ruby.git/test/rubygems/test_gem_package.rb, branch v3_2_11 The Ruby Programming Language Merge RubyGems-3.4.10 and Bundler-2.4.10 (#7479) 2023-03-28T11:36:47+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2023-03-28T11:36:47+00:00 c3c461c4ff1b998ac49ed1a3ad411d2f0a9123b8 * Merge RubyGems-3.4.7 and Bundler-2.4.7 * Merge RubyGems-3.4.8 and Bundler-2.4.8 * Skip failing test on MSWin * Merge RubyGems-3.4.9 and Bundler-2.4.9 * Merge RubyGems-3.4.10 and Bundler-2.4.10 --------- Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> 
* Merge RubyGems-3.4.7 and Bundler-2.4.7

* Merge RubyGems-3.4.8 and Bundler-2.4.8

* Skip failing test on MSWin

* Merge RubyGems-3.4.9 and Bundler-2.4.9

* Merge RubyGems-3.4.10 and Bundler-2.4.10

---------

Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
 [rubygems/rubygems] Mask the file mode when extracting files 2022-09-15T05:49:20+00:00 Kevin Newton kddnewton@gmail.com 2022-09-06T16:33:23+00:00 68a5b0f086c9d54f271cdff231a1a2c2a40b0aa6 When extracting files from the tarball, a mode is retrieved from the header. Occasionally you'll encounter a gem that was packaged on a system whose permission bits result in a value that is larger than the value that File.chmod will allow (anything >= 2^16). In that case the extraction fails with a RangeError, which is pretty esoteric. If you extract the tarball with the tar and gunzip utilities, the file permissions end up being just the bottom 16 bits masked off from the original value. I've mirrored that behavior here. Per the tar spec: > Modes which are not supported by the operating system restoring > files from the archive will be ignored. I think that basically means what I've done here. --- This commit also changes the behavior very slightly with regard to when the chmod is called. Previously it was called while the file descriptor was still open, but after the write call. When write flushes, the file permissions are changed to the mode value from the File.open call, undoing the changes made by FileUtils.chmod. CRuby appears to flush the buffer after the chmod call, whereas TruffleRuby flushes before the chmod call. So the file permissions can change depending on implementation. Both implementations end up getting the correct file permissions for the bottom 9 bits (user, group, world), but differ with regard to the sticky bit in the next 3. To get consistent behavior, this commit changes it to close the file descriptor before attempting to chmod anything, which makes it consistent because the write flushes in both cases. https://github.com/rubygems/rubygems/commit/22ce076e99 
When extracting files from the tarball, a mode is retrieved from
the header. Occasionally you'll encounter a gem that was packaged
on a system whose permission bits result in a value that is larger
than the value that File.chmod will allow (anything >= 2^16). In
that case the extraction fails with a RangeError, which is pretty
esoteric.

If you extract the tarball with the tar and gunzip utilities, the
file permissions end up being just the bottom 16 bits masked off
from the original value. I've mirrored that behavior here. Per the
tar spec:

> Modes which are not supported by the operating system restoring
> files from the archive will be ignored.

I think that basically means what I've done here.

---

This commit also changes the behavior very slightly with regard to
when the chmod is called. Previously it was called while the file
descriptor was still open, but after the write call.

When write flushes, the file permissions are changed to the mode
value from the File.open call, undoing the changes made by
FileUtils.chmod. CRuby appears to flush the buffer after the
chmod call, whereas TruffleRuby flushes before the chmod call.
So the file permissions can change depending on implementation.
Both implementations end up getting the correct file permissions
for the bottom 9 bits (user, group, world), but differ with
regard to the sticky bit in the next 3.

