diff options
author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-07 05:56:53 +0000 |
---|---|---|
committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-02-07 05:56:53 +0000 |
commit | c27fd3331989b33b9721444c98e77ba367a65270 (patch) | |
tree | 110eac9147bf01a68ea32c0e273e71d40ea13add /lib/rubygems/security | |
parent | 38f04d823150ac6e454d66a39fcfef00e3ad7239 (diff) | |
download | ruby-c27fd3331989b33b9721444c98e77ba367a65270.tar.gz |
* lib/rubygems/package.rb: Ensure digests are generated for signing.
* test/rubygems/test_gem_package.rb: Test for the above.
* lib/rubygems/security/policy.rb: Ensure digests are present when
verifying a gem and match the number of signatures bidirectionally.
* test/rubygems/test_gem_security_policy.rb: Test for the above.
* lib/rubygems.rb: Documentation improvements (by zzak)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/security')
-rw-r--r-- | lib/rubygems/security/policy.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index c34b7605c3..d1539e4985 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -152,8 +152,8 @@ class Gem::Security::Policy end def inspect # :nodoc: - "[Policy: %s - data: %p signer: %p chain: %p root: %p " + - "signed-only: %p trusted-only: %p]" % [ + ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + + "signed-only: %p trusted-only: %p]") % [ @name, @verify_chain, @verify_data, @verify_root, @verify_signer, @only_signed, @only_trusted, ] @@ -177,11 +177,16 @@ class Gem::Security::Policy trust_dir = opt[:trust_dir] time = Time.now - signer_digests = digests.find do |algorithm, file_digests| + _, signer_digests = digests.find do |algorithm, file_digests| file_digests.values.first.name == Gem::Security::DIGEST_NAME end - signer_digests = digests.values.first || {} + if @verify_data then + raise Gem::Security::Exception, 'no digests provided (probable bug)' if + signer_digests.nil? or signer_digests.empty? + else + signer_digests = {} + end signer = chain.last @@ -195,6 +200,13 @@ class Gem::Security::Policy check_trust chain, digester, trust_dir if @only_trusted + signatures.each do |file, _| + digest = signer_digests[file] + + raise Gem::Security::Exception, "missing digest for #{file}" unless + digest + end + signer_digests.each do |file, digest| signature = signatures[file] |