Age | Commit message (Collapse) | Author |
|
`Gem::Uri` class
The new class is a wrapper on top of an URI. And then, when you want
credentials redacted, you call `#redacted` that returns a copy of itself,
but with credentials redacted.
https://github.com/rubygems/rubygems/commit/9581c2740a
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
We will be passing string to this class so there is no need to be defensive about it.
https://github.com/rubygems/rubygems/commit/30bd52a977
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/c3bb52eb5c
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
its initialize method
https://github.com/rubygems/rubygems/commit/21dcdd2dc5
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/dba130cd80
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`Gem::PrintableUri#valid_uri?`
https://github.com/rubygems/rubygems/commit/a5177709c9
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`build` method
The `initialize` method is already doing a lot and by adding the `Gem::PrintableUri` to redact sensitive information, things are getting complicated and hard to read here. For the start, I have refactored the `initialize` method into a class method called `build`.
https://github.com/rubygems/rubygems/commit/4312e8fdf5
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
The `@uri` variable could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it when logging on verbose mode.
https://github.com/rubygems/rubygems/commit/f566787211
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
`Gem::Commands::InstallCommand` class
The `x.source.uri` could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it.
https://github.com/rubygems/rubygems/commit/8755ee0aaa
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
be used on outputs
We need to redact URI credential in several places and copy pasting the code into each part of it is not ideal. This class is responsible for parsing URI strings and redacting credential from it. Also, it will handle URI object in the same manner. We will be reusing this class whenever we need to print/display a URI to users.
URI with the following format will be redacted:
- Token: `http://my-secure-token@example.com` => `http://REDACTED@example.com`
- Username & Password: `http://my-username:my-secure-password@example.com` => `http://my-username:REDACTED@example.com`
- x-oauth-basic: `http://my-secure-token:x-oauth-basic@example.com` => `http://REDACTED:x-oauth-basic@example.com`
https://github.com/rubygems/rubygems/commit/f1e45d3a89
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/1ea73df161
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/e3d150d822
Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
No longer used since
https://github.com/rubygems/rubygems/commit/b7f6270b9e5e15591cd679f60fa8f43e6763f3f5.
https://github.com/rubygems/rubygems/commit/76803894a0
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/81dc685d20
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
They should properly configure `GEM_PATH` instead.
https://github.com/rubygems/rubygems/commit/3bd9ae33ca
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
We think it's unlikely that `rubygems/defaults/operating_system` could be shipped with a SyntaxError so StandardError could be better choice to prevent "false positives" errors.
https://github.com/rubygems/rubygems/commit/1f73e784dd
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
For errors that could happened while loading `rubygems/defaults/operating_system`
https://github.com/rubygems/rubygems/commit/6e1e2141f8
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
operating_system.rb
truffleruby does not raise any error when requiring `rubygems`.
https://github.com/rubygems/rubygems/commit/21e2fcd0b2
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
rubygems/defaults/operating_system file
When loading `rubygems/defaults/operating_system`
- we want to keep it silent if the raised exception is a LoadError
- we want to print a message in other cases and ask users to report the issue to their OS support.
Ruby 3 comes with special error handling for loading `rubygems` and it will show a warning when LoadError exception raised for requiring 'rubygem'.
Because of that, we decided to leave the LoadError scenario as it is.
Reference: https://github.com/ruby/ruby/blob/d1998d8767affe58be0bd09ec536dae9198a7fbd/gem_prelude.rb#L1-L5
https://github.com/rubygems/rubygems/commit/0a97e12fe1
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/82960c262f
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/4028cbc408
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/91dca11112
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
The previous behavior was to automatically require `bundler/setup`
everytime `rubygems` was required, which I think was too much.
https://github.com/rubygems/rubygems/commit/b25379a295
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
When I read, I thought the assertion was incorrect. It's doing the right
thing, though.
https://github.com/rubygems/rubygems/commit/e72c27367a
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
https://github.com/rubygems/rubygems/commit/c7c00c280f
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
It doesn't really add much, in my opinion. We want to be helpful, but
also concise when possible.
https://github.com/rubygems/rubygems/commit/9d56009cf7
Notes:
Merged: https://github.com/ruby/ruby/pull/4789
|
|
Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
https://github.com/rubygems/rubygems/commit/141c2f4388
|
|
After reading [this blog
post](https://blog.rubygems.org/2011/08/31/shaving-the-yaml-yak.html),
published almost 10 years ago already, my understanding is that this
problem could come up in two ways:
* Rubygems.org serving corrupted gemspecs". As far as I understand this
was fixed in rubygems.org a lot time ago, since
https://github.com/rubygems/rubygems.org/pull/331.
