rubygems-update 3.3.18 → 3.4.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1429 -1064
- data/CONTRIBUTING.md +31 -8
- data/Manifest.txt +61 -36
- data/POLICIES.md +55 -20
- data/README.md +19 -6
- data/bundler/CHANGELOG.md +457 -1
- data/bundler/README.md +3 -6
- data/bundler/UPGRADING.md +11 -4
- data/bundler/bundler.gemspec +8 -10
- data/bundler/exe/bundle +5 -16
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli/add.rb +1 -1
- data/bundler/lib/bundler/cli/binstubs.rb +6 -2
- data/bundler/lib/bundler/cli/check.rb +1 -1
- data/bundler/lib/bundler/cli/common.rb +2 -0
- data/bundler/lib/bundler/cli/console.rb +2 -2
- data/bundler/lib/bundler/cli/doctor.rb +4 -6
- data/bundler/lib/bundler/cli/gem.rb +62 -40
- data/bundler/lib/bundler/cli/info.rb +1 -1
- data/bundler/lib/bundler/cli/init.rb +6 -2
- data/bundler/lib/bundler/cli/install.rb +8 -6
- data/bundler/lib/bundler/cli/lock.rb +8 -5
- data/bundler/lib/bundler/cli/open.rb +6 -4
- data/bundler/lib/bundler/cli/outdated.rb +14 -7
- data/bundler/lib/bundler/cli/platform.rb +7 -5
- data/bundler/lib/bundler/cli/viz.rb +1 -1
- data/bundler/lib/bundler/cli.rb +53 -7
- data/bundler/lib/bundler/compact_index_client/cache.rb +1 -1
- data/bundler/lib/bundler/compact_index_client/updater.rb +40 -39
- data/bundler/lib/bundler/constants.rb +1 -1
- data/bundler/lib/bundler/current_ruby.rb +16 -5
- data/bundler/lib/bundler/definition.rb +262 -133
- data/bundler/lib/bundler/dependency.rb +20 -86
- data/bundler/lib/bundler/digest.rb +1 -1
- data/bundler/lib/bundler/dsl.rb +6 -7
- data/bundler/lib/bundler/endpoint_specification.rb +2 -13
- data/bundler/lib/bundler/env.rb +2 -2
- data/bundler/lib/bundler/environment_preserver.rb +3 -2
- data/bundler/lib/bundler/errors.rb +1 -11
- data/bundler/lib/bundler/feature_flag.rb +0 -2
- data/bundler/lib/bundler/fetcher/compact_index.rb +11 -13
- data/bundler/lib/bundler/fetcher/dependency.rb +2 -6
- data/bundler/lib/bundler/fetcher/downloader.rb +4 -5
- data/bundler/lib/bundler/fetcher/index.rb +1 -2
- data/bundler/lib/bundler/fetcher.rb +21 -15
- data/bundler/lib/bundler/force_platform.rb +18 -0
- data/bundler/lib/bundler/friendly_errors.rb +1 -4
- data/bundler/lib/bundler/gem_helper.rb +3 -4
- data/bundler/lib/bundler/gem_helpers.rb +7 -2
- data/bundler/lib/bundler/gem_version_promoter.rb +53 -98
- data/bundler/lib/bundler/graph.rb +3 -3
- data/bundler/lib/bundler/index.rb +13 -47
- data/bundler/lib/bundler/injector.rb +5 -4
- data/bundler/lib/bundler/inline.rb +9 -11
- data/bundler/lib/bundler/installer/parallel_installer.rb +4 -34
- data/bundler/lib/bundler/installer/standalone.rb +13 -9
- data/bundler/lib/bundler/installer.rb +17 -29
- data/bundler/lib/bundler/lazy_specification.rb +54 -53
- data/bundler/lib/bundler/lockfile_generator.rb +3 -3
- data/bundler/lib/bundler/lockfile_parser.rb +17 -16
- data/bundler/lib/bundler/man/bundle-add.1 +6 -2
- data/bundler/lib/bundler/man/bundle-add.1.ronn +4 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +9 -3
- data/bundler/lib/bundler/man/bundle-cache.1.ronn +9 -2
- data/bundler/lib/bundler/man/bundle-check.1 +1 -1
- data/bundler/lib/bundler/man/bundle-clean.1 +2 -2
- data/bundler/lib/bundler/man/bundle-clean.1.ronn +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +26 -10
- data/bundler/lib/bundler/man/bundle-config.1.ronn +17 -10
- data/bundler/lib/bundler/man/bundle-console.1 +53 -0
- data/bundler/lib/bundler/man/bundle-console.1.ronn +44 -0
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +6 -6
- data/bundler/lib/bundler/man/bundle-exec.1.ronn +6 -6
- data/bundler/lib/bundler/man/bundle-gem.1 +27 -37
- data/bundler/lib/bundler/man/bundle-gem.1.ronn +5 -5
- data/bundler/lib/bundler/man/bundle-help.1 +13 -0
- data/bundler/lib/bundler/man/bundle-help.1.ronn +12 -0
- data/bundler/lib/bundler/man/bundle-info.1 +3 -3
- data/bundler/lib/bundler/man/bundle-info.1.ronn +3 -3
- data/bundler/lib/bundler/man/bundle-init.1 +5 -1
- data/bundler/lib/bundler/man/bundle-init.1.ronn +2 -0
- data/bundler/lib/bundler/man/bundle-inject.1 +5 -2
- data/bundler/lib/bundler/man/bundle-inject.1.ronn +3 -1
- data/bundler/lib/bundler/man/bundle-install.1 +5 -30
- data/bundler/lib/bundler/man/bundle-install.1.ronn +6 -29
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +22 -2
- data/bundler/lib/bundler/man/bundle-open.1.ronn +9 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +13 -9
- data/bundler/lib/bundler/man/bundle-outdated.1.ronn +12 -9
- data/bundler/lib/bundler/man/bundle-platform.1 +16 -6
- data/bundler/lib/bundler/man/bundle-platform.1.ronn +14 -7
- data/bundler/lib/bundler/man/bundle-plugin.1 +81 -0
- data/bundler/lib/bundler/man/bundle-plugin.1.ronn +59 -0
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +35 -0
- data/bundler/lib/bundler/man/bundle-version.1.ronn +24 -0
- data/bundler/lib/bundler/man/bundle-viz.1 +4 -1
- data/bundler/lib/bundler/man/bundle-viz.1.ronn +2 -0
- data/bundler/lib/bundler/man/bundle.1 +15 -10
- data/bundler/lib/bundler/man/bundle.1.ronn +12 -7
- data/bundler/lib/bundler/man/gemfile.5 +55 -55
- data/bundler/lib/bundler/man/gemfile.5.ronn +57 -53
- data/bundler/lib/bundler/man/index.txt +4 -0
- data/bundler/lib/bundler/match_metadata.rb +13 -0
- data/bundler/lib/bundler/match_remote_metadata.rb +29 -0
- data/bundler/lib/bundler/mirror.rb +5 -7
- data/bundler/lib/bundler/plugin/index.rb +5 -5
- data/bundler/lib/bundler/plugin/installer/rubygems.rb +0 -4
- data/bundler/lib/bundler/plugin/installer.rb +5 -2
- data/bundler/lib/bundler/plugin.rb +3 -1
- data/bundler/lib/bundler/remote_specification.rb +7 -12
- data/bundler/lib/bundler/resolver/base.rb +107 -0
- data/bundler/lib/bundler/resolver/candidate.rb +94 -0
- data/bundler/lib/bundler/resolver/incompatibility.rb +15 -0
- data/bundler/lib/bundler/resolver/package.rb +72 -0
- data/bundler/lib/bundler/resolver/root.rb +25 -0
- data/bundler/lib/bundler/resolver/spec_group.rb +42 -71
- data/bundler/lib/bundler/resolver.rb +335 -328
- data/bundler/lib/bundler/ruby_dsl.rb +7 -1
- data/bundler/lib/bundler/ruby_version.rb +8 -8
- data/bundler/lib/bundler/rubygems_ext.rb +100 -9
- data/bundler/lib/bundler/rubygems_gem_installer.rb +23 -14
- data/bundler/lib/bundler/rubygems_integration.rb +11 -15
- data/bundler/lib/bundler/runtime.rb +2 -6
- data/bundler/lib/bundler/safe_marshal.rb +31 -0
- data/bundler/lib/bundler/settings.rb +5 -11
- data/bundler/lib/bundler/setup.rb +4 -1
- data/bundler/lib/bundler/shared_helpers.rb +3 -3
- data/bundler/lib/bundler/source/git/git_proxy.rb +237 -74
- data/bundler/lib/bundler/source/git.rb +55 -30
- data/bundler/lib/bundler/source/metadata.rb +1 -2
- data/bundler/lib/bundler/source/path/installer.rb +1 -22
- data/bundler/lib/bundler/source/path.rb +6 -6
- data/bundler/lib/bundler/source/rubygems.rb +26 -81
- data/bundler/lib/bundler/source.rb +1 -1
- data/bundler/lib/bundler/source_list.rb +8 -2
- data/bundler/lib/bundler/spec_set.rb +60 -37
- data/bundler/lib/bundler/templates/Executable +1 -1
