rubygems-update 3.4.19 → 3.4.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -0
- data/Manifest.txt +1 -0
- data/bundler/CHANGELOG.md +62 -2
- data/bundler/lib/bundler/build_metadata.rb +3 -3
- data/bundler/lib/bundler/cli/check.rb +1 -1
- data/bundler/lib/bundler/cli/gem.rb +1 -3
- data/bundler/lib/bundler/cli/info.rb +1 -1
- data/bundler/lib/bundler/cli/install.rb +2 -2
- data/bundler/lib/bundler/cli/lock.rb +26 -23
- data/bundler/lib/bundler/cli/open.rb +5 -7
- data/bundler/lib/bundler/cli/update.rb +1 -0
- data/bundler/lib/bundler/definition.rb +42 -25
- data/bundler/lib/bundler/env.rb +2 -2
- data/bundler/lib/bundler/fetcher/base.rb +2 -2
- data/bundler/lib/bundler/fetcher/compact_index.rb +1 -5
- data/bundler/lib/bundler/fetcher/dependency.rb +1 -1
- data/bundler/lib/bundler/fetcher.rb +31 -30
- data/bundler/lib/bundler/gem_version_promoter.rb +2 -2
- data/bundler/lib/bundler/index.rb +62 -31
- data/bundler/lib/bundler/injector.rb +1 -1
- data/bundler/lib/bundler/installer/parallel_installer.rb +0 -26
- data/bundler/lib/bundler/installer/standalone.rb +15 -1
- data/bundler/lib/bundler/lockfile_parser.rb +32 -39
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +1 -1
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -1
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +2 -2
- data/bundler/lib/bundler/man/bundle-exec.1.ronn +2 -3
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +1 -1
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +17 -17
- data/bundler/lib/bundler/man/bundle-plugin.1.ronn +5 -5
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +12 -1
- data/bundler/lib/bundler/man/gemfile.5.ronn +5 -0
- data/bundler/lib/bundler/plugin.rb +1 -1
- data/bundler/lib/bundler/resolver/package.rb +5 -0
- data/bundler/lib/bundler/resolver.rb +45 -10
- data/bundler/lib/bundler/retry.rb +1 -1
- data/bundler/lib/bundler/ruby_dsl.rb +23 -2
- data/bundler/lib/bundler/ruby_version.rb +8 -1
- data/bundler/lib/bundler/self_manager.rb +2 -0
- data/bundler/lib/bundler/settings.rb +86 -25
- data/bundler/lib/bundler/shared_helpers.rb +16 -1
- data/bundler/lib/bundler/source/git/git_proxy.rb +27 -6
- data/bundler/lib/bundler/source/rubygems.rb +22 -25
- data/bundler/lib/bundler/spec_set.rb +2 -2
- data/bundler/lib/bundler/stub_specification.rb +4 -2
- data/bundler/lib/bundler/templates/newgem/Rakefile.tt +6 -2
- data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt +1 -1
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler/yaml_serializer.rb +6 -7
- data/lib/rubygems/available_set.rb +1 -1
- data/lib/rubygems/basic_specification.rb +3 -3
- data/lib/rubygems/command.rb +17 -20
- data/lib/rubygems/command_manager.rb +1 -1
- data/lib/rubygems/commands/cert_command.rb +3 -3
- data/lib/rubygems/commands/check_command.rb +5 -1
- data/lib/rubygems/commands/cleanup_command.rb +1 -1
- data/lib/rubygems/commands/contents_command.rb +1 -1
- data/lib/rubygems/commands/dependency_command.rb +3 -4
- data/lib/rubygems/commands/help_command.rb +2 -2
- data/lib/rubygems/commands/open_command.rb +1 -3
- data/lib/rubygems/commands/owner_command.rb +9 -11
- data/lib/rubygems/commands/setup_command.rb +8 -8
- data/lib/rubygems/commands/specification_command.rb +5 -1
- data/lib/rubygems/commands/stale_command.rb +1 -1
- data/lib/rubygems/commands/uninstall_command.rb +6 -7
- data/lib/rubygems/commands/unpack_command.rb +4 -6
- data/lib/rubygems/commands/update_command.rb +3 -3
- data/lib/rubygems/commands/yank_command.rb +1 -1
- data/lib/rubygems/config_file.rb +60 -13
- data/lib/rubygems/core_ext/kernel_gem.rb +2 -2
