[前][次][番号順一覧][スレッド一覧]

ruby-changes:42981

From: nobu <ko1@a...>
Date: Wed, 18 May 2016 16:04:59 +0900 (JST)
Subject: [ruby-changes:42981] nobu:r55055 (trunk): downloader.rb: disable verify if rubygems is old

nobu	2016-05-18 16:04:55 +0900 (Wed, 18 May 2016)

  New Revision: 55055

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55055

  Log:
    downloader.rb: disable verify if rubygems is old
    
    * tool/downloader.rb (Downloader::RubyGems.download): verify gems
      only if RubyGems is 2.4 or later.  old RubyGems fails to verify
      almost all of bundled gems.

  Modified files:
    trunk/ChangeLog
    trunk/tool/downloader.rb
Index: tool/downloader.rb
===================================================================
--- tool/downloader.rb	(revision 55054)
+++ tool/downloader.rb	(revision 55055)
@@ -57,27 +57,27 @@ class Downloader https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L57
     def self.download(name, dir = nil, since = true, options = {})
       require 'rubygems'
       require 'rubygems/package'
+      verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
       options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
       file = under(dir, name)
       super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
         return false
+      return true unless verify
       policy = Gem::Security::LowSecurity
       (policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
       pkg = Gem::Package.new(file)
       pkg.security_policy = policy
       begin
+        $stdout.puts "verifying #{name}"
         pkg.verify
       rescue Gem::Security::Exception => e
-        $stderr.puts e.message
+        $stderr.puts "#{name}: #{e.message}"
         File.unlink(file)
         false
       else
         true
       end
     end
-
-    def self.verify(pkg)
-    end
   end
 
   Gems = RubyGems
@@ -134,6 +134,7 @@ class Downloader https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L134
   #   download 'http://www.unicode.org/Public/UCD/latest/ucd/UnicodeData.txt',
   #            'UnicodeData.txt', 'enc/unicode/data'
   def self.download(url, name, dir = nil, since = true, options = {})
+    options.delete(:verify)
     file = under(dir, name)
     if since.nil? and File.exist?(file)
       if $VERBOSE
@@ -194,6 +195,10 @@ class Downloader https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L195
     raise "failed to download #{name}\n#{e.message}: #{url}"
   end
 
+  def self.verify(file)
+    true
+  end
+
   def self.under(dir, name)
     dir ? File.join(dir, File.basename(name)) : name
   end
@@ -203,6 +208,7 @@ Downloader.https = https.freeze https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L208
 
 if $0 == __FILE__
   since = true
+  options = {}
   until ARGV.empty?
     case ARGV[0]
     when '-d'
@@ -217,6 +223,8 @@ if $0 == __FILE__ https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L223
       since = nil
     when '-a'
       since = false
+    when '-V'
+      options[:verify] = true
     when /\A-/
       abort "#{$0}: unknown option #{ARGV[0]}"
     else
@@ -233,10 +241,10 @@ if $0 == __FILE__ https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L241
     ARGV.shift
     ARGV.each do |name|
       name = "#{prefix}/#{File.basename(name)}" if prefix
-      dl.download(name, destdir, since)
+      dl.download(name, destdir, since, options)
     end
   else
     abort "usage: #{$0} url name" unless ARGV.size == 2
-    Downloader.download(ARGV[0], ARGV[1], destdir, since)
+    Downloader.download(ARGV[0], ARGV[1], destdir, since, options)
   end
 end
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55054)
+++ ChangeLog	(revision 55055)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed May 18 16:04:54 2016  Nobuyoshi Nakada  <nobu@r...>
+
+	* tool/downloader.rb (Downloader::RubyGems.download): verify gems
+	  only if RubyGems is 2.4 or later.  old RubyGems fails to verify
+	  almost all of bundled gems.
+
 Wed May 18 14:52:38 2016  Nobuyoshi Nakada  <nobu@r...>
 
 	* string.c (rb_str_modify_expand): check integer overflow.

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]