Permalink
Browse files

Revert "Prefer HTTPS sources over HTTP sources"

This reverts commit 872ab85.

Fixes #506
  • Loading branch information...
1 parent dd9e186 commit 8e973bcef705eb726ed7625e66871283bc03846e @drbrain drbrain committed Mar 11, 2013
View
@@ -37,7 +37,6 @@ class Autotest
def path_to_classname s
classname = old_path_to_classname(s.sub(/test.rubygems.test_/, ""))
classname = classname.gsub('Rdoc', 'RDoc')
- classname = classname.gsub('Api', 'API')
classname
end
View
@@ -1,16 +1,22 @@
# coding: UTF-8
+=== 2.0.3
+
+* Bug fixes
+ * Reverted automatic upgrade to HTTPS as it breaks RubyGems APIs. Fixes
+ #506 by André Arko
+
=== 2.0.2 / 2013-03-06
* Bug fixes:
+ * HTTPS URLs are preferred over HTTP URLs. RubyGems will now attempt to
+ upgrade any HTTP source to HTTPS. Credit to Alex Gaynor.
* SSL Certificates are now installed properly. Fixes #491 by hemanth.hm
* Fixed HTTP to HTTPS upgrade for rubygems.org.
=== 2.0.1 / 2013-03-05
* Bug fixes:
- * HTTPS URLs are preferred over HTTP URLs. RubyGems will now attempt to
- upgrade any HTTP source to HTTPS. Credit to Alex Gaynor.
* Lazily load RubyGems.org API credentials to avoid failure during
RubyGems installation. Bug #465 by Isaac Sanders.
* RubyGems now picks the latest prerelease to install. Fixes bug #468 by
View
@@ -205,7 +205,6 @@ test/rubygems/test_gem_dependency.rb
test/rubygems/test_gem_dependency_installer.rb
test/rubygems/test_gem_dependency_list.rb
test/rubygems/test_gem_dependency_resolver.rb
-test/rubygems/test_gem_dependency_resolver_api_set.rb
test/rubygems/test_gem_doctor.rb
test/rubygems/test_gem_ext_cmake_builder.rb
test/rubygems/test_gem_ext_configure_builder.rb
@@ -65,19 +65,6 @@ def execute
end
if source_uri = options[:add] then
- uri = URI source_uri
-
- if uri.scheme and uri.scheme.downcase == 'http' and
- uri.host.downcase == 'rubygems.org' then
- question = <<-QUESTION.chomp
-https://rubygems.org is recommended for security over #{uri}
-
-Do you want to add this insecure source?
- QUESTION
-
- terminate_interaction 1 unless ask_yes_no question
- end
-
source = Gem::Source.new source_uri
begin
View
@@ -11,7 +11,7 @@ module Gem
# An Array of the default sources that come with RubyGems
def self.default_sources
- %w[https://rubygems.org/]
+ %w[http://rubygems.org/]
end
##
@@ -69,8 +69,6 @@ class DependencyResolver
# and dependencies.
#
class APISpecification
- attr_reader :set # :nodoc:
-
def initialize(set, api_data)
@set = set
@name = api_data[:name]
@@ -82,14 +80,6 @@ def initialize(set, api_data)
attr_reader :name, :version, :dependencies
- def == other # :nodoc:
- self.class === other and
- @set == other.set and
- @name == other.name and
- @version == other.version and
- @dependencies == other.dependencies
- end
-
def full_name
"#{@name}-#{@version}"
end
@@ -101,7 +91,6 @@ def full_name
class APISet
def initialize
@data = Hash.new { |h,k| h[k] = [] }
- @dep_uri = URI 'https://rubygems.org/api/v1/dependencies'
end
# Return data for all versions of the gem +name+.
@@ -111,8 +100,8 @@ def versions(name)
return @data[name]
end
- uri = @dep_uri + "?gems=#{name}"
- str = Gem::RemoteFetcher.fetcher.fetch_path uri
+ u = URI.parse "http://rubygems.org/api/v1/dependencies?gems=#{name}"
+ str = Net::HTTP.get(u)
Marshal.load(str).each do |ver|
@data[ver[:name]] << ver
@@ -145,8 +134,8 @@ def prefetch(reqs)
return if needed.empty?
- uri = @dep_uri + "?gems=#{needed.sort.join ','}"
- str = Gem::RemoteFetcher.fetcher.fetch_path uri
+ u = URI.parse "http://rubygems.org/api/v1/dependencies?gems=#{needed.join ','}"
+ str = Net::HTTP.get(u)
Marshal.load(str).each do |ver|
@data[ver[:name]] << ver
View
@@ -141,14 +141,4 @@ def download(spec, dir=Dir.pwd)
fetcher = Gem::RemoteFetcher.fetcher
fetcher.download spec, @uri.to_s, dir
end
-
- ##
- # Replaces the URI for this source with +uri+. Used for upgrading this
- # source to HTTPS
-
- def uri= uri # :nodoc:
- @api_uri = nil
- @uri = uri
- end
-
end
@@ -188,8 +188,6 @@ def available_specs(type)
list = {}
Gem.sources.each_source do |source|
- source = upgrade_http_source source
-
begin
names = case type
when :latest
@@ -228,32 +226,5 @@ def tuples_for(source, type, gracefully_ignore=false)
end
end
- def upgrade_http_source source
- uri = source.uri
-
- return source unless uri.scheme.downcase == 'http'
-
- https_uri = uri.dup
- https_uri.scheme = 'https'
- https_uri += '/'
-
- https_uri = URI https_uri.to_s # cast to URI::HTTPS
-
- Gem::RemoteFetcher.fetcher.fetch_path https_uri, nil, true
-