- data/lib/rubygems/core_ext/kernel_require.rb +1 -1
- data/lib/rubygems/core_ext/kernel_warn.rb +4 -5
- data/lib/rubygems/defaults.rb +6 -2
- data/lib/rubygems/dependency_installer.rb +8 -12
- data/lib/rubygems/deprecate.rb +4 -3
- data/lib/rubygems/doctor.rb +1 -1
- data/lib/rubygems/errors.rb +1 -1
- data/lib/rubygems/exceptions.rb +1 -1
- data/lib/rubygems/ext/builder.rb +5 -4
- data/lib/rubygems/ext/cargo_builder.rb +2 -2
- data/lib/rubygems/gem_runner.rb +5 -1
- data/lib/rubygems/gemcutter_utilities.rb +4 -4
- data/lib/rubygems/indexer.rb +1 -1
- data/lib/rubygems/install_update_options.rb +1 -1
- data/lib/rubygems/installer.rb +17 -19
- data/lib/rubygems/name_tuple.rb +1 -1
- data/lib/rubygems/package/old.rb +1 -1
- data/lib/rubygems/package/tar_reader/entry.rb +18 -20
- data/lib/rubygems/package/tar_reader.rb +0 -5
- data/lib/rubygems/package/tar_writer.rb +1 -1
- data/lib/rubygems/package.rb +18 -12
- data/lib/rubygems/platform.rb +6 -2
- data/lib/rubygems/query_utils.rb +5 -5
- data/lib/rubygems/remote_fetcher.rb +10 -2
- data/lib/rubygems/request_set/gem_dependency_api.rb +1 -1
- data/lib/rubygems/request_set.rb +2 -1
- data/lib/rubygems/requirement.rb +1 -1
- data/lib/rubygems/resolver/activation_request.rb +2 -4
- data/lib/rubygems/resolver/api_set.rb +2 -1
- data/lib/rubygems/resolver/api_specification.rb +1 -1
- data/lib/rubygems/resolver/installed_specification.rb +1 -1
- data/lib/rubygems/resolver/local_specification.rb +1 -1
- data/lib/rubygems/s3_uri_signer.rb +1 -1
- data/lib/rubygems/security/signer.rb +10 -2
- data/lib/rubygems/security/trust_dir.rb +8 -10
- data/lib/rubygems/security.rb +2 -2
- data/lib/rubygems/security_option.rb +1 -1
- data/lib/rubygems/source/local.rb +34 -37
- data/lib/rubygems/source.rb +7 -3
- data/lib/rubygems/source_list.rb +2 -2
- data/lib/rubygems/spec_fetcher.rb +29 -33
- data/lib/rubygems/specification.rb +43 -36
- data/lib/rubygems/specification_policy.rb +36 -35
- data/lib/rubygems/stub_specification.rb +13 -10
- data/lib/rubygems/uninstaller.rb +2 -2
- data/lib/rubygems/update_suggestion.rb +1 -1
- data/lib/rubygems/user_interaction.rb +2 -2
- data/lib/rubygems/util/licenses.rb +115 -0
- data/lib/rubygems/util.rb +5 -1
- data/lib/rubygems/validator.rb +5 -7
- data/lib/rubygems/version.rb +3 -2
- data/lib/rubygems/yaml_serializer.rb +88 -0
- data/lib/rubygems.rb +8 -10
- data/rubygems-update.gemspec +1 -1
- data/setup.rb +2 -0
- data/test/rubygems/bundler_test_gem.rb +6 -3
- data/test/rubygems/helper.rb +38 -32
- data/test/rubygems/package/tar_test_case.rb +2 -2
- data/test/rubygems/test_gem.rb +55 -30
- data/test/rubygems/test_gem_command.rb +3 -1
- data/test/rubygems/test_gem_commands_build_command.rb +2 -1
- data/test/rubygems/test_gem_commands_cert_command.rb +22 -22
- data/test/rubygems/test_gem_commands_cleanup_command.rb +2 -2
- data/test/rubygems/test_gem_commands_environment_command.rb +2 -1
- data/test/rubygems/test_gem_commands_exec_command.rb +5 -1
- data/test/rubygems/test_gem_commands_install_command.rb +3 -3
- data/test/rubygems/test_gem_commands_open_command.rb +5 -2
- data/test/rubygems/test_gem_commands_pristine_command.rb +2 -2
- data/test/rubygems/test_gem_commands_push_command.rb +7 -6
- data/test/rubygems/test_gem_commands_signin_command.rb +8 -8
- data/test/rubygems/test_gem_commands_stale_command.rb +1 -1
- data/test/rubygems/test_gem_commands_uninstall_command.rb +1 -1
- data/test/rubygems/test_gem_commands_unpack_command.rb +2 -2
- data/test/rubygems/test_gem_config_file.rb +46 -12
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock +28 -12
- data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.toml +1 -1
