rubygems-update 2.0.0.rc.1 → 2.0.0.rc.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5da39433cc3801dbe2eb90b691a3922d3e0b8742
+  data.tar.gz: e9dd3ab0d1d3d1ffd29ce830de603dcf38e0882f
+SHA512:
+  metadata.gz: c457f457ce059ed8d0f42ff2099dddd9fb0f831a0029aced033821cf672606e615146932ed6768c1adb859da1dc745a9d399b93cb83f9f6db6aab347ef0166a8
+  data.tar.gz: 87549ea6c9fb559165892769dc8bf668c86bd242e0ea93eb49cbc57ac20869bb397d319162211ef8fafeb3f2db5264494e1d830d171692e563f3ab3757e9b487

checksums.yaml.gz.sig

@@ -0,0 +1,3 @@
+<E���B�d�ٝ���@q�c̄tT�o OH���o\:���<6A|C*ЅR�'e5D.�D�L-�
+/+�
+E���(�Lhh�)�IKԈD'�؊Ξ�瑸�~�Ui����?��n��7mS���Yiyf5!H�ޓ�5�W�lېЩ7��C��gi��J�VĄ�S

data/History.txt

@@ -1,10 +1,10 @@
 # coding: UTF-8
 
-=== 2.0.0.rc.1 / 2013-01-08
+=== 2.0.0.rc.2
 
 As a preview release, please file bugs for any problems you have with RubyGems
 at https://github.com/rubygems/rubygems/issues.  To update to this preview
-release use gem update --system=2.0.0.preview3
+release use gem update --system=2.0.0.rc.2
 
 RubyGems 2.0 includes several new features and many breaking changes.  Some of
 these changes will cause existing software to break.  These changes are a
@@ -14,6 +14,157 @@ maintainable and improve APIs for RubyGems users.
 If you are using bundler be sure to install version 1.3.0.pre.  Older versions
 of bundler will not work with RubyGems 2.0.
 
