Bug #7809: Backport RubyGems fixes in r39166 to ruby 2.0.0 - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #7809

closed

Backport RubyGems fixes in r39166 to ruby 2.0.0

Added by drbrain (Eric Hodel) over 11 years ago. Updated over 11 years ago.

Status:

Closed

Assignee:

drbrain (Eric Hodel)

Target version:

2.0.0

ruby -v:

Backport:

[ruby-core:52054]

Description

r39166 contains two RubyGems fixes.

The change to lib/rubygems/package.rb is a critical bug fix for RubyGems signing support. Without this fix users of the LowSecurity policy will not be able to install signed gems.

The change to lib/rubygems/package/old.rb is not a critical bug fix. It will make my diagnosis of problems in RubyGems easier, though. It does not change operation of RubyGems in Ruby 2.0.0.

Files

package.rb.signature_fix.patch (1.25 KB) package.rb.signature_fix.patch

RubyGems signed gem verification fix

drbrain (Eric Hodel), 02/10/2013 03:54 AM

Actions

Copy link

#1 [ruby-core:52057]

Updated by mame (Yusuke Endoh) over 11 years ago

It looks a borderline case. Is there no workaround?

--
Yusuke Endoh mame@tsg.ne.jp

Actions

Copy link

#2 [ruby-core:52078]

Updated by drbrain (Eric Hodel) over 11 years ago

File package.rb.signature_fix.patch package.rb.signature_fix.patch added

The change to lib/rubygems/package/old.rb is not critical. It suppresses a warning almost nobody will ever see and fixes behavior on 1.8.7. These are not sufficient for inclusion.

The change to lib/rubygems/package.rb is critical. Without it users will not be able to install signed gems built with rubygems 2.0 or newer on ruby 2.0.0 without upgrading rubygems.

The attached patch fixes only the critical issue.

Actions

Copy link

#3 [ruby-core:52085]