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock +16 -14
- data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml +1 -1
- data/test/rubygems/test_gem_ext_cargo_builder.rb +2 -2
- data/test/rubygems/test_gem_gemcutter_utilities.rb +8 -5
- data/test/rubygems/test_gem_indexer.rb +1 -1
- data/test/rubygems/test_gem_install_update_options.rb +3 -3
- data/test/rubygems/test_gem_installer.rb +15 -15
- data/test/rubygems/test_gem_package.rb +152 -36
- data/test/rubygems/test_gem_package_old.rb +1 -1
- data/test/rubygems/test_gem_package_tar_header.rb +10 -10
- data/test/rubygems/test_gem_package_tar_reader.rb +4 -4
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +53 -1
- data/test/rubygems/test_gem_package_tar_writer.rb +41 -41
- data/test/rubygems/test_gem_rdoc.rb +2 -2
- data/test/rubygems/test_gem_remote_fetcher.rb +34 -34
- data/test/rubygems/test_gem_request.rb +5 -5
- data/test/rubygems/test_gem_request_connection_pools.rb +2 -1
- data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +14 -7
- data/test/rubygems/test_gem_requirement.rb +1 -1
- data/test/rubygems/test_gem_security.rb +2 -2
- data/test/rubygems/test_gem_security_signer.rb +2 -2
- data/test/rubygems/test_gem_security_trust_dir.rb +6 -6
- data/test/rubygems/test_gem_spec_fetcher.rb +2 -2
- data/test/rubygems/test_gem_specification.rb +71 -35
- data/test/rubygems/test_gem_update_suggestion.rb +23 -23
- data/test/rubygems/test_gem_util.rb +2 -2
- data/test/rubygems/test_gem_version.rb +4 -2
- data/test/rubygems/test_require.rb +4 -6
- data/test/rubygems/utilities.rb +4 -3
- metadata +4 -3
data/lib/rubygems/package.rb
CHANGED
@@ -230,7 +230,7 @@ class Gem::Package
|
|
230
230
|
end
|
231
231
|
end
|
232
232
|
|
233
|
-
tar.add_file_signed "checksums.yaml.gz",
|
233
|
+
tar.add_file_signed "checksums.yaml.gz", 0o444, @signer do |io|
|
234
234
|
gzip_to io do |gz_io|
|
235
235
|
Psych.dump checksums_by_algorithm, gz_io
|
236
236
|
end
|
@@ -242,7 +242,7 @@ class Gem::Package
|
|
242
242
|
# and adds this file to the +tar+.
|
243
243
|
|
244
244
|
def add_contents(tar) # :nodoc:
|
245
|
-
digests = tar.add_file_signed "data.tar.gz",
|
245
|
+
digests = tar.add_file_signed "data.tar.gz", 0o444, @signer do |io|
|
246
246
|
gzip_to io do |gz_io|
|
247
247
|
Gem::Package::TarWriter.new gz_io do |data_tar|
|
248
248
|
add_files data_tar
|
@@ -268,7 +268,7 @@ class Gem::Package
|
|
268
268
|
|
269
269
|
tar.add_file_simple file, stat.mode, stat.size do |dst_io|
|
270
270
|
File.open file, "rb" do |src_io|
|
271
|
-
dst_io.write src_io.read
|
271
|
+
dst_io.write src_io.read 16_384 until src_io.eof?
|
272
272
|
end
|
273
273
|
end
|
274
274
|
end
|
@@ -278,7 +278,7 @@ class Gem::Package
|
|
278
278
|
# Adds the package's Gem::Specification to the +tar+ file
|
279
279
|
|
280
280
|
def add_metadata(tar) # :nodoc:
|
281
|
-
digests = tar.add_file_signed "metadata.gz",
|
281
|
+
digests = tar.add_file_signed "metadata.gz", 0o444, @signer do |io|
|
282
282
|
gzip_to io do |gz_io|
|
283
283
|
gz_io.write @spec.to_yaml
|
284
284
|
end
|
@@ -347,6 +347,8 @@ EOM
|
|
347
347
|
return @contents
|
348
348
|
end
|
349
349
|
end
|
350
|
+
rescue Zlib::GzipFile::Error, EOFError, Gem::Package::TarInvalidError => e
|
351
|
+
raise Gem::Package::FormatError.new e.message, @gem
|
350
352
|
end
|
351
353
|
|
352
354
|
##
|
@@ -363,7 +365,7 @@ EOM
|
|
363
365
|
algorithms.each do |algorithm|
|
364
366
|
digester = Gem::Security.create_digest(algorithm)
|
365
367
|
|
366
|
-
digester << entry.
|
368
|
+
digester << entry.readpartial(16_384) until entry.eof?
