Bug #7809

Backport RubyGems fixes in r39166 to ruby 2.0.0

Added by Eric Hodel about 1 year ago. Updated about 1 year ago.

[ruby-core:52054]
Status:Closed
Priority:Normal
Assignee:Eric Hodel
Category:lib
Target version:2.0.0
ruby -v:- Backport:

Description

r39166 contains two RubyGems fixes.

The change to lib/rubygems/package.rb is a critical bug fix for RubyGems signing support. Without this fix users of the LowSecurity policy will not be able to install signed gems.

The change to lib/rubygems/package/old.rb is not a critical bug fix. It will make my diagnosis of problems in RubyGems easier, though. It does not change operation of RubyGems in Ruby 2.0.0.

package.rb.signature_fix.patch Magnifier - RubyGems signed gem verification fix (1.25 KB) Eric Hodel, 02/10/2013 03:54 AM

History

#1 Updated by Yusuke Endoh about 1 year ago

It looks a borderline case. Is there no workaround?

Yusuke Endoh mame@tsg.ne.jp

#2 Updated by Eric Hodel about 1 year ago

The change to lib/rubygems/package/old.rb is not critical. It suppresses a warning almost nobody will ever see and fixes behavior on 1.8.7. These are not sufficient for inclusion.

The change to lib/rubygems/package.rb is critical. Without it users will not be able to install signed gems built with rubygems 2.0 or newer on ruby 2.0.0 without upgrading rubygems.

The attached patch fixes only the critical issue.

#3 Updated by Yusuke Endoh about 1 year ago

  • Assignee changed from Yusuke Endoh to Eric Hodel

Okay, please commit your second patch. Thank you!

Yusuke Endoh mame@tsg.ne.jp

#4 Updated by Eric Hodel about 1 year ago

  • Status changed from Assigned to Closed

Fixed by r39227

Also available in: Atom PDF