Revert r42938 "* lib/rubygems: Update to RubyGems 2.1.3"

It breaks build. http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20130913T200302Z.diff.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2013-09-14 08:59:02 +00:00 · 2013-09-14 08:59:02 +00:00 · 269503b544
commit 269503b544
parent 2614d9ba2f
110 changed files with 4928 additions and 3479 deletions
--- a/lib/rubygems/commands/cert_command.rb
+++ b/lib/rubygems/commands/cert_command.rb
@ -1,6 +1,11 @@
 require 'rubygems/command'
 require 'rubygems/security'
-require 'openssl'
+begin
+  require 'openssl'
+rescue LoadError => e
+  raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
+               e.message =~ / -- openssl$/
+end

 class Gem::Commands::CertCommand < Gem::Command

@ -21,7 +26,8 @@ class Gem::Commands::CertCommand < Gem::Command

    OptionParser.accept OpenSSL::PKey::RSA do |key_file|
      begin
-        key = OpenSSL::PKey::RSA.new File.read key_file
+        passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+        key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
      rescue Errno::ENOENT
        raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
      rescue OpenSSL::PKey::RSAError
@ -79,52 +85,67 @@ class Gem::Commands::CertCommand < Gem::Command
    end
  end

+  def add_certificate certificate # :nodoc:
+    Gem::Security.trust_dir.trust_cert certificate
+
+    say "Added '#{certificate.subject}'"
+  end
+
  def execute
    options[:add].each do |certificate|
-      Gem::Security.trust_dir.trust_cert certificate
-
-      say "Added '#{certificate.subject}'"
+      add_certificate certificate
    end

    options[:remove].each do |filter|
-      certificates_matching filter do |certificate, path|
-        FileUtils.rm path
-        say "Removed '#{certificate.subject}'"
-      end
+      remove_certificates_matching filter
    end

    options[:list].each do |filter|
-      certificates_matching filter do |certificate, _|
-        # this could probably be formatted more gracefully
-        say certificate.subject.to_s
-      end
+      list_certificates_matching filter
    end

    options[:build].each do |name|
      build name
    end

-    unless options[:sign].empty? then
-      load_default_cert unless options[:issuer_cert]
-      load_default_key  unless options[:key]
-    end
-
-    options[:sign].each do |cert_file|
-      sign cert_file
-    end
+    sign_certificates unless options[:sign].empty?
  end

  def build name
-    key = options[:key] || Gem::Security.create_key
-
-    cert = Gem::Security.create_cert_email name, key
-
-    key_path  = Gem::Security.write key, "gem-private_key.pem"
-    cert_path = Gem::Security.write cert, "gem-public_cert.pem"
+    key, key_path = build_key
+    cert_path = build_cert name, key

    say "Certificate: #{cert_path}"
-    say "Private Key: #{key_path}"
-    say "Don't forget to move the key file to somewhere private!"
+
+    if key_path
+      say "Private Key: #{key_path}"
+      say "Don't forget to move the key file to somewhere private!"
+    end
+  end
+
+  def build_cert name, key # :nodoc:
+    cert = Gem::Security.create_cert_email name, key
+    Gem::Security.write cert, "gem-public_cert.pem"
+  end
+
+  def build_key # :nodoc:
+    if options[:key] then
+      options[:key]
+    else
+      passphrase = ask_for_password 'Passphrase for your Private Key:'
+      say "\n"
+
+      passphrase_confirmation = ask_for_password 'Please repeat the passphrase for your Private Key:'
+      say "\n"
+
+      raise Gem::CommandLineError,
+            "Passphrase and passphrase confirmation don't match" unless passphrase == passphrase_confirmation
+
+      key      = Gem::Security.create_key
+      key_path = Gem::Security.write key, "gem-private_key.pem", 0600, passphrase
+
+      return key, key_path
+    end
  end

  def certificates_matching filter
@ -179,6 +200,13 @@ For further reading on signing gems see `ri Gem::Security`.
    EOF
  end

+  def list_certificates_matching filter # :nodoc:
+    certificates_matching filter do |certificate, _|
+      # this could probably be formatted more gracefully
+      say certificate.subject.to_s
+    end
+  end
+
  def load_default_cert
    cert_file = File.join Gem.default_cert_path
    cert = File.read cert_file
@ -198,7 +226,8 @@ For further reading on signing gems see `ri Gem::Security`.
  def load_default_key
    key_file = File.join Gem.default_key_path
    key = File.read key_file
-    options[:key] = OpenSSL::PKey::RSA.new key
+    passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+    options[:key] = OpenSSL::PKey::RSA.new key, passphrase
  rescue Errno::ENOENT
    alert_error \
      "--private-key not specified and ~/.gem/gem-private_key.pem does not exist"
@ -211,6 +240,18 @@ For further reading on signing gems see `ri Gem::Security`.
    terminate_interaction 1
  end

+  def load_defaults # :nodoc:
+    load_default_cert unless options[:issuer_cert]
+    load_default_key  unless options[:key]
+  end
+
+  def remove_certificates_matching filter # :nodoc:
+    certificates_matching filter do |certificate, path|
+      FileUtils.rm path
+      say "Removed '#{certificate.subject}'"
+    end
+  end
+
  def sign cert_file
    cert = File.read cert_file
    cert = OpenSSL::X509::Certificate.new cert
@ -225,5 +266,13 @@ For further reading on signing gems see `ri Gem::Security`.
    Gem::Security.write cert, cert_file, permissions
  end

-end
+  def sign_certificates # :nodoc:
+    load_defaults unless options[:sign].empty?
+
+    options[:sign].each do |cert_file|
+      sign cert_file
+    end
+  end
+
+end if defined?(OpenSSL::SSL)