+Changes since RubyGems 1.8.25 (including past pre-releases):
+
+* Breaking changes:
+
+  * Deprecated Gem.unresolved_deps in favor of
+    Gem::Specification.unresolved_deps
+  * Merged Gem::Builder into Gem::Package.  Use Gem::Package.build(spec)
+    instead of Gem::Builder.new(spec).build
+  * Merged Gem::Format into Gem::Package.  Use Gem::Package.new instead
+    of Gem::Format.from_file_by_path
+  * Moved Gem::OldFormat to Gem::Package::Old.  Gem::Package will
+    automatically detect old gems for you, so there is no need to refer to it.
+  * Removed Gem::DocManager, replaced by Gem::RDoc and done_installing hook
+  * Removed Gem::Package::TarInput in favor of Gem::Package
+  * Removed Gem::Package::TarOutput in favor of Gem::Package
+  * Removed Gem::RemoteFetcher#open_uri_or_path. (steveklabnik)
+  * Removed Gem::SSL in favor of using OpenSSL directly
+  * Removed Gem.loaded_path
+  * Removed RSS generation from the gem indexer
+  * Removed benchmark option from .gemrc
+  * Removed broken YAML gemspec support in `gem build`
+  * Removed support for Ruby 1.9.1
+  * Removed many deprecated methods
+
+* Major enhancements:
+
+  * Improved support for default gems shipping with ruby 2.0.0+
+  * A gem can have arbitrary metadata through Gem::Specification#metadata
+  * `gem search` now defaults to --remote and is anchored like gem list.  Fixes
+    #166
+  * Added --document to replace --rdoc and --ri.  Use --no-document to disable
+    documentation, --document=rdoc to only generate rdoc.
+  * Only ri-format documentation is generated by default.
+  * `gem server` uses RDoc::Servlet from RDoc 4.0 to generate HTML
+    documentation.
+  * Add ability to install gems directly from a compatible gemdep
+    file (Gemfile, Isolate, gem.deps.rb)
+    <code>gem install --file path</code>
+  * Add ability to load gem activation information from a gemdeps
+    file (Gemfile, Isolate, gem.deps.rb).
+    Set RUBYGEMS_GEMDEPS=path to have it loaded. Use - as the path
+    to autodetect (current and parent directories are searched).
+
+* Minor enhancements:
+  * Added `gem check --doctor` to clean up after failed uninstallation.  Bug
+    #419 by Erik Hollensbe
+  * RubyGems no longer defaults to uninstalling gems if a dependency would be
+    broken.  Now you must manually say "yes".  Pull Request #406 by Shannon
+    Skipper.
+  * Gem::DependencyInstaller now passes build_args down to the installer.
+    Pull Request #412 by Sam Rawlins.
+  * Added a cmake builder.  Pull request #265 by Allan Espinosa.
+  * Removed rubyforge page from gem list output
+  * Added --only-executables option to `gem pristine`.  Fixes #326
+  * Added -I flag for 'gem query' to exclude installed items
+  * Added Gem.install(name, version=default) for interactive sessions
+  * Added Gem::FilePermissionError#directory
+  * Added Gem::rubygems_version which is like Gem::ruby_version
+  * Added RUBYGEMS_HOST documentation to `gem env`
+  * Added a post_installs hook that runs after Gem::DependencyInstaller
+    finishes installing a set of gems
+  * Added a usage method for Gem::Commands::OwnerCommand. (ffmike)
+  * Added an optional type parameter to Gem::Specification#doc_dir.
+  * Added announcements url and clarified how to file tickets
+  * Added guidance for how to use rdoc and ri in setup command. (jjb)
+  * Attempting to install multiple gems with --version is now an error.  You
+    can specify per-gem versions like <code>rake:0.9.5</code>
+  * Clarified Gem::CommandManager example code to avoid multi load problems.
+    (baroquebobcat)
+  * Corrupt or bad cached specs are now re-downloaded. (cookrn)
+  * Extension build arguments are saved from install and reused for pristine
+  * If the OS allows it, documentation is built in a forked background
+    process. (alexch)
+  * Imported gem yank from the gemcutter gem.  Fixes #177, #343
+  * Packaged gems now contain and verify SHA1 checksums
+  * Removed commas from gem update summary so you can paste it back to
+    cleanup.  (amatsuda)
+  * RubyGems will now warn when building gems with prerelease dependencies.
+    Fixes #255
+  * The RUBYGEMS_HOST environment variable is used to determine appropriate
+    API key for pushing or yanking gems
+  * Uninstall is now performed in reverse topological order.
+  * Users are told what to type when they try to uninstall a gem outside
+    GEM_HOME