|
367
369
|
|
368
370
|
entry.rewind
|
369
371
|
|
@@ -382,7 +384,7 @@ EOM
|
|
382
384
|
def extract_files(destination_dir, pattern = "*")
|
383
385
|
verify unless @spec
|
384
386
|
|
385
|
-
FileUtils.mkdir_p destination_dir, :mode => dir_mode &&
|
387
|
+
FileUtils.mkdir_p destination_dir, :mode => dir_mode && 0o755
|
386
388
|
|
387
389
|
@gem.with_read_io do |io|
|
388
390
|
reader = Gem::Package::TarReader.new io
|
@@ -395,6 +397,8 @@ EOM
|
|
395
397
|
return # ignore further entries
|
396
398
|
end
|
397
399
|
end
|
400
|
+
rescue Zlib::GzipFile::Error, EOFError, Gem::Package::TarInvalidError => e
|
401
|
+
raise Gem::Package::FormatError.new e.message, @gem
|
398
402
|
end
|
399
403
|
|
400
404
|
##
|
@@ -409,6 +413,8 @@ EOM
|
|
409
413
|
# extracted.
|
410
414
|
|
411
415
|
def extract_tar_gz(io, destination_dir, pattern = "*") # :nodoc:
|
416
|
+
destination_dir = File.realpath(destination_dir)
|
417
|
+
|
412
418
|
directories = []
|
413
419
|
symlinks = []
|
414
420
|
|
@@ -432,7 +438,7 @@ EOM
|
|
432
438
|
FileUtils.rm_rf destination
|
433
439
|
|
434
440
|
mkdir_options = {}
|
435
|
-
mkdir_options[:mode] = dir_mode ?
|
441
|
+
mkdir_options[:mode] = dir_mode ? 0o755 : (entry.header.mode if entry.directory?)
|
436
442
|
mkdir =
|
437
443
|
if entry.directory?
|
438
444
|
destination
|
@@ -468,7 +474,7 @@ EOM
|
|
468
474
|
end
|
469
475
|
|
470
476
|
def file_mode(mode) # :nodoc:
|
471
|
-
((mode &
|
477
|
+
((mode & 0o111).zero? ? data_mode : prog_mode) ||
|
472
478
|
# If we're not using one of the default modes, then we're going to fall
|
473
479
|
# back to the mode from the tarball. In this case we need to mask it down
|
474
480
|
# to fit into 2^16 bits (the maximum value for a mode in CRuby since it
|
@@ -626,7 +632,7 @@ EOM
|
|
626
632
|
raise
|
627
633
|
rescue Errno::ENOENT => e
|
628
634
|
raise Gem::Package::FormatError.new e.message
|
629
|
-
rescue Gem::Package::TarInvalidError => e
|
635
|
+
rescue Zlib::GzipFile::Error, EOFError, Gem::Package::TarInvalidError => e
|
630
636
|
raise Gem::Package::FormatError.new e.message, @gem
|
631
637
|
end
|
632
638
|
|
@@ -670,7 +676,7 @@ EOM
|
|
670
676
|
when "data.tar.gz" then
|
671
677
|
verify_gz entry
|
672
678
|
end
|
673
|
-
rescue
|
679
|
+
rescue StandardError
|
674
680
|
warn "Exception while verifying #{@gem.path}"
|
675
681
|
raise
|
676
682
|
end
|
@@ -693,7 +699,7 @@ EOM
|
|
693
699
|
end
|
694
700
|
|
695
701
|
if (duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first)) && duplicates.any?
|
696
|
-
raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(
|
702
|
+
raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(", ")})"
|
697
703
|
end
|
698
704
|
end
|
699
705
|
|
@@ -702,7 +708,7 @@ EOM
|
|
702
708
|
|
703
709
|
def verify_gz(entry) # :nodoc:
|
704
710
|
Zlib::GzipReader.wrap entry do |gzio|
|
705
|
-
gzio.read
|
711
|
+
gzio.read 16_384 until gzio.eof? # gzip checksum verification
|
706
712
|
end
|
707
713
|
rescue Zlib::GzipFile::Error => e
|
708
714
|
raise Gem::Package::FormatError.new(e.message, entry.full_name)
|
data/lib/rubygems/platform.rb
CHANGED
@@ -90,7 +90,10 @@ class Gem::Platform
|
|
90
90
|
end
|
91
91
|
|
92
92
|
os, = arch
|
93
|
-
|
93
|
+
if os.nil?
