245
+ require_relative 'source/lock'
246
+ require_relative 'source/vendor'
@@ -1,9 +1,9 @@
1
1
  # frozen_string_literal: true
2
- require 'rubygems/remote_fetcher'
3
- require 'rubygems/user_interaction'
4
- require 'rubygems/errors'
5
- require 'rubygems/text'
6
- require 'rubygems/name_tuple'
2
+ require_relative 'remote_fetcher'
3
+ require_relative 'user_interaction'
4
+ require_relative 'errors'
5
+ require_relative 'text'
6
+ require_relative 'name_tuple'
7
7
 
8
8
  ##
9
9
  # SpecFetcher handles metadata updates from remote gem repositories.
@@ -6,11 +6,11 @@
6
6
  # See LICENSE.txt for permissions.
7
7
  #++
8
8
 
9
- require 'rubygems/deprecate'
10
- require 'rubygems/basic_specification'
11
- require 'rubygems/stub_specification'
12
- require 'rubygems/specification_policy'
13
- require 'rubygems/util/list'
9
+ require_relative 'deprecate'
10
+ require_relative 'basic_specification'
11
+ require_relative 'stub_specification'
12
+ require_relative 'specification_policy'
13
+ require_relative 'util/list'
14
14
 
15
15
  ##
16
16
  # The Specification class contains the information for a gem. Typically
@@ -105,7 +105,7 @@ class Gem::Specification < Gem::BasicSpecification
105
105
  # rubocop:disable Style/MutableConstant
106
106
  LOAD_CACHE = {} # :nodoc:
107
107
  # rubocop:enable Style/MutableConstant
108
- LOAD_CACHE_MUTEX = Mutex.new
108
+ LOAD_CACHE_MUTEX = Thread::Mutex.new
109
109
 
110
110
  private_constant :LOAD_CACHE if defined? private_constant
111
111
 
@@ -1556,8 +1556,8 @@ class Gem::Specification < Gem::BasicSpecification
1556
1556
  # the gem.build_complete file is missing.
1557
1557
 
1558
1558
  def build_extensions # :nodoc:
1559
- return if default_gem?
1560
1559
  return if extensions.empty?
1560
+ return if default_gem?
1561
1561
  return if File.exist? gem_build_complete_path
1562
1562
  return if !File.writable?(base_dir)
1563
1563
  return if !File.exist?(File.join(base_dir, 'extensions'))
@@ -1568,9 +1568,9 @@ class Gem::Specification < Gem::BasicSpecification
1568
1568
  unresolved_deps = Gem::Specification.unresolved_deps.dup
1569
1569
  Gem::Specification.unresolved_deps.clear
1570
1570
 
1571
- require 'rubygems/config_file'
1572
- require 'rubygems/ext'
1573
- require 'rubygems/user_interaction'
1571
+ require_relative 'config_file'
1572
+ require_relative 'ext'
1573
+ require_relative 'user_interaction'
1574
1574
 
1575
1575
  ui = Gem::SilentUI.new
1576
1576
  Gem::DefaultUserInteraction.use_ui ui do
@@ -2120,8 +2120,8 @@ class Gem::Specification < Gem::BasicSpecification
2120
2120
  # probably want to build_extensions
2121
2121
 
2122
2122
  def missing_extensions?
2123
- return false if default_gem?
2124
2123
  return false if extensions.empty?
2124
+ return false if default_gem?
2125
2125
  return false if File.exist? gem_build_complete_path
2126
2126
 
2127
2127
  true
@@ -2525,7 +2525,7 @@ class Gem::Specification < Gem::BasicSpecification
2525
2525
  # back, we have to check again here to make sure that our
2526
2526
  # psych code was properly loaded, and load it if not.
2527
2527
  unless Gem.const_defined?(:NoAliasYAMLTree)
2528
- require 'rubygems/psych_tree'
2528
+ require_relative 'psych_tree'
2529
2529
  end
2530
2530
 
2531
2531
  builder = Gem::NoAliasYAMLTree.create
@@ -1,4 +1,4 @@
1
- require 'rubygems/user_interaction'
1
+ require_relative 'user_interaction'
2
2
 
3
3
  class Gem::SpecificationPolicy
4
4
  include Gem::UserInteraction
@@ -381,7 +381,7 @@ http://spdx.org/licenses or '#{Gem::Licenses::NONSTANDARD}' for a nonstandard li
381
381
  end
382
382
 
383
383
  LAZY = '"FIxxxXME" or "TOxxxDO"'.gsub(/xxx/, '')
384
- LAZY_PATTERN = /FI XME|TO DO/x.freeze
384
+ LAZY_PATTERN = /\AFI XME|\ATO DO/x.freeze
385
385
  HOMEPAGE_URI_PATTERN = /\A[a-z][a-z\d+.-]*:/i.freeze
386
386
 
387
387
  def validate_lazy_metadata
@@ -6,11 +6,11 @@
6
6
  #++
7
7
 
8
8
  require 'fileutils'
9
- require 'rubygems'
10
- require 'rubygems/installer_uninstaller_utils'
11
- require 'rubygems/dependency_list'
12
- require 'rubygems/rdoc'
13
- require 'rubygems/user_interaction'
9
+ require_relative '../rubygems'
10
+ require_relative 'installer_uninstaller_utils'
11
+ require_relative 'dependency_list'
12
+ require_relative 'rdoc'
13
+ require_relative 'user_interaction'
14
14
 
