123456789_123456789_123456789_123456789_123456789_

Class: Gem::Package

Relationships & Source Files
Namespace Children
Classes:
Exceptions:
Extension / Inclusion / Inheritance Descendants
Subclasses:
Old
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
Inherits: Object
Defined in: lib/rubygems/package.rb

Class Method Summary

Instance Attribute Summary

DefaultUserInteraction - Included

Instance Method Summary

UserInteraction - Included

#alert

Displays an alert statement.

#alert_error

Displays an error statement to the error output location.

#alert_warning

Displays a warning statement to the warning output location.

#ask

Asks a question and returns the answer.

#ask_for_password

Asks for a password with a prompt

#ask_yes_no

Asks a yes or no question.

#choose_from_list

Asks the user to answer question with an answer from the given list.

#say

Displays the given statement on the standard output (or equivalent).

#terminate_interaction

Terminates the RubyGems process with the given exit_code

#verbose

Calls say with msg or the results of the block if really_verbose is true.

DefaultUserInteraction - Included

Constructor Details

.new(gem, security_policy = nil) ⇒ Package

Creates a new Package for the file at gem. gem can also be provided as an IO object.

If gem is an existing file in the old format a Package::Old will be returned.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 127

def self.new gem, security_policy = nil
  gem = if gem.is_a?(Gem::Package::Source)
          gem
        elsif gem.respond_to? :read
          Gem::Package::IOSource.new gem
        else
          Gem::Package::FileSource.new gem
        end

  return super unless Gem::Package == self
  return super unless gem.present?

  return super unless gem.start
  return super unless gem.start.include? 'MD5SUM ='

  Gem::Package::Old.new gem
end

#initialize(gem, security_policy) ⇒ Package

Creates a new package that will read or write to the file gem.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 148

def initialize gem, security_policy # :notnew:
  @gem = gem

  @build_time      = Time.now
  @checksums       = {}
  @contents        = nil
  @digests         = Hash.new { |h, algorithm| h[algorithm] = {} }
  @files           = nil
  @security_policy = security_policy
  @signatures      = {}
  @signer          = nil
  @spec            = nil
end

Class Method Details

.build(spec, skip_validation = false)

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 110

def self.build spec, skip_validation=false
  gem_file = spec.file_name

  package = new gem_file
  package.spec = spec
  package.build skip_validation

  gem_file
end

Instance Attribute Details

#checksums (readonly)

Checksums for the contents of the package

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 92

attr_reader :checksums

#files (readonly)

The files in this package. This is not the contents of the gem, just the files in the top-level container.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 98

attr_reader :files

#security_policy (rw)

The security policy used for verifying the contents of this package.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 103

attr_accessor :security_policy

#spec (rw)

The spec for this gem.

If this is a package for a built gem the spec is loaded from the gem and returned. If this is a package for a gem being built the provided spec is returned.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 513

def spec
  verify unless @spec

  @spec
end

#spec=(value) (rw)

Sets the Specification to use to build this package.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 108

attr_writer :spec

Instance Method Details

#add_checksums(tar)

Adds a checksum for each entry in the gem to checksums.yaml.gz.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 172

def add_checksums tar
  Gem.load_yaml

  checksums_by_algorithm = Hash.new { |h, algorithm| h[algorithm] = {} }

  @checksums.each do |name, digests|
    digests.each do |algorithm, digest|
      checksums_by_algorithm[algorithm][name] = digest.hexdigest
    end
  end

  tar.add_file_signed 'checksums.yaml.gz', 0444, @signer do |io|
    gzip_to io do |gz_io|
      YAML.dump checksums_by_algorithm, gz_io
    end
  end
end

#build(skip_validation = false)

Builds this package based on the specification set by #spec=

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 243

def build skip_validation = false
  Gem.load_yaml
  require 'rubygems/security'

  @spec.mark_version
  @spec.validate unless skip_validation

  setup_signer

  @gem.with_write_io do |gem_io|
    Gem::Package::TarWriter.new gem_io do |gem|
       gem
      add_contents gem
      add_checksums gem
    end
  end

  say <<-EOM
Successfully built RubyGem
Name: #{@spec.name}
Version: #{@spec.version}
File: #{File.basename @spec.cache_file}
EOM
ensure
  @signer = nil
end

#contents

A list of file names contained in this gem

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 273

def contents
  return @contents if @contents

  verify unless @spec

  @contents = []

