Skip to content
Commits on May 30, 2016
  1. @homu

    Auto merge of #1582 - duckinator:fix-issue-1535, r=segiddins

    Rubygems does not terminate on failed file lock when not superuser
    
    # Description:
    
    Supersedes PR #1536.
    
    Fixes issue #1535.
    
    # Tasks:
    
    - [x] Describe the problem / feature
    - [ ] Write tests
    - [x] Write code to solve the problem
    - [ ] Get code review from coworkers / friends
    - [ ] [Squash commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 31, 2016
Commits on May 25, 2016
  1. @homu

    Auto merge of #1611 - rhenium:topic/regenerate-test-certificates, r=s…

    …egiddins
    
    Regenerate test CA certificates with appropriate extensions
    
    # Description:
    
    The upcoming OpenSSL 1.1.0 release[1] will break rubygems tests. Ruby trunk doesn't yet include OpenSSL 1.1.0 support, but it will be merged soon[2].
    
    [1] https://www.openssl.org/policies/releasestrat.html
    [2] https://bugs.ruby-lang.org/issues/12324
    
    ---
    
    Fix util/create_certs.rb and regenerate test certificates located under test/rubygems with it.
    
    According to RFC 5280[1], a CA certificate must include the basic constraints extension with cA bit set to TRUE. However the test certificates in test/rubygems, generated by util/create_certs.rb script, don't include the extension. The current versions (<= 1.0.2) of OpenSSL allow the error for trusted certificates, but OpenSSL 1.1.0 no longer allows it[2].
    
    This patch also adds other extensions, such as key usage, subject key identifier and authority key identifier. It looks like OpenSSL doesn't actually require them, but the RFC[1] says they must be included, and adding them shouldn't be harm.
    
    [1] https://tools.ietf.org/html/rfc5280
    [2] https://git.openssl.org/?p=openssl.git;a=commit;h=0daccd4dc1f1ac62181738a91714f35472e50f3c
    
    Note: The script also regenerates the private keys. To regenerate only certificates, I used this tweak:
    
    ~~~
    diff --git a/util/create_certs.rb b/util/create_certs.rb
    index 516924f..313a724 100644
    --- a/util/create_certs.rb
    +++ b/util/create_certs.rb
    @@ -83,7 +83,7 @@ class CertificateBuilder
         keys = {}
    
         names.each do |name|
    -      keys[name] = create_key
    +      keys[name] = OpenSSL::PKey::RSA.new File.read("test/rubygems/#{name}_key.pem")
         end
    
         keys
    ~~~
    
    ---
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 25, 2016
  2. @homu

    Auto merge of #1625 - zhenglaizhang:contributing_doc_update, r=segiddins

    Fix one typo in CONTRIBUTING.rdoc
    
    # Description:
    Fix one typo in the CONTRIBUTING.rdoc:
    
      `clarifiying => clarifying`
    ______________
    
    # Tasks:
    
    - [x] Describe the problem / feature
    - [ ] Write tests
    - [ ] Write code to solve the problem
    - [ ] Get code review from coworkers / friends
    - [ ] [Squash commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 25, 2016
  3. @duckinator

    Call the correct method.

    duckinator committed May 25, 2016
  4. @zhenglaizhang
  5. @duckinator
Commits on May 21, 2016
  1. @homu

    Auto merge of #1604 - djberg96:appveyor, r=segiddins

    Set TEST_SSL instead of TRAVIS.
    
    # Description:
    
    This replaces the TRAVIS env settiing with TEST_SSL in the appveyor.yml file, since earlier discussion indicated that TRAVIS might go away.
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 22, 2016
  2. @djberg96

    Set TEST_SSL instead of TRAVIS.

    djberg96 committed with djberg96 Apr 28, 2016
  3. @homu

    Auto merge of #1621 - rubygems:seg-test_find_lib_file_after_install, …

    …r=segiddins
    
    Add TestGemInstaller#test_find_lib_file_after_install
    
    See #1481 (comment) for original patch
    homu committed May 22, 2016
  4. @segiddins

    Add TestGemInstaller#test_find_lib_file_after_install

    See #1481 (comment) for original patch
    segiddins committed May 21, 2016
  5. @homu

    Auto merge of #1576 - copiousfreetime:fully-remove-extensions-on-rein…

    …stall, r=segiddins
    
    Remove extension directory before installing
    
    # Description:
    
    This is a fix for #1192.
    