* Clients having a ten years old gemspec cache with some of these bad
gemspecs. In this case, there's no easy solution but I think ten years
is enough and rebuilding the cache should do the trick.
So, I think it's time we remove this.
https://github.com/rubygems/rubygems/commit/afcb15d556
|
|
[Fixes #4733]
https://github.com/rubygems/rubygems/commit/fce7f3eb7d
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4648
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4634
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4533
|
|
http://rubyci.s3.amazonaws.com/ubuntu/ruby-master/log/20210622T063005Z.log.html.gz
```
/home/chkbuild/chkbuild/tmp/build/20210622T063005Z/ruby/test/rubygems/helper.rb:1565: warning: method redefined; discarding old stub
/home/chkbuild/chkbuild/tmp/build/20210622T063005Z/ruby/test/resolv/test_dns.rb:8: warning: previous definition of stub was here
```
|
|
In ruby/ruby test actions, number of "leaked tempfile" messages
are shown on Windows.
As Windows disallows removing open files, `Tempfile#unlink` fails
silently before `#close`.
Close then unlink by `#close!` instead.
https://github.com/rubygems/rubygems/commit/fe0b88ac30
|
|
"test_" prefix
This changes "test/rubygems/test_case.rb" to "test/rubygems/helper.rb",
and "test/rubygems/test_utilities.rb" to "test/rubygems/utilities.rb".
The two files are a helper for tests, not test files. However, a file
starting with "test_" prefix is handled as a test file directly loaded
by test-unit because Rakefile specifies:
```
t.test_files = FileList['test/**/test_*.rb']
```
Directly loading test/rubygems/test_utilities.rb caused "uninitialized
constant Gem::TestCase". This issue was fixed by
59c682097197fee4052b47e4b4ab86562f3eaa9b, but the fix caused a
"circular require" warning because test_utilities.rb and test_case.rb
are now requiring each other.
Anyway, adding "test_" prefix to a test helper file is confusing, so
this changeset reverts the fix and solve the issue by renaming them.
https://github.com/rubygems/rubygems/commit/6460e018df
|
|
|
|
|
|
This variable had a typo (it's `@gemhome`), but the test is still
passing, so I assume it's not needed.
https://github.com/rubygems/rubygems/commit/3b88642bdb
|
|
https://github.com/rubygems/rubygems/commit/a678959eda
|
|
https://github.com/rubygems/rubygems/commit/0efb894c3b
|
|
https://github.com/rubygems/rubygems/commit/8dfe1e30b5
|
|
https://github.com/rubygems/rubygems/commit/c77868a555
|
|
https://github.com/rubygems/rubygems/commit/aa390a3500
|
|
* Port
https://github.com/ruby/ruby/commit/8e91b969df08b7a2eb27a5d6d38733eea42dc7ad
from ruby-core, and make it compatible with psych 3 & 4.
|
|
http://rubyci.s3.amazonaws.com/debian9/ruby-master/log/20210518T093002Z.log.html.gz
```
[ 9396/21186] TestGemCommandsOpenCommand#test_execute-e:1: warning: possibly useless use of a literal in void context
= 0.06 s
```
|
|
|
|
Essentially this reverts 45464bfcbdf9f9cfb440950bc57a27d237627a17.
The commit removed a mock of Time.now, which caused a random failure.
http://rubyci.s3.amazonaws.com/ubuntu1804/ruby-master/log/20210512T123004Z.fail.html.gz
```
1) Failure:
TestGemPackageTarWriter#test_add_file_signer [/home/chkbuild/chkbuild/tmp/build/20210512T123004Z/ruby/test/rubygems/test_gem_package_tar_writer.rb:117]:
Field mtime of the tar header differs..
<"14046746312\u0000"> expected but was
<"14046746311\x00">.
```
Object#stub is defined at f1af59fe02ef2cc58f13e2742e4cc6cf8c2a1a20, so
now `Time.stub :now` works.
https://github.com/rubygems/rubygems/commit/85f60a9ed0
|
|
Because test-unit didn't provide the benchmark test. And This test
is fragile with the several environments.
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
Because pend of test-unit raises exception.
https://github.com/rubygems/rubygems/commit/b5e2d0855a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/0b145135c7
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|