Bug #7784
[mingw] r39055 creates test failures and functionality loss
Description
The r39055 patch for rubygems security (lib/rubygems/config_file.rb) causes 11 make test-all failures
http://ci.rubyinstaller.org/job/ruby-trunk-x64-test-all/659/console
and loss of gem command functionality due to typical default windows file permissions on one's rubygems.org credentials file:
C:\>ruby --version
ruby 2.0.0dev (2013-02-05 trunk 39055) [i386-mingw32]
C:\>gem --version
ERROR: Your gem push credentials file located at:
C:/Users/Jon/.gem/credentials
has file permissions of 0644 but 0600 is required.
You should reset your credentials at:
https://rubygems.org/profile/edit
if you believe they were disclosed to a third party.
C:\>gem list
ERROR: Your gem push credentials file located at:
C:/Users/Jon/.gem/credentials
has file permissions of 0644 but 0600 is required.
You should reset your credentials at:
https://rubygems.org/profile/edit
if you believe they were disclosed to a third party.
If you try changing the file to read-only in the gui, ruby thinks the permissions are:
>> File.stat('credentials').mode.to_s(8)[2..5]
=> "0444"
which still causes usage failures. I've removed all users/group permissions except my own (from the windows security tab gui) on win7, but the failure continues. Spelunking...
Associated revisions
History
#1
[ruby-core:51865]
Updated by jonforums (Jon Forums) about 5 years ago
Updated by it doesn't solve the issue, but why is the permissions check not being isolated to only gem push?
#2
[ruby-core:51873]
Updated by luislavena (Luis Lavena) about 5 years ago
Updated by - Status changed from Open to Assigned
#3
[ruby-core:51881]
Updated by drbrain (Eric Hodel) about 5 years ago
Updated by - Status changed from Assigned to Closed
Fixed by r39070 which removes the check on windows. If writing a file as 0600 works on windows someday we can reintroduce it.
Credentials are loaded when .gemrc is loaded. Changing when credentials are loaded is too risky.
#4
[ruby-core:51980]
Updated by usa (Usaku NAKAMURA) about 5 years ago
Updated by - Status changed from Closed to Assigned
Eric, please backport r39133 to rubygems trunk :)
#5
[ruby-core:52007]
Updated by drbrain (Eric Hodel) about 5 years ago
On Feb 7, 2013, at 04:12, "usa (Usaku NAKAMURA)" usa@garbagecollect.jp wrote:
Issue #7784 has been updated by usa (Usaku NAKAMURA).
Status changed from Closed to Assigned
Eric, please backport r39133 to rubygems trunk :)
Done!
#6
[ruby-core:52229]
Updated by drbrain (Eric Hodel) about 5 years ago
- Status changed from Assigned to Closed
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39133 b2dd03c8-39d4-4d8f-98ff-823fe69b080e