* lib/rubygems/package/old.rb: Fix behavior only on ruby 1.8.

* lib/rubygems/package.rb:  Include checksums.yaml.gz signatures for
  verification.
* test/rubygems/test_gem_package.rb:  Test for the above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39166 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
drbrain 2013-02-09 00:24:55 +00:00
parent 35a5e37649
commit 7f046c653c
4 changed files with 31 additions and 6 deletions

View File

@ -1,3 +1,11 @@
Sat Feb 9 09:24:38 2013 Eric Hodel <drbrain@segment7.net>
* lib/rubygems/package/old.rb: Fix behavior only on ruby 1.8.
* lib/rubygems/package.rb: Include checksums.yaml.gz signatures for
verification.
* test/rubygems/test_gem_package.rb: Test for the above.
Sat Feb 9 01:23:24 2013 Tanaka Akira <akr@fsij.org> Sat Feb 9 01:23:24 2013 Tanaka Akira <akr@fsij.org>
* test/fiddle/helper.rb: specify libc and libm locations for MirOS BSD. * test/fiddle/helper.rb: specify libc and libm locations for MirOS BSD.

View File

@ -518,8 +518,6 @@ EOM
when /\.sig$/ then when /\.sig$/ then
@signatures[$`] = entry.read if @security_policy @signatures[$`] = entry.read if @security_policy
next next
when 'checksums.yaml.gz' then
next # already handled
else else
digest entry digest entry
end end

View File

@ -23,8 +23,9 @@ class Gem::Package::Old < Gem::Package
require 'zlib' require 'zlib'
Gem.load_yaml Gem.load_yaml
@gem = gem
@contents = nil @contents = nil
@gem = gem
@security_policy = nil
@spec = nil @spec = nil
end end
@ -142,7 +143,7 @@ class Gem::Package::Old < Gem::Package
end end
end end
yaml_error = if RUBY_VERSION < '1.8' then yaml_error = if RUBY_VERSION < '1.9' then
YAML::ParseError YAML::ParseError
elsif YAML::ENGINE.yamler == 'syck' then elsif YAML::ENGINE.yamler == 'syck' then
YAML::ParseError YAML::ParseError

View File

@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::TarTestCase
assert_empty package.instance_variable_get(:@files), '@files must empty' assert_empty package.instance_variable_get(:@files), '@files must empty'
end end
def test_verify_security_policy_low_security
@spec.cert_chain = [PUBLIC_CERT.to_pem]
@spec.signing_key = PRIVATE_KEY
FileUtils.mkdir_p 'lib'
FileUtils.touch 'lib/code.rb'
build = Gem::Package.new @gem
build.spec = @spec
build.build
package = Gem::Package.new @gem
package.security_policy = Gem::Security::LowSecurity
assert package.verify
end
def test_verify_security_policy_checksum_missing def test_verify_security_policy_checksum_missing
@spec.cert_chain = [PUBLIC_CERT.to_pem] @spec.cert_chain = [PUBLIC_CERT.to_pem]
@spec.signing_key = PRIVATE_KEY @spec.signing_key = PRIVATE_KEY