diff options
Diffstat (limited to 'lib/rubygems/config_file.rb')
-rw-r--r-- | lib/rubygems/config_file.rb | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb index 81ee32a1d6..7e1432b349 100644 --- a/lib/rubygems/config_file.rb +++ b/lib/rubygems/config_file.rb @@ -33,6 +33,8 @@ class Gem::ConfigFile + include Gem::UserInteraction + DEFAULT_BACKTRACE = false DEFAULT_BULK_THRESHOLD = 1000 DEFAULT_VERBOSITY = true @@ -224,6 +226,34 @@ class Gem::ConfigFile end ## + # Checks the permissions of the credentials file. If they are not 0600 an + # error message is displayed and RubyGems aborts. + + def check_credentials_permissions + return unless File.exist? credentials_path + + existing_permissions = File.stat(credentials_path).mode & 0777 + + return if existing_permissions == 0600 + + alert_error <<-ERROR +Your gem push credentials file located at: + +\t#{credentials_path} + +has file permissions of 0#{existing_permissions.to_s 8} but 0600 is required. + +You should reset your credentials at: + +\thttps://rubygems.org/profile/edit + +if you believe they were disclosed to a third party. + ERROR + + terminate_interaction 1 + end + + ## # Location of RubyGems.org credentials def credentials_path @@ -231,6 +261,8 @@ class Gem::ConfigFile end def load_api_keys + check_credentials_permissions + @api_keys = if File.exist? credentials_path then load_file(credentials_path) else @@ -243,7 +275,9 @@ class Gem::ConfigFile end end - def rubygems_api_key=(api_key) + def rubygems_api_key= api_key + check_credentials_permissions + config = load_file(credentials_path).merge(:rubygems_api_key => api_key) dirname = File.dirname credentials_path |