    When a gem is installed, before installing, rubyge currently removes the the files from the `gems` and `specifications` but fails to remove the files from `extensions`. This fixes that.
    ______________
    
    # Tasks:
    
    - [x] Describe the problem / feature
    - [x] Write tests
    - [x] Write code to solve the problem
    - [x] Get code review from coworkers / friends
    - [x] [Squash commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 22, 2016
  6. @homu

    Auto merge of #1578 - e2:e2-install_symlinks_last_1577, r=segiddins

    Fix broken symlink support in tar writer (+ fix broken test)
    
    # Description:
    
    Fix for: #1577
    
    (Avoids installing symlinks before symlink targets have been copied).
    
    # Tasks:
    
    - [X] Describe the problem / feature
    - [ ] Write tests
    - [X] Write code to solve the problem
    - [ ] Get code review from coworkers / friends
    - [ ] [Squash commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 22, 2016
  7. @homu

    Auto merge of #1614 - sonalkr132:internal-comment, r=segiddins

    Mark see also require_path as internal comment
    
    ### Description:
    
    It was showing up in guides http://guides.rubygems.org/specification-reference/#require_paths=
    Syntax of internal comment taken from: [Documenting Source Code](http://docs.ruby-lang.org/en/2.2.0/RDoc/Markup.html#class-RDoc::Markup-label-Documenting+Source+Code)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 22, 2016
Commits on May 18, 2016
  1. @homu

    Auto merge of #1618 - rubygems:backport-r55029, r=segiddins

    Unifying Fixnum and Bignum into Integer at Ruby 2.4
    
    # Description:
    
    ruby core team unified `Fixnum` and `Bignum` into Integer on current master.  I backport these code from our repository.
    
    ref. ruby/ruby@f9727c1
    ______________
    
    # Tasks:
    
    - [*] Describe the problem / feature
    - [*] Write tests
    - [*] Write code to solve the problem
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed May 18, 2016
  2. @hsbt
Commits on May 11, 2016
  1. @sonalkr132
Commits on May 10, 2016
  1. @rhenium

    Regenerate test CA certificates with appropriate extensions

    Fix util/create_certs.rb and regenerate test certificates located under
    test/rubygems with it.
    
    According to RFC 5280[1], a CA certificate must include the basic
    constraints extension with cA bit set to TRUE. However the test
    certificates in test/rubygems, generated by util/create_certs.rb script,
    don't include the extension. The current versions (<= 1.0.2) of OpenSSL
    allow the error for trusted certificates, but OpenSSL 1.1.0 no longer
    allows[2].
    
    This patch also adds other extensions, such as key usage, subject key
    identifier and authority key identifier. It looks like OpenSSL doesn't
    actually require them, but the RFC[1] says they must be included, and
    adding them shouldn't be harm.
    
    [1] https://tools.ietf.org/html/rfc5280
    [2] https://git.openssl.org/?p=openssl.git;a=commit;h=0daccd4dc1f1ac62181738a91714f35472e50f3c
    
    Note: The script also regenerates the private keys. To regenerate only
    certificates, I used this tweak:
    