- data/bundler/lib/bundler/templates/Executable.bundler +5 -10
- data/bundler/lib/bundler/templates/Executable.standalone +2 -0
- data/bundler/lib/bundler/templates/newgem/Cargo.toml.tt +7 -0
- data/bundler/lib/bundler/templates/newgem/Gemfile.tt +3 -0
- data/bundler/lib/bundler/templates/newgem/README.md.tt +6 -4
- data/bundler/lib/bundler/templates/newgem/Rakefile.tt +12 -1
- data/bundler/lib/bundler/templates/newgem/bin/console.tt +0 -4
- data/bundler/lib/bundler/templates/newgem/circleci/config.yml.tt +12 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt +10 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf-rust.rb.tt +6 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +1 -1
- data/bundler/lib/bundler/templates/newgem/ext/newgem/src/lib.rs.tt +12 -0
- data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt +10 -0
- data/bundler/lib/bundler/templates/newgem/gitignore.tt +3 -0
- data/bundler/lib/bundler/templates/newgem/gitlab-ci.yml.tt +13 -4
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +9 -2
- data/bundler/lib/bundler/ui/rg_proxy.rb +1 -1
- data/bundler/lib/bundler/ui/shell.rb +35 -12
- data/bundler/lib/bundler/ui/silent.rb +21 -5
- data/bundler/lib/bundler/uri_normalizer.rb +23 -0
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +3 -3
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +0 -1
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +3 -1
- data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +1351 -409
- data/bundler/lib/bundler/vendor/net-http-persistent/README.rdoc +1 -1
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +1 -1
- data/bundler/lib/bundler/vendor/pub_grub/LICENSE.txt +21 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/assignment.rb +20 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/basic_package_source.rb +189 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/failure_writer.rb +182 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/incompatibility.rb +150 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/package.rb +43 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/partial_solution.rb +121 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/rubygems.rb +45 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/solve_failure.rb +19 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +60 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/term.rb +105 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version.rb +3 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_constraint.rb +129 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_range.rb +411 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb +248 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_union.rb +178 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub.rb +31 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +1 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb +64 -16
- data/bundler/lib/bundler/vendor/uri/lib/uri/file.rb +7 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/ftp.rb +2 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/generic.rb +27 -7
- data/bundler/lib/bundler/vendor/uri/lib/uri/http.rb +40 -2
- data/bundler/lib/bundler/vendor/uri/lib/uri/https.rb +2 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/ldap.rb +1 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/ldaps.rb +2 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/mailto.rb +2 -2
- data/bundler/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +15 -9
- data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +11 -6
- data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri/ws.rb +1 -2
- data/bundler/lib/bundler/vendor/uri/lib/uri/wss.rb +2 -1
- data/bundler/lib/bundler/vendor/uri/lib/uri.rb +3 -2
- data/bundler/lib/bundler/vendored_persistent.rb +1 -33
- data/bundler/lib/bundler/{vendored_tmpdir.rb → vendored_pub_grub.rb} +1 -1
- data/bundler/lib/bundler/version.rb +5 -1
- data/bundler/lib/bundler/worker.rb +5 -7
- data/bundler/lib/bundler.rb +25 -77
- data/{bin → exe}/gem +4 -5
- data/{bin → exe}/update_rubygems +12 -10
- data/lib/rubygems/available_set.rb +4 -3
- data/lib/rubygems/basic_specification.rb +5 -4
- data/lib/rubygems/bundler_version_finder.rb +2 -2
- data/lib/rubygems/command.rb +41 -32
- data/lib/rubygems/command_manager.rb +30 -15
- data/lib/rubygems/commands/build_command.rb +12 -8
- data/lib/rubygems/commands/cert_command.rb +34 -33
- data/lib/rubygems/commands/check_command.rb +21 -20
- data/lib/rubygems/commands/cleanup_command.rb +18 -17
- data/lib/rubygems/commands/contents_command.rb +14 -13
- data/lib/rubygems/commands/dependency_command.rb +17 -16
- data/lib/rubygems/commands/environment_command.rb +6 -5
- data/lib/rubygems/commands/exec_command.rb +249 -0
- data/lib/rubygems/commands/fetch_command.rb +10 -9
- data/lib/rubygems/commands/generate_index_command.rb +18 -17
- data/lib/rubygems/commands/help_command.rb +7 -6
- data/lib/rubygems/commands/info_command.rb +3 -3
- data/lib/rubygems/commands/install_command.rb +28 -23
- data/lib/rubygems/commands/list_command.rb +4 -3
- data/lib/rubygems/commands/lock_command.rb +5 -4
- data/lib/rubygems/commands/mirror_command.rb +4 -3
- data/lib/rubygems/commands/open_command.rb +10 -9
- data/lib/rubygems/commands/outdated_command.rb +6 -5
- data/lib/rubygems/commands/owner_command.rb +17 -14
- data/lib/rubygems/commands/pristine_command.rb +46 -36
- data/lib/rubygems/commands/push_command.rb +9 -8
- data/lib/rubygems/commands/query_command.rb +9 -8
- data/lib/rubygems/commands/rdoc_command.rb +21 -19
- data/lib/rubygems/commands/search_command.rb +4 -3
- data/lib/rubygems/commands/server_command.rb +4 -3
- data/lib/rubygems/commands/setup_command.rb +97 -106
- data/lib/rubygems/commands/signin_command.rb +10 -9
- data/lib/rubygems/commands/signout_command.rb +8 -7
- data/lib/rubygems/commands/sources_command.rb +22 -21
- data/lib/rubygems/commands/specification_command.rb +14 -13
- data/lib/rubygems/commands/stale_command.rb +3 -2
- data/lib/rubygems/commands/uninstall_command.rb +44 -40
- data/lib/rubygems/commands/unpack_command.rb +14 -13
- data/lib/rubygems/commands/update_command.rb +42 -63
- data/lib/rubygems/commands/which_command.rb +8 -7
- data/lib/rubygems/commands/yank_command.rb +12 -11
- data/lib/rubygems/config_file.rb +55 -21
- data/lib/rubygems/core_ext/kernel_gem.rb +1 -6
- data/lib/rubygems/core_ext/kernel_require.rb +109 -115
- data/lib/rubygems/core_ext/kernel_warn.rb +33 -37
- data/lib/rubygems/core_ext/tcpsocket_init.rb +3 -1
- data/lib/rubygems/defaults.rb +33 -18
- data/lib/rubygems/dependency.rb +15 -11
- data/lib/rubygems/dependency_installer.rb +38 -37
- data/lib/rubygems/dependency_list.rb +7 -6
- data/lib/rubygems/deprecate.rb +3 -2
- data/lib/rubygems/doctor.rb +19 -18
- data/lib/rubygems/errors.rb +3 -2
- data/lib/rubygems/exceptions.rb +16 -8
- data/lib/rubygems/ext/build_error.rb +2 -1
- data/lib/rubygems/ext/builder.rb +37 -21
