From 7a88ad0a42dffdbbcaf0192635ab64c636294cf6 Mon Sep 17 00:00:00 2001 From: drbrain Date: Tue, 5 Mar 2013 22:40:53 +0000 Subject: * lib/rubygems/commands/query_command.rb: Only fetch remote specs when showing details. [ruby-trunk - Bug #8019] RubyGems bug #487 * lib/rubygems/remote_fetcher.rb: ditto. * lib/rubygems/security/policy.rb: ditto. * test/rubygems/test_gem_commands_query_command.rb: Test for the above. * lib/rubygems/security.rb: Make OpenSSL optional for RubyGems. * lib/rubygems/commands/cert_command.rb: ditto. * lib/rubygems/config_file.rb: Display file with YAML error, not ~/.gemrc * lib/rubygems/remote_fetcher.rb: Only create gem subdirectories when installing gems. * lib/rubygems/dependency_resolver.rb: ditto. * lib/rubygems/test_utilities.rb: ditto. * test/rubygems/test_gem_commands_fetch_command.rb: Test for the above. * lib/rubygems/spec_fetcher.rb: Only try to upgrade http://rubygems.org to HTTPS * test/rubygems/test_gem_spec_fetcher.rb: Test for the above. * lib/rubygems.rb: Update win_platform? check for JRuby compatibility. * test/rubygems/test_gem_installer.rb: Update for Ruby 1.9.2 compatibility git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 31 ++++++++++++++++++++++++ lib/rubygems.rb | 3 ++- lib/rubygems/commands/cert_command.rb | 1 + lib/rubygems/commands/query_command.rb | 14 +++++------ lib/rubygems/config_file.rb | 6 ++--- lib/rubygems/dependency_resolver.rb | 2 ++ lib/rubygems/remote_fetcher.rb | 11 ++++++--- lib/rubygems/security.rb | 22 ++++++++++++++++- lib/rubygems/security/policy.rb | 2 ++ lib/rubygems/spec_fetcher.rb | 6 ++++- lib/rubygems/test_utilities.rb | 2 -- test/rubygems/test_gem_commands_fetch_command.rb | 4 +++ test/rubygems/test_gem_commands_query_command.rb | 16 ++++++++++++ test/rubygems/test_gem_installer.rb | 4 ++- test/rubygems/test_gem_spec_fetcher.rb | 25 ++++++++++++++++--- 15 files changed, 126 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9547a499d6..5007bed640 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,34 @@ +Wed Mar 6 07:40:21 2013 Eric Hodel + + * lib/rubygems/commands/query_command.rb: Only fetch remote specs when + showing details. [ruby-trunk - Bug #8019] RubyGems bug #487 + * lib/rubygems/remote_fetcher.rb: ditto. + * lib/rubygems/security/policy.rb: ditto. + * test/rubygems/test_gem_commands_query_command.rb: Test for the + above. + + * lib/rubygems/security.rb: Make OpenSSL optional for RubyGems. + * lib/rubygems/commands/cert_command.rb: ditto. + + * lib/rubygems/config_file.rb: Display file with YAML error, not + ~/.gemrc + + * lib/rubygems/remote_fetcher.rb: Only create gem subdirectories when + installing gems. + * lib/rubygems/dependency_resolver.rb: ditto. + * lib/rubygems/test_utilities.rb: ditto. + * test/rubygems/test_gem_commands_fetch_command.rb: Test for the + above. + + * lib/rubygems/spec_fetcher.rb: Only try to upgrade + http://rubygems.org to HTTPS + * test/rubygems/test_gem_spec_fetcher.rb: Test for the above. + + * lib/rubygems.rb: Update win_platform? check for JRuby compatibility. + + * test/rubygems/test_gem_installer.rb: Update for Ruby 1.9.2 + compatibility + Wed Mar 6 01:19:28 2013 Kazuhiro NISHIYAMA * enumerator.c (enumerator_with_index, lazy_take): use INT2FIX(0) diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 226ff69db5..ac992d09d6 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -895,7 +895,8 @@ module Gem def self.win_platform? if @@win_platform.nil? then - @@win_platform = !!WIN_PATTERNS.find { |r| RUBY_PLATFORM =~ r } + ruby_platform = RbConfig::CONFIG['host_os'] + @@win_platform = !!WIN_PATTERNS.find { |r| ruby_platform =~ r } end @@win_platform diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb index 371ab403c6..13e5e2c37c 100644 --- a/lib/rubygems/commands/cert_command.rb +++ b/lib/rubygems/commands/cert_command.rb @@ -1,5 +1,6 @@ require 'rubygems/command' require 'rubygems/security' +require 'openssl' class Gem::Commands::CertCommand < Gem::Command diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb index 0ae7924564..7bda7383e2 100644 --- a/lib/rubygems/commands/query_command.rb +++ b/lib/rubygems/commands/query_command.rb @@ -192,9 +192,13 @@ class Gem::Commands::QueryCommand < Gem::Command end end - def entry_details entry, spec, specs, platforms + def entry_details entry, detail_tuple, specs, platforms return unless options[:details] + name_tuple, spec = detail_tuple + + spec = spec.fetch_spec name_tuple unless Gem::Specification === spec + entry << "\n" spec_platforms entry, platforms @@ -228,19 +232,15 @@ class Gem::Commands::QueryCommand < Gem::Command def make_entry entry_tuples, platforms detail_tuple = entry_tuples.first - name_tuple, latest_spec = detail_tuple - - latest_spec = latest_spec.fetch_spec name_tuple unless - Gem::Specification === latest_spec name_tuples, specs = entry_tuples.flatten.partition do |item| Gem::NameTuple === item end - entry = [latest_spec.name] + entry = [name_tuples.first.name] entry_versions entry, name_tuples, platforms - entry_details entry, latest_spec, specs, platforms + entry_details entry, detail_tuple, specs, platforms entry.join end diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb index 8d86dc5a3f..244e845e6f 100644 --- a/lib/rubygems/config_file.rb +++ b/lib/rubygems/config_file.rb @@ -317,14 +317,14 @@ if you believe they were disclosed to a third party. begin content = YAML.load(File.read(filename)) unless content.kind_of? Hash - warn "Failed to load #{config_file_name} because it doesn't contain valid YAML hash" + warn "Failed to load #{filename} because it doesn't contain valid YAML hash" return {} end return content rescue ArgumentError - warn "Failed to load #{config_file_name}" + warn "Failed to load #{filename}" rescue Errno::EACCES - warn "Failed to load #{config_file_name} due to permissions problem." + warn "Failed to load #{filename} due to permissions problem." end {} diff --git a/lib/rubygems/dependency_resolver.rb b/lib/rubygems/dependency_resolver.rb index 2c651aff2e..e8b620f356 100644 --- a/lib/rubygems/dependency_resolver.rb +++ b/lib/rubygems/dependency_resolver.rb @@ -406,6 +406,8 @@ module Gem source = Gem.sources.first end + Gem.ensure_gem_subdirectories path + source.download full_spec, path end diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb index cc3d3cf860..ec052b50da 100644 --- a/lib/rubygems/remote_fetcher.rb +++ b/lib/rubygems/remote_fetcher.rb @@ -127,8 +127,6 @@ class Gem::RemoteFetcher # always replaced. def download(spec, source_uri, install_dir = Gem.dir) - Gem.ensure_gem_subdirectories(install_dir) rescue nil - cache_dir = if Dir.pwd == install_dir then # see fetch_command install_dir @@ -403,7 +401,8 @@ class Gem::RemoteFetcher connection.start unless connection.started? connection - rescue OpenSSL::SSL::SSLError, Errno::EHOSTDOWN => e + rescue defined?(OpenSSL::SSL) ? OpenSSL::SSL::SSLError : Errno::EHOSTDOWN, + Errno::EHOSTDOWN => e raise FetchError.new(e.message, uri) end @@ -424,6 +423,12 @@ class Gem::RemoteFetcher add_rubygems_trusted_certs(store) end connection.cert_store = store + rescue LoadError => e + raise unless (e.respond_to?(:path) && e.path == 'openssl') || + e.message =~ / -- openssl$/ + + raise Gem::Exception.new( + 'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources') end def add_rubygems_trusted_certs(store) diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 2485729488..bed47ab9f3 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -5,9 +5,29 @@ #++ require 'rubygems/exceptions' -require 'openssl' require 'fileutils' +begin + require 'openssl' +rescue LoadError => e + raise unless (e.respond_to?(:path) && e.path == 'openssl') || + e.message =~ / -- openssl$/ + + module OpenSSL # :nodoc: + class Digest # :nodoc: + class SHA1 # :nodoc: + def name + 'SHA1' + end + end + end + module PKey # :nodoc: + class RSA # :nodoc: + end + end + end +end + ## # = Signing gems # diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index f3e4568117..467ee932b5 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -20,6 +20,8 @@ class Gem::Security::Policy # options. def initialize name, policy = {}, opt = {} + require 'openssl' + @name = name @opt = opt diff --git a/lib/rubygems/spec_fetcher.rb b/lib/rubygems/spec_fetcher.rb