ruby-changes:27176
From: drbrain <ko1@a...>
Date: Thu, 14 Feb 2013 07:04:48 +0900 (JST)
Subject: [ruby-changes:27176] drbrain:r39227 (ruby_2_0_0): * Backport part of r39166 from trunk [ruby-trunk - Bug #7809]
drbrain 2013-02-14 07:02:42 +0900 (Thu, 14 Feb 2013) New Revision: 39227 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=39227 Log: * Backport part of r39166 from trunk [ruby-trunk - Bug #7809] * lib/rubygems/package.rb: Include checksums.yaml.gz signatures for verification. * test/rubygems/test_gem_package.rb: Test for the above. Modified files: branches/ruby_2_0_0/ChangeLog branches/ruby_2_0_0/lib/rubygems/package.rb branches/ruby_2_0_0/test/rubygems/test_gem_package.rb Index: ruby_2_0_0/ChangeLog =================================================================== --- ruby_2_0_0/ChangeLog (revision 39226) +++ ruby_2_0_0/ChangeLog (revision 39227) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1 +Thu Feb 14 07:01:12 2013 Eric Hodel <drbrain@s...> + + * Backport part of r39166 from trunk [ruby-trunk - Bug #7809] + + * lib/rubygems/package.rb: Include checksums.yaml.gz signatures for + verification. + * test/rubygems/test_gem_package.rb: Test for the above. + Wed Feb 13 15:34:21 2013 NARUSE, Yui <naruse@r...> * ext/json: merge JSON 1.7.7. Index: ruby_2_0_0/lib/rubygems/package.rb =================================================================== --- ruby_2_0_0/lib/rubygems/package.rb (revision 39226) +++ ruby_2_0_0/lib/rubygems/package.rb (revision 39227) @@ -518,8 +518,6 @@ EOM https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/lib/rubygems/package.rb#L518 when /\.sig$/ then @signatures[$`] = entry.read if @security_policy next - when 'checksums.yaml.gz' then - next # already handled else digest entry end Index: ruby_2_0_0/test/rubygems/test_gem_package.rb =================================================================== --- ruby_2_0_0/test/rubygems/test_gem_package.rb (revision 39226) +++ ruby_2_0_0/test/rubygems/test_gem_package.rb (revision 39227) @@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::Tar https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/rubygems/test_gem_package.rb#L511 assert_empty package.instance_variable_get(:@files), '@files must empty' end + def test_verify_security_policy_low_security + @spec.cert_chain = [PUBLIC_CERT.to_pem] + @spec.signing_key = PRIVATE_KEY + + FileUtils.mkdir_p 'lib' + FileUtils.touch 'lib/code.rb' + + build = Gem::Package.new @gem + build.spec = @spec + + build.build + + package = Gem::Package.new @gem + package.security_policy = Gem::Security::LowSecurity + + assert package.verify + end + def test_verify_security_policy_checksum_missing @spec.cert_chain = [PUBLIC_CERT.to_pem] @spec.signing_key = PRIVATE_KEY -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/