- data/lib/rubygems/ext/cargo_builder/link_flag_converter.rb +9 -5
- data/lib/rubygems/ext/cargo_builder.rb +150 -111
- data/lib/rubygems/ext/cmake_builder.rb +2 -2
- data/lib/rubygems/ext/configure_builder.rb +2 -1
- data/lib/rubygems/ext/ext_conf_builder.rb +11 -9
- data/lib/rubygems/ext/rake_builder.rb +7 -5
- data/lib/rubygems/ext.rb +8 -7
- data/lib/rubygems/gem_runner.rb +6 -5
- data/lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb +163 -0
- data/lib/rubygems/gemcutter_utilities/webauthn_listener.rb +105 -0
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +78 -0
- data/lib/rubygems/gemcutter_utilities.rb +90 -34
- data/lib/rubygems/indexer.rb +29 -28
- data/lib/rubygems/install_default_message.rb +3 -2
- data/lib/rubygems/install_message.rb +3 -2
- data/lib/rubygems/install_update_options.rb +56 -55
- data/lib/rubygems/installer.rb +54 -46
- data/lib/rubygems/installer_uninstaller_utils.rb +2 -2
- data/lib/rubygems/local_remote_options.rb +19 -20
- data/lib/rubygems/mock_gem_ui.rb +3 -2
- data/lib/rubygems/name_tuple.rb +5 -4
- data/lib/rubygems/optparse/lib/optparse.rb +20 -15
- data/lib/rubygems/optparse.rb +1 -1
- data/lib/rubygems/package/digest_io.rb +1 -0
- data/lib/rubygems/package/file_source.rb +3 -2
- data/lib/rubygems/package/io_source.rb +1 -0
- data/lib/rubygems/package/old.rb +9 -8
- data/lib/rubygems/package/source.rb +1 -0
- data/lib/rubygems/package/tar_header.rb +63 -62
- data/lib/rubygems/package/tar_reader/entry.rb +91 -9
- data/lib/rubygems/package/tar_reader.rb +2 -29
- data/lib/rubygems/package/tar_writer.rb +8 -7
- data/lib/rubygems/package.rb +64 -48
- data/lib/rubygems/package_task.rb +5 -4
- data/lib/rubygems/path_support.rb +1 -0
- data/lib/rubygems/platform.rb +79 -53
- data/lib/rubygems/psych_tree.rb +2 -1
- data/lib/rubygems/query_utils.rb +35 -35
- data/lib/rubygems/rdoc.rb +3 -2
- data/lib/rubygems/remote_fetcher.rb +23 -22
- data/lib/rubygems/request/connection_pools.rb +4 -4
- data/lib/rubygems/request/http_pool.rb +2 -1
- data/lib/rubygems/request/https_pool.rb +1 -0
- data/lib/rubygems/request.rb +23 -22
- data/lib/rubygems/request_set/gem_dependency_api.rb +123 -123
- data/lib/rubygems/request_set/lockfile/parser.rb +28 -27
- data/lib/rubygems/request_set/lockfile/tokenizer.rb +5 -3
- data/lib/rubygems/request_set/lockfile.rb +6 -5
- data/lib/rubygems/request_set.rb +20 -19
- data/lib/rubygems/requirement.rb +15 -14
- data/lib/rubygems/resolver/activation_request.rb +4 -3
- data/lib/rubygems/resolver/api_set.rb +5 -4
- data/lib/rubygems/resolver/api_specification.rb +7 -6
- data/lib/rubygems/resolver/best_set.rb +6 -5
- data/lib/rubygems/resolver/composed_set.rb +1 -0
- data/lib/rubygems/resolver/conflict.rb +11 -10
- data/lib/rubygems/resolver/current_set.rb +1 -0
- data/lib/rubygems/resolver/dependency_request.rb +3 -2
- data/lib/rubygems/resolver/git_set.rb +3 -2
- data/lib/rubygems/resolver/git_specification.rb +7 -6
- data/lib/rubygems/resolver/index_set.rb +4 -3
- data/lib/rubygems/resolver/index_specification.rb +7 -5
- data/lib/rubygems/resolver/installed_specification.rb +5 -4
- data/lib/rubygems/resolver/installer_set.rb +15 -17
- data/lib/rubygems/resolver/local_specification.rb +3 -2
- data/lib/rubygems/resolver/lock_set.rb +5 -4
- data/lib/rubygems/resolver/lock_specification.rb +5 -4
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb +1 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/errors.rb +32 -26
- data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +1 -1
- data/lib/rubygems/resolver/molinillo.rb +2 -1
- data/lib/rubygems/resolver/requirement_list.rb +1 -0
- data/lib/rubygems/resolver/set.rb +1 -0
- data/lib/rubygems/resolver/source_set.rb +2 -0
- data/lib/rubygems/resolver/spec_specification.rb +1 -0
- data/lib/rubygems/resolver/specification.rb +2 -1
- data/lib/rubygems/resolver/stats.rb +2 -1
- data/lib/rubygems/resolver/vendor_set.rb +2 -1
- data/lib/rubygems/resolver/vendor_specification.rb +4 -3
- data/lib/rubygems/resolver.rb +41 -40
- data/lib/rubygems/s3_uri_signer.rb +10 -8
- data/lib/rubygems/safe_yaml.rb +4 -2
- data/lib/rubygems/security/policies.rb +48 -47
- data/lib/rubygems/security/policy.rb +19 -18
- data/lib/rubygems/security/signer.rb +6 -5
- data/lib/rubygems/security/trust_dir.rb +5 -4
- data/lib/rubygems/security.rb +30 -42
- data/lib/rubygems/security_option.rb +6 -5
- data/lib/rubygems/shellwords.rb +3 -0
- data/lib/rubygems/source/git.rb +22 -22
- data/lib/rubygems/source/installed.rb +2 -1
- data/lib/rubygems/source/local.rb +3 -2
- data/lib/rubygems/source/lock.rb +1 -0
- data/lib/rubygems/source/specific_file.rb +2 -1
- data/lib/rubygems/source/vendor.rb +1 -0
- data/lib/rubygems/source.rb +16 -16
- data/lib/rubygems/spec_fetcher.rb +10 -9
- data/lib/rubygems/specification.rb +121 -114
- data/lib/rubygems/specification_policy.rb +36 -15
- data/lib/rubygems/stub_specification.rb +11 -9
- data/lib/rubygems/text.rb +2 -2
- data/lib/rubygems/tsort/lib/tsort.rb +308 -310
- data/lib/rubygems/tsort.rb +1 -1
- data/lib/rubygems/uninstaller.rb +19 -18
- data/lib/rubygems/update_suggestion.rb +69 -0
- data/lib/rubygems/uri.rb +4 -4
- data/lib/rubygems/uri_formatter.rb +1 -1
- data/lib/rubygems/user_interaction.rb +37 -21
- data/lib/rubygems/util/licenses.rb +4 -3
- data/lib/rubygems/util/list.rb +1 -0
- data/lib/rubygems/util.rb +12 -15
- data/lib/rubygems/validator.rb +7 -6
- data/lib/rubygems/version.rb +17 -11
- data/lib/rubygems/version_option.rb +4 -3
- data/lib/rubygems.rb +89 -68
- data/rubygems-update.gemspec +10 -8
- data/setup.rb +10 -9
- data/test/rubygems/alternate_cert.pem +14 -14
- data/test/rubygems/alternate_cert_32.pem +15 -15
- data/test/rubygems/alternate_key.pem +25 -25
- data/test/rubygems/bad_rake.rb +1 -0
- data/test/rubygems/bundler_test_gem.rb +421 -0
- data/test/rubygems/child_cert.pem +15 -16
- data/test/rubygems/child_cert_32.pem +15 -16
- data/test/rubygems/child_key.pem +25 -25
- data/test/rubygems/encrypted_private_key.pem +26 -26
- data/test/rubygems/expired_cert.pem +15 -15
- data/test/rubygems/fake_certlib/openssl.rb +1 -0
- data/test/rubygems/future_cert.pem +15 -15
- data/test/rubygems/future_cert_32.pem +15 -15
- data/test/rubygems/good_rake.rb +1 -0
- data/test/rubygems/grandchild_cert.pem +15 -16
- data/test/rubygems/grandchild_cert_32.pem +15 -16
- data/test/rubygems/grandchild_key.pem +25 -25
- data/test/rubygems/helper.rb +172 -151
- data/test/rubygems/installer_test_case.rb +14 -13
- data/test/rubygems/invalid_issuer_cert.pem +16 -16
- data/test/rubygems/invalid_issuer_cert_32.pem +16 -16
- data/test/rubygems/invalid_key.pem +25 -25
- data/test/rubygems/invalid_signer_cert.pem +15 -15
- data/test/rubygems/invalid_signer_cert_32.pem +15 -15
- data/test/rubygems/invalidchild_cert.pem +15 -16
- data/test/rubygems/invalidchild_cert_32.pem +15 -16
- data/test/rubygems/invalidchild_key.pem +25 -25
- data/test/rubygems/multifactor_auth_utilities.rb +111 -0
- data/test/rubygems/package/tar_test_case.rb +53 -17
