* lib/rubygems: Update to RubyGems 2.1.3

Fixed installing platform gems Restored concurrent requires Fixed installing gems with extensions with --install-dir Fixed `gem fetch -v` to install the latest version Fixed installing gems with "./" in their files entries * test/rubygems/test_gem_package.rb: Tests for the above. * NEWS: Updated for RubyGems 2.1.3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42938 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-09-13 19:58:57 +0000
committer: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-09-13 19:58:57 +0000
commit: 1daa0b113d853bfa57b776cc569939b61ca14292 (patch)
tree: f8c4acb08a551820299dff2b13966d6ac38d31e4 /lib/rubygems/security
parent: 85995e88d49c442b5b113c2676456133e79f5c02 (diff)
2 files changed, 12 insertions, 61 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 7238b2e477..467ee932b5 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -1,5 +1,3 @@
-require 'rubygems/user_interaction'
-
 ##
 # A Gem::Security::Policy object encapsulates the settings for verifying
 # signed gem files.  This is the base class.  You can either declare an
@@ -8,8 +6,6 @@ require 'rubygems/user_interaction'
 
 class Gem::Security::Policy
 
-  include Gem::UserInteraction
-
   attr_reader :name
 
   attr_accessor :only_signed
@@ -179,19 +175,6 @@ class Gem::Security::Policy
     true
   end
 
-  ##
-  # Extracts the email or subject from +certificate+
-
-  def subject certificate # :nodoc:
-    certificate.extensions.each do |extension|
-      next unless extension.oid == 'subjectAltName'
-
-      return extension.value
-    end
-
-    certificate.subject.to_s
-  end
-
   def inspect # :nodoc:
     ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
      "signed-only: %p trusted-only: %p]") % [
@@ -201,24 +184,16 @@ class Gem::Security::Policy
   end
 
   ##
-  # For +full_name+, verifies the certificate +chain+ is valid, the +digests+
-  # match the signatures +signatures+ created by the signer depending on the
-  # +policy+ settings.
+  # Verifies the certificate +chain+ is valid, the +digests+ match the
+  # signatures +signatures+ created by the signer depending on the +policy+
+  # settings.
   #
   # If +key+ is given it is used to validate the signing certificate.
 
-  def verify chain, key = nil, digests = {}, signatures = {},
-             full_name = '(unknown)'
-    if signatures.empty? then
-      if @only_signed then
-        raise Gem::Security::Exception,
-          "unsigned gems are not allowed by the #{name} policy"
-      elsif digests.empty? then
-        # lack of signatures is irrelevant if there is nothing to check
-        # against
-      else
-        alert_warning "#{full_name} is not signed"
-      end
+  def verify chain, key = nil, digests = {}, signatures = {}
+    if @only_signed and signatures.empty? then
+      raise Gem::Security::Exception,
+        "unsigned gems are not allowed by the #{name} policy"
     end
 
     opt       = @opt
@@ -247,13 +222,7 @@ class Gem::Security::Policy
 
     check_root chain, time if @verify_root
 
-    if @only_trusted then
-      check_trust chain, digester, trust_dir
-    elsif signatures.empty? and digests.empty? then
-      # trust is irrelevant if there's no signatures to verify
-    else
-      alert_warning "#{subject signer} is not trusted for #{full_name}"
-    end
+    check_trust chain, digester, trust_dir if @only_trusted
 
     signatures.each do |file, _|
       digest = signer_digests[file]
@@ -283,7 +252,7 @@ class Gem::Security::Policy
       OpenSSL::X509::Certificate.new cert_pem
     end
 
-    verify chain, nil, digests, signatures, spec.full_name
+    verify chain, nil, digests, signatures
 
     true
   end
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb
index bb1eae7cf2..78455c0732 100644
--- a/lib/rubygems/security/signer.rb
+++ b/lib/rubygems/security/signer.rb
@@ -29,7 +29,7 @@ class Gem::Security::Signer
   # +chain+ containing X509 certificates, encoding certificates or paths to
   # certificates.
 
-  def initialize key, cert_chain, passphrase = nil
+  def initialize key, cert_chain
     @cert_chain = cert_chain
     @key        = key
 
@@ -46,7 +46,7 @@ class Gem::Security::Signer
     @digest_algorithm = Gem::Security::DIGEST_ALGORITHM
     @digest_name      = Gem::Security::DIGEST_NAME
 
-    @key = OpenSSL::PKey::RSA.new File.read(@key), passphrase if
+    @key = OpenSSL::PKey::RSA.new File.read @key if
       @key and not OpenSSL::PKey::RSA === @key
 
     if @cert_chain then
@@ -63,22 +63,6 @@ class Gem::Security::Signer
   end
 
   ##
-  # Extracts the full name of +cert+.  If the certificate has a subjectAltName
-  # this value is preferred, otherwise the subject is used.
-
-  def extract_name cert # :nodoc:
-    subject_alt_name = cert.extensions.find { |e| 'subjectAltName' == e.oid }
-
-    if subject_alt_name then
-      /\Aemail:/ =~ subject_alt_name.value
-
-      $' || subject_alt_name.value
-    else
-      cert.subject
-    end
-  end
-
-  ##
   # Loads any missing issuers in the cert chain from the trusted certificates.
   #
   # If the issuer does not exist it is ignored as it will be checked later.
@@ -105,9 +89,7 @@ class Gem::Security::Signer
       re_sign_key
     end
 
-    full_name = extract_name @cert_chain.last
-
-    Gem::Security::SigningPolicy.verify @cert_chain, @key, {}, {}, full_name
+    Gem::Security::SigningPolicy.verify @cert_chain, @key
 
     @key.sign @digest_algorithm.new, data
   end
author	drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-09-13 19:58:57 +0000
committer	drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-09-13 19:58:57 +0000
commit	1daa0b113d853bfa57b776cc569939b61ca14292 (patch)
tree	f8c4acb08a551820299dff2b13966d6ac38d31e4 /lib/rubygems/security
parent	85995e88d49c442b5b113c2676456133e79f5c02 (diff)