diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-09-14 08:59:02 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-09-14 08:59:02 +0000 |
commit | 269503b544247b5b3e30dbe60a0bab4f2ca00e4e (patch) | |
tree | a6d0a3a9b34017c4c84d997152a3aaf3086e1ce1 /lib/rubygems/commands/cert_command.rb | |
parent | 2614d9ba2fb5ad171200cccc88f42fa659b527c6 (diff) | |
download | ruby-269503b544247b5b3e30dbe60a0bab4f2ca00e4e.tar.gz |
Revert r42938 "* lib/rubygems: Update to RubyGems 2.1.3"
It breaks build.
http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20130913T200302Z.diff.html.gz
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/commands/cert_command.rb')
-rw-r--r-- | lib/rubygems/commands/cert_command.rb | 107 |
1 files changed, 78 insertions, 29 deletions
diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb index 5a9320f9c4..e417193bca 100644 --- a/lib/rubygems/commands/cert_command.rb +++ b/lib/rubygems/commands/cert_command.rb @@ -1,6 +1,11 @@ require 'rubygems/command' require 'rubygems/security' -require 'openssl' +begin + require 'openssl' +rescue LoadError => e + raise unless (e.respond_to?(:path) && e.path == 'openssl') || + e.message =~ / -- openssl$/ +end class Gem::Commands::CertCommand < Gem::Command @@ -21,7 +26,8 @@ class Gem::Commands::CertCommand < Gem::Command OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin - key = OpenSSL::PKey::RSA.new File.read key_file + passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] + key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError @@ -79,52 +85,67 @@ class Gem::Commands::CertCommand < Gem::Command end end + def add_certificate certificate # :nodoc: + Gem::Security.trust_dir.trust_cert certificate + + say "Added '#{certificate.subject}'" + end + def execute options[:add].each do |certificate| - Gem::Security.trust_dir.trust_cert certificate - - say "Added '#{certificate.subject}'" + add_certificate certificate end options[:remove].each do |filter| - certificates_matching filter do |certificate, path| - FileUtils.rm path - say "Removed '#{certificate.subject}'" - end + remove_certificates_matching filter end options[:list].each do |filter| - certificates_matching filter do |certificate, _| - # this could probably be formatted more gracefully - say certificate.subject.to_s - end + list_certificates_matching filter end options[:build].each do |name| build name end - unless options[:sign].empty? then - load_default_cert unless options[:issuer_cert] - load_default_key unless options[:key] - end - - options[:sign].each do |cert_file| - sign cert_file - end + sign_certificates unless options[:sign].empty? end def build name - key = options[:key] || Gem::Security.create_key + key, key_path = build_key + cert_path = build_cert name, key + say "Certificate: #{cert_path}" + + if key_path + say "Private Key: #{key_path}" + say "Don't forget to move the key file to somewhere private!" + end + end + + def build_cert name, key # :nodoc: cert = Gem::Security.create_cert_email name, key + Gem::Security.write cert, "gem-public_cert.pem" + end - key_path = Gem::Security.write key, "gem-private_key.pem" - cert_path = Gem::Security.write cert, "gem-public_cert.pem" + def build_key # :nodoc: + if options[:key] then + options[:key] + else + passphrase = ask_for_password 'Passphrase for your Private Key:' + say "\n" - say "Certificate: #{cert_path}" - say "Private Key: #{key_path}" - say "Don't forget to move the key file to somewhere private!" + passphrase_confirmation = ask_for_password 'Please repeat the passphrase for your Private Key:' + say "\n" + + raise Gem::CommandLineError, + "Passphrase and passphrase confirmation don't match" unless passphrase == passphrase_confirmation + + key = Gem::Security.create_key + key_path = Gem::Security.write key, "gem-private_key.pem", 0600, passphrase + + return key, key_path + end end def certificates_matching filter @@ -179,6 +200,13 @@ For further reading on signing gems see `ri Gem::Security`. EOF end + def list_certificates_matching filter # :nodoc: + certificates_matching filter do |certificate, _| + # this could probably be formatted more gracefully + say certificate.subject.to_s + end + end + def load_default_cert cert_file = File.join Gem.default_cert_path cert = File.read cert_file @@ -198,7 +226,8 @@ For further reading on signing gems see `ri Gem::Security`. def load_default_key key_file = File.join Gem.default_key_path key = File.read key_file - options[:key] = OpenSSL::PKey::RSA.new key + passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] + options[:key] = OpenSSL::PKey::RSA.new key, passphrase rescue Errno::ENOENT alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" @@ -211,6 +240,18 @@ For further reading on signing gems see `ri Gem::Security`. terminate_interaction 1 end + def load_defaults # :nodoc: + load_default_cert unless options[:issuer_cert] + load_default_key unless options[:key] + end + + def remove_certificates_matching filter # :nodoc: + certificates_matching filter do |certificate, path| + FileUtils.rm path + say "Removed '#{certificate.subject}'" + end + end + def sign cert_file cert = File.read cert_file cert = OpenSSL::X509::Certificate.new cert @@ -225,5 +266,13 @@ For further reading on signing gems see `ri Gem::Security`. Gem::Security.write cert, cert_file, permissions end -end + def sign_certificates # :nodoc: + load_defaults unless options[:sign].empty? + + options[:sign].each do |cert_file| + sign cert_file + end + end + +end if defined?(OpenSSL::SSL) |