Project

General

Profile

Bug #7809 ยป package.rb.signature_fix.patch

RubyGems signed gem verification fix - drbrain (Eric Hodel), 02/10/2013 03:54 AM

View differences:

lib/rubygems/package.rb
when /\.sig$/ then
@signatures[$`] = entry.read if @security_policy
next
when 'checksums.yaml.gz' then
next # already handled
else
digest entry
end
test/rubygems/test_gem_package.rb
assert_empty package.instance_variable_get(:@files), '@files must empty'
end
def test_verify_security_policy_low_security
@spec.cert_chain = [PUBLIC_CERT.to_pem]
@spec.signing_key = PRIVATE_KEY
FileUtils.mkdir_p 'lib'
FileUtils.touch 'lib/code.rb'
build = Gem::Package.new @gem
build.spec = @spec
build.build
package = Gem::Package.new @gem
package.security_policy = Gem::Security::LowSecurity
assert package.verify
end
def test_verify_security_policy_checksum_missing
@spec.cert_chain = [PUBLIC_CERT.to_pem]
@spec.signing_key = PRIVATE_KEY
    (1-1/1)