ruby-changes:44452
From: hsbt <ko1@a...>
Date: Sun, 30 Oct 2016 15:32:56 +0900 (JST)
Subject: [ruby-changes:44452] hsbt:r56525 (trunk): * lib/rubygems.rb, lib/rubygems/*, test/rubygems/*: Update
hsbt 2016-10-30 15:32:48 +0900 (Sun, 30 Oct 2016) New Revision: 56525 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56525 Log: * lib/rubygems.rb, lib/rubygems/*, test/rubygems/*: Update rubygems to 2.6.8. Release note of 2.6.8: https://github.com/rubygems/rubygems/commit/9fb8880976f5ab998912898b091d88aa10eb1d4a Added files: trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb Modified files: trunk/ChangeLog trunk/lib/rubygems/dependency.rb trunk/lib/rubygems/request.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb trunk/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb trunk/lib/rubygems/specification.rb trunk/lib/rubygems.rb trunk/test/rubygems/test_gem_request.rb trunk/test/rubygems/test_gem_specification.rb Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb (revision 56525) @@ -182,6 +182,13 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb#L182 add_edge_no_circular(origin, destination, requirement) end + # Deletes an {Edge} from the dependency graph + # @param [Edge] edge + # @return [Void] + def delete_edge(edge) + log.delete_edge(self, edge.origin.name, edge.destination.name, edge.requirement) + end + # Sets the payload of the vertex with the given name # @param [String] name the name of the vertex # @param [Object] payload the payload Index: lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb (revision 56525) @@ -356,10 +356,14 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb#L356 # @return [void] def fixup_swapped_children(vertex) payload = vertex.payload - dep_names = dependencies_for(payload).map(&method(:name_for)) - vertex.successors.each do |succ| - if !dep_names.include?(succ.name) && !succ.root? && succ.predecessors.to_a == [vertex] + deps = dependencies_for(payload).group_by(&method(:name_for)) + vertex.outgoing_edges.each do |outgoing_edge| + @parent_of[outgoing_edge.requirement] = states.size - 1 + succ = outgoing_edge.destination + matching_deps = Array(deps[succ.name]) + if matching_deps.empty? && !succ.root? && succ.predecessors.to_a == [vertex] debug(depth) { "Removing orphaned spec #{succ.name} after swapping #{name}" } + succ.requirements.each { |r| @parent_of.delete(r) } activated.detach_vertex_named(succ.name) all_successor_names = succ.recursive_successors.map(&:name) @@ -368,7 +372,11 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb#L372 requirement_name = name_for(requirement) (requirement_name == succ.name) || all_successor_names.include?(requirement_name) end + elsif !matching_deps.include?(outgoing_edge.requirement) + activated.delete_edge(outgoing_edge) + requirements.delete(outgoing_edge.requirement) end + matching_deps.delete(outgoing_edge.requirement) end end Index: lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb (revision 56525) @@ -1,5 +1,5 @@ https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb#L1 # frozen_string_literal: true module Gem::Resolver::Molinillo # The version of Gem::Resolver::Molinillo. - VERSION = '0.5.1'.freeze + VERSION = '0.5.3'.freeze end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb (revision 56525) @@ -1,6 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb#L1 # frozen_string_literal: true require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular' require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex' +require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge' require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named' require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload' require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag' @@ -40,6 +41,16 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb#L41 push_action(graph, AddEdgeNoCircular.new(origin, destination, requirement)) end + # {include:DependencyGraph#delete_edge} + # @param [Graph] graph the graph to perform the action on + # @param [String] origin_name + # @param [String] destination_name + # @param [Object] requirement + # @return (see DependencyGraph#delete_edge) + def delete_edge(graph, origin_name, destination_name, requirement) + push_action(graph, DeleteEdge.new(origin_name, destination_name, requirement)) + end + # @macro action def set_payload(graph, name, payload) push_action(graph, SetPayload.new(name, payload)) @@ -92,7 +103,7 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb#L103 loop do action = pop!