+  * When building gems with non-world-readable files a warning is shown.
+
+* Bug fixes:
+  * Gem.refresh now maintains the active gem list.  Clearing the list would
+    cause double-loads which would cause other bugs.  Pull Request #427 by
+    Jeremy Evans
+  * RubyGems now refuses to read the gem push credentials file if it has
+    insecure permissions.  Pull Request #438 by Shannon Skipper
+  * RubyGems now requires a local gem name to end in '.gem'.  Issue #407 by
+    Santiago Pastorino.
+  * Do not allow old-format gems to be installed with a security policy that
+    verifies data.
+  * Gem installation will fail if RubyGems cannot load the specification from
+    the gem.  Bug #419 by Erik Hollensbe
+  * RubyGems tests now run in FIPS mode.  Issue #365 by Vít Ondruch
+  * Only update the spec cache when we have permission.  Ruby Bug #7509
+  * gem install now ignores directories and non .gem files that match the gem
+    to install.  Bug #407 by Santiago Pastorino.
+  * Added PID to setup bin_file while installing RubyGems to protect against
+    errors. Fixes #328 by ConradIrwin
+  * Added missing require in Gem::Uninstaller when format_executable is set.
+    (sakuro)
+  * Exact gem command name matches are now chosen even if a longer command
+    overlaps the exact name
+  * Fixed Gem.loaded_path? with a Pathname instance. (mattetti)
+  * Fixed Gem::Dependency.new mismatch with rubygems.org checks
+  * Fixed SecurityError in Gem::Specification.load when $SAFE=1. (ged)
+  * Fixed SystemStackError with "gem list -r -a" on 1.9 (cldwalker)
+  * Fixed `gem owners` command so that exceptions don't stop the rest of the
+    command from completing
+  * Fixed `gem unpack uninstalled_gem` default version picker.
+  * Fixed defunct rubyforge urls in gem command line help
+  * Fixed documentation for the various hooks collections
+  * Fixed documentation generation on setup when the gem directory does not
+    exist.  Fixes #253
+  * Fixed documentation to reflect where defaults overrides are loaded from.
+    (ferrous26)
+  * Fixed editing of a Makefile with 8-bit characters.  Fixes #181
+  * Fixed gem loading issue caused by dependencies not resolving.
+  * Fixed independent testing of test_gem_package_tar_output.  Ruby Bug #4686
+    by Shota Fukumori
+  * Fixed typo in uninstall message. (sandal)
+  * Gem::Requirement#<=> returns nil on non-requirement arg.
+  * Gem::Requirement.satisfied_by? raises ArgumentError if given a non-version
+    argument
+  * Gem::Version#initialize no longer modifies its parameter. (miaout17)
+  * Group-writable permissions are now allowed for gem repositories. (ctcherry)
+  * Memoized values in Gem::Specification are now reset the version or
+    platform changes. Fixes #78
+  * More specific errors are raised for bad requirements. (arsduo)
+  * Removed reference to 'sources' gem in documentation
+  * Removed unused block arguments to avoid creating Proc objects. (k-tsj)
+  * RubyGems now asks before overwriting executable wrappers.  Ruby Bug #1800
+  * The bindir is now created with mkdir_p during install. (voxik)
+  * URI scheme matching is no longer case-sensitive.  Fixes #322
+  * ext/builder now checks $MAKE as well as $make (okkez)
+
+Changes since RubyGems 2.0.0.rc.1:
+
+* Bug fixes:
+  * Fixed signature verification of gems which was broken only on master.
+    Thanks to Brian Buchanan.
+  * Proper exceptions are raised when verifying an unsigned gem.  Thanks to
+    André Arko.
+
+=== 2.0.0.rc.1 / 2013-01-08
+
 * Minor enhancements:
   * This release of RubyGems can push gems to rubygems.org.  Ordinarily
     prerelease versions of RubyGems cannot push gems.
@@ -52,7 +203,7 @@ of bundler will not work with RubyGems 2.0.
   * Restored order of version marking.  Fixes an issue with bundler.  Thanks
     to Aaron Patterson and Terence Lee.
   * Gem cleanup now skips default gems.  Pull Request #409 by Kouhei Sutou
-  * gem list, search and query can now show remote gems again.  Bug #410 by
+  * gem list, search and query can show remote gems again.  Bug #410 by
     Henry Maddocks
   * gem install now ignores directories that match the gem to install.  Bug
     #407 by Santiago Pastorino.
@@ -180,6 +331,17 @@ $SAFE=1.  There is no functional difference compared to Ruby 2.0.0.preview2
   * URI scheme matching is no longer case-sensitive.  Fixes #322
   * ext/builder now checks $MAKE as well as $make (okkez)
 