- data/test/rubygems/packages/Bluebie-legs-0.6.2.gem +0 -0
- data/test/rubygems/plugin/exception/rubygems_plugin.rb +2 -1
- data/test/rubygems/plugin/load/rubygems_plugin.rb +1 -0
- data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +2 -1
- data/test/rubygems/private_key.pem +25 -25
- data/test/rubygems/public_cert.pem +16 -16
- data/test/rubygems/public_cert_32.pem +15 -15
- data/test/rubygems/public_key.pem +7 -7
- data/test/rubygems/rubygems/commands/crash_command.rb +1 -0
- data/test/rubygems/rubygems_plugin.rb +3 -2
- data/test/rubygems/simple_gem.rb +2 -1
- data/test/rubygems/specifications/bar-0.0.2.gemspec +2 -0
- data/test/rubygems/specifications/rubyforge-0.0.1.gemspec +6 -4
- data/test/rubygems/test_bundled_ca.rb +13 -12
- data/test/rubygems/test_config.rb +5 -4
- data/test/rubygems/test_deprecate.rb +5 -4
- data/test/rubygems/test_exit.rb +9 -3
- data/test/rubygems/test_gem.rb +339 -677
- data/test/rubygems/test_gem_available_set.rb +22 -21
- data/test/rubygems/test_gem_bundler_version_finder.rb +6 -4
- data/test/rubygems/test_gem_command.rb +45 -44
- data/test/rubygems/test_gem_command_manager.rb +96 -30
- data/test/rubygems/test_gem_commands_build_command.rb +74 -63
- data/test/rubygems/test_gem_commands_cert_command.rb +98 -99
- data/test/rubygems/test_gem_commands_check_command.rb +5 -4
- data/test/rubygems/test_gem_commands_cleanup_command.rb +41 -40
- data/test/rubygems/test_gem_commands_contents_command.rb +28 -27
- data/test/rubygems/test_gem_commands_dependency_command.rb +37 -36
- data/test/rubygems/test_gem_commands_environment_command.rb +17 -16
- data/test/rubygems/test_gem_commands_exec_command.rb +853 -0
- data/test/rubygems/test_gem_commands_fetch_command.rb +38 -37
- data/test/rubygems/test_gem_commands_generate_index_command.rb +8 -7
- data/test/rubygems/test_gem_commands_help_command.rb +14 -13
- data/test/rubygems/test_gem_commands_info_command.rb +29 -2
- data/test/rubygems/test_gem_commands_install_command.rb +152 -132
- data/test/rubygems/test_gem_commands_list_command.rb +5 -4
- data/test/rubygems/test_gem_commands_lock_command.rb +11 -10
- data/test/rubygems/test_gem_commands_mirror.rb +3 -2
- data/test/rubygems/test_gem_commands_open_command.rb +5 -4
- data/test/rubygems/test_gem_commands_outdated_command.rb +10 -9
- data/test/rubygems/test_gem_commands_owner_command.rb +227 -50
- data/test/rubygems/test_gem_commands_pristine_command.rb +142 -93
- data/test/rubygems/test_gem_commands_push_command.rb +189 -64
- data/test/rubygems/test_gem_commands_query_command.rb +74 -73
- data/test/rubygems/test_gem_commands_search_command.rb +3 -2
- data/test/rubygems/test_gem_commands_server_command.rb +3 -2
- data/test/rubygems/test_gem_commands_setup_command.rb +123 -96
- data/test/rubygems/test_gem_commands_signin_command.rb +71 -31
- data/test/rubygems/test_gem_commands_signout_command.rb +3 -3
- data/test/rubygems/test_gem_commands_sources_command.rb +29 -29
- data/test/rubygems/test_gem_commands_specification_command.rb +33 -32
- data/test/rubygems/test_gem_commands_stale_command.rb +5 -4
- data/test/rubygems/test_gem_commands_uninstall_command.rb +99 -81
- data/test/rubygems/test_gem_commands_unpack_command.rb +32 -31
- data/test/rubygems/test_gem_commands_update_command.rb +96 -95
- data/test/rubygems/test_gem_commands_which_command.rb +7 -6
- data/test/rubygems/test_gem_commands_yank_command.rb +162 -43
- data/test/rubygems/test_gem_config_file.rb +94 -81
- data/test/rubygems/test_gem_dependency.rb +76 -73
- data/test/rubygems/test_gem_dependency_installer.rb +200 -165
- data/test/rubygems/test_gem_dependency_list.rb +48 -47
- data/test/rubygems/test_gem_dependency_resolution_error.rb +5 -4
- data/test/rubygems/test_gem_doctor.rb +27 -26
- data/test/rubygems/test_gem_ext_builder.rb +60 -61
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/custom_name.gemspec +4 -4
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/{Cargo.lock → ext/custom_name_lib/Cargo.lock} +23 -33
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/{Cargo.toml → ext/custom_name_lib/Cargo.toml} +1 -1
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/{src → ext/custom_name_lib/src}/lib.rs +1 -1
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/lib/custom_name.rb +3 -0
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock +37 -33
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml +1 -1
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/rust_ruby_example.gemspec +2 -0
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/src/lib.rs +12 -0
- data/test/rubygems/test_gem_ext_cargo_builder.rb +48 -59
- data/test/rubygems/test_gem_ext_cargo_builder_link_flag_converter.rb +20 -19
- data/test/rubygems/test_gem_ext_cargo_builder_unit.rb +21 -36
- data/test/rubygems/test_gem_ext_cmake_builder.rb +16 -15
- data/test/rubygems/test_gem_ext_configure_builder.rb +14 -13
- data/test/rubygems/test_gem_ext_ext_conf_builder.rb +51 -52
- data/test/rubygems/test_gem_ext_rake_builder.rb +16 -15
- data/test/rubygems/test_gem_gem_runner.rb +15 -9
- data/test/rubygems/test_gem_gemcutter_utilities.rb +170 -84
- data/test/rubygems/test_gem_impossible_dependencies_error.rb +5 -4
- data/test/rubygems/test_gem_indexer.rb +87 -67
- data/test/rubygems/test_gem_install_update_options.rb +17 -16
- data/test/rubygems/test_gem_installer.rb +422 -304
- data/test/rubygems/test_gem_local_remote_options.rb +11 -10
- data/test/rubygems/test_gem_name_tuple.rb +5 -4
- data/test/rubygems/test_gem_package.rb +243 -231
- data/test/rubygems/test_gem_package_old.rb +14 -13
- data/test/rubygems/test_gem_package_tar_header.rb +48 -47
- data/test/rubygems/test_gem_package_tar_reader.rb +56 -8
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +162 -16
- data/test/rubygems/test_gem_package_tar_writer.rb +77 -76
- data/test/rubygems/test_gem_package_task.rb +19 -18
- data/test/rubygems/test_gem_path_support.rb +15 -14
- data/test/rubygems/test_gem_platform.rb +333 -227
- data/test/rubygems/test_gem_rdoc.rb +15 -14
- data/test/rubygems/test_gem_remote_fetcher.rb +155 -154
- data/test/rubygems/test_gem_request.rb +64 -58
- data/test/rubygems/test_gem_request_connection_pools.rb +30 -29
- data/test/rubygems/test_gem_request_set.rb +101 -100
- data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +210 -211
- data/test/rubygems/test_gem_request_set_lockfile.rb +87 -86
- data/test/rubygems/test_gem_request_set_lockfile_parser.rb +58 -57
- data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +63 -62
- data/test/rubygems/test_gem_requirement.rb +48 -41
- data/test/rubygems/test_gem_resolver.rb +167 -99
- data/test/rubygems/test_gem_resolver_activation_request.rb +7 -6
- data/test/rubygems/test_gem_resolver_api_set.rb +34 -33
- data/test/rubygems/test_gem_resolver_api_specification.rb +48 -47
- data/test/rubygems/test_gem_resolver_best_set.rb +23 -22
- data/test/rubygems/test_gem_resolver_composed_set.rb +2 -1
- data/test/rubygems/test_gem_resolver_conflict.rb +13 -12
