kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* tool/downloader.rb: Removed verification of gem certification.

Browse source 
Because signed gem is not working on rubygems ecosystem.
* tool/gem-unpack.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
hsbt 2016-10-12 06:24:59 +00:00
parent 2db9a0db99
commit 2e5fffa7cf
3 changed files with 6 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Wed Oct 12 15:24:53 2016 SHIBATA Hiroshi <hsbt@ruby-lang.org>
* tool/downloader.rb: Removed verification of gem certification.
Because signed gem is not working on rubygems ecosystem.
* tool/gem-unpack.rb: ditto.
Tue Oct 11 22:08:24 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> Tue Oct 11 22:08:24 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* io.c (prep_io): fix typo of struct member name. * io.c (prep_io): fix typo of struct member name.

15
tool/downloader.rb
View file

@ -59,27 +59,12 @@ class Downloader
class RubyGems < self class RubyGems < self
def self.download(name, dir = nil, since = true, options = {}) def self.download(name, dir = nil, since = true, options = {})
require 'rubygems' require 'rubygems'
require 'rubygems/package'
verify = options.delete(:verify) {Gem::VERSION >= "2.4."} verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__))) options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
file = under(dir, name) file = under(dir, name)
super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
return false return false
return true unless verify return true unless verify
policy = Gem::Security::LowSecurity
(policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
pkg = Gem::Package.new(file)
pkg.security_policy = policy
begin
$stdout.puts "verifying #{name}"
pkg.verify
rescue Gem::Security::Exception => e
$stderr.puts "#{name}: #{e.message}"
File.unlink(file)
false
else
true
end
end end
end end

3
tool/gem-unpack.rb
View file

@ -5,10 +5,7 @@ require 'rubygems/package'
# unpack bundled gem files. # unpack bundled gem files.
def Gem.unpack(file, dir = nil) def Gem.unpack(file, dir = nil)
policy = Gem::Security::LowSecurity
(policy = policy.dup).ui = Gem::SilentUI.new
pkg = Gem::Package.new(file) pkg = Gem::Package.new(file)
pkg.security_policy = policy
spec = pkg.spec spec = pkg.spec
target = spec.full_name target = spec.full_name
target = File.join(dir, target) if dir target = File.join(dir, target) if dir