blob: 1f48cb9e5aa392f0625c2c496979d3f9e8341186 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
require "spec_helper"
require "rubygems/security"
# unfortunately, testing signed gems with a provided CA is extremely difficult
# as 'gem cert' is currently the only way to add CAs to the system.
describe "policies with unsigned gems" do
before do
build_security_repo
gemfile <<-G
source "file://#{security_repo}"
gem "rack"
gem "signed_gem"
G
end
it "will work after you try to deploy without a lock" do
bundle "install --deployment"
bundle :install
expect(exitstatus).to eq(0) if exitstatus
should_be_installed "rack 1.0", "signed_gem 1.0"
end
it "will fail when given invalid security policy" do
bundle "install --trust-policy=InvalidPolicyName"
expect(out).to include("Rubygems doesn't know about trust policy")
end
it "will fail with High Security setting due to presence of unsigned gem" do
bundle "install --trust-policy=HighSecurity"
expect(out).to include("security policy didn't allow")
end
# This spec will fail on Rubygems 2 rc1 due to a bug in policy.rb. the bug is fixed in rc3.
it "will fail with Medium Security setting due to presence of unsigned gem", :unless => ENV['RGV'] == "v2.0.0.rc.1" do
bundle "install --trust-policy=MediumSecurity"
expect(out).to include("security policy didn't allow")
end
it "will succeed with no policy" do
bundle "install"
expect(exitstatus).to eq(0) if exitstatus
end
end
describe "policies with signed gems and no CA" do
before do
build_security_repo
gemfile <<-G
source "file://#{security_repo}"
gem "signed_gem"
G
end
it "will fail with High Security setting, gem is self-signed" do
bundle "install --trust-policy=HighSecurity"
expect(out).to include("security policy didn't allow")
end
it "will fail with Medium Security setting, gem is self-signed" do
bundle "install --trust-policy=MediumSecurity"
expect(out).to include("security policy didn't allow")
end
it "will succeed with Low Security setting, low security accepts self signed gem" do
bundle "install --trust-policy=LowSecurity"
expect(exitstatus).to eq(0) if exitstatus
should_be_installed "signed_gem 1.0"
end
it "will succeed with no policy" do
bundle "install"
expect(exitstatus).to eq(0) if exitstatus
should_be_installed "signed_gem 1.0"
end
end
|