- data/test/rubygems/test_gem_resolver_dependency_request.rb +16 -15
- data/test/rubygems/test_gem_resolver_git_set.rb +22 -21
- data/test/rubygems/test_gem_resolver_git_specification.rb +22 -21
- data/test/rubygems/test_gem_resolver_index_set.rb +13 -12
- data/test/rubygems/test_gem_resolver_index_specification.rb +17 -16
- data/test/rubygems/test_gem_resolver_installed_specification.rb +6 -5
- data/test/rubygems/test_gem_resolver_installer_set.rb +79 -34
- data/test/rubygems/test_gem_resolver_local_specification.rb +8 -7
- data/test/rubygems/test_gem_resolver_lock_set.rb +13 -12
- data/test/rubygems/test_gem_resolver_lock_specification.rb +18 -17
- data/test/rubygems/test_gem_resolver_requirement_list.rb +2 -1
- data/test/rubygems/test_gem_resolver_specification.rb +9 -8
- data/test/rubygems/test_gem_resolver_vendor_set.rb +7 -6
- data/test/rubygems/test_gem_resolver_vendor_specification.rb +11 -10
- data/test/rubygems/test_gem_security.rb +69 -68
- data/test/rubygems/test_gem_security_policy.rb +72 -72
- data/test/rubygems/test_gem_security_signer.rb +35 -34
- data/test/rubygems/test_gem_security_trust_dir.rb +7 -6
- data/test/rubygems/test_gem_silent_ui.rb +39 -32
- data/test/rubygems/test_gem_source.rb +45 -44
- data/test/rubygems/test_gem_source_fetch_problem.rb +10 -9
- data/test/rubygems/test_gem_source_git.rb +69 -62
- data/test/rubygems/test_gem_source_installed.rb +17 -16
- data/test/rubygems/test_gem_source_list.rb +6 -5
- data/test/rubygems/test_gem_source_local.rb +15 -14
- data/test/rubygems/test_gem_source_lock.rb +32 -31
- data/test/rubygems/test_gem_source_specific_file.rb +18 -17
- data/test/rubygems/test_gem_source_subpath_problem.rb +8 -7
- data/test/rubygems/test_gem_source_vendor.rb +14 -13
- data/test/rubygems/test_gem_spec_fetcher.rb +73 -72
- data/test/rubygems/test_gem_specification.rb +533 -469
- data/test/rubygems/test_gem_stream_ui.rb +53 -22
- data/test/rubygems/test_gem_stub_specification.rb +33 -32
- data/test/rubygems/test_gem_text.rb +2 -1
- data/test/rubygems/test_gem_uninstaller.rb +118 -117
- data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +4 -3
- data/test/rubygems/test_gem_update_suggestion.rb +209 -0
- data/test/rubygems/test_gem_uri.rb +6 -4
- data/test/rubygems/test_gem_uri_formatter.rb +15 -14
- data/test/rubygems/test_gem_util.rb +24 -23
- data/test/rubygems/test_gem_validator.rb +8 -8
- data/test/rubygems/test_gem_version.rb +24 -16
- data/test/rubygems/test_gem_version_option.rb +16 -15
- data/test/rubygems/test_kernel.rb +43 -48
- data/test/rubygems/test_project_sanity.rb +32 -3
- data/test/rubygems/test_remote_fetch_error.rb +8 -7
- data/test/rubygems/test_require.rb +118 -103
- data/test/rubygems/test_rubygems.rb +10 -8
- data/test/rubygems/test_webauthn_listener.rb +143 -0
- data/test/rubygems/test_webauthn_listener_response.rb +93 -0
- data/test/rubygems/test_webauthn_poller.rb +124 -0
- data/test/rubygems/utilities.rb +98 -34
- data/test/rubygems/wrong_key_cert.pem +15 -15
- data/test/rubygems/wrong_key_cert_32.pem +15 -15
- data/test/test_changelog_generator.rb +1 -1
- metadata +99 -46
- data/bundler/lib/bundler/dep_proxy.rb +0 -55
- data/bundler/lib/bundler/templates/gems.rb +0 -5
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf.rb.tt +0 -5
- data/bundler/lib/bundler/templates/newgem/travis.yml.tt +0 -6
- data/bundler/lib/bundler/vendor/molinillo/LICENSE +0 -9
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/delegates/resolution_state.rb +0 -57
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/delegates/specification_provider.rb +0 -88
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/action.rb +0 -36
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +0 -66
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +0 -62
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +0 -63
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +0 -61
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/log.rb +0 -126
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/set_payload.rb +0 -46
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/tag.rb +0 -36
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph/vertex.rb +0 -164
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/dependency_graph.rb +0 -255
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/errors.rb +0 -149
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata.rb +0 -6
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/modules/specification_provider.rb +0 -112
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/modules/ui.rb +0 -67
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolution.rb +0 -839
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/resolver.rb +0 -46
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo/state.rb +0 -58
- data/bundler/lib/bundler/vendor/molinillo/lib/molinillo.rb +0 -11
- data/bundler/lib/bundler/vendor/tmpdir/lib/tmpdir.rb +0 -154
- data/bundler/lib/bundler/vendored_molinillo.rb +0 -4
- data/bundler/lib/bundler/version_ranges.rb +0 -122
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/build.rb +0 -21
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/build.rb +0 -21
|
@@ -1,17 +1,18 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
module Gem::Security
|
|
3
4
|
|
|
4
5
|
##
|
|
5
6
|
# No security policy: all package signature checks are disabled.
|
|
6
7
|
|
|
7
8
|
NoSecurity = Policy.new(
|
|
8
|
-
|
|
9
|
-
:verify_data
|
|
10
|
-
:verify_signer
|
|
11
|
-
:verify_chain
|
|
12
|
-
:verify_root
|
|
13
|
-
:only_trusted
|
|
14
|
-
:only_signed
|
|
9
|
+
"No Security",
|
|
10
|
+
:verify_data => false,
|
|
11
|
+
:verify_signer => false,
|
|
12
|
+
:verify_chain => false,
|
|
13
|
+
:verify_root => false,
|
|
14
|
+
:only_trusted => false,
|
|
15
|
+
:only_signed => false
|
|
15
16
|
)
|
|
16
17
|
|
|
17
18
|
##
|
|
@@ -23,13 +24,13 @@ module Gem::Security
|
|
|
23
24
|
# easily spoofed, and is not recommended.
|
|
24
25
|
|
|
25
26
|
AlmostNoSecurity = Policy.new(
|
|
26
|
-
|
|
27
|
-
:verify_data
|
|
28
|
-
:verify_signer
|
|
29
|
-
:verify_chain
|
|
30
|
-
:verify_root
|
|
31
|
-
:only_trusted
|
|
32
|
-
:only_signed
|
|
27
|
+
"Almost No Security",
|
|
28
|
+
:verify_data => true,
|
|
29
|
+
:verify_signer => false,
|
|
30
|
+
:verify_chain => false,
|
|
31
|
+
:verify_root => false,
|
|
32
|
+
:only_trusted => false,
|
|
33
|
+
:only_signed => false
|
|
33
34
|
)
|
|
34
35
|
|
|
35
36
|
##
|
|
@@ -40,13 +41,13 @@ module Gem::Security
|
|
|
40
41
|
# is not recommended.
|
|
41
42
|
|
|
42
43
|
LowSecurity = Policy.new(
|
|
43
|
-
|
|
44
|
-
:verify_data
|
|
45
|
-
:verify_signer
|
|
46
|
-
:verify_chain
|
|
47
|
-
:verify_root
|
|
48
|
-
:only_trusted
|
|
49
|
-
:only_signed
|
|
44
|
+
"Low Security",
|
|
45
|
+
:verify_data => true,
|
|
46
|
+
:verify_signer => true,
|
|
47
|
+
:verify_chain => false,
|
|
48
|
+
:verify_root => false,
|
|
49
|
+
:only_trusted => false,
|
|
50
|
+
:only_signed => false
|
|
50
51
|
)