+=== 1.8.25 / 2013-01-24
+
+* Bug fixes:
+  * Added 11627 to setup bin_file location to protect against errors. Fixes
+    #328 by ConradIrwin
+  * Specification#ruby_code didn't handle Requirement with multiple
+  * Fix error on creating a Version object with a frozen string.
+  * Fix incremental index updates
+  * Fix missing load_yaml in YAML-related requirement.rb code.
+  * Manually backport encoding-aware YAML gemspec
+
 === 1.8.24 / 2012-04-27
 
 * 1 bug fix:

data/Manifest.txt

@@ -104,6 +104,7 @@ lib/rubygems/source_local.rb
 lib/rubygems/source_specific_file.rb
 lib/rubygems/spec_fetcher.rb
 lib/rubygems/specification.rb
+lib/rubygems/ssl_certs/.document
 lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem
 lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem
 lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem

data/lib/rubygems.rb

@@ -5,6 +5,19 @@
 # See LICENSE.txt for permissions.
 #++
 
+require 'rbconfig'
+
+module Gem
+  VERSION = '2.0.0.rc.2'
+end
+
+# Must be first since it unloads the prelude from 1.9.2
+require 'rubygems/compatibility'
+
+require 'rubygems/defaults'
+require 'rubygems/deprecate'
+require 'rubygems/errors'
+
 ##
 # RubyGems is the Ruby standard for publishing and managing third party
 # libraries.
@@ -91,22 +104,12 @@
 #
 # (If your name is missing, PLEASE let us know!)
 #
+# See {LICENSE.txt}[rdoc-ref:lib/rubygems/LICENSE.txt] for permissions.
+#
 # Thanks!
 #
 # -The RubyGems Team
 
-require 'rbconfig'
-
-module Gem
-  VERSION = '2.0.0.rc.1'
-end
-
-# Must be first since it unloads the prelude from 1.9.2
-require 'rubygems/compatibility'
-
-require 'rubygems/defaults'
-require 'rubygems/deprecate'
-require 'rubygems/errors'
 
 module Gem
   RUBYGEMS_DIR = File.dirname File.expand_path(__FILE__)
@@ -207,7 +210,7 @@ module Gem
 
         begin
           while true
-            path = GEM_DEP_FILES.find { |f| File.exists?(f) }
+            path = GEM_DEP_FILES.find { |f| File.file?(f) }
 
             if path
               path = File.join here, path
@@ -226,7 +229,9 @@ module Gem
         end
       end
 
-      return unless File.exists? path
+      path.untaint
+
+      return unless File.file? path
 
       rs = Gem::RequestSet.new
       rs.load_gemdeps path
@@ -369,29 +374,6 @@ module Gem
     paths.path
   end
 
-  ##
-  # Expand each partial gem path with each of the required paths specified
-  # in the Gem spec.  Each expanded path is yielded.
-
-  def self.each_load_path(partials)
-    partials.each do |gp|
-      base = File.basename gp
-      specfn = File.join(dir, "specifications", "#{base}.gemspec")
-      if File.exists? specfn
-        spec = eval(File.read(specfn))
-        spec.require_paths.each do |rp|
-          yield File.join(gp,rp)
-        end
-      else
-        filename = File.join(gp, 'lib')
-        yield(filename) if File.exists? filename
-      end
-    end
-  end
-
-  private_class_method :each_load_path
-
-
   ##
   # Quietly ensure the named Gem directory contains all the proper
   # subdirectories.  If we can't create a directory due to a permission

data/lib/rubygems/commands/push_command.rb

@@ -24,16 +24,19 @@ class Gem::Commands::PushCommand < Gem::Command
     add_proxy_option
     add_key_option
 
-    add_option(
-      '--host HOST',
-      'Push to another gemcutter-compatible host'
-    ) do |value, options|
+    add_option('--host HOST',
+               'Push to another gemcutter-compatible host') do |value, options|
       options[:host] = value
     end
+
+    @host = nil
   end
 
   def execute
-    sign_in
+    @host = options[:host]
+
+    sign_in @host
+
     send_gem get_one_gem_name
   end
 
@@ -44,26 +47,30 @@ class Gem::Commands::PushCommand < Gem::Command
 
     if latest_rubygems_version < Gem.rubygems_version and
          Gem.rubygems_version.prerelease? and
-         Gem::Version.new('2.0.0.preview3') != Gem.rubygems_version then
+         Gem::Version.new('2.0.0.rc.2') != Gem.rubygems_version then
       alert_error <<-ERROR
 You are using a beta release of RubyGems (#{Gem::VERSION}) which is not
 allowed to push gems.  Please downgrade or upgrade to a release version.
 
