diff options
author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-13 22:02:42 +0000 |
---|---|---|
committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-13 22:02:42 +0000 |
commit | ceff56c7f0958acc8f4e6572f650f3a6b9884b14 (patch) | |
tree | 830934ba05997bcdea508d773126ff94f556ed2a | |
parent | 0b0316f3c1d53561c1849adc46541b8c07f2f5e6 (diff) |
* Backport part of r39166 from trunk [ruby-trunk - Bug #7809]
* lib/rubygems/package.rb: Include checksums.yaml.gz signatures for
verification.
* test/rubygems/test_gem_package.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@39227 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | lib/rubygems/package.rb | 2 | ||||
-rw-r--r-- | test/rubygems/test_gem_package.rb | 18 |
3 files changed, 26 insertions, 2 deletions
@@ -1,3 +1,11 @@ +Thu Feb 14 07:01:12 2013 Eric Hodel <drbrain@segment7.net> + + * Backport part of r39166 from trunk [ruby-trunk - Bug #7809] + + * lib/rubygems/package.rb: Include checksums.yaml.gz signatures for + verification. + * test/rubygems/test_gem_package.rb: Test for the above. + Wed Feb 13 15:34:21 2013 NARUSE, Yui <naruse@ruby-lang.org> * ext/json: merge JSON 1.7.7. diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index 82abcd0c6f..d56316e1ba 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -518,8 +518,6 @@ EOM when /\.sig$/ then @signatures[$`] = entry.read if @security_policy next - when 'checksums.yaml.gz' then - next # already handled else digest entry end diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index d08f46d7d2..1e9603c6c7 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -511,6 +511,24 @@ class TestGemPackage < Gem::Package::TarTestCase assert_empty package.instance_variable_get(:@files), '@files must empty' end + def test_verify_security_policy_low_security + @spec.cert_chain = [PUBLIC_CERT.to_pem] + @spec.signing_key = PRIVATE_KEY + + FileUtils.mkdir_p 'lib' + FileUtils.touch 'lib/code.rb' + + build = Gem::Package.new @gem + build.spec = @spec + + build.build + + package = Gem::Package.new @gem + package.security_policy = Gem::Security::LowSecurity + + assert package.verify + end + def test_verify_security_policy_checksum_missing @spec.cert_chain = [PUBLIC_CERT.to_pem] @spec.signing_key = PRIVATE_KEY |