|
|
51
52
|
|
|
52
53
|
##
|
|
@@ -59,13 +60,13 @@ module Gem::Security
|
|
|
59
60
|
# gem off as unsigned.
|
|
60
61
|
|
|
61
62
|
MediumSecurity = Policy.new(
|
|
62
|
-
|
|
63
|
-
:verify_data
|
|
64
|
-
:verify_signer
|
|
65
|
-
:verify_chain
|
|
66
|
-
:verify_root
|
|
67
|
-
:only_trusted
|
|
68
|
-
:only_signed
|
|
63
|
+
"Medium Security",
|
|
64
|
+
:verify_data => true,
|
|
65
|
+
:verify_signer => true,
|
|
66
|
+
:verify_chain => true,
|
|
67
|
+
:verify_root => true,
|
|
68
|
+
:only_trusted => true,
|
|
69
|
+
:only_signed => false
|
|
69
70
|
)
|
|
70
71
|
|
|
71
72
|
##
|
|
@@ -78,37 +79,37 @@ module Gem::Security
|
|
|
78
79
|
# a reasonable guarantee that the contents of the gem have not been altered.
|
|
79
80
|
|
|
80
81
|
HighSecurity = Policy.new(
|
|
81
|
-
|
|
82
|
-
:verify_data
|
|
83
|
-
:verify_signer
|
|
84
|
-
:verify_chain
|
|
85
|
-
:verify_root
|
|
86
|
-
:only_trusted
|
|
87
|
-
:only_signed
|
|
82
|
+
"High Security",
|
|
83
|
+
:verify_data => true,
|
|
84
|
+
:verify_signer => true,
|
|
85
|
+
:verify_chain => true,
|
|
86
|
+
:verify_root => true,
|
|
87
|
+
:only_trusted => true,
|
|
88
|
+
:only_signed => true
|
|
88
89
|
)
|
|
89
90
|
|
|
90
91
|
##
|
|
91
92
|
# Policy used to verify a certificate and key when signing a gem
|
|
92
93
|
|
|
93
94
|
SigningPolicy = Policy.new(
|
|
94
|
-
|
|
95
|
-
:verify_data
|
|
96
|
-
:verify_signer
|
|
97
|
-
:verify_chain
|
|
98
|
-
:verify_root
|
|
99
|
-
:only_trusted
|
|
100
|
-
:only_signed
|
|
95
|
+
"Signing Policy",
|
|
96
|
+
:verify_data => false,
|
|
97
|
+
:verify_signer => true,
|
|
98
|
+
:verify_chain => true,
|
|
99
|
+
:verify_root => true,
|
|
100
|
+
:only_trusted => false,
|
|
101
|
+
:only_signed => false
|
|
101
102
|
)
|
|
102
103
|
|
|
103
104
|
##
|
|
104
105
|
# Hash of configured security policies
|
|
105
106
|
|
|
106
107
|
Policies = {
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
108
|
+
"NoSecurity" => NoSecurity,
|
|
109
|
+
"AlmostNoSecurity" => AlmostNoSecurity,
|
|
110
|
+
"LowSecurity" => LowSecurity,
|
|
111
|
+
"MediumSecurity" => MediumSecurity,
|
|
112
|
+
"HighSecurity" => HighSecurity,
|
|
112
113
|
# SigningPolicy is not intended for use by `gem -P` so do not list it
|
|
113
114
|
}.freeze
|
|
114
115
|
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
|
|
2
|
+
|
|
3
|
+
require_relative "../user_interaction"
|
|
3
4
|
|
|
4
5
|
##
|
|
5
6
|
# A Gem::Security::Policy object encapsulates the settings for verifying
|
|
@@ -53,8 +54,8 @@ class Gem::Security::Policy
|
|
|
53
54
|
# and is valid for the given +time+.
|
|
54
55
|
|
|
55
56
|
def check_chain(chain, time)
|
|
56
|
-
raise Gem::Security::Exception,
|
|
57
|
-
raise Gem::Security::Exception,
|
|
57
|
+
raise Gem::Security::Exception, "missing signing chain" unless chain
|
|
58
|
+
raise Gem::Security::Exception, "empty signing chain" if chain.empty?
|
|
58
59
|
|
|
59
60
|
begin
|
|
60
61
|
chain.each_cons 2 do |issuer, cert|
|
|
@@ -83,21 +84,21 @@ class Gem::Security::Policy
|
|
|
83
84
|
# If the +issuer+ is +nil+ no verification is performed.
|
|
84
85
|
|
|
85
86
|
def check_cert(signer, issuer, time)
|
|
86
|
-
raise Gem::Security::Exception,
|
|
87
|
+
raise Gem::Security::Exception, "missing signing certificate" unless
|
|
87
88
|
signer
|
|
88
89
|
|
|
89
90
|
message = "certificate #{signer.subject}"
|
|
90
91
|
|
|
91
|
-
if not_before = signer.not_before
|
|
92
|
+
if (not_before = signer.not_before) && not_before > time
|
|
92
93
|
raise Gem::Security::Exception,
|
|
93
94
|
"#{message} not valid before #{not_before}"
|
|
94
95
|
end
|
|
95
96
|
|
|
96
|
-
if not_after = signer.not_after
|
|
97
|
+
if (not_after = signer.not_after) && not_after < time
|
|
97
98
|
raise Gem::Security::Exception, "#{message} not valid after #{not_after}"
|
|
98
99
|
end
|
|
99
100
|
|
|
100
|
-
if issuer
|
|
101
|
+
if issuer && !signer.verify(issuer.public_key)
|
|
101
102
|
raise Gem::Security::Exception,
|
|
102
103
|
"#{message} was not issued by #{issuer.subject}"
|
|
103
104
|
end
|
|
@@ -109,10 +110,10 @@ class Gem::Security::Policy
|
|
|
109
110
|
# Ensures the public key of +key+ matches the public key in +signer+
|
|
110
111
|
|
|
111
112
|
def check_key(signer, key)
|
|
112
|
-
unless signer
|
|
113
|
+
unless signer && key
|
|
113
114
|
return true unless @only_signed
|
|
114
115
|
|
|
115
|
-
raise Gem::Security::Exception,
|
|
116
|
+
raise Gem::Security::Exception, "missing key or signature"
|
|
116
117
|
end
|
|
117
118
|
|
|
118
119
|
raise Gem::Security::Exception,
|
|
@@ -127,11 +128,11 @@ class Gem::Security::Policy
|
|
|
127
128
|
# +time+.
|
|
128
129
|
|
|
129
130
|
def check_root(chain, time)
|
|
130
|
-
raise Gem::Security::Exception,
|
|
131
|
+
raise Gem::Security::Exception, "missing signing chain" unless chain
|
|
131
132
|
|
|
132
133
|
root = chain.first
|
|
133
134
|
|
|
134
|
-
raise Gem::Security::Exception,
|
|
135
|
+
raise Gem::Security::Exception, "missing root certificate" unless root
|
|
135
136
|
|
|
136
137
|
raise Gem::Security::Exception,
|
|
137
138
|
"root certificate #{root.subject} is not self-signed " +
|
|
@@ -146,11 +147,11 @@ class Gem::Security::Policy
|
|
|
146
147
|
# the digests of the two certificates match according to +digester+
|
|
147
148
|
|
|
148
149
|
def check_trust(chain, digester, trust_dir)
|
|
149
|
-
raise Gem::Security::Exception,
|
|
150
|
+
raise Gem::Security::Exception, "missing signing chain" unless chain
|
|
150
151
|
|
|
151
152
|
root = chain.first
|
|
152
153
|
|
|
153
|
-
raise Gem::Security::Exception,
|
|
154
|
+
raise Gem::Security::Exception, "missing root certificate" unless root
|
|
154
155
|
|
|
155
156
|
path = Gem::Security.trust_dir.cert_path root
|
|
156
157
|
|
|
@@ -182,7 +183,7 @@ class Gem::Security::Policy
|
|
|
182
183
|
|
|
183
184
|
def subject(certificate) # :nodoc:
|
|
184
185
|
certificate.extensions.each do |extension|
|
|
185
|
-
next unless extension.oid ==
|
|
186
|
+
next unless extension.oid == "subjectAltName"
|
|
186
187
|
|
|
187
188
|
return extension.value
|
|
188
189
|
end
|
|
@@ -206,7 +207,7 @@ class Gem::Security::Policy
|
|
|
206
207
|
# If +key+ is given it is used to validate the signing certificate.
|
|
207
208
|
|
|
208
209
|
def verify(chain, key = nil, digests = {}, signatures = {},
|
|
209
|
-
full_name =
|
|
210
|
+
full_name = "(unknown)")
|
|
210
211
|
if signatures.empty?
