ruby-changes:62439
From: Bart <ko1@a...>
Date: Fri, 31 Jul 2020 21:08:01 +0900 (JST)
Subject: [ruby-changes:62439] 734c5276f0 (master): [rubygems/rubygems] Simplify digest name selection and use SHA256
https://git.ruby-lang.org/ruby.git/commit/?id=734c5276f0 From 734c5276f0ad1215eeba2f5884b384b1ffbbefc7 Mon Sep 17 00:00:00 2001 From: Bart de Water <496367+bdewater@u...> Date: Mon, 29 Jun 2020 18:31:15 -0400 Subject: [rubygems/rubygems] Simplify digest name selection and use SHA256 The previous commit introduces the Gem::Security.create_digest method, allowing to: - decouple algorithm choice from implementation (OpenSSL or Ruby built-in) - untangle the SHA512 fallback for TarWriter from the generic hashing digest choice (undoing commit 9471f8ed2bdc12248d2619bbbce6e53cd6c16cb6) https://github.com/rubygems/rubygems/commit/1bc03231e4 diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb index 3abfb0c..877cc16 100644 --- a/lib/rubygems/package/tar_writer.rb +++ b/lib/rubygems/package/tar_writer.rb @@ -4,8 +4,6 @@ https://github.com/ruby/ruby/blob/trunk/lib/rubygems/package/tar_writer.rb#L4 # See LICENSE.txt for additional licensing information. #++ -require 'digest' - ## # Allows writing of tar files @@ -168,7 +166,7 @@ class Gem::Package::TarWriter https://github.com/ruby/ruby/blob/trunk/lib/rubygems/package/tar_writer.rb#L166 def add_file_signed(name, mode, signer) digest_algorithms = [ signer.digest_algorithm, - Digest::SHA512.new, + Gem::Security.create_digest('SHA512'), ].compact.uniq digests = add_file_digest name, mode, digest_algorithms do |io| diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 64fb4c0..93bc658 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -341,14 +341,7 @@ module Gem::Security https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security.rb#L341 ## # Used internally to select the signing digest from all computed digests - DIGEST_NAME = # :nodoc: - if defined?(OpenSSL::Digest::SHA256) - 'SHA256' - elsif defined?(OpenSSL::Digest::SHA1) - 'SHA1' - else - 'SHA512' - end + DIGEST_NAME = 'SHA256' # :nodoc: ## # Algorithm for creating the key pair used to sign gems -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/