summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-01-14 07:45:28 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-01-14 07:45:28 +0000
commita9e033b104921bfa0dc4e3d99df1acc9f1258db4 (patch)
treee57991b47ef2b3885916fa941a444f840577fd3d
parent095886b572ef84ec7615c3966da4e94ff96a5f50 (diff)
downloader.rb: verify gems
* tool/downloader.rb (RubyGems.download): verify downloaded gem packages. LowSecurity to allow untrusted certificates now. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49251 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog5
-rw-r--r--tool/downloader.rb26
2 files changed, 29 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index dbd882e..f591f2c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Wed Jan 14 16:45:24 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * tool/downloader.rb (RubyGems.download): verify downloaded gem
+ packages. LowSecurity to allow untrusted certificates now.
+
Wed Jan 14 15:43:48 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/readline/readline.c (readline_s_refresh_line): initialize
diff --git a/tool/downloader.rb b/tool/downloader.rb
index 1da0928..7cd0db2 100644
--- a/tool/downloader.rb
+++ b/tool/downloader.rb
@@ -38,11 +38,29 @@ class Downloader
class RubyGems < self
def self.download(name, dir = nil, ims = true, options = {})
+ require 'rubygems'
+ require 'rubygems/package'
options[:ssl_ca_cert] = Dir.glob(File.expand_path("../lib/rubygems/ssl_certs/*.pem", File.dirname(__FILE__)))
if $rubygems_schema != 'https'
warn "*** using http instead of https ***"
end
- super("#{$rubygems_schema}://rubygems.org/downloads/#{name}", name, dir, ims, options)
+ file = under(dir, name)
+ super("#{$rubygems_schema}://rubygems.org/downloads/#{name}", file, nil, ims, options) or
+ return false
+ pkg = Gem::Package.new(file)
+ pkg.security_policy = Gem::Security::LowSecurity
+ begin
+ pkg.verify
+ rescue Gem::Security::Exception => e
+ $stderr.puts e.message
+ File.unlink(file)
+ false
+ else
+ true
+ end
+ end
+
+ def self.verify(pkg)
end
end
@@ -86,7 +104,7 @@ class Downloader
# download 'http://www.unicode.org/Public/UCD/latest/ucd/UnicodeData.txt',
# 'UnicodeData.txt', 'enc/unicode/data'
def self.download(url, name, dir = nil, ims = true, options = {})
- file = dir ? File.join(dir, File.basename(name)) : name
+ file = under(dir, name)
if ims.nil? and File.exist?(file)
if $VERBOSE
$stdout.puts "#{name} already exists"
@@ -141,6 +159,10 @@ class Downloader
rescue => e
raise "failed to download #{name}\n#{e.message}: #{url}"
end
+
+ def self.under(dir, name)
+ dir ? File.join(dir, File.basename(name)) : name
+ end
end
if $0 == __FILE__