To get consistent behavior, this commit changes it to close the
file descriptor before attempting to chmod anything, which makes
it consistent because the write flushes in both cases.

https://github.com/rubygems/rubygems/commit/22ce076e99
[rubygems/rubygems] Warn dangling symlinks 2022-08-04T04:36:45+00:00 David Rodríguez deivid.rodriguez@riseup.net 2022-08-02T08:27:42+00:00 542040fb8375ffd74096ae0615a33bbc90524cb3 https://github.com/rubygems/rubygems/commit/425b78637f 
https://github.com/rubygems/rubygems/commit/425b78637f
RubyGems: Enable Style/StringLiterals cop 2022-07-22T03:07:23+00:00 Takuya Noguchi takninnovationresearch@gmail.com 2022-07-17T08:08:51+00:00 d7ffd3fea402239b16833cc434404a7af82d44f3 Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com> 
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
[rubygems/rubygems] Fix test_install_location_extra_slash on alpine 2022-06-28T14:31:33+00:00 Tomas Volf tomas.volf@showmax.com 2022-06-24T08:31:07+00:00 69337a65b2bd3e5bc0260f76221620e94248c8af Under POSIX behavior of leading // is implementation defined. Musl does preserve it in realpath, glibc does not. That means the test was failing when executed on alpine linux. Original issue #508 was about // in the path, not about leading ones. When executed in such environment, the test will still test what it should when the explicit mangling of the path is not done. Fixes #5652 https://github.com/rubygems/rubygems/commit/0fa7373bf6 
Under POSIX behavior of leading // is implementation defined. Musl does
preserve it in realpath, glibc does not. That means the test was failing
when executed on alpine linux. Original issue #508 was about // in the
path, not about leading ones. When executed in such environment, the
test will still test what it should when the explicit mangling of the
path is not done.

Fixes #5652

https://github.com/rubygems/rubygems/commit/0fa7373bf6
Merge RubyGems and Bundler HEAD 2022-05-20T08:32:19+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2022-05-20T08:15:15+00:00 aeea88174d88264469b406003765c7efdcd53edf https://github.com/rubygems/rubygems/commit/125415593ead9ab69a9f0bb5392c9d7ec61b1f51 
  https://github.com/rubygems/rubygems/commit/125415593ead9ab69a9f0bb5392c9d7ec61b1f51
Merge rubygems/rubygems HEAD. 2022-01-19T06:01:44+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2022-01-19T04:28:23+00:00 d22511fd7595ef1819baa42851d598d95b8f4d00 Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a 
  Picked at 12aeef6ba9a3be0022be9934c1a3e4c46a03ed3a
[rubygems/rubygems] Avoid loading the `digest` gem unnecessarily 2021-10-25T11:48:52+00:00 David Rodriguez deivid.rodriguez@riseup.net 2021-10-10T15:21:53+00:00 9d286180916e23bb2d9e6bf43cd75f439a1939ce OpenSSL includes what we need. https://github.com/rubygems/rubygems/commit/955f3b72ca 
OpenSSL includes what we need.

https://github.com/rubygems/rubygems/commit/955f3b72ca
[ruby/rubygems] Check safety of packaged symlinks 2021-10-10T14:12:47+00:00 David Rodríguez deivid.rodriguez@riseup.net 2021-10-06T16:17:37+00:00 bbcf8f87ac50be423991ccbb2d83ac09ebecf46a If we explicitly disallow the creation of symlinks that point to files outside of the destination directory, we can avoid any other safety checks while creating directories, because we can be sure they will always fall under the destination directory as well. https://github.com/rubygems/rubygems/commit/555692b8de 
If we explicitly disallow the creation of symlinks that point to files
outside of the destination directory, we can avoid any other safety
checks while creating directories, because we can be sure they will
always fall under the destination directory as well.

https://github.com/rubygems/rubygems/commit/555692b8de
[ruby/rubygems] Explicit check file not created outside of destination 2021-10-10T14:12:21+00:00 David Rodríguez deivid.rodriguez@riseup.net 2021-10-06T17:27:34+00:00 05e3d7b9674c1008af85ad9f177d18ebf8d699b1 https://github.com/rubygems/rubygems/commit/1e363dbbcb 
https://github.com/rubygems/rubygems/commit/1e363dbbcb