diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | lib/bundler.rb | 1 | ||||
| -rw-r--r-- | lib/bundler/s3_fetcher.rb | 43 | ||||
| -rw-r--r-- | lib/bundler/source/rubygems.rb | 6 | ||||
| -rw-r--r-- | spec/bundler/s3_fetcher_spec.rb | 29 | ||||
| -rw-r--r-- | spec/bundler/source/rubygems_spec.rb | 10 |
6 files changed, 0 insertions, 90 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 06fcfa1c..fecaeaa8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,6 @@ Features: - add metadata allowed_push_host to new gem template (#3002, @juanitofatas) - adds a `--no-install` flag to `bundle package` - add `bundle viz --without` to exclude gem groups from resulting graph (@fnichol) - - add support for private S3 sources (@tryba) - prevent whitespace in gem declarations with clear messaging (@benlakey) - tries to find a `bundler-<command>` executable on your path for non-bundler commands (@andremedeiros) - tries to find `gems.rb` and it's new counterpart, `gems.locked` (@andremedeiros) diff --git a/lib/bundler.rb b/lib/bundler.rb index 2b2c9d75..02533741 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -38,7 +38,6 @@ module Bundler autoload :RubyVersion, 'bundler/ruby_version' autoload :RubyDsl, 'bundler/ruby_dsl' autoload :Runtime, 'bundler/runtime' - autoload :S3Fetcher, 'bundler/s3_fetcher' autoload :Settings, 'bundler/settings' autoload :SharedHelpers, 'bundler/shared_helpers' autoload :SpecSet, 'bundler/spec_set' diff --git a/lib/bundler/s3_fetcher.rb b/lib/bundler/s3_fetcher.rb deleted file mode 100644 index 38026436..00000000 --- a/lib/bundler/s3_fetcher.rb +++ /dev/null @@ -1,43 +0,0 @@ -require 'base64' -require 'openssl' - -module Bundler - class S3Fetcher < Fetcher - - def fetch(uri, counter = 0) - super(sign(uri), counter) - end - - # Instead of taking a dependency on aws-sdk, use a method modeled on - # the signing method in https://github.com/rubygems/rubygems/pull/856 - def sign(uri, expiration = default_expiration) - uri = uri.dup - unless uri.user && uri.password - raise AuthenticationRequiredError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/") - end - - payload = "GET\n\n\n#{expiration}\n/#{uri.host}#{uri.path}" - digest = OpenSSL::HMAC.digest('sha1', uri.password, payload) - # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want - signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] } - uri.query = [uri.query, "AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}"].compact.join('&') - uri.user = nil - uri.password = nil - uri.scheme = "https" - uri.host = [uri.host, "s3.amazonaws.com"].join('.') - - URI.parse(uri.to_s) - end - - def default_expiration - (Time.now + 3600).to_i # one hour from now - end - - BASE64_URI_TRANSLATE = { '+' => '%2B', '/' => '%2F', '=' => '%3D' }.freeze - protected - # The s3 fetcher does not use the username and password for basic auth, - # so this is a no-op - def add_basic_auth(req) - end - end -end
\ No newline at end of file diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 58e16ab9..a888fd0f 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -6,7 +6,6 @@ module Bundler class Source class Rubygems < Source API_REQUEST_LIMIT = 100 # threshold for switching back to the modern index instead of fetching every spec - S3_SCHEME = 's3' attr_reader :remotes, :caches @@ -189,12 +188,7 @@ module Bundler def fetchers @fetchers ||= remotes.map do |uri| - case uri.scheme - when S3_SCHEME - Bundler::S3Fetcher.new(uri) - else Bundler::Fetcher.new(uri) - end end end diff --git a/spec/bundler/s3_fetcher_spec.rb b/spec/bundler/s3_fetcher_spec.rb deleted file mode 100644 index b531b411..00000000 --- a/spec/bundler/s3_fetcher_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'spec_helper' - -describe Bundler::S3Fetcher do - before do - allow(Bundler).to receive(:root){ Pathname.new("root") } - end - - describe "sign" do - it "requires authentication" do - url = "s3://foo" - expect { Bundler::S3Fetcher.new(url).sign(URI(url))}.to raise_error(Bundler::Fetcher::AuthenticationRequiredError) - end - - it "signs S3 requests" do - accessId = "a" - secretKey = "b" - url = "s3://#{accessId}:#{secretKey}@foo" - time = Time.utc(2014, 6, 1).to_i - - actual = Bundler::S3Fetcher.new(url).sign(URI(url), time) - expect(actual.host).to eq "foo.s3.amazonaws.com" - expect(actual.scheme).to eq "https" - query = CGI.parse(actual.query) - expect(query['AWSAccessKeyId']).to eq [accessId] - expect(query['Expires']).to eq [time.to_s] - expect(query['Signature']).to eq ["2ZFX8vg7E04u/UqUH9F/cKiQjJA="] - end - end -end
\ No newline at end of file diff --git a/spec/bundler/source/rubygems_spec.rb b/spec/bundler/source/rubygems_spec.rb index 5be40715..6bcde3d3 100644 --- a/spec/bundler/source/rubygems_spec.rb +++ b/spec/bundler/source/rubygems_spec.rb @@ -23,14 +23,4 @@ describe Bundler::Source::Rubygems do end end - describe "#fetchers" do - let(:remotes) { [URI("s3://foo"), URI("http://foo")] } - subject(:source) { Bundler::Source::Rubygems.new("remotes" => remotes) } - - it "turns s3 paths into S3Fetcher objects and other paths into Fetcher objects" do - result = source.fetchers - expect(result.first).to be_an_instance_of Bundler::S3Fetcher - expect(result.last).to be_an_instance_of Bundler::Fetcher - end - end end |