diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-14 15:09:35 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-12-14 15:09:35 +0000 |
commit | 1a74fa4b04da04bd2bb33103dd3cf431438df38e (patch) | |
tree | f4a1d6c2961339e0c1d653c0f8427a53315080f0 /ruby_2_2/lib/rubygems/security/policies.rb | |
parent | a5b755e50e2d9aabf28ba24bf58644ca22b01a4f (diff) |
add tag v2_2_9
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v2_2_9@61257 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ruby_2_2/lib/rubygems/security/policies.rb')
-rw-r--r-- | ruby_2_2/lib/rubygems/security/policies.rb | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/ruby_2_2/lib/rubygems/security/policies.rb b/ruby_2_2/lib/rubygems/security/policies.rb new file mode 100644 index 0000000000..a976ecaf59 --- /dev/null +++ b/ruby_2_2/lib/rubygems/security/policies.rb @@ -0,0 +1,115 @@ +module Gem::Security + + ## + # No security policy: all package signature checks are disabled. + + NoSecurity = Policy.new( + 'No Security', + :verify_data => false, + :verify_signer => false, + :verify_chain => false, + :verify_root => false, + :only_trusted => false, + :only_signed => false + ) + + ## + # AlmostNo security policy: only verify that the signing certificate is the + # one that actually signed the data. Make no attempt to verify the signing + # certificate chain. + # + # This policy is basically useless. better than nothing, but can still be + # easily spoofed, and is not recommended. + + AlmostNoSecurity = Policy.new( + 'Almost No Security', + :verify_data => true, + :verify_signer => false, + :verify_chain => false, + :verify_root => false, + :only_trusted => false, + :only_signed => false + ) + + ## + # Low security policy: only verify that the signing certificate is actually + # the gem signer, and that the signing certificate is valid. + # + # This policy is better than nothing, but can still be easily spoofed, and + # is not recommended. + + LowSecurity = Policy.new( + 'Low Security', + :verify_data => true, + :verify_signer => true, + :verify_chain => false, + :verify_root => false, + :only_trusted => false, + :only_signed => false + ) + + ## + # Medium security policy: verify the signing certificate, verify the signing + # certificate chain all the way to the root certificate, and only trust root + # certificates that we have explicitly allowed trust for. + # + # This security policy is reasonable, but it allows unsigned packages, so a + # malicious person could simply delete the package signature and pass the + # gem off as unsigned. + + MediumSecurity = Policy.new( + 'Medium Security', + :verify_data => true, + :verify_signer => true, + :verify_chain => true, + :verify_root => true, + :only_trusted => true, + :only_signed => false + ) + + ## + # High security policy: only allow signed gems to be installed, verify the + # signing certificate, verify the signing certificate chain all the way to + # the root certificate, and only trust root certificates that we have + # explicitly allowed trust for. + # + # This security policy is significantly more difficult to bypass, and offers + # a reasonable guarantee that the contents of the gem have not been altered. + + HighSecurity = Policy.new( + 'High Security', + :verify_data => true, + :verify_signer => true, + :verify_chain => true, + :verify_root => true, + :only_trusted => true, + :only_signed => true + ) + + ## + # Policy used to verify a certificate and key when signing a gem + + SigningPolicy = Policy.new( + 'Signing Policy', + :verify_data => false, + :verify_signer => true, + :verify_chain => true, + :verify_root => true, + :only_trusted => false, + :only_signed => false + ) + + ## + # Hash of configured security policies + + Policies = { + 'NoSecurity' => NoSecurity, + 'AlmostNoSecurity' => AlmostNoSecurity, + 'LowSecurity' => LowSecurity, + 'MediumSecurity' => MediumSecurity, + 'HighSecurity' => HighSecurity, + # SigningPolicy is not intended for use by `gem -P` so do not list it + } + +end + |