|
94
|
+
@cpu = nil
|
95
|
+
os = cpu
|
96
|
+
end # legacy jruby
|
94
97
|
|
95
98
|
@os, @version = case os
|
96
99
|
when /aix(\d+)?/ then [ "aix", $1 ]
|
@@ -107,7 +110,8 @@ class Gem::Platform
|
|
107
110
|
when /mingw32/ then [ "mingw32", nil ]
|
108
111
|
when /mingw-?(\w+)?/ then [ "mingw", $1 ]
|
109
112
|
when /(mswin\d+)(\_(\d+))?/ then
|
110
|
-
os
|
113
|
+
os = $1
|
114
|
+
version = $3
|
111
115
|
@cpu = "x86" if @cpu.nil? && os =~ /32$/
|
112
116
|
[os, version]
|
113
117
|
when /netbsdelf/ then [ "netbsdelf", nil ]
|
data/lib/rubygems/query_utils.rb
CHANGED
@@ -85,7 +85,7 @@ module Gem::QueryUtils
|
|
85
85
|
installed = !installed unless options[:installed]
|
86
86
|
|
87
87
|
say(installed)
|
88
|
-
exit_code = 1
|
88
|
+
exit_code = 1 unless installed
|
89
89
|
end
|
90
90
|
|
91
91
|
exit_code
|
@@ -264,7 +264,7 @@ module Gem::QueryUtils
|
|
264
264
|
end
|
265
265
|
end
|
266
266
|
|
267
|
-
entry << " (#{list.join
|
267
|
+
entry << " (#{list.join ", "})"
|
268
268
|
end
|
269
269
|
|
270
270
|
def make_entry(entry_tuples, platforms)
|
@@ -283,7 +283,7 @@ module Gem::QueryUtils
|
|
283
283
|
end
|
284
284
|
|
285
285
|
def spec_authors(entry, spec)
|
286
|
-
authors = "Author#{spec.authors.length > 1 ?
|
286
|
+
authors = "Author#{spec.authors.length > 1 ? "s" : ""}: ".dup
|
287
287
|
authors << spec.authors.join(", ")
|
288
288
|
entry << format_text(authors, 68, 4)
|
289
289
|
end
|
@@ -297,7 +297,7 @@ module Gem::QueryUtils
|
|
297
297
|
def spec_license(entry, spec)
|
298
298
|
return if spec.license.nil? || spec.license.empty?
|
299
299
|
|
300
|
-
licenses = "License#{spec.licenses.length > 1 ?
|
300
|
+
licenses = "License#{spec.licenses.length > 1 ? "s" : ""}: ".dup
|
301
301
|
licenses << spec.licenses.join(", ")
|
302
302
|
entry << "\n" << format_text(licenses, 68, 4)
|
303
303
|
end
|
@@ -328,7 +328,7 @@ module Gem::QueryUtils
|
|
328
328
|
|
329
329
|
if platforms.length == 1
|
330
330
|
title = platforms.values.length == 1 ? "Platform" : "Platforms"
|
331
|
-
entry << " #{title}: #{platforms.values.sort.join(
|
331
|
+
entry << " #{title}: #{platforms.values.sort.join(", ")}\n"
|
332
332
|
else
|
333
333
|
entry << " Platforms:\n"
|
334
334
|
|
@@ -125,7 +125,11 @@ class Gem::RemoteFetcher
|
|
125
125
|
local_gem_path = File.join cache_dir, gem_file_name
|
126
126
|
|
127
127
|
require "fileutils"
|
128
|
-
|
128
|
+
begin
|
129
|
+
FileUtils.mkdir_p cache_dir
|
130
|
+
rescue StandardError
|
131
|
+
nil
|
132
|
+
end unless File.exist? cache_dir
|
129
133
|
|
130
134
|
source_uri = Gem::Uri.new(source_uri)
|
131
135
|
|
@@ -281,7 +285,11 @@ class Gem::RemoteFetcher
|
|
281
285
|
# passes the data.
|
282
286
|
|
283
287
|
def cache_update_path(uri, path = nil, update = true)
|
284
|
-
mtime =
|
288
|
+
mtime = begin
|
289
|
+
path && File.stat(path).mtime
|
290
|
+
rescue StandardError
|
291
|
+
nil
|
292
|
+
end
|
285
293
|
|
286
294
|
data = fetch_path(uri, mtime)
|
287
295
|
|
@@ -357,7 +357,7 @@ class Gem::RequestSet::GemDependencyAPI
|
|
357
357
|
# Use the given tag for git:, gist: and github: dependencies.
|
358
358
|
|
359
359
|
def gem(name, *requirements)
|
360
|
-
options = requirements.pop if requirements.last.
