summaryrefslogtreecommitdiff
path: root/lib/rubygems/security/policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/rubygems/security/policy.rb')
-rw-r--r--lib/rubygems/security/policy.rb20
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index c34b7605c3..d1539e4985 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -152,8 +152,8 @@ class Gem::Security::Policy
end
def inspect # :nodoc:
- "[Policy: %s - data: %p signer: %p chain: %p root: %p " +
- "signed-only: %p trusted-only: %p]" % [
+ ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
+ "signed-only: %p trusted-only: %p]") % [
@name, @verify_chain, @verify_data, @verify_root, @verify_signer,
@only_signed, @only_trusted,
]
@@ -177,11 +177,16 @@ class Gem::Security::Policy
trust_dir = opt[:trust_dir]
time = Time.now
- signer_digests = digests.find do |algorithm, file_digests|
+ _, signer_digests = digests.find do |algorithm, file_digests|
file_digests.values.first.name == Gem::Security::DIGEST_NAME
end
- signer_digests = digests.values.first || {}
+ if @verify_data then
+ raise Gem::Security::Exception, 'no digests provided (probable bug)' if
+ signer_digests.nil? or signer_digests.empty?
+ else
+ signer_digests = {}
+ end
signer = chain.last
@@ -195,6 +200,13 @@ class Gem::Security::Policy
check_trust chain, digester, trust_dir if @only_trusted
+ signatures.each do |file, _|
+ digest = signer_digests[file]
+
+ raise Gem::Security::Exception, "missing digest for #{file}" unless
+ digest
+ end
+
signer_digests.each do |file, digest|
signature = signatures[file]
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 12:02:38 +0000