Add --re-sign flag to cert command #2391
Conversation
|
👍 Thanks! |
|
@bronzdoc The failures look like a bundler (?) issue. Maybe restart the job? |
|
@djberg96 nope not a bundler issue, is just i'm asserting a linux path and in windows is not the same 😁 already fixed that locally, just finishing up some things, it will be ready today :) |
bronzdoc
force-pushed
the
add_resign_flag_to_cert_command
branch
from
b58a4af
to
4895554
Compare
bronzdoc
changed the title
bronzdoc
changed the title
bronzdoc
force-pushed
the
add_resign_flag_to_cert_command
branch
from
6c605a6
to
b558711
Compare
|
@bronzdoc Looks green, thanks! @segiddins Ok to merge? |
| @@ -89,6 +93,11 @@ def initialize | |||
| 'Days before the certificate expires') do |days, options| | |||
| options[:expiration_length_days] = days.to_i | |||
| end | |||
|
|
|||
| add_option('-R', '--re-sign', | |||
| 'Re-sign the certificate from -C with the key from -K') do |resign, options| | |||
There was a problem hiding this comment.
It would be good to make it clear to the user that -C and -K are options.
There was a problem hiding this comment.
"Re-sign the certificate specified by the --certificate option with the key specified by the --private-key option"
How does that sound?
There was a problem hiding this comment.
This is the description of the --sign flag, i just wanted to make it familiar with what users already have.
add_option('-s', '--sign CERT',
'Signs CERT with the key from -K',
'and the certificate from -C') do |cert_file, options|
There was a problem hiding this comment.
Ok, so let's use the same message, just changing "Signs" to "Re-signs". I guess '--re-sign' should be changed to '--re-sign CERT' then, too.
There was a problem hiding this comment.
The command will be used like:
gem cert --certificate ~/cert.pem --private-key ~/private_key.pem --re-sign So the --re-sign flag does not take any CERT argument
There was a problem hiding this comment.
Ah, nevermind that comment then. 😄
| @@ -290,6 +303,13 @@ def sign_certificates # :nodoc: | |||
| end | |||
| end | |||
|
|
|||
| def re_sign_cert(cert, private_key) | |||
| Gem::Security::Signer.re_sign_cert(cert, private_key) do |cert_path, expired_cert_path| | |||
| alert("Your cert #{cert_path} has been re-signed") | |||
There was a problem hiding this comment.
I would use certificate instead of cert
There was a problem hiding this comment.
Is there possible confusion with a method name? Otherwise I'm ok with it.
There was a problem hiding this comment.
I think there's no confusion with a method name, but maybe certificate is more clear, thanks
bronzdoc
force-pushed
the
add_resign_flag_to_cert_command
branch
2 times, most recently
from
23b4a6f
to
847aaf3
Compare
| @@ -15,6 +15,8 @@ def initialize | |||
| :add => [], :remove => [], :list => [], :build => [], :sign => [] | |||
|
|
|||
| OptionParser.accept OpenSSL::X509::Certificate do |certificate| | |||
| @certificate_file = certificate | |||
There was a problem hiding this comment.
OptionParser::accept is used to verify an argument is valid and to convert it to the correct type, not to set values for the input. If we end up needing to validate and convert arguments with these types and pull this code out it will cause breakage for this command.
Instead OptionParser#on (which add_option calls in RubyGems) must be used to record options given to a command, -C/--certificate below for this option.
There was a problem hiding this comment.
… to preserve the file this acceptor can return both the certificate and the certificate location.
There was a problem hiding this comment.
This is something the acceptor can do or is something that needs to be implemented?
There was a problem hiding this comment.
Line 17 can become … do |certificate_file|
Line 19 (21 new) can become:
certificate = OpenSSL::X509::Certificate.new File.read certificate_file
[certificate, certificate_file] # return both converted certificate and location of certificate
And line 70–71 (74–75 new) can become:
… do |(cert, file), options|
options[:issuer_cert] = cert
options[:issuer_cert_file] = cert_fileSo the acceptor still only validates, but returns both the loaded Certificate and certificate path and opt.on '-C' stores both in options
| @@ -26,6 +28,8 @@ def initialize | |||
| end | |||
|
|
|||
| OptionParser.accept OpenSSL::PKey::RSA do |key_file| | |||
| @key_file = key_file | |||
There was a problem hiding this comment.
Ditto on OptionParser.accept, -K/--private-key is used to record arguments
| @@ -114,6 +123,10 @@ def execute | |||
| build email | |||
| end | |||
|
|
|||
| if options[:resign] | |||
| re_sign_cert(@certificate_file, @key_file) | |||
There was a problem hiding this comment.
This should use values from options after removing the instance variables
| @@ -290,6 +303,13 @@ def sign_certificates # :nodoc: | |||
| end | |||
| end | |||
|
|
|||
| def re_sign_cert(cert, private_key) | |||
| Gem::Security::Signer.re_sign_cert(cert, private_key) do |cert_path, expired_cert_path| | |||
There was a problem hiding this comment.
Since this needs the certificate location to store the expired certificate when we generate a new one that should be passed in as well, then have Gem::Security::Signer::re_sign_cert accept three arguments.
bronzdoc
force-pushed
the
add_resign_flag_to_cert_command
branch
4 times, most recently
from
e476898
to
6a4adbc
Compare
|
@drbrain changes are done, build failing is not related to this PR... something weird with rubocop not being installed is happening in specific builds... |
|
I tried restarting a couple of the builds to no avail. Not sure what's happening, but I thought I saw some curl failures in there. |
bronzdoc
force-pushed
the
add_resign_flag_to_cert_command
branch
from
6a4adbc
to
54ede15
Compare
|
@bundlerbot r+ |
|
📌 Commit 54ede15 has been approved by |
…nzdoc Add --re-sign flag to cert command # Description: Follow up of: #1720 (i'll squash the commits when i'm done) I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
|
☀️ Test successful - status-travis |
|
Woohoo, thanks! |
This commits includes tiny bugfix and new features listed here:
* Add --re-sign flag to cert command by bronzdoc: rubygems/rubygems#2391
* Download gems with threads. by indirect: rubygems/rubygems#1898
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64769 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Description:
Follow up of: #1720
(i'll squash the commits when i'm done)
I will abide by the code of conduct.