diff options
author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-12-23 09:21:36 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-12-23 09:44:45 +0900 |
commit | fb1ab27f535833f1ba1648d7cdce4cc893e36d07 (patch) | |
tree | fab2ac1a60ba75a8e897d6077c8234af2fd77900 /lib/rubygems | |
parent | feaf4fbc3fa16382fbd07158c448c7b5bdae78b5 (diff) |
Merge RubyGems-3.3.1 and Bundler-2.3.1
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/5325
Diffstat (limited to 'lib/rubygems')
-rw-r--r-- | lib/rubygems/bundler_version_finder.rb | 52 | ||||
-rw-r--r-- | lib/rubygems/dependency.rb | 14 | ||||
-rw-r--r-- | lib/rubygems/errors.rb | 3 | ||||
-rw-r--r-- | lib/rubygems/security.rb | 14 | ||||
-rw-r--r-- | lib/rubygems/security/policy.rb | 4 | ||||
-rw-r--r-- | lib/rubygems/specification.rb | 2 |
6 files changed, 28 insertions, 61 deletions
diff --git a/lib/rubygems/bundler_version_finder.rb b/lib/rubygems/bundler_version_finder.rb index 9ce0a2378e..14179aebf3 100644 --- a/lib/rubygems/bundler_version_finder.rb +++ b/lib/rubygems/bundler_version_finder.rb @@ -2,48 +2,18 @@ module Gem::BundlerVersionFinder def self.bundler_version - version, _ = bundler_version_with_reason + v = ENV["BUNDLER_VERSION"] - return unless version + v ||= bundle_update_bundler_version + return if v == true - Gem::Version.new(version) - end - - def self.bundler_version_with_reason - if v = ENV["BUNDLER_VERSION"] - return [v, "`$BUNDLER_VERSION`"] - end - if v = bundle_update_bundler_version - return if v == true - return [v, "`bundle update --bundler`"] - end - v, lockfile = lockfile_version - if v - return [v, "your #{lockfile}"] - end - end + v ||= lockfile_version + return unless v - def self.missing_version_message - return unless vr = bundler_version_with_reason - <<-EOS -Could not find 'bundler' (#{vr.first}) required by #{vr.last}. -To update to the latest version installed on your system, run `bundle update --bundler`. -To install the missing version, run `gem install bundler:#{vr.first}` - EOS + Gem::Version.new(v) end - def self.compatible?(spec) - return true unless spec.name == "bundler".freeze - return true unless bundler_version = self.bundler_version - - spec.version.segments.first == bundler_version.segments.first - end - - def self.filter!(specs) - return unless bundler_version = self.bundler_version - - specs.reject! {|spec| spec.version.segments.first != bundler_version.segments.first } - + def self.prioritize!(specs) exact_match_index = specs.find_index {|spec| spec.version == bundler_version } return unless exact_match_index @@ -68,12 +38,10 @@ To install the missing version, run `gem install bundler:#{vr.first}` private_class_method :bundle_update_bundler_version def self.lockfile_version - return unless lockfile = lockfile_contents - lockfile, contents = lockfile - lockfile ||= "lockfile" + return unless contents = lockfile_contents regexp = /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/ return unless contents =~ regexp - [$1, lockfile] + $1 end private_class_method :lockfile_version @@ -103,7 +71,7 @@ To install the missing version, run `gem install bundler:#{vr.first}` return unless File.file?(lockfile) - [lockfile, File.read(lockfile)] + File.read(lockfile) end private_class_method :lockfile_contents end diff --git a/lib/rubygems/dependency.rb b/lib/rubygems/dependency.rb index 3721204ab2..3640362364 100644 --- a/lib/rubygems/dependency.rb +++ b/lib/rubygems/dependency.rb @@ -277,7 +277,7 @@ class Gem::Dependency requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version) end.map(&:to_spec) - Gem::BundlerVersionFinder.filter!(matches) if filters_bundler? + Gem::BundlerVersionFinder.prioritize!