Skip to content
Browse files

Add method to check the hash value of a gem stored at it's source

  • Loading branch information...
1 parent b9cae00 commit f822a2dc6058732375c61bc262f0dfd97d71adda @evanphx evanphx committed Jan 20, 2012
Showing with 44 additions and 0 deletions.
  1. +16 −0 lib/rubygems/remote_fetcher.rb
  2. +28 −0 test/rubygems/test_gem_remote_fetcher.rb
View
16 lib/rubygems/remote_fetcher.rb
@@ -80,6 +80,22 @@ def initialize(proxy = nil)
end
##
+ # Give a +source_uri+ and a +spec+ plus the path to an ondisk gem, query the
+ # source and attempt to verify the contents of the gem.
+
+ def check_hash(spec, source_uri, gem_path, fail_if_unavailable=false)
+ hash_uri = "#{source_uri}/hash/#{spec.file_name}"
+
+ begin
+ remote_hash = fetch_path hash_uri
+ rescue FetchError
+ return !fail_if_unavailable
+ end
+
+ Gem::Security.hash_file(gem_path) == remote_hash
+ end
+
+ ##
# Given a name and requirement, downloads this gem into cache and returns the
# filename. Returns nil if the gem cannot be located.
#--
View
28 test/rubygems/test_gem_remote_fetcher.rb
@@ -370,6 +370,34 @@ def @fetcher.fetch_path uri, mtime = nil, head = false
assert_equal @a2.file_name, File.basename(gem)
end
+ def test_check_hash
+ data = Gem::Security.hash_file @a1_gem
+
+ fetcher = util_fuck_with_fetcher data
+
+ assert fetcher.check_hash(@a1, "http://gems.example.com", @a1_gem)
+ end
+
+ def test_check_hash_returns_true_if_hash_unavailable
+ inst = Gem::RemoteFetcher.fetcher
+
+ def inst.fetch_path(uri)
+ raise Gem::RemoteFetcher::FetchError.new "not available", uri
+ end
+
+ assert inst.check_hash(@a1, "http://gems.example.com", @a1_gem)
+ end
+
+ def test_check_hash_can_fail_if_hash_is_unavailable
+ inst = Gem::RemoteFetcher.fetcher
+
+ def inst.fetch_path(uri)
+ raise Gem::RemoteFetcher::FetchError.new "not available", uri
+ end
+
+ assert !inst.check_hash(@a1, "http://gems.example.com", @a1_gem, true)
+ end
+
def test_explicit_proxy
use_ui @ui do
fetcher = Gem::RemoteFetcher.new @proxy_uri

0 comments on commit f822a2d

Please sign in to comment.
Something went wrong with that request. Please try again.