diff options
| author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-07 05:56:53 +0000 |
|---|---|---|
| committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-07 05:56:53 +0000 |
| commit | c27fd3331989b33b9721444c98e77ba367a65270 (patch) | |
| tree | 110eac9147bf01a68ea32c0e273e71d40ea13add /test/rubygems/test_gem_package.rb | |
| parent | 38f04d823150ac6e454d66a39fcfef00e3ad7239 (diff) | |
| download | ruby-c27fd3331989b33b9721444c98e77ba367a65270.tar.gz | |
* lib/rubygems/package.rb: Ensure digests are generated for signing.
* test/rubygems/test_gem_package.rb: Test for the above.
* lib/rubygems/security/policy.rb: Ensure digests are present when
verifying a gem and match the number of signatures bidirectionally.
* test/rubygems/test_gem_security_policy.rb: Test for the above.
* lib/rubygems.rb: Documentation improvements (by zzak)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/rubygems/test_gem_package.rb')
| -rw-r--r-- | test/rubygems/test_gem_package.rb | 54 |
1 files changed, 51 insertions, 3 deletions
diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index 3051147948..d08f46d7d2 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -429,10 +429,17 @@ class TestGemPackage < Gem::Package::TarTestCase digest = OpenSSL::Digest::SHA1.new digest << metadata_gz - checksum = "#{digest.name}\t#{digest.hexdigest}\n" - tar.add_file 'metadata.gz.sum', 0444 do |io| - io.write checksum + checksums = { + 'SHA1' => { + 'metadata.gz' => digest.hexdigest, + }, + } + + tar.add_file 'checksums.yaml.gz', 0444 do |io| + Zlib::GzipWriter.wrap io do |gz_io| + gz_io.write YAML.dump checksums + end end tar.add_file 'data.tar.gz', 0444 do |io| @@ -504,6 +511,47 @@ class TestGemPackage < Gem::Package::TarTestCase assert_empty package.instance_variable_get(:@files), '@files must empty' end + def test_verify_security_policy_checksum_missing + @spec.cert_chain = [PUBLIC_CERT.to_pem] + @spec.signing_key = PRIVATE_KEY + + build = Gem::Package.new @gem + build.spec = @spec + build.setup_signer + + FileUtils.mkdir 'lib' + FileUtils.touch 'lib/code.rb' + + open @gem, 'wb' do |gem_io| + Gem::Package::TarWriter.new gem_io do |gem| + build.add_metadata gem + build.add_contents gem + + # write bogus data.tar.gz to foil signature + bogus_data = Gem.gzip 'hello' + gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io| + io.write bogus_data + end + + # pre rubygems 2.0 gems do not add checksums + end + end + + Gem::Security.trust_dir.trust_cert PUBLIC_CERT + + package = Gem::Package.new @gem + package.security_policy = Gem::Security::HighSecurity + + e = assert_raises Gem::Security::Exception do + package.verify + end + + assert_equal 'invalid signature', e.message + + refute package.instance_variable_get(:@spec), '@spec must not be loaded' + assert_empty package.instance_variable_get(:@files), '@files must empty' + end + def test_verify_truncate open 'bad.gem', 'wb' do |io| io.write File.read(@gem, 1024) # don't care about newlines |