|
360
|
+
options = requirements.pop if requirements.last.is_a?(Hash)
|
361
361
|
options ||= {}
|
362
362
|
|
363
363
|
options[:git] = @current_repository if @current_repository
|
data/lib/rubygems/request_set.rb
CHANGED
@@ -255,7 +255,8 @@ class Gem::RequestSet
|
|
255
255
|
end
|
256
256
|
|
257
257
|
def install_into(dir, force = true, options = {})
|
258
|
-
gem_home
|
258
|
+
gem_home = ENV["GEM_HOME"]
|
259
|
+
ENV["GEM_HOME"] = dir
|
259
260
|
|
260
261
|
existing = force ? [] : specs_in(dir)
|
261
262
|
existing.delete_if {|s| @always_install.include? s }
|
data/lib/rubygems/requirement.rb
CHANGED
@@ -59,10 +59,8 @@ class Gem::Resolver::ActivationRequest
|
|
59
59
|
if @spec.respond_to? :sources
|
60
60
|
exception = nil
|
61
61
|
path = @spec.sources.find do |source|
|
62
|
-
|
63
|
-
|
64
|
-
rescue exception
|
65
|
-
end
|
62
|
+
source.download full_spec, path
|
63
|
+
rescue exception
|
66
64
|
end
|
67
65
|
return path if path
|
68
66
|
raise exception if exception
|
@@ -22,7 +22,7 @@ class Gem::Resolver::APISpecification < Gem::Resolver::Specification
|
|
22
22
|
# Creates an APISpecification for the given +set+ from the rubygems.org
|
23
23
|
# +api_data+.
|
24
24
|
#
|
25
|
-
# See https://guides.rubygems.org/rubygems-org-api/#
|
25
|
+
# See https://guides.rubygems.org/rubygems-org-api/#misc-methods for the
|
26
26
|
# format of the +api_data+.
|
27
27
|
|
28
28
|
def initialize(set, api_data)
|
@@ -25,7 +25,7 @@ class Gem::Resolver::InstalledSpecification < Gem::Resolver::SpecSpecification
|
|
25
25
|
def installable_platform?
|
26
26
|
# BACKCOMPAT If the file is coming out of a specified file, then we
|
27
27
|
# ignore the platform. This code can be removed in RG 3.0.
|
28
|
-
return true if @source.
|
28
|
+
return true if @source.is_a? Gem::Source::SpecificFile
|
29
29
|
|
30
30
|
super
|
31
31
|
end
|
@@ -8,7 +8,7 @@ class Gem::Resolver::LocalSpecification < Gem::Resolver::SpecSpecification
|
|
8
8
|
# Returns +true+ if this gem is installable for the current platform.
|
9
9
|
|
10
10
|
def installable_platform?
|
11
|
-
return true if @source.
|
11
|
+
return true if @source.is_a? Gem::Source::SpecificFile
|
12
12
|
|
13
13
|
super
|
14
14
|
end
|
@@ -34,7 +34,7 @@ class Gem::S3URISigner
|
|
34
34
|
|
35
35
|
##
|
36
36
|
# Signs S3 URI using query-params according to the reference: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
|
37
|
-
def sign(expiration =
|
37
|
+
def sign(expiration = 86_400)
|
38
38
|
s3_config = fetch_s3_config
|
39
39
|
|
40
40
|
current_time = Time.now.utc
|
@@ -175,10 +175,18 @@ class Gem::Security::Signer
|
|
175
175
|
old_cert = @cert_chain.last
|
176
176
|
|
177
177
|
disk_cert_path = File.join(Gem.default_cert_path)
|
178
|
-
disk_cert =
|
178
|
+
disk_cert = begin
|
179
|
+
File.read(disk_cert_path)
|
180
|
+
rescue StandardError
|
181
|
+
nil
|
182
|
+
end
|
179
183
|
|
180
184
|
disk_key_path = File.join(Gem.default_key_path)
|
181
|
-
disk_key =
|
185
|
+
disk_key = begin
|
186
|
+
OpenSSL::PKey.read(File.read(disk_key_path), @passphrase)
|
187
|
+
rescue StandardError
|
188
|
+
nil
|
189
|
+
end
|
182
190
|
|
183
191
|
return unless disk_key
|
184
192
|
|
@@ -9,8 +9,8 @@ class Gem::Security::TrustDir
|
|
9
9
|
# Default permissions for the trust directory and its contents
|
10
10
|
|
11
11
|
DEFAULT_PERMISSIONS = {
|
12
|
-
:trust_dir =>
|
13
|
-
:trusted_cert =>
|
12
|
+
:trust_dir => 0o700,
|
13
|
+
:trusted_cert => 0o600,
|
14
14
|
}.freeze
|
15
15
|
|
16
16
|
##
|
@@ -45,13 +45,11 @@ class Gem::Security::TrustDir
|
|
45
45
|
glob = File.join @dir, "*.pem"
|
46
46
|
|
47
47
|
Dir[glob].each do |certificate_file|
|
48
|
-
|
49
|
-
certificate = load_certificate certificate_file
|
48
|
+
certificate = load_certificate certificate_file
|
50
49
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
end
|
50
|
+
yield certificate, certificate_file
|
51
|
+
rescue OpenSSL::X509::CertificateError
|
52
|
+
next # HACK warn
|
55
53
|
end
|
56
54
|
end
|
57
55
|
|
@@ -93,7 +91,7 @@ class Gem::Security::TrustDir
|
|
93
91
|
|
94
92
|
destination = cert_path certificate
|
95
93
|
|
96
|
-
File.open destination, "wb",
|
94
|
+
File.open destination, "wb", 0o600 do |io|
|
97
95
|
io.write certificate.to_pem
|
98
96
|
io.chmod(@permissions[:trusted_cert])