|
|
211
212
|
if @only_signed
|
|
212
213
|
raise Gem::Security::Exception,
|
|
@@ -230,8 +231,8 @@ class Gem::Security::Policy
|
|
|
230
231
|
end
|
|
231
232
|
|
|
232
233
|
if @verify_data
|
|
233
|
-
raise Gem::Security::Exception,
|
|
234
|
-
signer_digests.nil?
|
|
234
|
+
raise Gem::Security::Exception, "no digests provided (probable bug)" if
|
|
235
|
+
signer_digests.nil? || signer_digests.empty?
|
|
235
236
|
else
|
|
236
237
|
signer_digests = {}
|
|
237
238
|
end
|
|
@@ -248,7 +249,7 @@ class Gem::Security::Policy
|
|
|
248
249
|
|
|
249
250
|
if @only_trusted
|
|
250
251
|
check_trust chain, digester, trust_dir
|
|
251
|
-
elsif signatures.empty?
|
|
252
|
+
elsif signatures.empty? && digests.empty?
|
|
252
253
|
# trust is irrelevant if there's no signatures to verify
|
|
253
254
|
else
|
|
254
255
|
alert_warning "#{subject signer} is not trusted for #{full_name}"
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
##
|
|
3
4
|
# Basic OpenSSL-based package signing class.
|
|
4
5
|
|
|
@@ -42,7 +43,7 @@ class Gem::Security::Signer
|
|
|
42
43
|
def self.re_sign_cert(expired_cert, expired_cert_path, private_key)
|
|
43
44
|
return unless expired_cert.not_after < Time.now
|
|
44
45
|
|
|
45
|
-
expiry = expired_cert.not_after.strftime(
|
|
46
|
+
expiry = expired_cert.not_after.strftime("%Y%m%d%H%M%S")
|
|
46
47
|
expired_cert_file = "#{File.basename(expired_cert_path)}.expired.#{expiry}"
|
|
47
48
|
new_expired_cert_path = File.join(Gem.user_home, ".gem", expired_cert_file)
|
|
48
49
|
|
|
@@ -105,7 +106,7 @@ class Gem::Security::Signer
|
|
|
105
106
|
# this value is preferred, otherwise the subject is used.
|
|
106
107
|
|
|
107
108
|
def extract_name(cert) # :nodoc:
|
|
108
|
-
subject_alt_name = cert.extensions.find {|e|
|
|
109
|
+
subject_alt_name = cert.extensions.find {|e| "subjectAltName" == e.oid }
|
|
109
110
|
|
|
110
111
|
if subject_alt_name
|
|
111
112
|
/\Aemail:/ =~ subject_alt_name.value # rubocop:disable Performance/StartWith
|
|
@@ -139,9 +140,9 @@ class Gem::Security::Signer
|
|
|
139
140
|
def sign(data)
|
|
140
141
|
return unless @key
|
|
141
142
|
|
|
142
|
-
raise Gem::Security::Exception,
|
|
143
|
+
raise Gem::Security::Exception, "no certs provided" if @cert_chain.empty?
|
|
143
144
|
|
|
144
|
-
if @cert_chain.length == 1
|
|
145
|
+
if @cert_chain.length == 1 && @cert_chain.last.not_after < Time.now
|
|
145
146
|
alert("Your certificate has expired, trying to re-sign it...")
|
|
146
147
|
|
|
147
148
|
re_sign_key(
|
|
@@ -182,7 +183,7 @@ class Gem::Security::Signer
|
|
|
182
183
|
return unless disk_key
|
|
183
184
|
|
|
184
185
|
if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem
|
|
185
|
-
expiry = old_cert.not_after.strftime(
|
|
186
|
+
expiry = old_cert.not_after.strftime("%Y%m%d%H%M%S")
|
|
186
187
|
old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
|
|
187
188
|
old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file)
|
|
188
189
|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
##
|
|
3
4
|
# The TrustDir manages the trusted certificates for gem signature
|
|
4
5
|
# verification.
|
|
@@ -8,7 +9,7 @@ class Gem::Security::TrustDir
|
|
|
8
9
|
# Default permissions for the trust directory and its contents
|
|
9
10
|
|
|
10
11
|
DEFAULT_PERMISSIONS = {
|
|
11
|
-
:trust_dir
|
|
12
|
+
:trust_dir => 0700,
|
|
12
13
|
:trusted_cert => 0600,
|
|
13
14
|
}.freeze
|
|
14
15
|
|
|
@@ -41,7 +42,7 @@ class Gem::Security::TrustDir
|
|
|
41
42
|
def each_certificate
|
|
42
43
|
return enum_for __method__ unless block_given?
|
|
43
44
|
|
|
44
|
-
glob = File.join @dir,
|
|
45
|
+
glob = File.join @dir, "*.pem"
|
|
45
46
|
|
|
46
47
|
Dir[glob].each do |certificate_file|
|
|
47
48
|
begin
|
|
@@ -92,7 +93,7 @@ class Gem::Security::TrustDir
|
|
|
92
93
|
|
|
93
94
|
destination = cert_path certificate
|
|
94
95
|
|
|
95
|
-
File.open destination,
|
|
96
|
+
File.open destination, "wb", 0600 do |io|
|
|
96
97
|
io.write certificate.to_pem
|
|
97
98
|
io.chmod(@permissions[:trusted_cert])
|
|
98
99
|
end
|
|
@@ -104,7 +105,7 @@ class Gem::Security::TrustDir
|
|
|
104
105
|
# permissions.
|
|
105
106
|
|
|
106
107
|
def verify
|
|
107
|
-
require
|
|
108
|
+
require "fileutils"
|
|
108
109
|
if File.exist? @dir
|
|
109
110
|
raise Gem::Security::Exception,
|
|
110
111
|
"trust directory #{@dir} is not a directory" unless
|
data/lib/rubygems/security.rb
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
#--
|
|
3
4
|
# Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
|
|
4
5
|
# All rights reserved.
|
|
5
6
|
# See LICENSE.txt for permissions.
|
|
6
7
|
#++
|
|
7
8
|
|
|
8
|
-
require_relative
|
|
9
|
-
require_relative
|
|
9
|
+
require_relative "exceptions"
|
|
10
|
+
require_relative "openssl"
|
|
10
11
|
|
|
11
12
|
##
|
|
12
13
|
# = Signing gems
|
|
@@ -334,7 +335,7 @@ module Gem::Security
|
|
|
334
335
|
##
|
|
335
336
|
# Used internally to select the signing digest from all computed digests
|
|
336
337
|
|
|
337
|
-
DIGEST_NAME =
|
|
338
|
+
DIGEST_NAME = "SHA256" # :nodoc:
|
|
338
339
|
|
|
339
340
|
##
|
|
340
341
|
# Length of keys created by RSA and DSA keys
|
|
@@ -344,18 +345,18 @@ module Gem::Security
|
|
|
344
345
|
##
|
|
345
346
|
# Default algorithm to use when building a key pair
|
|
346
347
|
|
|
347
|
-
DEFAULT_KEY_ALGORITHM =
|
|
348
|
+
DEFAULT_KEY_ALGORITHM = "RSA"
|
|
348
349
|
|
|
349
350
|
##
|
|
350
351
|
# Named curve used for Elliptic Curve
|
|
351
352
|
|
|
352
|
-
EC_NAME =
|
|
353
|
+
EC_NAME = "secp384r1"