(graph) raise "No tag #{tag.inspect} found" unless action - break if action.class.name == :tag && action.tag == tag + break if action.class.action_name == :tag && action.tag == tag end end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb (revision 56525) @@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb#L7 class SetPayload < Action # :nodoc: # @!group Action - # (see Action.name) - def self.name + # (see Action.action_name) + def self.action_name :set_payload end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb (revision 56525) @@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb#L7 class AddVertex < Action # :nodoc: # @!group Action - # (see Action.name) - def self.name + # (see Action.action_name) + def self.action_name :add_vertex end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb (revision 0) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb (revision 56525) @@ -0,0 +1,62 @@ https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb#L1 +# frozen_string_literal: true +require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action' +module Gem::Resolver::Molinillo + class DependencyGraph + # @!visibility private + # (see DependencyGraph#delete_edge) + class DeleteEdge < Action + # @!group Action + + # (see Action.action_name) + def self.action_name + :delete_edge + end + + # (see Action#up) + def up(graph) + edge = make_edge(graph) + edge.origin.outgoing_edges.delete(edge) + edge.destination.incoming_edges.delete(edge) + end + + # (see Action#down) + def down(graph) + edge = make_edge(graph) + edge.origin.outgoing_edges << edge + edge.destination.incoming_edges << edge + edge + end + + # @!group DeleteEdge + + # @return [String] the name of the origin of the edge + attr_reader :origin_name + + # @return [String] the name of the destination of the edge + attr_reader :destination_name + + # @return [Object] the requirement that the edge represents + attr_reader :requirement + + # @param [DependencyGraph] graph the graph to find vertices from + # @return [Edge] The edge this action adds + def make_edge(graph) + Edge.new( + graph.vertex_named(origin_name), + graph.vertex_named(destination_name), + requirement + ) + end + + # Initialize an action to add an edge to a dependency graph + # @param [String] origin_name the name of the origin of the edge + # @param [String] destination_name the name of the destination of the edge + # @param [Object] requirement the requirement that the edge represents + def initialize(origin_name, destination_name, requirement) + @origin_name = origin_name + @destination_name = destination_name + @requirement = requirement + end + end + end +end Property changes on: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb ___________________________________________________________________ Added: svn:eol-style + LF Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb (revision 56525) @@ -8,7 +8,7 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb#L8 # @!group Action # (see Action#name) - def self.name + def self.action_name :add_vertex end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb (revision 56525) @@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb#L7 class Tag < Action # @!group Action - # (see Action.name) - def self.name + # (see Action.action_name) + def self.action_name :tag end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb (revision 56525) @@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb#L7 class AddEdgeNoCircular < Action # @!group Action - # (see Action.name) - def self.name + # (see Action.action_name) + def self.action_name :add_vertex end Index: lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb =================================================================== --- lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb (revision 56524) +++ lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb (revision 56525) @@ -7,7 +7,7 @@ module Gem::Resolver::Molinillo https://github.com/ruby/ruby/blob/trunk/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb#L7 # rubocop:disable Lint/UnusedMethodArgument # @return [Symbol] The name of the action. - def self.name + def self.action_name raise 'Abstract' end Index: lib/rubygems/dependency.rb =================================================================== --- lib/rubygems/dependency.rb (revision 56524) +++ lib/rubygems/dependency.rb (revision 56525) @@ -317,13 +317,16 @@ class Gem::Dependency https://github.com/ruby/ruby/blob/trunk/lib/rubygems/dependency.rb#L317 end def to_spec - matches = self.to_specs - - active = matches.find { |spec| spec && spec.activated? } + matches = self.to_specs.compact + active = matches.find { |spec| spec.activated? } return active if active - matches.delete_if { |spec| spec.nil? || spec.version.prerelease? } unless prerelease? + return matches.first if prerelease? + + # Move prereleases to the end of the list for >= 0 requirements + pre, matches = matches.partition { |spec| spec.version.prerelease? } + matches += pre if requirement == Gem::Requirement.default matches.first end Index: lib/rubygems/specification.rb =================================================================== --- lib/rubygems/specification.rb (revision 56524) +++ lib/rubygems/specification.rb (revision 56525) @@ -2698,7 +2698,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L2698 unless specification_version.is_a?