diff options
Diffstat (limited to 'lib/rubygems/package.rb')
-rw-r--r-- | lib/rubygems/package.rb | 81 |
1 files changed, 26 insertions, 55 deletions
diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index ba379c24cb..957446257d 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -37,7 +37,7 @@ # the_gem.spec # get the spec out of the gem # the_gem.verify # check the gem is OK (contains valid gem specification, contains a not corrupt contents archive) # -# #files are the files in the .gem tar file, not the Ruby files in the gem +# #files are the files in the .gem tar file, not the ruby files in the gem # #extract_files and #contents automatically call #verify require 'rubygems/security' @@ -280,16 +280,11 @@ EOM algorithms = if @checksums then @checksums.keys else - [Gem::Security::DIGEST_NAME].compact + [Gem::Security::DIGEST_NAME] end algorithms.each do |algorithm| - digester = - if defined?(OpenSSL::Digest) then - OpenSSL::Digest.new algorithm - else - Digest.const_get(algorithm).new - end + digester = OpenSSL::Digest.new algorithm digester << entry.read(16384) until entry.eof? @@ -303,11 +298,8 @@ EOM ## # Extracts the files in this package into +destination_dir+ - # - # If +pattern+ is specified, only entries matching that glob will be - # extracted. - def extract_files destination_dir, pattern = "*" + def extract_files destination_dir verify unless @spec FileUtils.mkdir_p destination_dir @@ -318,7 +310,7 @@ EOM reader.each do |entry| next unless entry.full_name == 'data.tar.gz' - extract_tar_gz entry, destination_dir, pattern + extract_tar_gz entry, destination_dir return # ignore further entries end @@ -332,20 +324,11 @@ EOM # If an entry in the archive contains a relative path above # +destination_dir+ or an absolute path is encountered an exception is # raised. - # - # If +pattern+ is specified, only entries matching that glob will be - # extracted. - def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: + def extract_tar_gz io, destination_dir # :nodoc: open_tar_gz io do |tar| tar.each do |entry| - # Some entries start with "./" which fnmatch does not like, see github - # issue #644 - full_name = entry.full_name.sub %r%\A\./%, '' - - next unless File.fnmatch pattern, full_name - - destination = install_location full_name, destination_dir + destination = install_location entry.full_name, destination_dir FileUtils.rm_rf destination @@ -445,13 +428,12 @@ EOM # certificate and key are not present only checksum generation is set up. def setup_signer - passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] if @spec.signing_key then - @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain, passphrase + @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain @spec.signing_key = nil @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s } else - @signer = Gem::Security::Signer.new nil, nil, passphrase + @signer = Gem::Security::Signer.new nil, nil @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if @signer.cert_chain end @@ -528,38 +510,27 @@ EOM end ## - # Verifies +entry+ in a .gem file. - - def verify_entry entry - file_name = entry.full_name - @files << file_name - - case file_name - when /\.sig$/ then - @signatures[$`] = entry.read if @security_policy - return - else - digest entry - end - - case file_name - when /^metadata(.gz)?$/ then - load_spec entry - when 'data.tar.gz' then - verify_gz entry - end - rescue => e - message = "package is corrupt, exception while verifying: " + - "#{e.message} (#{e.class})" - raise Gem::Package::FormatError.new message, @gem - end - - ## # Verifies the files of the +gem+ def verify_files gem gem.each do |entry| - verify_entry entry + file_name = entry.full_name + @files << file_name + + case file_name + when /\.sig$/ then + @signatures[$`] = entry.read if @security_policy + next + else + digest entry + end + + case file_name + when /^metadata(.gz)?$/ then + load_spec entry + when 'data.tar.gz' then + verify_gz entry + end end unless @spec then |