summaryrefslogtreecommitdiff
path: root/jni/ruby/lib/rubygems/remote_fetcher.rb
diff options
context:
space:
mode:
authorJari Vetoniemi <jari.vetoniemi@indooratlas.com>2020-03-16 18:49:26 +0900
committerJari Vetoniemi <jari.vetoniemi@indooratlas.com>2020-03-30 00:39:06 +0900
commitfcbf63e62c627deae76c1b8cb8c0876c536ed811 (patch)
tree64cb17de3f41a2b6fef2368028fbd00349946994 /jni/ruby/lib/rubygems/remote_fetcher.rb
Fresh start
Diffstat (limited to 'jni/ruby/lib/rubygems/remote_fetcher.rb')
-rw-r--r--jni/ruby/lib/rubygems/remote_fetcher.rb404
1 files changed, 404 insertions, 0 deletions
diff --git a/jni/ruby/lib/rubygems/remote_fetcher.rb b/jni/ruby/lib/rubygems/remote_fetcher.rb
new file mode 100644
index 0000000..b1f6dd1
--- /dev/null
+++ b/jni/ruby/lib/rubygems/remote_fetcher.rb
@@ -0,0 +1,404 @@
+require 'rubygems'
+require 'rubygems/request'
+require 'rubygems/uri_formatter'
+require 'rubygems/user_interaction'
+require 'rubygems/request/connection_pools'
+require 'resolv'
+
+##
+# RemoteFetcher handles the details of fetching gems and gem information from
+# a remote source.
+
+class Gem::RemoteFetcher
+
+ include Gem::UserInteraction
+
+ ##
+ # A FetchError exception wraps up the various possible IO and HTTP failures
+ # that could happen while downloading from the internet.
+
+ class FetchError < Gem::Exception
+
+ ##
+ # The URI which was being accessed when the exception happened.
+
+ attr_accessor :uri
+
+ def initialize(message, uri)
+ super message
+ @uri = uri
+ end
+
+ def to_s # :nodoc:
+ "#{super} (#{uri})"
+ end
+
+ end
+
+ ##
+ # A FetchError that indicates that the reason for not being
+ # able to fetch data was that the host could not be contacted
+
+ class UnknownHostError < FetchError
+ end
+
+ @fetcher = nil
+
+ ##
+ # Cached RemoteFetcher instance.
+
+ def self.fetcher
+ @fetcher ||= self.new Gem.configuration[:http_proxy]
+ end
+
+ ##
+ # Initialize a remote fetcher using the source URI and possible proxy
+ # information.
+ #
+ # +proxy+
+ # * [String]: explicit specification of proxy; overrides any environment
+ # variable setting
+ # * nil: respect environment variables (HTTP_PROXY, HTTP_PROXY_USER,
+ # HTTP_PROXY_PASS)
+ # * <tt>:no_proxy</tt>: ignore environment variables and _don't_ use a proxy
+ #
+ # +dns+: An object to use for DNS resolution of the API endpoint.
+ # By default, use Resolv::DNS.
+
+ def initialize(proxy=nil, dns=Resolv::DNS.new)
+ require 'net/http'
+ require 'stringio'
+ require 'time'
+ require 'uri'
+
+ Socket.do_not_reverse_lookup = true
+
+ @proxy = proxy
+ @pools = {}
+ @pool_lock = Mutex.new
+ @cert_files = Gem::Request.get_cert_files
+
+ @dns = dns
+ end
+
+ ##
+ # Given a source at +uri+, calculate what hostname to actually
+ # connect to query the data for it.
+
+ def api_endpoint(uri)
+ host = uri.host
+
+ begin
+ res = @dns.getresource "_rubygems._tcp.#{host}",
+ Resolv::DNS::Resource::IN::SRV
+ rescue Resolv::ResolvError
+ uri
+ else
+ target = res.target.to_s.strip
+
+ if /\.#{Regexp.quote(host)}\z/ =~ target
+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+ end
+
+ uri
+ end
+ end
+
+ ##
+ # Given a name and requirement, downloads this gem into cache and returns the
+ # filename. Returns nil if the gem cannot be located.