|
99
97
|
end
|
@@ -111,7 +109,7 @@ class Gem::Security::TrustDir
|
|
111
109
|
"trust directory #{@dir} is not a directory" unless
|
112
110
|
File.directory? @dir
|
113
111
|
|
114
|
-
FileUtils.chmod
|
112
|
+
FileUtils.chmod 0o700, @dir
|
115
113
|
else
|
116
114
|
FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
|
117
115
|
end
|
data/lib/rubygems/security.rb
CHANGED
@@ -361,7 +361,7 @@ module Gem::Security
|
|
361
361
|
##
|
362
362
|
# One day in seconds
|
363
363
|
|
364
|
-
ONE_DAY =
|
364
|
+
ONE_DAY = 86_400
|
365
365
|
|
366
366
|
##
|
367
367
|
# One year in seconds
|
@@ -602,7 +602,7 @@ module Gem::Security
|
|
602
602
|
# +permissions+. If passed +cipher+ and +passphrase+ those arguments will be
|
603
603
|
# passed to +to_pem+.
|
604
604
|
|
605
|
-
def self.write(pemmable, path, permissions =
|
605
|
+
def self.write(pemmable, path, permissions = 0o600, passphrase = nil, cipher = KEY_CIPHER)
|
606
606
|
path = File.expand_path path
|
607
607
|
|
608
608
|
File.open path, "wb", permissions do |io|
|
@@ -29,7 +29,7 @@ module Gem::SecurityOption
|
|
29
29
|
policy = Gem::Security::Policies[value]
|
30
30
|
unless policy
|
31
31
|
valid = Gem::Security::Policies.keys.sort
|
32
|
-
raise Gem::OptionParser::InvalidArgument, "#{value} (#{valid.join
|
32
|
+
raise Gem::OptionParser::InvalidArgument, "#{value} (#{valid.join ", "} are valid)"
|
33
33
|
end
|
34
34
|
policy
|
35
35
|
end
|
@@ -41,36 +41,34 @@ class Gem::Source::Local < Gem::Source
|
|
41
41
|
@specs = {}
|
42
42
|
|
43
43
|
Dir["*.gem"].each do |file|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
unless pkg.spec.version.prerelease?
|
55
|
-
names << pkg.spec.name_tuple
|
56
|
-
end
|
57
|
-
when :prerelease
|
58
|
-
if pkg.spec.version.prerelease?
|
59
|
-
names << pkg.spec.name_tuple
|
60
|
-
end
|
61
|
-
when :latest
|
62
|
-
tup = pkg.spec.name_tuple
|
63
|
-
|
64
|
-
cur = names.find {|x| x.name == tup.name }
|
65
|
-
if !cur
|
66
|
-
names << tup
|
67
|
-
elsif cur.version < tup.version
|
68
|
-
names.delete cur
|
69
|
-
names << tup
|
70
|
-
end
|
71
|
-
else
|
44
|
+
pkg = Gem::Package.new(file)
|
45
|
+
rescue SystemCallError, Gem::Package::FormatError
|
46
|
+
# ignore
|
47
|
+
else
|
48
|
+
tup = pkg.spec.name_tuple
|
49
|
+
@specs[tup] = [File.expand_path(file), pkg]
|
50
|
+
|
51
|
+
case type
|
52
|
+
when :released
|
53
|
+
unless pkg.spec.version.prerelease?
|
72
54
|
names << pkg.spec.name_tuple
|
73
55
|
end
|
56
|
+
when :prerelease
|
57
|
+
if pkg.spec.version.prerelease?
|
58
|
+
names << pkg.spec.name_tuple
|
59
|
+
end
|
60
|
+
when :latest
|
61
|
+
tup = pkg.spec.name_tuple
|
62
|
+
|
63
|
+
cur = names.find {|x| x.name == tup.name }
|
64
|
+
if !cur
|
65
|
+
names << tup
|
66
|
+
elsif cur.version < tup.version
|
67
|
+
names.delete cur
|
68
|
+
names << tup
|
69
|
+
end
|
70
|
+
else
|
71
|
+
names << pkg.spec.name_tuple
|
74
72
|
end
|
75
73
|
end
|
76
74
|
|
@@ -85,15 +83,14 @@ class Gem::Source::Local < Gem::Source
|
|
85
83
|
found = []
|
86
84
|
|
87
85
|
@specs.each do |n, data|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
end
|
86
|
+
next unless n.name == gem_name
|
87
|
+
s = data[1].spec
|
88
|
+
|
89
|
+
if version.satisfied_by?(s.version)
|
90
|
+
if prerelease
|
91
|
+
found << s
|
92
|
+
elsif !s.version.prerelease? || version.prerelease?
