downloader.rb: disable verify if rubygems is old

* tool/downloader.rb (Downloader::RubyGems.download): verify gems only if RubyGems is 2.4 or later. old RubyGems fails to verify almost all of bundled gems. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-05-18 07:04:55 +00:00 · 2016-05-18 07:04:55 +00:00 · 37beb43b55
commit 37beb43b55
parent b493d156de
2 changed files with 20 additions and 6 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Wed May 18 16:04:54 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* tool/downloader.rb (Downloader::RubyGems.download): verify gems
+	  only if RubyGems is 2.4 or later.  old RubyGems fails to verify
+	  almost all of bundled gems.
+
 Wed May 18 14:52:38 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* string.c (rb_str_modify_expand): check integer overflow.
--- a/tool/downloader.rb
+++ b/tool/downloader.rb
@ -57,27 +57,27 @@ class Downloader
    def self.download(name, dir = nil, since = true, options = {})
      require 'rubygems'
      require 'rubygems/package'
+      verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
      options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
      file = under(dir, name)
      super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
        return false
+      return true unless verify
      policy = Gem::Security::LowSecurity
      (policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
      pkg = Gem::Package.new(file)
      pkg.security_policy = policy
      begin
+        $stdout.puts "verifying #{name}"
        pkg.verify
      rescue Gem::Security::Exception => e
-        $stderr.puts e.message
+        $stderr.puts "#{name}: #{e.message}"
        File.unlink(file)
        false
      else
        true
      end
    end
-
-    def self.verify(pkg)
-    end
  end

  Gems = RubyGems
@ -134,6 +134,7 @@ class Downloader
  #   download 'http://www.unicode.org/Public/UCD/latest/ucd/UnicodeData.txt',
  #            'UnicodeData.txt', 'enc/unicode/data'
  def self.download(url, name, dir = nil, since = true, options = {})
+    options.delete(:verify)
    file = under(dir, name)
    if since.nil? and File.exist?(file)
      if $VERBOSE
@ -194,6 +195,10 @@ class Downloader
    raise "failed to download #{name}\n#{e.message}: #{url}"
  end

+  def self.verify(file)
+    true
+  end
+
  def self.under(dir, name)
    dir ? File.join(dir, File.basename(name)) : name
  end
@ -203,6 +208,7 @@ Downloader.https = https.freeze

 if $0 == __FILE__
  since = true
+  options = {}
  until ARGV.empty?
    case ARGV[0]
    when '-d'
@ -217,6 +223,8 @@ if $0 == __FILE__
      since = nil
    when '-a'
      since = false
+    when '-V'
+      options[:verify] = true
    when /\A-/
      abort "#{$0}: unknown option #{ARGV[0]}"
    else
@ -233,10 +241,10 @@ if $0 == __FILE__
    ARGV.shift
    ARGV.each do |name|
      name = "#{prefix}/#{File.basename(name)}" if prefix
-      dl.download(name, destdir, since)
+      dl.download(name, destdir, since, options)
    end
  else
    abort "usage: #{$0} url name" unless ARGV.size == 2
-    Downloader.download(ARGV[0], ARGV[1], destdir, since)
+    Downloader.download(ARGV[0], ARGV[1], destdir, since, options)
  end
 end