(Integer) raise Gem::InvalidSpecificationException, - 'specification_version must be an Integer (did you mean version?)' + 'specification_version must be a Integer (did you mean version?)' end case platform Index: lib/rubygems/request.rb =================================================================== --- lib/rubygems/request.rb (revision 56524) +++ lib/rubygems/request.rb (revision 56525) @@ -6,6 +6,7 @@ require 'rubygems/user_interaction' https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request.rb#L6 class Gem::Request + extend Gem::UserInteraction include Gem::UserInteraction ### @@ -69,6 +70,13 @@ class Gem::Request https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request.rb#L70 end end connection.cert_store = store + + connection.verify_callback = proc do |preverify_ok, store_context| + verify_certificate store_context unless preverify_ok + + preverify_ok + end + connection rescue LoadError => e raise unless (e.respond_to?(:path) && e.path == 'openssl') || @@ -78,6 +86,44 @@ class Gem::Request https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request.rb#L86 'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources') end + def self.verify_certificate store_context + depth = store_context.error_depth + error = store_context.error_string + number = store_context.error + cert = store_context.current_cert + + ui.alert_error "SSL verification error at depth #{depth}: #{error} (#{number})" + + extra_message = verify_certificate_message number, cert + + ui.alert_error extra_message if extra_message + end + + def self.verify_certificate_message error_number, cert + return unless cert + case error_number + when OpenSSL::X509::V_ERR_CERT_HAS_EXPIRED then + "Certificate #{cert.subject} expired at #{cert.not_after.iso8601}" + when OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID then + "Certificate #{cert.subject} not valid until #{cert.not_before.iso8601}" + when OpenSSL::X509::V_ERR_CERT_REJECTED then + "Certificate #{cert.subject} is rejected" + when OpenSSL::X509::V_ERR_CERT_UNTRUSTED then + "Certificate #{cert.subject} is not trusted" + when OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT then + "Certificate #{cert.issuer} is not trusted" + when OpenSSL::X509::V_ERR_INVALID_CA then + "Certificate #{cert.subject} is an invalid CA certificate" + when OpenSSL::X509::V_ERR_INVALID_PURPOSE then + "Certificate #{cert.subject} has an invalid purpose" + when OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN then + "Root certificate is not trusted (#{cert.subject})" + when OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, + OpenSSL::X509::V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE then + "You must add #{cert.issuer} to your local trusted store" + end + end + ## # Creates or an HTTP connection based on +uri+, or retrieves an existing # connection, using a proxy if needed. Index: lib/rubygems.rb =================================================================== --- lib/rubygems.rb (revision 56524) +++ lib/rubygems.rb (revision 56525) @@ -10,7 +10,7 @@ require 'rbconfig' https://github.com/ruby/ruby/blob/trunk/lib/rubygems.rb#L10 require 'thread' module Gem - VERSION = '2.6.7' + VERSION = '2.6.8' end # Must be first since it unloads the prelude from 1.9.2 Index: test/rubygems/test_gem_specification.rb =================================================================== --- test/rubygems/test_gem_specification.rb (revision 56524) +++ test/rubygems/test_gem_specification.rb (revision 56525) @@ -3080,7 +3080,7 @@ Did you mean 'Ruby'? https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_specification.rb#L3080 end end - err = 'specification_version must be an Integer (did you mean version?)' + err = 'specification_version must be a Integer (did you mean version?)' assert_equal err, e.message end end @@ -3389,6 +3389,13 @@ end https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_specification.rb#L3389 end end + def test_find_by_name_with_only_prereleases + q = util_spec "q", "2.a" + install_specs q + + assert Gem::Specification.find_by_name "q" + end + def test_find_by_name_prerelease b = util_spec "b", "2.a" Index: test/rubygems/test_gem_request.rb =================================================================== --- test/rubygems/test_gem_request.rb (revision 56524) +++ test/rubygems/test_gem_request.rb (revision 56525) @@ -8,6 +8,7 @@ class TestGemRequest < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_request.rb#L8 CA_CERT_FILE = cert_path 'ca' CHILD_CERT = load_cert 'child' + EXPIRED_CERT = load_cert 'expired' PUBLIC_CERT = load_cert 'public' PUBLIC_CERT_FILE = cert_path 'public' SSL_CERT = load_cert 'ssl' @@ -311,6 +312,136 @@ class TestGemRequest < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_request.rb#L312 util_restore_version end + def test_verify_certificate + store = OpenSSL::X509::Store.new + context = OpenSSL::X509::StoreContext.new store + context.error = OpenSSL::X509::V_ERR_OUT_OF_MEM + + use_ui @ui do + Gem::Request.verify_certificate context + end + + assert_equal "ERROR: SSL verification error at depth 0: out of memory (17)\n", + @ui.error + end + + def test_verify_certificate_extra_message + store = OpenSSL::X509::Store.new + context = OpenSSL::X509::StoreContext.new store + context.error = OpenSSL::X509::V_ERR_INVALID_CA + + use_ui @ui do + Gem::Request.verify_certificate context + end + + expected = <<-ERROR +ERROR: SSL verification error at depth 0: invalid CA certificate (24 (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/