index aeed37ba5e..62613f7a51 100644 --- a/lib/rubygems/spec_fetcher.rb +++ b/lib/rubygems/spec_fetcher.rb @@ -228,10 +228,14 @@ class Gem::SpecFetcher end end + ## + # Attempts to upgrade +source+ to HTTPS if it is for http://rubygems.org + def upgrade_http_source source uri = source.uri - return source unless uri.scheme.downcase == 'http' + return source unless uri.scheme.downcase == 'http' && + uri.host.downcase == 'rubygems.org' https_uri = uri.dup https_uri.scheme = 'https' diff --git a/lib/rubygems/test_utilities.rb b/lib/rubygems/test_utilities.rb index 3da0b4ebc2..cf96fca43a 100644 --- a/lib/rubygems/test_utilities.rb +++ b/lib/rubygems/test_utilities.rb @@ -121,8 +121,6 @@ class Gem::FakeFetcher path = File.join path, name - Gem.ensure_gem_subdirectories install_dir - if source_uri =~ /^http/ then File.open(path, "wb") do |f| f.write fetch_path(File.join(source_uri, "gems", name)) diff --git a/test/rubygems/test_gem_commands_fetch_command.rb b/test/rubygems/test_gem_commands_fetch_command.rb index 561075aac5..924f4c44e7 100644 --- a/test/rubygems/test_gem_commands_fetch_command.rb +++ b/test/rubygems/test_gem_commands_fetch_command.rb @@ -18,6 +18,8 @@ class TestGemCommandsFetchCommand < Gem::TestCase @fetcher.data["#{@gem_repo}gems/#{@a2.file_name}"] = File.read(@a2.cache_file) + refute_path_exists File.join(@tempdir, 'cache'), 'sanity check' + @cmd.options[:args] = [@a2.name] use_ui @ui do @@ -28,6 +30,8 @@ class TestGemCommandsFetchCommand < Gem::TestCase assert_path_exists(File.join(@tempdir, @a2.file_name), "#{@a2.full_name} not fetched") + refute_path_exists File.join(@tempdir, 'cache'), + 'gem repository directories must not be created' end def test_execute_prerelease diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb index c14fbc0099..b79d13d270 100644 --- a/test/rubygems/test_gem_commands_query_command.rb +++ b/test/rubygems/test_gem_commands_query_command.rb @@ -430,5 +430,21 @@ pl \(1\) assert_equal expected, @ui.output end + def test_make_entry + @fetcher.data.delete \ + "#{@gem_repo}quick/Marshal.#{Gem.marshal_version}/#{@a2.original_name}.gemspec.rz" + + entry_tuples = [ + [Gem::NameTuple.new(@a2.name, @a2.version, @a2.platform), + Gem.sources.first], + ] + + platforms = { @a2.version => [@a2.platform] } + + entry = @cmd.send :make_entry, entry_tuples, platforms + + assert_equal 'a (2)', entry + end + end diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb index 3f3d4c5a00..0f9bfefd0e 100644 --- a/test/rubygems/test_gem_installer.rb +++ b/test/rubygems/test_gem_installer.rb @@ -1060,7 +1060,9 @@ gem 'other', version end def test_install_extension_flat - skip '1.8 mkmf.rb does not create TOUCH' if RUBY_VERSION < '1.9' + skip '1.9.2 and earlier mkmf.rb does not create TOUCH' if + RUBY_VERSION < '1.9.3' + @spec.require_paths = ["."] @spec.extensions << "extconf.rb" diff --git a/test/rubygems/test_gem_spec_fetcher.rb b/test/rubygems/test_gem_spec_fetcher.rb index ac48edde96..ea1190c2d8 100644 --- a/test/rubygems/test_gem_spec_fetcher.rb +++ b/test/rubygems/test_gem_spec_fetcher.rb @@ -253,19 +253,36 @@ class TestGemSpecFetcher < Gem::TestCase assert_equal URI('http://example'), same_source.uri - @fetcher.data['https://example/'] = 'hello' + assert_empty @ui.output + assert_empty @ui.error + end + + def test_upgrade_http_source_rubygems + Gem.configuration.verbose = :really + + source = Gem::Source.new URI 'http://rubygems.org' + same_source = nil + https_source = nil + + use_ui @ui do + same_source = @sf.upgrade_http_source source + end + + assert_equal URI('http://rubygems.org'), same_source.uri + + @fetcher.data['https://rubygems.org/'] = 'hello' use_ui @ui do https_source = @sf.upgrade_http_source source end - assert_equal URI('https://example'), https_source.uri + assert_equal URI('https://rubygems.org'), https_source.uri assert_empty @ui.error expected = <<-EXPECTED -Upgrading http://example to HTTPS failed, continuing -Upgraded http://example to HTTPS +Upgrading http://rubygems.org to HTTPS failed, continuing +Upgraded http://rubygems.org to HTTPS EXPECTED assert_equal expected, @ui.output -- cgit v1.2.3