1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
ruby--ruby/tool/downloader.rb
nobu 37beb43b55 downloader.rb: disable verify if rubygems is old
* tool/downloader.rb (Downloader::RubyGems.download): verify gems
  only if RubyGems is 2.4 or later.  old RubyGems fails to verify
  almost all of bundled gems.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 07:04:55 +00:00

250 lines
6.7 KiB
Ruby

require 'open-uri'
begin
require 'net/https'
rescue LoadError
https = 'http'
else
https = 'https'
# open-uri of ruby 2.2.0 accept an array of PEMs as ssl_ca_cert, but old
# versions are not. so, patching OpenSSL::X509::Store#add_file instead.
class OpenSSL::X509::Store
alias orig_add_file add_file
def add_file(pems)
Array(pems).each do |pem|
if File.directory?(pem)
add_path pem
else
orig_add_file pem
end
end
end
end
# since open-uri internally checks ssl_ca_cert using File.directory?,
# allow to accept an array.
class <<File
alias orig_directory? directory?
def File.directory? files
files.is_a?(Array) ? false : orig_directory?(files)
end
end
end
class Downloader
def self.https=(https)
@@https = https
end
def self.https?
@@https == 'https'
end
def self.https
@@https
end
class GNU < self
def self.download(name, *rest)
if https?
super("https://raw.githubusercontent.com/gcc-mirror/gcc/master/#{name}", name, *rest)
else
super("https://repo.or.cz/official-gcc.git/blob_plain/HEAD:/#{name}", name, *rest)
end
end
end
class RubyGems < self
def self.download(name, dir = nil, since = true, options = {})
require 'rubygems'
require 'rubygems/package'
verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
file = under(dir, name)
super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
return false
return true unless verify
policy = Gem::Security::LowSecurity
(policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
pkg = Gem::Package.new(file)
pkg.security_policy = policy
begin
$stdout.puts "verifying #{name}"
pkg.verify
rescue Gem::Security::Exception => e
$stderr.puts "#{name}: #{e.message}"
File.unlink(file)
false
else
true
end
end
end
Gems = RubyGems
class Unicode < self
def self.download(name, *rest)
super("http://www.unicode.org/Public/#{name}", name, *rest)
end
end
def self.mode_for(data)
/\A#!/ =~ data ? 0755 : 0644
end
def self.http_options(file, since)
options = {}
if since
case since
when true
since = (File.mtime(file).httpdate rescue nil)
when Time
since = since.httpdate
end
if since
options['If-Modified-Since'] = since
end
end
options['Accept-Encoding'] = '*' # to disable Net::HTTP::GenericRequest#decode_content
options
end
# Downloader.download(url, name, [dir, [since]])
#
# Update a file from url if newer version is available.
# Creates the file if the file doesn't yet exist; however, the
# directory where the file is being created has to exist already.
# The +since+ parameter can take the following values, with associated meanings:
# true ::
# Take the last-modified time of the current file on disk, and only download
# if the server has a file that was modified later. Download unconditionally
# if we don't have the file yet. Default.
# +some time value+ ::
# Use this time value instead of the time of modification of the file on disk.
# nil ::
# Only download the file if it doesn't exist yet.
# false ::
# always download url regardless of whether we already have a file,
# and regardless of modification times. (This is essentially just a waste of
# network resources, except in the case that the file we have is somehow damaged.
# Please note that using this recurringly might create or be seen as a
# denial of service attack.)
#
# Example usage:
# download 'http://www.unicode.org/Public/UCD/latest/ucd/UnicodeData.txt',
# 'UnicodeData.txt', 'enc/unicode/data'
def self.download(url, name, dir = nil, since = true, options = {})
options.delete(:verify)
file = under(dir, name)
if since.nil? and File.exist?(file)
if $VERBOSE
$stdout.puts "#{name} already exists"
$stdout.flush
end
return true
end
if !https? and url.start_with?("https:")
warn "*** using http instead of https ***"
url = url.sub(/\Ahttps/, 'http')
end
url = URI(url)
if $VERBOSE
$stdout.print "downloading #{name} ... "
$stdout.flush
end
begin
data = url.read(options.merge(http_options(file, since.nil? ? true : since)))
rescue OpenURI::HTTPError => http_error
if http_error.message =~ /^304 / # 304 Not Modified
if $VERBOSE
$stdout.puts "#{name} not modified"
$stdout.flush
end
return true
end
raise
rescue Timeout::Error
if since.nil? and File.exist?(file)
puts "Request for #{url} timed out, using old version."
return true
end
raise
rescue SocketError
if since.nil? and File.exist?(file)
puts "No network connection, unable to download #{url}, using old version."
return true
end
raise
end
mtime = nil
open(file, "wb", 0600) do |f|
f.write(data)
f.chmod(mode_for(data))
mtime = data.meta["last-modified"]
end
if mtime
mtime = Time.httpdate(mtime)
File.utime(mtime, mtime, file)
end
if $VERBOSE
$stdout.puts "done"
$stdout.flush
end
true
rescue => e
raise "failed to download #{name}\n#{e.message}: #{url}"
end
def self.verify(file)
true
end
def self.under(dir, name)
dir ? File.join(dir, File.basename(name)) : name
end
end
Downloader.https = https.freeze
if $0 == __FILE__
since = true
options = {}
until ARGV.empty?
case ARGV[0]
when '-d'
destdir = ARGV[1]
ARGV.shift
when '-p'
# strip directory names from the name to download, and add the
# prefix instead.
prefix = ARGV[1]
ARGV.shift
when '-e'
since = nil
when '-a'
since = false
when '-V'
options[:verify] = true
when /\A-/
abort "#{$0}: unknown option #{ARGV[0]}"
else
break
end
ARGV.shift
end
dl = Downloader.constants.find do |name|
ARGV[0].casecmp(name.to_s) == 0
end unless ARGV.empty?
$VERBOSE = true
if dl
dl = Downloader.const_get(dl)
ARGV.shift
ARGV.each do |name|
name = "#{prefix}/#{File.basename(name)}" if prefix
dl.download(name, destdir, since, options)
end
else
abort "usage: #{$0} url name" unless ARGV.size == 2
Downloader.download(ARGV[0], ARGV[1], destdir, since, options)
end
end