ruby-changes:44326

hsbt	2016-10-12 15:24:59 +0900 (Wed, 12 Oct 2016)

  New Revision: 56399

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56399

  Log:
    * tool/downloader.rb: Removed verification of gem certification.
      Because signed gem is not working on rubygems ecosystem.
    * tool/gem-unpack.rb: ditto.

  Modified files:
    trunk/ChangeLog
    trunk/tool/downloader.rb
    trunk/tool/gem-unpack.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 56398)
+++ ChangeLog	(revision 56399)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Oct 12 15:24:53 2016  SHIBATA Hiroshi  <hsbt@r...>
+
+	* tool/downloader.rb: Removed verification of gem certification.
+	  Because signed gem is not working on rubygems ecosystem.
+	* tool/gem-unpack.rb: ditto.
+
 Tue Oct 11 22:08:24 2016  Nobuyoshi Nakada  <nobu@r...>
 
 	* io.c (prep_io): fix typo of struct member name.
Index: tool/gem-unpack.rb
===================================================================
--- tool/gem-unpack.rb	(revision 56398)
+++ tool/gem-unpack.rb	(revision 56399)
@@ -5,10 +5,7 @@ require 'rubygems/package' https://github.com/ruby/ruby/blob/trunk/tool/gem-unpack.rb#L5
 # unpack bundled gem files.
 
 def Gem.unpack(file, dir = nil)
-  policy = Gem::Security::LowSecurity
-  (policy = policy.dup).ui = Gem::SilentUI.new
   pkg = Gem::Package.new(file)
-  pkg.security_policy = policy
   spec = pkg.spec
   target = spec.full_name
   target = File.join(dir, target) if dir
Index: tool/downloader.rb
===================================================================
--- tool/downloader.rb	(revision 56398)
+++ tool/downloader.rb	(revision 56399)
@@ -59,27 +59,12 @@ class Downloader https://github.com/ruby/ruby/blob/trunk/tool/downloader.rb#L59
   class RubyGems < self
     def self.download(name, dir = nil, since = true, options = {})
       require 'rubygems'
-      require 'rubygems/package'
       verify = options.delete(:verify) {Gem::VERSION >= "2.4."}
       options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/**/*.pem", File.dirname(__FILE__)))
       file = under(dir, name)
       super("https://rubygems.org/downloads/#{name}", file, nil, since, options) or
         return false
       return true unless verify
-      policy = Gem::Security::LowSecurity
-      (policy = policy.dup).ui = Gem::SilentUI.new if policy.respond_to?(:'ui=')
-      pkg = Gem::Package.new(file)
-      pkg.security_policy = policy
-      begin
-        $stdout.puts "verifying #{name}"
-        pkg.verify
-      rescue Gem::Security::Exception => e
-        $stderr.puts "#{name}: #{e.message}"
-        File.unlink(file)
-        false
-      else
-        true
-      end
     end
   end
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/