* lib/rubygems/package/old.rb: Fix behavior only on ruby 1.8.

* lib/rubygems/package.rb: Include checksums.yaml.gz signatures for verification. * test/rubygems/test_gem_package.rb: Test for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39166 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2013-02-09 00:24:55 +00:00 · 2013-02-09 00:24:55 +00:00 · 7f046c653c
commit 7f046c653c
parent 35a5e37649
4 changed files with 31 additions and 6 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+Sat Feb  9 09:24:38 2013  Eric Hodel  <drbrain@segment7.net>
+
+	* lib/rubygems/package/old.rb:  Fix behavior only on ruby 1.8.
+
+	* lib/rubygems/package.rb:  Include checksums.yaml.gz signatures for
+	  verification.
+	* test/rubygems/test_gem_package.rb:  Test for the above.
+
 Sat Feb  9 01:23:24 2013  Tanaka Akira  <akr@fsij.org>

 	* test/fiddle/helper.rb: specify libc and libm locations for MirOS BSD.
--- a/lib/rubygems/package.rb
+++ b/lib/rubygems/package.rb
@ -518,8 +518,6 @@ EOM
      when /\.sig$/ then
        @signatures[$`] = entry.read if @security_policy
        next
-      when 'checksums.yaml.gz' then
-        next # already handled
      else
        digest entry
      end
--- a/lib/rubygems/package/old.rb
+++ b/lib/rubygems/package/old.rb
@ -23,9 +23,10 @@ class Gem::Package::Old < Gem::Package
    require 'zlib'
    Gem.load_yaml

-    @gem      = gem
-    @contents = nil
-    @spec     = nil
+    @contents        = nil
+    @gem             = gem
+    @security_policy = nil
+    @spec            = nil
  end

  ##
@ -142,7 +143,7 @@ class Gem::Package::Old < Gem::Package
      end
    end

-    yaml_error = if RUBY_VERSION < '1.8' then
+    yaml_error = if RUBY_VERSION < '1.9' then
                   YAML::ParseError
                 elsif YAML::ENGINE.yamler == 'syck' then
                   YAML::ParseError
--- a/test/rubygems/test_gem_package.rb
+++ b/test/rubygems/test_gem_package.rb
@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::TarTestCase
    assert_empty package.instance_variable_get(:@files), '@files must empty'
  end

+  def test_verify_security_policy_low_security
+    @spec.cert_chain = [PUBLIC_CERT.to_pem]
+    @spec.signing_key = PRIVATE_KEY
+
+    FileUtils.mkdir_p 'lib'
+    FileUtils.touch 'lib/code.rb'
+
+    build = Gem::Package.new @gem
+    build.spec = @spec
+
+    build.build
+
+    package = Gem::Package.new @gem
+    package.security_policy = Gem::Security::LowSecurity
+
+    assert package.verify
+  end
+
  def test_verify_security_policy_checksum_missing
    @spec.cert_chain = [PUBLIC_CERT.to_pem]
    @spec.signing_key = PRIVATE_KEY