|
|
353
354
|
|
|
354
355
|
##
|
|
355
356
|
# Cipher used to encrypt the key pair used to sign gems.
|
|
356
357
|
# Must be in the list returned by OpenSSL::Cipher.ciphers
|
|
357
358
|
|
|
358
|
-
KEY_CIPHER = OpenSSL::Cipher.new(
|
|
359
|
+
KEY_CIPHER = OpenSSL::Cipher.new("AES-256-CBC") if defined?(OpenSSL::Cipher)
|
|
359
360
|
|
|
360
361
|
##
|
|
361
362
|
# One day in seconds
|
|
@@ -376,10 +377,10 @@ module Gem::Security
|
|
|
376
377
|
# * The certificate contains a subject key identifier
|
|
377
378
|
|
|
378
379
|
EXTENSIONS = {
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
380
|
+
"basicConstraints" => "CA:FALSE",
|
|
381
|
+
"keyUsage" =>
|
|
382
|
+
"keyEncipherment,dataEncipherment,digitalSignature",
|
|
383
|
+
"subjectKeyIdentifier" => "hash",
|
|
383
384
|
}.freeze
|
|
384
385
|
|
|
385
386
|
def self.alt_name_or_x509_entry(certificate, x509_entry)
|
|
@@ -433,13 +434,6 @@ module Gem::Security
|
|
|
433
434
|
ec_key
|
|
434
435
|
end
|
|
435
436
|
|
|
436
|
-
##
|
|
437
|
-
# In Ruby 2.3 EC doesn't implement the private_key? but not the private? method
|
|
438
|
-
|
|
439
|
-
if defined?(OpenSSL::PKey::EC) && Gem::Version.new(String.new(RUBY_VERSION)) < Gem::Version.new("2.4.0")
|
|
440
|
-
OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
|
|
441
|
-
end
|
|
442
|
-
|
|
443
437
|
##
|
|
444
438
|
# Creates a self-signed certificate with an issuer and subject from +email+,
|
|
445
439
|
# a subject alternative name of +email+ and the given +extensions+ for the
|
|
@@ -473,7 +467,7 @@ module Gem::Security
|
|
|
473
467
|
OpenSSL::Digest.new(algorithm)
|
|
474
468
|
end
|
|
475
469
|
else
|
|
476
|
-
require
|
|
470
|
+
require "digest"
|
|
477
471
|
|
|
478
472
|
def self.create_digest(algorithm = DIGEST_NAME)
|
|
479
473
|
Digest.const_get(algorithm).new
|
|
@@ -487,18 +481,12 @@ module Gem::Security
|
|
|
487
481
|
def self.create_key(algorithm)
|
|
488
482
|
if defined?(OpenSSL::PKey)
|
|
489
483
|
case algorithm.downcase
|
|
490
|
-
when
|
|
484
|
+
when "dsa"
|
|
491
485
|
OpenSSL::PKey::DSA.new(RSA_DSA_KEY_LENGTH)
|
|
492
|
-
when
|
|
486
|
+
when "rsa"
|
|
493
487
|
OpenSSL::PKey::RSA.new(RSA_DSA_KEY_LENGTH)
|
|
494
|
-
when
|
|
495
|
-
|
|
496
|
-
OpenSSL::PKey::EC.generate(EC_NAME)
|
|
497
|
-
else
|
|
498
|
-
domain_key = OpenSSL::PKey::EC.new(EC_NAME)
|
|
499
|
-
domain_key.generate_key
|
|
500
|
-
domain_key
|
|
501
|
-
end
|
|
488
|
+
when "ec"
|
|
489
|
+
OpenSSL::PKey::EC.generate(EC_NAME)
|
|
502
490
|
else
|
|
503
491
|
raise Gem::Security::Exception,
|
|
504
492
|
"#{algorithm} algorithm not found. RSA, DSA, and EC algorithms are supported."
|
|
@@ -510,11 +498,11 @@ module Gem::Security
|
|
|
510
498
|
# Turns +email_address+ into an OpenSSL::X509::Name
|
|
511
499
|
|
|
512
500
|
def self.email_to_name(email_address)
|
|
513
|
-
email_address = email_address.gsub(/[^\w@.-]+/i,
|
|
501
|
+
email_address = email_address.gsub(/[^\w@.-]+/i, "_")
|
|
514
502
|
|
|
515
|
-
cn, dcs = email_address.split
|
|
503
|
+
cn, dcs = email_address.split "@"
|
|
516
504
|
|
|
517
|
-
dcs = dcs.split
|
|
505
|
+
dcs = dcs.split "."
|
|
518
506
|
|
|
519
507
|
OpenSSL::X509::Name.new([
|
|
520
508
|
["CN", cn],
|
|
@@ -571,17 +559,17 @@ module Gem::Security
|
|
|
571
559
|
signee_key = certificate.public_key
|
|
572
560
|
|
|
573
561
|
alt_name = certificate.extensions.find do |extension|
|
|
574
|
-
extension.oid ==
|
|
562
|
+
extension.oid == "subjectAltName"
|
|
575
563
|
end
|
|
576
564
|
|
|
577
|
-
extensions = extensions.merge
|
|
565
|
+
extensions = extensions.merge "subjectAltName" => alt_name.value if
|
|
578
566
|
alt_name
|
|
579
567
|
|
|
580
568
|
issuer_alt_name = signing_cert.extensions.find do |extension|
|
|
581
|
-
extension.oid ==
|
|
569
|
+
extension.oid == "subjectAltName"
|
|
582
570
|
end
|
|
583
571
|
|
|
584
|
-
extensions = extensions.merge
|
|
572
|
+
extensions = extensions.merge "issuerAltName" => issuer_alt_name.value if
|
|
585
573
|
issuer_alt_name
|
|
586
574
|
|
|
587
575
|
signed = create_cert signee_subject, signee_key, age, extensions, serial
|
|
@@ -597,7 +585,7 @@ module Gem::Security
|
|
|
597
585
|
def self.trust_dir
|
|
598
586
|
return @trust_dir if @trust_dir
|
|
599
587
|
|
|
600
|
-
dir = File.join Gem.user_home,
|
|
588
|
+
dir = File.join Gem.user_home, ".gem", "trust"
|
|
601
589
|
|
|
602
590
|
@trust_dir ||= Gem::Security::TrustDir.new dir
|
|
603
591
|
end
|
|
@@ -617,8 +605,8 @@ module Gem::Security
|
|
|
617
605
|
def self.write(pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER)
|
|
618
606
|
path = File.expand_path path
|
|
619
607
|
|
|
620
|
-
File.open path,
|
|
621
|
-
if passphrase
|
|
608
|
+
File.open path, "wb", permissions do |io|
|
|
609
|
+
if passphrase && cipher
|
|
622
610
|
io.write pemmable.to_pem cipher, passphrase
|
|
623
611
|
else
|
|
624
612
|
io.write pemmable.to_pem
|
|
@@ -633,9 +621,9 @@ module Gem::Security
|
|
|
633
621
|
end
|
|
634
622
|
|
|
635
623
|
if Gem::HAVE_OPENSSL
|
|
636
|
-
require_relative
|
|
637
|
-
require_relative
|
|
638
|
-
require_relative
|
|
624
|
+
require_relative "security/policy"
|
|
625
|
+
require_relative "security/policies"
|
|
626
|
+
require_relative "security/trust_dir"
|
|
639
627
|
end
|
|
640
628
|
|
|
641
|
-
require_relative
|
|
629
|
+
require_relative "security/signer"
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
|
|
2
3
|
#--
|
|
3
4
|
# Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
|
|
4
5
|
# All rights reserved.
|
|
5
6
|
# See LICENSE.txt for permissions.
|
|
6
7
|
#++
|
|
7
8
|
|
|
8
|
-
require_relative
|
|
9
|
+
require_relative "../rubygems"
|
|
9
10
|
|
|
10
11
|
# forward-declare
|
|
11
12
|
|
|
@@ -20,9 +21,9 @@ end
|
|
|
20
21
|
module Gem::SecurityOption
|
|
21
22
|
def add_security_option
|
|
22
23
|
Gem::OptionParser.accept Gem::Security::Policy do |value|
|
|
23
|
-
require_relative
|
|
24
|
+
require_relative "security"
|
|
24
25
|
|
|
25
|
-
raise Gem::OptionParser::InvalidArgument,
|
|
26
|
+
raise Gem::OptionParser::InvalidArgument, "OpenSSL not installed" unless
|
|
26
27
|
defined?(Gem::Security::HighSecurity)
|
|
27
28
|
|
|
28
29
|
policy = Gem::Security::Policies[value]
|
|
@@ -33,9 +34,9 @@ module Gem::SecurityOption
|
|
|
33
34
|
policy
|
|
34
35
|
end
|
|
35
36
|
|
|
36
|
-
add_option(:"Install/Update",
|
|
37
|
+
add_option(:"Install/Update", "-P", "--trust-policy POLICY",
|
|
37
38
|
Gem::Security::Policy,
|
|
38
|
-
|
|
39
|
+
"Specify gem trust policy") do |value, options|
|
|
39
40
|
options[:security_policy] = value
|
|
40
41
|
end
|
|
41
42
|
end
|