[rubygems/rubygems] Simplify digest name selection and use SHA256

The previous commit introduces the Gem::Security.create_digest method, allowing to: - decouple algorithm choice from implementation (OpenSSL or Ruby built-in) - untangle the SHA512 fallback for TarWriter from the generic hashing digest choice (undoing commit 9471f8ed2bdc12248d2619bbbce6e53cd6c16cb6) https://github.com/rubygems/rubygems/commit/1bc03231e4
Merged: https://github.com/ruby/ruby/pull/3379
2022-11-09 12:17:21 -05:00 · 2020-06-29 18:31:15 -04:00 · 2020-06-29 18:31:15 -04:00 · 734c5276f0 · 2020-07-31 21:08:28 +09:00
commit 734c5276f0
parent 8161cf85ba
2 changed files with 2 additions and 11 deletions
--- a/lib/rubygems/package/tar_writer.rb
+++ b/lib/rubygems/package/tar_writer.rb
@ -4,8 +4,6 @@
 # See LICENSE.txt for additional licensing information.
 #++
 require 'digest'
 ##
 # Allows writing of tar files
@ -168,7 +166,7 @@ class Gem::Package::TarWriter
  def add_file_signed(name, mode, signer)
    digest_algorithms = [
      signer.digest_algorithm,
-      Digest::SHA512.new,
+      Gem::Security.create_digest('SHA512'),
    ].compact.uniq
    digests = add_file_digest name, mode, digest_algorithms do |io|
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@ -341,14 +341,7 @@ module Gem::Security
  ##
  # Used internally to select the signing digest from all computed digests
-  DIGEST_NAME = # :nodoc:
+  DIGEST_NAME = 'SHA256' # :nodoc:
    if defined?(OpenSSL::Digest::SHA256)
      'SHA256'
    elsif defined?(OpenSSL::Digest::SHA1)
      'SHA1'
    else
      'SHA512'
    end
  ##
  # Algorithm for creating the key pair used to sign gems