 The latest released RubyGems version is #{latest_rubygems_version}
+
+You can upgrade or downgrade to the latest release version with:
+
+  gem update --system=#{latest_rubygems_version}
+
       ERROR
       terminate_interaction 1
     end
 
-    host = options[:host]
-    unless host
+    unless @host then
       if gem_data = Gem::Package.new(name) then
-        host = gem_data.spec.metadata['default_gem_server']
+        @host = gem_data.spec.metadata['default_gem_server']
       end
     end
 
-    args << host if host
+    args << @host if @host
 
-    say "Pushing gem to #{host || Gem.host}..."
+    say "Pushing gem to #{@host || Gem.host}..."
 
     response = rubygems_api_request(*args) do |request|
       request.body = Gem.read_binary name

data/lib/rubygems/compatibility.rb

@@ -1,9 +1,13 @@
+# :stopdoc:
+
+#--
 # This file contains all sorts of little compatibility hacks that we've
 # had to introduce over the years. Quarantining them into one file helps
 # us know when we can get rid of them.
-
+#
 # Ruby 1.9.x has introduced some things that are awkward, and we need to
 # support them, so we define some constants to use later.
+#++
 module Gem
   # Only MRI 1.9.2 has the custom prelude.
   GEM_PRELUDE_SUCKAGE = RUBY_VERSION =~ /^1\.9\.2/ and RUBY_ENGINE == "ruby"

data/lib/rubygems/config_file.rb

@@ -4,6 +4,8 @@
 # See LICENSE.txt for permissions.
 #++
 
+require 'rubygems/user_interaction'
+
 ##
 # Gem::ConfigFile RubyGems options and gem command options from gemrc.
 #
@@ -33,6 +35,8 @@
 
 class Gem::ConfigFile
 
+  include Gem::UserInteraction
+
   DEFAULT_BACKTRACE = false
   DEFAULT_BULK_THRESHOLD = 1000
   DEFAULT_VERBOSITY = true
@@ -50,6 +54,8 @@ class Gem::ConfigFile
 
   PLATFORM_DEFAULTS = {}
 
+  # :stopdoc:
+
   system_config_path =
     begin
       require "etc"
@@ -77,6 +83,8 @@ class Gem::ConfigFile
       end
     end
 
+  # :startdoc:
+
   SYSTEM_WIDE_CONFIG_FILE = File.join system_config_path, 'gemrc'
 
   ##
@@ -219,6 +227,35 @@ class Gem::ConfigFile
     handle_arguments arg_list
   end
 
+  ##
+  # Checks the permissions of the credentials file.  If they are not 0600 an
+  # error message is displayed and RubyGems aborts.
+
+  def check_credentials_permissions
+    return if Gem.win_platform? # windows doesn't write 0600 as 0600
+    return unless File.exist? credentials_path
+
+    existing_permissions = File.stat(credentials_path).mode & 0777
+
+    return if existing_permissions == 0600
+
+    alert_error <<-ERROR
+Your gem push credentials file located at:
+
+\t#{credentials_path}
+
+has file permissions of 0#{existing_permissions.to_s 8} but 0600 is required.
+
+You should reset your credentials at:
+
+\thttps://rubygems.org/profile/edit
+
+if you believe they were disclosed to a third party.
+    ERROR
+
+    terminate_interaction 1
+  end
+
   ##
   # Location of RubyGems.org credentials
 
@@ -227,6 +264,8 @@ class Gem::ConfigFile
   end
 
   def load_api_keys
+    check_credentials_permissions
+
     @api_keys = if File.exist? credentials_path then
                   load_file(credentials_path)
                 else
@@ -239,7 +278,9 @@ class Gem::ConfigFile
     end
   end
 
-  def rubygems_api_key=(api_key)
+  def rubygems_api_key= api_key
+    check_credentials_permissions
+
     config = load_file(credentials_path).merge(:rubygems_api_key => api_key)
 
     dirname = File.dirname credentials_path