Auto merge of #5222 - bundler:seg-fips, r=indirect

[CompactIndex] Disable when openssl is in fips mode Should close #4989
author: The Bundler Bot <bot@bundler.io> 2016-12-15 00:05:29 +0000
committer: The Bundler Bot <bot@bundler.io> 2016-12-15 00:05:29 +0000
commit: 869bf08d37e9d796c895f478073a6127445af98f (patch)
tree: 5025bed9c6576f45e7c261f494a0338075a3eeea
parent: bbdedac87996d869e2fa70f1f9f702e8f1195328 (diff)
parent: 8075f8cb2563df65e280bca482a21c3b20ce351b (diff)
download: bundler-869bf08d37e9d796c895f478073a6127445af98f.tar.gz
2 files changed, 30 insertions, 2 deletions
diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb
index 5d703a3a78..dcc9d57c13 100644
--- a/lib/bundler/fetcher/compact_index.rb
+++ b/lib/bundler/fetcher/compact_index.rb
@@ -3,10 +3,10 @@ require "bundler/fetcher/base"
 require "bundler/worker"
 
 module Bundler
+  autoload :CompactIndexClient, "bundler/compact_index_client"
+
   class Fetcher
     class CompactIndex < Base
-      require "bundler/compact_index_client"
-
       def self.compact_index_request(method_name)
         method = instance_method(method_name)
         undef_method(method_name)
@@ -61,6 +61,7 @@ module Bundler
       compact_index_request :fetch_spec
 
       def available?
+        return nil unless md5_available?
         user_home = Bundler.user_home
         return nil unless user_home.directory? && user_home.writable?
         # Read info file checksums out of /versions, so we can know if gems are up to date
@@ -119,6 +120,17 @@ module Bundler
           Net::HTTPNotModified.new(nil, nil, nil)
         end
       end
+
+      def md5_available?
+        begin
+          require "openssl"
+          return false if defined?(OpenSSL::OPENSSL_FIPS) && OpenSSL::OPENSSL_FIPS
+        rescue LoadError
+          nil
+        end
+
+        true
+      end
     end
   end
 end
diff --git a/spec/bundler/fetcher/compact_index_spec.rb b/spec/bundler/fetcher/compact_index_spec.rb
index e3f36666cc..691e19f638 100644
--- a/spec/bundler/fetcher/compact_index_spec.rb
+++ b/spec/bundler/fetcher/compact_index_spec.rb
@@ -25,6 +25,22 @@ describe Bundler::Fetcher::CompactIndex do
       compact_index.specs_for_names(["lskdjf"])
     end
 
+    describe "#available?" do
+      context "when OpenSSL is in FIPS mode", :ruby => ">= 2.0.0" do
+        before { stub_const("OpenSSL::OPENSSL_FIPS", true) }
+
+        it "returns false" do
+          expect(compact_index).to_not be_available
+        end
+
+        it "never requires digest/md5" do
+          expect(Kernel).to receive(:require).with("digest/md5").never
+
+          compact_index.available?
+        end
+      end
+    end
+
     context "logging" do
       before { allow(compact_index).to receive(:log_specs).and_call_original }
author	The Bundler Bot <bot@bundler.io>	2016-12-15 00:05:29 +0000
committer	The Bundler Bot <bot@bundler.io>	2016-12-15 00:05:29 +0000
commit	869bf08d37e9d796c895f478073a6127445af98f (patch)
tree	5025bed9c6576f45e7c261f494a0338075a3eeea
parent	bbdedac87996d869e2fa70f1f9f702e8f1195328 (diff)
parent	8075f8cb2563df65e280bca482a21c3b20ce351b (diff)
download	bundler-869bf08d37e9d796c895f478073a6127445af98f.tar.gz