+ #--
+ # Should probably be integrated with #download below, but that will be a
+ # larger, more emcompassing effort. -erikh
+
+ def download_to_cache dependency
+ found, _ = Gem::SpecFetcher.fetcher.spec_for_dependency dependency
+
+ return if found.empty?
+
+ spec, source = found.max_by { |(s,_)| s.version }
+
+ download spec, source.uri.to_s
+ end
+
+ ##
+ # Moves the gem +spec+ from +source_uri+ to the cache dir unless it is
+ # already there. If the source_uri is local the gem cache dir copy is
+ # always replaced.
+
+ def download(spec, source_uri, install_dir = Gem.dir)
+ cache_dir =
+ if Dir.pwd == install_dir then # see fetch_command
+ install_dir
+ elsif File.writable? install_dir then
+ File.join install_dir, "cache"
+ else
+ File.join Gem.user_dir, "cache"
+ end
+
+ gem_file_name = File.basename spec.cache_file
+ local_gem_path = File.join cache_dir, gem_file_name
+
+ FileUtils.mkdir_p cache_dir rescue nil unless File.exist? cache_dir
+
+ # Always escape URI's to deal with potential spaces and such
+ # It should also be considered that source_uri may already be
+ # a valid URI with escaped characters. e.g. "{DESede}" is encoded
+ # as "%7BDESede%7D". If this is escaped again the percentage
+ # symbols will be escaped.
+ unless source_uri.is_a?(URI::Generic)
+ begin
+ source_uri = URI.parse(source_uri)
+ rescue
+ source_uri = URI.parse(URI.const_defined?(:DEFAULT_PARSER) ?
+ URI::DEFAULT_PARSER.escape(source_uri.to_s) :
+ URI.escape(source_uri.to_s))
+ end
+ end
+
+ scheme = source_uri.scheme
+
+ # URI.parse gets confused by MS Windows paths with forward slashes.
+ scheme = nil if scheme =~ /^[a-z]$/i
+
+ # REFACTOR: split this up and dispatch on scheme (eg download_http)
+ # REFACTOR: be sure to clean up fake fetcher when you do this... cleaner
+ case scheme
+ when 'http', 'https', 's3' then
+ unless File.exist? local_gem_path then
+ begin
+ verbose "Downloading gem #{gem_file_name}"
+
+ remote_gem_path = source_uri + "gems/#{gem_file_name}"
+
+ self.cache_update_path remote_gem_path, local_gem_path
+ rescue Gem::RemoteFetcher::FetchError
+ raise if spec.original_platform == spec.platform
+
+ alternate_name = "#{spec.original_name}.gem"
+
+ verbose "Failed, downloading gem #{alternate_name}"
+
+ remote_gem_path = source_uri + "gems/#{alternate_name}"
+
+ self.cache_update_path remote_gem_path, local_gem_path
+ end
+ end
+ when 'file' then
+ begin
+ path = source_uri.path
+ path = File.dirname(path) if File.extname(path) == '.gem'
+
+ remote_gem_path = correct_for_windows_path(File.join(path, 'gems', gem_file_name))
+
+ FileUtils.cp(remote_gem_path, local_gem_path)
+ rescue Errno::EACCES
+ local_gem_path = source_uri.to_s
+ end
+
+ verbose "Using local gem #{local_gem_path}"
+ when nil then # TODO test for local overriding cache
+ source_path = if Gem.win_platform? && source_uri.scheme &&
+ !source_uri.path.include?(':') then
+ "#{source_uri.scheme}:#{source_uri.path}"
+ else
+ source_uri.path
+ end
+
+ source_path = Gem::UriFormatter.new(source_path).unescape
+
+ begin
+ FileUtils.cp source_path, local_gem_path unless
+ File.identical?(source_path, local_gem_path)
+ rescue Errno::EACCES
+ local_gem_path = source_uri.to_s
+ end
+
+ verbose "Using local gem #{local_gem_path}"
+ else
+ raise ArgumentError, "unsupported URI scheme #{source_uri.scheme}"
+ end
+
+ local_gem_path
+ end
+
+ ##
+ # File Fetcher. Dispatched by +fetch_path+. Use it instead.
