summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBart de Water <496367+bdewater@users.noreply.github.com>2020-06-29 18:31:15 -0400
committerHiroshi SHIBATA <hsbt@ruby-lang.org>2020-07-31 21:07:19 +0900
commit734c5276f0ad1215eeba2f5884b384b1ffbbefc7 (patch)
tree9b8f0bfc7b1bc2c27c381a000fc1fb3ced2d4eee
parent8161cf85ba4f9091176536bcac9107879e4293a1 (diff)
[rubygems/rubygems] Simplify digest name selection and use SHA256
The previous commit introduces the Gem::Security.create_digest method, allowing to: - decouple algorithm choice from implementation (OpenSSL or Ruby built-in) - untangle the SHA512 fallback for TarWriter from the generic hashing digest choice (undoing commit 9471f8ed2bdc12248d2619bbbce6e53cd6c16cb6) https://github.com/rubygems/rubygems/commit/1bc03231e4
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/3379
-rw-r--r--lib/rubygems/package/tar_writer.rb4
-rw-r--r--lib/rubygems/security.rb9
2 files changed, 2 insertions, 11 deletions
diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb
index 3abfb0c..877cc16 100644
--- a/lib/rubygems/package/tar_writer.rb
+++ b/lib/rubygems/package/tar_writer.rb
@@ -4,8 +4,6 @@
# See LICENSE.txt for additional licensing information.
#++
-require 'digest'
-
##
# Allows writing of tar files
@@ -168,7 +166,7 @@ class Gem::Package::TarWriter
def add_file_signed(name, mode, signer)
digest_algorithms = [
signer.digest_algorithm,
- Digest::SHA512.new,
+ Gem::Security.create_digest('SHA512'),
].compact.uniq
digests = add_file_digest name, mode, digest_algorithms do |io|
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
index 64fb4c0..93bc658 100644
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@@ -341,14 +341,7 @@ module Gem::Security
##
# Used internally to select the signing digest from all computed digests
- DIGEST_NAME = # :nodoc:
- if defined?(OpenSSL::Digest::SHA256)
- 'SHA256'
- elsif defined?(OpenSSL::Digest::SHA1)
- 'SHA1'
- else
- 'SHA512'
- end
+ DIGEST_NAME = 'SHA256' # :nodoc:
##
# Algorithm for creating the key pair used to sign gems