blob: 7be09d6bd4729be13c738662e875a22623dd7e81 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# frozen_string_literal: true
require "rubygems/security"
# unfortunately, testing signed gems with a provided CA is extremely difficult
# as 'gem cert' is currently the only way to add CAs to the system.
RSpec.describe "policies with unsigned gems" do
before do
build_security_repo
gemfile <<-G
source "file://#{security_repo}"
gem "rack"
gem "signed_gem"
G
end
it "will work after you try to deploy without a lock" do
bundle "install --deployment"
bundle :install
expect(exitstatus).to eq(0) if exitstatus
expect(the_bundle).to include_gems "rack 1.0", "signed_gem 1.0"
end
it "will fail when given invalid security policy" do
bundle "install --trust-policy=InvalidPolicyName"
expect(out).to include("RubyGems doesn't know about trust policy")
end
it "will fail with High Security setting due to presence of unsigned gem" do
bundle "install --trust-policy=HighSecurity"
expect(out).to include("security policy didn't allow")
end
# This spec will fail on RubyGems 2 rc1 due to a bug in policy.rb. the bug is fixed in rc3.
it "will fail with Medium Security setting due to presence of unsigned gem", :unless => ENV["RGV"] == "v2.0.0.rc.1" do
bundle "install --trust-policy=MediumSecurity"
expect(out).to include("security policy didn't allow")
end
it "will succeed with no policy" do
bundle "install"
expect(exitstatus).to eq(0) if exitstatus
end
end
RSpec.describe "policies with signed gems and no CA" do
before do
build_security_repo
gemfile <<-G
source "file://#{security_repo}"
gem "signed_gem"
G
end
it "will fail with High Security setting, gem is self-signed" do
bundle "install --trust-policy=HighSecurity"
expect(out).to include("security policy didn't allow")
end
it "will fail with Medium Security setting, gem is self-signed" do
bundle "install --trust-policy=MediumSecurity"
expect(out).to include("security policy didn't allow")
end
it "will succeed with Low Security setting, low security accepts self signed gem" do
bundle "install --trust-policy=LowSecurity"
expect(exitstatus).to eq(0) if exitstatus
expect(the_bundle).to include_gems "signed_gem 1.0"
end
it "will succeed with no policy" do
bundle "install"
expect(exitstatus).to eq(0) if exitstatus
expect(the_bundle).to include_gems "signed_gem 1.0"
end
end
|