15
15
  ##
16
16
  # An Uninstaller.
@@ -357,7 +357,7 @@ class Gem::Uninstaller
357
357
  # of what it did for us to find rather than trying to recreate
358
358
  # it again.
359
359
  if @format_executable
360
- require 'rubygems/installer'
360
+ require_relative 'installer'
361
361
  Gem::Installer.exec_format % File.basename(filename)
362
362
  else
363
363
  filename
@@ -0,0 +1,111 @@
1
+ # frozen_string_literal: true
2
+
3
+ ##
4
+ # The Uri handles rubygems source URIs.
5
+ #
6
+
7
+ class Gem::Uri
8
+ def initialize(source_uri)
9
+ @parsed_uri = parse(source_uri)
10
+ end
11
+
12
+ def redacted
13
+ return self unless valid_uri?
14
+
15
+ if token? || oauth_basic?
16
+ with_redacted_user
17
+ elsif password?
18
+ with_redacted_password
19
+ else
20
+ self
21
+ end
22
+ end
23
+
24
+ def to_s
25
+ @parsed_uri.to_s
26
+ end
27
+
28
+ def redact_credentials_from(text)
29
+ return text unless valid_uri? && password?
30
+
31
+ text.sub(password, 'REDACTED')
32
+ end
33
+
34
+ def method_missing(method_name, *args, &blk)
35
+ if @parsed_uri.respond_to?(method_name)
36
+ @parsed_uri.send(method_name, *args, &blk)
37
+ else
38
+ super
39
+ end
40
+ end
41
+
42
+ def respond_to_missing?(method_name, include_private = false)
43
+ @parsed_uri.respond_to?(method_name, include_private) || super
44
+ end
45
+
46
+ protected
47
+
48
+ # Add a protected reader for the cloned instance to access the original object's parsed uri
49
+ attr_reader :parsed_uri
50
+
51
+ private
52
+
53
+ ##
54
+ # Parses the #uri, raising if it's invalid
55
+
56
+ def parse!(uri)
57
+ require "uri"
58
+
59
+ raise URI::InvalidURIError unless uri
60
+
61
+ # Always escape URI's to deal with potential spaces and such
62
+ # It should also be considered that source_uri may already be
63
+ # a valid URI with escaped characters. e.g. "{DESede}" is encoded
64
+ # as "%7BDESede%7D". If this is escaped again the percentage
65
+ # symbols will be escaped.
66
+ begin
67
+ URI.parse(uri)
68
+ rescue URI::InvalidURIError
69
+ URI.parse(URI::DEFAULT_PARSER.escape(uri))
70
+ end
71
+ end
72
+
73
+ ##
74
+ # Parses the #uri, returning the original uri if it's invalid
75
+
76
+ def parse(uri)
77
+ return uri unless uri.is_a?(String)
78
+
79
+ parse!(uri)
80
+ rescue URI::InvalidURIError
81
+ uri
82
+ end
83
+
84
+ def with_redacted_user
85
+ clone.tap {|uri| uri.user = 'REDACTED' }
86
+ end
87
+
88
+ def with_redacted_password
89
+ clone.tap {|uri| uri.password = 'REDACTED' }
90
+ end
91
+
92
+ def valid_uri?
93
+ !@parsed_uri.is_a?(String)
94
+ end
95
+
96
+ def password?
97
+ !!password
98
+ end
99
+
100
+ def oauth_basic?
101
+ password == 'x-oauth-basic'
102
+ end
103
+
104
+ def token?
105
+ !user.nil? && password.nil?
106
+ end
107
+
108
+ def initialize_copy(original)
109
+ @parsed_uri = original.parsed_uri.clone
110
+ end
111
+ end
@@ -5,8 +5,8 @@
5
5
  # See LICENSE.txt for permissions.
6
6
  #++
7
7
 
8
- require 'rubygems/deprecate'
9
- require 'rubygems/text'
8
+ require_relative 'deprecate'
9
+ require_relative 'text'
10
10
 
11
11
  ##
12
12
  # Module that defines the default UserInteraction. Any class including this
@@ -543,7 +543,7 @@ class Gem::StreamUI
543
543
  # A progress reporter that behaves nicely with threaded downloading.
544
544
 
545
545
  class ThreadedDownloadReporter
546
- MUTEX = Mutex.new
546
+ MUTEX = Thread::Mutex.new
547
547
 
548
548
  ##
549
549
  # The current file name being displayed
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
- require 'rubygems/text'
2
+ require_relative '../text'
3
3
 
4
4
  class Gem::Licenses
5
5
  extend Gem::Text
data/lib/rubygems/util.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
- require 'rubygems/deprecate'
2
+ require_relative 'deprecate'
3
3
 
4
4
  ##
5
5
  # This module contains various utility methods as module methods.
@@ -5,8 +5,8 @@
5
5
  # See LICENSE.txt for permissions.
6
6
  #++
7
7
 
8
- require 'rubygems/package'
9
- require 'rubygems/installer'
8
+ require_relative 'package'
9
+ require_relative 'installer'
10
10
 
11
11
  ##
12
12
  # Validator performs various gem file and gem database validation
@@ -5,7 +5,7 @@
5
5
  # See LICENSE.txt for permissions.
6
6
  #++
7
7
 
8
- require 'rubygems'
8
+ require_relative '../rubygems'
9
9
 
10
10
  ##
11
11
  # Mixin methods for --version and --platform Gem::Command options.