  @gem.with_read_io do |io|
    gem_tar = Gem::Package::TarReader.new io

    gem_tar.each do |entry|
      next unless entry.full_name == 'data.tar.gz'

      open_tar_gz entry do |pkg_tar|
        pkg_tar.each do |contents_entry|
          @contents << contents_entry.full_name
        end
      end

      return @contents
    end
  end
end

#copy_to(path)

Copies this package to Gem.path (if possible)

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 165

def copy_to path
  FileUtils.cp @gem.path, path unless File.exist? path
end

#extract_files(destination_dir, pattern = "*")

Extracts the files in this package into destination_dir

If pattern is specified, only entries matching that glob will be extracted.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 332

def extract_files destination_dir, pattern = "*"
  verify unless @spec

  FileUtils.mkdir_p destination_dir

  @gem.with_read_io do |io|
    reader = Gem::Package::TarReader.new io

    reader.each do |entry|
      next unless entry.full_name == 'data.tar.gz'

      extract_tar_gz entry, destination_dir, pattern

      return # ignore further entries
    end
  end
end

#gzip_to(io)

Gzips content written to gz_io to io.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 399

def gzip_to io # :yields: gz_io
  gz_io = Zlib::GzipWriter.new io, Zlib::BEST_COMPRESSION
  gz_io.mtime = @build_time

  yield gz_io
ensure
  gz_io.close
end

#mkdir_p_safe(mkdir, mkdir_options, destination_dir, file_name)

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 430

def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name
  destination_dir = realpath File.expand_path(destination_dir)
  parts = mkdir.split(File::SEPARATOR)
  parts.reduce do |path, basename|
    path = realpath path  unless path == ""
    path = File.expand_path(path + File::SEPARATOR + basename)
    lstat = File.lstat path rescue nil
    if !lstat || !lstat.directory?
      unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false)
        raise Gem::Package::PathError.new(file_name, destination_dir)
      end
    end
    path
  end
end

#read_checksums(gem)

Reads and loads checksums.yaml.gz from the tar file gem

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 479

def read_checksums gem
  Gem.load_yaml

  @checksums = gem.seek 'checksums.yaml.gz' do |entry|
    Zlib::GzipReader.wrap entry do |gz_io|
      Gem::SafeYAML.safe_load gz_io.read
    end
  end
end

#realpath(file)

See additional method definition at line 637.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 641

def realpath file
  File.realpath file
end

#setup_signer

Prepares the gem for signing and checksum generation. If a signing certificate and key are not present only checksum generation is set up.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 493

def setup_signer
  passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
  if @spec.signing_key then
    @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain, passphrase
    @spec.signing_key = nil
    @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
  else
    @signer = Gem::Security::Signer.new nil, nil, passphrase
    @spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if
      @signer.cert_chain
  end
end

#verify

Verifies that this gem:

  • Contains a valid gem specification

  • Contains a contents archive

  • The contents archive is not corrupt

After verification the gem specification from the gem is available from #spec

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 529

def verify
  @files     = []
  @spec      = nil

  @gem.with_read_io do |io|
    Gem::Package::TarReader.new io do |reader|
      read_checksums reader

      verify_files reader
    end
  end

  verify_checksums @digests, @checksums

  @security_policy.verify_signatures @spec, @digests, @signatures if
    @security_policy

  true
rescue Gem::Security::Exception
  @spec = nil
  @files = []
  raise
rescue Errno::ENOENT => e
  raise Gem::Package::FormatError.new e.message
rescue Gem::Package::TarInvalidError => e
  raise Gem::Package::FormatError.new e.message, @gem
end

#verify_entry(entry)

Verifies entry in a .gem file.

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 579

def verify_entry entry
  file_name = entry.full_name
  @files << file_name

  case file_name
  when /\.sig$/ then
    @signatures[$`] = entry.read if @security_policy
    return
  else
    digest entry
  end

  case file_name
  when /^metadata(.gz)?$/ then
    load_spec entry
  when 'data.tar.gz' then
    verify_gz entry
  end
rescue => e
  message = "package is corrupt, exception while verifying: " +
            "#{e.message} (#{e.class})"
  raise Gem::Package::FormatError.new message, @gem
end

#verify_files(gem)

Verifies the files of the gem

[ GitHub ]

  
# File 'lib/rubygems/package.rb', line 606

def verify_files gem
  gem.each do |entry|
    verify_entry entry
  end

  unless @spec then
    raise Gem::Package::FormatError.new 'package metadata is missing', @gem
  end

  unless @files.include? 'data.tar.gz' then
    raise Gem::Package::FormatError.new \
            'package content (data.tar.gz) is missing', @gem
  end

  if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any?
    raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})"
  end
end