|
93
|
+
found << s
|
97
94
|
end
|
98
95
|
end
|
99
96
|
end
|
data/lib/rubygems/source.rb
CHANGED
@@ -44,12 +44,12 @@ class Gem::Source
|
|
44
44
|
Gem::Source::Vendor then
|
45
45
|
-1
|
46
46
|
when Gem::Source then
|
47
|
-
|
47
|
+
unless @uri
|
48
48
|
return 0 unless other.uri
|
49
49
|
return 1
|
50
50
|
end
|
51
51
|
|
52
|
-
return -1
|
52
|
+
return -1 unless other.uri
|
53
53
|
|
54
54
|
# Returning 1 here ensures that when sorting a list of sources, the
|
55
55
|
# original ordering of sources supplied by the user is preserved.
|
@@ -137,7 +137,11 @@ class Gem::Source
|
|
137
137
|
|
138
138
|
if File.exist? local_spec
|
139
139
|
spec = Gem.read_binary local_spec
|
140
|
-
spec =
|
140
|
+
spec = begin
|
141
|
+
Marshal.load(spec)
|
142
|
+
rescue StandardError
|
143
|
+
nil
|
144
|
+
end
|
141
145
|
return spec if spec
|
142
146
|
end
|
143
147
|
|
data/lib/rubygems/source_list.rb
CHANGED
@@ -126,7 +126,7 @@ class Gem::SourceList
|
|
126
126
|
# Gem::Source or a source URI.
|
127
127
|
|
128
128
|
def include?(other)
|
129
|
-
if other.
|
129
|
+
if other.is_a? Gem::Source
|
130
130
|
@sources.include? other
|
131
131
|
else
|
132
132
|
@sources.find {|x| x.uri.to_s == other.to_s }
|
@@ -137,7 +137,7 @@ class Gem::SourceList
|
|
137
137
|
# Deletes +source+ from the source list which may be a Gem::Source or a URI.
|
138
138
|
|
139
139
|
def delete(source)
|
140
|
-
if source.
|
140
|
+
if source.is_a? Gem::Source
|
141
141
|
@sources.delete source
|
142
142
|
else
|
143
143
|
@sources.delete_if {|x| x.uri.to_s == source.to_s }
|
@@ -155,13 +155,11 @@ class Gem::SpecFetcher
|
|
155
155
|
|
156
156
|
specs = []
|
157
157
|
tuples.each do |tup, source|
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
specs << [spec, source]
|
164
|
-
end
|
158
|
+
spec = source.fetch_spec(tup)
|
159
|
+
rescue Gem::RemoteFetcher::FetchError => e
|
160
|
+
errors << Gem::SourceFetchProblem.new(source, e)
|
161
|
+
else
|
162
|
+
specs << [spec, source]
|
165
163
|
end
|
166
164
|
|
167
165
|
return [specs, errors]
|
@@ -215,34 +213,32 @@ class Gem::SpecFetcher
|
|
215
213
|
list = {}
|
216
214
|
|
217
215
|
@sources.each_source do |source|
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
tuples_for(source, :prerelease)
|
238
|
-
else
|
239
|
-
raise Gem::Exception, "Unknown type - :#{type}"
|
240
|
-
end
|
241
|
-
rescue Gem::RemoteFetcher::FetchError => e
|
242
|
-
errors << Gem::SourceFetchProblem.new(source, e)
|
216
|
+
names = case type
|
217
|
+
when :latest
|
218
|
+
tuples_for source, :latest
|
219
|
+
when :released
|
220
|
+
tuples_for source, :released
|
221
|
+
when :complete
|
222
|
+
names =
|
223
|
+
tuples_for(source, :prerelease, true) +
|
224
|
+
tuples_for(source, :released)
|
225
|
+
|
226
|
+
names.sort
|
227
|
+
when :abs_latest
|
228
|
+
names =
|
229
|
+
tuples_for(source, :prerelease, true) +
|
230
|
+
tuples_for(source, :latest)
|
231
|
+
|
232
|
+
names.sort
|
233
|
+
when :prerelease
|
234
|
+
tuples_for(source, :prerelease)
|
243
235
|
else
|
244
|
-
|
236
|
+
raise Gem::Exception, "Unknown type - :#{type}"
|
245
237
|
end
|
238
|
+
rescue Gem::RemoteFetcher::FetchError => e
|
239
|
+
errors << Gem::SourceFetchProblem.new(source, e)
|
240
|
+
else
|
241
|
+
list[source] = names
|
246
242
|
end
|
247
243
|
|
248
244
|
[list, errors]
|