* tool/downloader.rb: Removed verification of gem certification.

Because signed gem is not working on rubygems ecosystem. * tool/gem-unpack.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-10-12 06:24:59 +00:00 · 2016-10-12 06:24:59 +00:00 · 2e5fffa7cf
commit 2e5fffa7cf
parent 2db9a0db99
3 changed files with 6 additions and 18 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Wed Oct 12 15:24:53 2016  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
+
+	* tool/downloader.rb: Removed verification of gem certification.
+	  Because signed gem is not working on rubygems ecosystem.
+	* tool/gem-unpack.rb: ditto.
+
 Tue Oct 11 22:08:24 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* io.c (prep_io): fix typo of struct member name.
--- a/tool/downloader.rb
+++ b/tool/downloader.rb
@ -59,27 +59,12 @@ class Downloader
  class RubyGems < self
    def self.download(name, dir = nil, since = true, options = {})
      require 'rubygems'
-      require 'rubygems/package'
      verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
      options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
      file = under(dir, name)
      super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
        return false
      return true unless verify
-      policy = Gem::Security::LowSecurity
-      (policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
-      pkg = Gem::Package.new(file)
-      pkg.security_policy = policy
-      begin
-        $stdout.puts "verifying #{name}"
-        pkg.verify
-      rescue Gem::Security::Exception => e
-        $stderr.puts "#{name}: #{e.message}"
-        File.unlink(file)
-        false
-      else
-        true
-      end
    end
  end

--- a/tool/gem-unpack.rb
+++ b/tool/gem-unpack.rb
@ -5,10 +5,7 @@ require 'rubygems/package'
 # unpack bundled gem files.

 def Gem.unpack(file, dir = nil)
-  policy = Gem::Security::LowSecurity
-  (policy = policy.dup).ui = Gem::SilentUI.new
  pkg = Gem::Package.new(file)
-  pkg.security_policy = policy
  spec = pkg.spec
  target = spec.full_name
  target = File.join(dir, target) if dir