- say "Upgraded #{uri} to HTTPS"
-
- https_uri += uri.request_uri
-
- source.uri = URI https_uri.to_s # cast to URI::HTTPS
-
- source
- rescue Gem::RemoteFetcher::FetchError
- say "Upgrading #{uri} to HTTPS failed, continuing" if
- Gem.configuration.really_verbose
-
- source
- end
-
end
@@ -17,7 +17,7 @@
# s.authors = ["Ruby Coder"]
# s.email = 'rubycoder@example.com'
# s.files = ["lib/example.rb"]
-# s.homepage = 'https://rubygems.org/gems/example'
+# s.homepage = 'http://rubygems.org/gems/example'
# end
#
# Starting in RubyGems 1.9.0, a Specification can hold arbitrary
@@ -54,7 +54,7 @@ def find_data(path)
@data[path]
end
- def fetch_path path, mtime = nil, head = false
+ def fetch_path path, mtime = nil
data = find_data(path)
if data.respond_to?(:call) then
@@ -665,7 +665,7 @@ def test_self_default_exec_format_jruby
end
def test_self_default_sources
- assert_equal %w[https://rubygems.org/], Gem.default_sources
+ assert_equal %w[http://rubygems.org/], Gem.default_sources
end
def test_self_detect_gemdeps
@@ -118,45 +118,6 @@ def test_execute_add_redundant_source
assert_equal '', @ui.error
end
- def test_execute_add_http_rubygems_org
- http_rubygems_org = 'http://rubygems.org'
- util_setup_fake_fetcher
-
- install_specs @a1
-
- specs = Gem::Specification.map { |spec|
- [spec.name, spec.version, spec.original_platform]
- }
-
- specs_dump_gz = StringIO.new
- Zlib::GzipWriter.wrap specs_dump_gz do |io|
- Marshal.dump specs, io
- end
-
- @fetcher.data["#{http_rubygems_org}/specs.#{@marshal_version}.gz"] =
- specs_dump_gz.string
-
- @cmd.handle_options %W[--add #{http_rubygems_org}]
-
- util_setup_spec_fetcher
-
- ui = Gem::MockGemUi.new "n"
-
- use_ui ui do
- assert_raises Gem::MockGemUi::TermError do
- @cmd.execute
- end
- end
-
- assert_equal [@gem_repo], Gem.sources
-
- expected = <<-EXPECTED
- EXPECTED
-
- assert_equal expected, @ui.output
- assert_empty @ui.error
- end
-
def test_execute_add_bad_uri
@cmd.handle_options %w[--add beta-gems.example.com]
@@ -1,80 +0,0 @@
-require 'rubygems/test_case'
-require 'rubygems/dependency_resolver'
-
-class TestGemDependencyResolverAPISet < Gem::TestCase
-
- def setup
- super
-
- @DR = Gem::DependencyResolver
-
- @api_set = @DR::APISet.new
- @uri = 'https://rubygems.org/api/v1/dependencies'
- @fetcher = Gem::FakeFetcher.new
- Gem::RemoteFetcher.fetcher = @fetcher
- end
-
- def test_find_all
- b_entry = {
- :name => 'b',
- :number => '2',
- :platform => 'ruby',
- :dependencies => [['a', '>= 0']],
- }
-
- @fetcher.data["#{@uri}?gems=b"] = Marshal.dump [b_entry]
-
- b_req = @DR::DependencyRequest.new dep('b', '>= 0'), nil
-
- expected = [
- @DR::APISpecification.new(@api_set, b_entry)
- ]
-
- assert_equal expected, @api_set.find_all(b_req)
- end
-
- def test_prefetch
- b_entry = {
- :name => 'b',
- :number => '2',
- :platform => 'ruby',
- :dependencies => [['a', '>= 0']],
- }
-
- a_entry = {
- :name => 'a',
- :number => '2',
- :platform => 'ruby',
- :dependencies => [],
- }
-
- @fetcher.data["#{@uri}?gems=a,b"] = Marshal.dump [a_entry, b_entry]
-
- a_req = @DR::DependencyRequest.new dep('a', '>= 0'), nil
- b_req = @DR::DependencyRequest.new dep('b', '>= 0'), nil
-
- @api_set.prefetch([b_req, a_req])
-
- assert_equal [a_entry], @api_set.versions('a')
- assert_equal [b_entry], @api_set.versions('b')
- end
-
- def test_versions_cache
- entry = {
- :name => 'b',
- :number => '2',
- :platform => 'ruby',
- :dependencies => [['a', '>= 0']],
- }
-
- @fetcher.data["#{@uri}?gems=b"] = Marshal.dump [entry]
-
- assert_equal [entry], @api_set.versions('b')
-
- @fetcher.data["#{@uri}?gems=b"] = 'garbage'
-
- assert_equal [entry], @api_set.versions('b'), 'version data must be cached'
- end
-
-end
-
@@ -399,9 +399,6 @@ def test_download_to_cache
@fetcher.instance_variable_set :@a1, @a1
@fetcher.instance_variable_set :@a2, @a2
def @fetcher.fetch_path uri, mtime = nil, head = false
- raise Gem::RemoteFetcher::FetchError.new 'no http upgrade', uri if
- uri.scheme != 'http'
-
case uri.request_uri
when /#{@a1.spec_name}/ then
Gem.deflate Marshal.dump @a1
@@ -184,16 +184,5 @@ def test_load_specs_from_unavailable_uri
end
end
- def test_uri_equals
- @source.api_uri # cached
-
- refute_equal URI('https://secure.example'), @source.api_uri
-
- @source.uri = URI 'https://secure.example'
-
- assert_equal URI('https://secure.example'), @source.uri
- assert_equal URI('https://secure.example'), @source.api_uri
- end
-
end
Oops, something went wrong.

0 comments on commit 8e973bc

Please sign in to comment.