[前][次][番号順一覧][スレッド一覧]

ruby-changes:27176

From: drbrain <ko1@a...>
Date: Thu, 14 Feb 2013 07:04:48 +0900 (JST)
Subject: [ruby-changes:27176] drbrain:r39227 (ruby_2_0_0): * Backport part of r39166 from trunk [ruby-trunk - Bug #7809]

drbrain	2013-02-14 07:02:42 +0900 (Thu, 14 Feb 2013)

  New Revision: 39227

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=39227

  Log:
    * Backport part of r39166 from trunk [ruby-trunk - Bug #7809]
    
    * lib/rubygems/package.rb:  Include checksums.yaml.gz signatures for
      verification.
    * test/rubygems/test_gem_package.rb:  Test for the above.

  Modified files:
    branches/ruby_2_0_0/ChangeLog
    branches/ruby_2_0_0/lib/rubygems/package.rb
    branches/ruby_2_0_0/test/rubygems/test_gem_package.rb

Index: ruby_2_0_0/ChangeLog
===================================================================
--- ruby_2_0_0/ChangeLog	(revision 39226)
+++ ruby_2_0_0/ChangeLog	(revision 39227)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1
+Thu Feb 14 07:01:12 2013  Eric Hodel  <drbrain@s...>
+
+	* Backport part of r39166 from trunk [ruby-trunk - Bug #7809]
+
+	* lib/rubygems/package.rb:  Include checksums.yaml.gz signatures for
+	  verification.
+	* test/rubygems/test_gem_package.rb:  Test for the above.
+
 Wed Feb 13 15:34:21 2013  NARUSE, Yui  <naruse@r...>
 
 	* ext/json: merge JSON 1.7.7.
Index: ruby_2_0_0/lib/rubygems/package.rb
===================================================================
--- ruby_2_0_0/lib/rubygems/package.rb	(revision 39226)
+++ ruby_2_0_0/lib/rubygems/package.rb	(revision 39227)
@@ -518,8 +518,6 @@ EOM https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/lib/rubygems/package.rb#L518
       when /\.sig$/ then
         @signatures[$`] = entry.read if @security_policy
         next
-      when 'checksums.yaml.gz' then
-        next # already handled
       else
         digest entry
       end
Index: ruby_2_0_0/test/rubygems/test_gem_package.rb
===================================================================
--- ruby_2_0_0/test/rubygems/test_gem_package.rb	(revision 39226)
+++ ruby_2_0_0/test/rubygems/test_gem_package.rb	(revision 39227)
@@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::Tar https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/rubygems/test_gem_package.rb#L511
     assert_empty package.instance_variable_get(:@files), '@files must empty'
   end
 
+  def test_verify_security_policy_low_security
+    @spec.cert_chain = [PUBLIC_CERT.to_pem]
+    @spec.signing_key = PRIVATE_KEY
+
+    FileUtils.mkdir_p 'lib'
+    FileUtils.touch 'lib/code.rb'
+
+    build = Gem::Package.new @gem
+    build.spec = @spec
+
+    build.build
+
+    package = Gem::Package.new @gem
+    package.security_policy = Gem::Security::LowSecurity
+
+    assert package.verify
+  end
+
   def test_verify_security_policy_checksum_missing
     @spec.cert_chain = [PUBLIC_CERT.to_pem]
     @spec.signing_key = PRIVATE_KEY

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]