(matches) if prioritizes_bundler? if platform_only matches.reject! do |spec| @@ -295,7 +295,7 @@ class Gem::Dependency @requirement.specific? end - def filters_bundler? + def prioritizes_bundler? name == "bundler".freeze && !specific? end @@ -325,11 +325,11 @@ class Gem::Dependency active = matches.find {|spec| spec.activated? } return active if active - return matches.first if prerelease? - - # Move prereleases to the end of the list for >= 0 requirements - pre, matches = matches.partition {|spec| spec.version.prerelease? } - matches += pre if requirement == Gem::Requirement.default + unless prerelease? + # Move prereleases to the end of the list for >= 0 requirements + pre, matches = matches.partition {|spec| spec.version.prerelease? } + matches += pre if requirement == Gem::Requirement.default + end matches.first end diff --git a/lib/rubygems/errors.rb b/lib/rubygems/errors.rb index 86f0d1da14..f115ce23d0 100644 --- a/lib/rubygems/errors.rb +++ b/lib/rubygems/errors.rb @@ -59,9 +59,6 @@ module Gem private def build_message - if name == "bundler" && message = Gem::BundlerVersionFinder.missing_version_message - return message - end names = specs.map(&:full_name) "Could not find '#{name}' (#{requirement}) - did find: [#{names.join ','}]\n" end diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 2275997207..f21c175642 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -424,6 +424,8 @@ module Gem::Security # Gets the right public key from a PKey instance def self.get_public_key(key) + # Ruby 3.0 (Ruby/OpenSSL 2.2) or later + return OpenSSL::PKey.read(key.public_to_der) if key.respond_to?(:public_to_der) return key.public_key unless key.is_a?(OpenSSL::PKey::EC) ec_key = OpenSSL::PKey::EC.new(key.group.curve_name) @@ -490,9 +492,13 @@ module Gem::Security when 'rsa' OpenSSL::PKey::RSA.new(RSA_DSA_KEY_LENGTH) when 'ec' - domain_key = OpenSSL::PKey::EC.new(EC_NAME) - domain_key.generate_key - domain_key + if RUBY_VERSION >= "2.4.0" + OpenSSL::PKey::EC.generate(EC_NAME) + else + domain_key = OpenSSL::PKey::EC.new(EC_NAME) + domain_key.generate_key + domain_key + end else raise Gem::Security::Exception, "#{algorithm} algorithm not found. RSA, DSA, and EC algorithms are supported." @@ -527,7 +533,7 @@ module Gem::Security raise Gem::Security::Exception, "incorrect signing key for re-signing " + "#{expired_certificate.subject}" unless - expired_certificate.public_key.to_pem == get_public_key(private_key).to_pem + expired_certificate.check_private_key(private_key) unless expired_certificate.subject.to_s == expired_certificate.issuer.to_s diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index 3c3cb647ee..06eae073f4 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -115,11 +115,9 @@ class Gem::Security::Policy raise Gem::Security::Exception, 'missing key or signature' end - public_key = Gem::Security.get_public_key(key) - raise Gem::Security::Exception, "certificate #{signer.subject} does not match the signing key" unless - signer.public_key.to_pem == public_key.to_pem + signer.check_private_key(key) true end diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index dc5e5ba013..f162eb4a84 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -995,7 +995,6 @@ class Gem::Specification < Gem::BasicSpecification def self.find_by_path(path) path = path.dup.freeze spec = @@spec_with_requirable_file[path] ||= (stubs.find do |s| - next unless Gem::BundlerVersionFinder.compatible?(s) s.contains_requirable_file? path end || NOT_FOUND) spec.to_spec @@ -1008,7 +1007,6 @@ class Gem::Specification < Gem::BasicSpecification def self.find_inactive_by_path(path) stub = stubs.find do |s| next if s.activated? - next unless Gem::BundlerVersionFinder.compatible?(s) s.contains_requirable_file? path end stub && stub.to_spec |