diff options
author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-05 02:37:35 +0000 |
---|---|---|
committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-05 02:37:35 +0000 |
commit | 1633e543db2cc5c1f690840e5e7ea1f2a9af0b55 (patch) | |
tree | 2fce34d522a822171b91823dfcf9e0b8a2c9d283 /lib/rubygems/config_file.rb | |
parent | 6dfd56696fb49310149dc5ed7af52c8d7f43e536 (diff) |
* lib/rubygems/commands/push_command.rb: Fixed credential download for
`gem push --host`
* lib/rubygems/gemcutter_utilities.rb: ditto.
* test/rubygems/test_gem_commands_push_command.rb: Test for the above.
* test/rubygems/test_gem_gemcutter_utilities.rb: ditto.
* lib/rubygems/config_file.rb: Abort if the `gem push` credentials
file has insecure permissions.
* test/rubygems/test_gem_config_file.rb: Test for the above.
* lib/rubygems/ext/builder.rb: Do not look for Gemfile, Isolate, etc.
while building gem extensions.
* lib/rubygems/package.rb: Unset spec and files list if a gem's
signatures cannot be verified.
* test/rubygems/test_gem_package.rb: Test for the above.
* lib/rubygems/specification.rb: Reduce use of eval.
* lib/rubygems/test_case.rb: ditto.
* test/rubygems/test_gem_specification.rb: Test setting
specification_version for legacy gems. Dup Gem.ruby before
untainting in case it's frozen.
* lib/rubygems.rb: Reduce use of eval. Only read files when looking
for Gemfile, Isolate, etc.
* test/rubygems/test_gem.rb: Test for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/config_file.rb')
-rw-r--r-- | lib/rubygems/config_file.rb | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb index 81ee32a1d6..7e1432b349 100644 --- a/lib/rubygems/config_file.rb +++ b/lib/rubygems/config_file.rb @@ -33,6 +33,8 @@ class Gem::ConfigFile + include Gem::UserInteraction + DEFAULT_BACKTRACE = false DEFAULT_BULK_THRESHOLD = 1000 DEFAULT_VERBOSITY = true @@ -224,6 +226,34 @@ class Gem::ConfigFile end ## + # Checks the permissions of the credentials file. If they are not 0600 an + # error message is displayed and RubyGems aborts. + + def check_credentials_permissions + return unless File.exist? credentials_path + + existing_permissions = File.stat(credentials_path).mode & 0777 + + return if existing_permissions == 0600 + + alert_error <<-ERROR +Your gem push credentials file located at: + +\t#{credentials_path} + +has file permissions of 0#{existing_permissions.to_s 8} but 0600 is required. + +You should reset your credentials at: + +\thttps://rubygems.org/profile/edit + +if you believe they were disclosed to a third party. + ERROR + + terminate_interaction 1 + end + + ## # Location of RubyGems.org credentials def credentials_path @@ -231,6 +261,8 @@ class Gem::ConfigFile end def load_api_keys + check_credentials_permissions + @api_keys = if File.exist? credentials_path then load_file(credentials_path) else @@ -243,7 +275,9 @@ class Gem::ConfigFile end end - def rubygems_api_key=(api_key) + def rubygems_api_key= api_key + check_credentials_permissions + config = load_file(credentials_path).merge(:rubygems_api_key => api_key) dirname = File.dirname credentials_path |