    ------------------------ >8 ------------------------
    diff --git a/util/create_certs.rb b/util/create_certs.rb
    index 516924f..313a724 100644
    --- a/util/create_certs.rb
    +++ b/util/create_certs.rb
    @@ -83,7 +83,7 @@ class CertificateBuilder
         keys = {}
    
         names.each do |name|
    -      keys[name] = create_key
    +      keys[name] = OpenSSL::PKey::RSA.new File.read("test/rubygems/#{name}_key.pem")
         end
    
         keys
    rhenium committed May 4, 2016
Commits on May 3, 2016
  1. @homu

    Auto merge of #1583 - RochesterinNYC:update-bundled-ca-certificates-s…

    …cript, r=segiddins
    
    Update `update_bundled_ca_certificates` utility script for directory nesting
    
    - Also updates the ssl certs with the minimum certs needed and nests them in directories named for the hosts they can authenticate against. The arrangement of the certs changed/occurred because the ssl certs in Rubygems were modeled after the ssl cert arrangement in Bundler. However, this arrangement was produced through manual testing and configured/arranged in bundler/bundler#4380 instead of programmatically. I'm unsure how I would go about writing or updating the `update_bundled_ca_certificates` script in a way that could reproduce this current manual arrangement. Hence, this PR includes a commit for rearranging of the ssl certs based off the programmatic utility script (instead of a manual process).
    - Related to discussion at #1555
    
    cc: @segiddins @indirect
    homu committed May 4, 2016
  2. @RochesterinNYC
  3. @RochesterinNYC

    Update `update_bundled_ca_certificates` script to handle writing certs

    into nested new directory structure
    RochesterinNYC committed Apr 15, 2016
Commits on Apr 30, 2016
  1. @homu

    Auto merge of #1606 - rubygems:seg-molinillo-0.4.5, r=segiddins

    Update vendored Molinillo to 0.4.5
    
    # Description:
    
    See https://github.com/CocoaPods/Molinillo/releases/0.4.5
    
    # Tasks:
    
    - [ ] Describe the problem / feature
    - [ ] Write tests
    - [ ] Write code to solve the problem
    - [ ] Get code review from coworkers / friends
    - [ ] [Squash commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed Apr 30, 2016
  2. @segiddins
Commits on Apr 29, 2016
  1. @homu

    Auto merge of #1605 - djberg96:cert_check, r=segiddins

    Raise an explicit error if Signer#sign is called with no certs
    
    # Description:
    
    This PR addresses an unfriendly error message that I brought up in #1413. It now explicitly raises an error if no certs are found. I also added a test for it.
    ______________
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed Apr 29, 2016
  2. @djberg96
Commits on Apr 27, 2016
  1. @segiddins
  2. @segiddins
Commits on Apr 26, 2016
  1. @homu

    Auto merge of #1600 - rubygems:seg-ui-require-gem-util, r=segiddins

    [UserInteraction] Require gem/util since it is used by SilentUI
    
    # Description:
    
    Likely fixes an error with the bundler specs introduced by #1588.
    homu committed Apr 26, 2016
  2. @segiddins
  3. @segiddins

    [Server] Remove XSS vulnerabilities

    1) HTML escape user-supplied strings
    2) URL encode user-supplied URL substrings
    segiddins committed Apr 25, 2016
Commits on Apr 25, 2016
  1. @homu

    Auto merge of #1598 - jasonkarns:patch-1, r=segiddins

    Correct spelling of environment in Issue template
    
    # Description:
    
    Typo in Issues template
    
    # Tasks:
    
    I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
    homu committed Apr 26, 2016
  2. @jasonkarns
  3. @djberg96

    Added #1418 and #1588 to History.

    djberg96 committed Apr 25, 2016
  4. @djberg96

    Merge pull request #1418 from nobu/feature/win-symlink

    Try symlink on Windows
    djberg96 committed Apr 25, 2016
  5. @djberg96

    Merge pull request #1588 from coldacid/master

    Survive EINVAL from File.open on Windows
    djberg96 committed Apr 25, 2016
  6. @coldacid

    Use `Gem::Util::NULL_DEVICE` instead of hardcoded null device names

    No need to recover from EINVAL or ENOENT in this case as the constant
    should always return the correct name of the null device on every
    platform.
    
    We could use `File::Constants::NULL` but it didn't exist before Ruby
    1.9.3. The constant we use instead exists within this project and
    still has a proper value even for older versions of Ruby.
    coldacid committed Apr 20, 2016
Something went wrong with that request. Please try again.