diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rubygems.rb | 6 | ||||
-rw-r--r-- | lib/rubygems/package.rb | 8 | ||||
-rw-r--r-- | lib/rubygems/security/policy.rb | 20 |
3 files changed, 26 insertions, 8 deletions
diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 54f3fcca89..039d26c1fe 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -1,9 +1,9 @@ # -*- ruby -*- -# +#-- # Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others. # All rights reserved. # See LICENSE.txt for permissions. -# +#++ require 'rbconfig' @@ -109,6 +109,8 @@ require 'rubygems/errors' # Thanks! # # -The RubyGems Team + + module Gem RUBYGEMS_DIR = File.dirname File.expand_path(__FILE__) diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index c662da2a55..82abcd0c6f 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -277,9 +277,13 @@ EOM # the security policy. def digest entry # :nodoc: - return unless @checksums + algorithms = if @checksums then + @checksums.keys + else + [Gem::Security::DIGEST_NAME] + end - @checksums.each_key do |algorithm| + algorithms.each do |algorithm| digester = OpenSSL::Digest.new algorithm digester << entry.read(16384) until entry.eof? diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index c34b7605c3..d1539e4985 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -152,8 +152,8 @@ class Gem::Security::Policy end def inspect # :nodoc: - "[Policy: %s - data: %p signer: %p chain: %p root: %p " + - "signed-only: %p trusted-only: %p]" % [ + ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + + "signed-only: %p trusted-only: %p]") % [ @name, @verify_chain, @verify_data, @verify_root, @verify_signer, @only_signed, @only_trusted, ] @@ -177,11 +177,16 @@ class Gem::Security::Policy trust_dir = opt[:trust_dir] time = Time.now - signer_digests = digests.find do |algorithm, file_digests| + _, signer_digests = digests.find do |algorithm, file_digests| file_digests.values.first.name == Gem::Security::DIGEST_NAME end - signer_digests = digests.values.first || {} + if @verify_data then + raise Gem::Security::Exception, 'no digests provided (probable bug)' if + signer_digests.nil? or signer_digests.empty? + else + signer_digests = {} + end signer = chain.last @@ -195,6 +200,13 @@ class Gem::Security::Policy check_trust chain, digester, trust_dir if @only_trusted + signatures.each do |file, _| + digest = signer_digests[file] + + raise Gem::Security::Exception, "missing digest for #{file}" unless + digest + end + signer_digests.each do |file, digest| signature = signatures[file] |