+
+ def fetch_file uri, *_
+ Gem.read_binary correct_for_windows_path uri.path
+ end
+
+ ##
+ # HTTP Fetcher. Dispatched by +fetch_path+. Use it instead.
+
+ def fetch_http uri, last_modified = nil, head = false, depth = 0
+ fetch_type = head ? Net::HTTP::Head : Net::HTTP::Get
+ response = request uri, fetch_type, last_modified
+
+ case response
+ when Net::HTTPOK, Net::HTTPNotModified then
+ response.uri = uri if response.respond_to? :uri
+ head ? response : response.body
+ when Net::HTTPMovedPermanently, Net::HTTPFound, Net::HTTPSeeOther,
+ Net::HTTPTemporaryRedirect then
+ raise FetchError.new('too many redirects', uri) if depth > 10
+
+ location = URI.parse response['Location']
+
+ if https?(uri) && !https?(location)
+ raise FetchError.new("redirecting to non-https resource: #{location}", uri)
+ end
+
+ fetch_http(location, last_modified, head, depth + 1)
+ else
+ raise FetchError.new("bad response #{response.message} #{response.code}", uri)
+ end
+ end
+
+ alias :fetch_https :fetch_http
+
+ ##
+ # Downloads +uri+ and returns it as a String.
+
+ def fetch_path(uri, mtime = nil, head = false)
+ uri = URI.parse uri unless URI::Generic === uri
+
+ raise ArgumentError, "bad uri: #{uri}" unless uri
+
+ unless uri.scheme
+ raise ArgumentError, "uri scheme is invalid: #{uri.scheme.inspect}"
+ end
+
+ data = send "fetch_#{uri.scheme}", uri, mtime, head
+
+ if data and !head and uri.to_s =~ /\.gz$/
+ begin
+ data = Gem.gunzip data
+ rescue Zlib::GzipFile::Error
+ raise FetchError.new("server did not return a valid file", uri.to_s)
+ end
+ end
+
+ data
+ rescue FetchError
+ raise
+ rescue Timeout::Error
+ raise UnknownHostError.new('timed out', uri.to_s)
+ rescue IOError, SocketError, SystemCallError => e
+ if e.message =~ /getaddrinfo/
+ raise UnknownHostError.new('no such name', uri.to_s)
+ else
+ raise FetchError.new("#{e.class}: #{e}", uri.to_s)
+ end
+ end
+
+ def fetch_s3(uri, mtime = nil, head = false)
+ public_uri = sign_s3_url(uri)
+ fetch_https public_uri, mtime, head
+ end
+
+ ##
+ # Downloads +uri+ to +path+ if necessary. If no path is given, it just
+ # passes the data.
+
+ def cache_update_path uri, path = nil, update = true
+ mtime = path && File.stat(path).mtime rescue nil
+
+ data = fetch_path(uri, mtime)
+
+ if data == nil # indicates the server returned 304 Not Modified
+ return Gem.read_binary(path)
+ end
+
+ if update and path
+ open(path, 'wb') do |io|
+ io.flock(File::LOCK_EX)
+ io.write data
+ end
+ end
+
+ data
+ end
+
+ ##
+ # Returns the size of +uri+ in bytes.
+
+ def fetch_size(uri) # TODO: phase this out
+ response = fetch_path(uri, nil, true)
+
+ response['content-length'].to_i
+ end
+
+ def correct_for_windows_path(path)
+ if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
+ path[1..-1]
+ else
+ path
+ end
+ end
+
+ ##
+ # Performs a Net::HTTP request of type +request_class+ on +uri+ returning
+ # a Net::HTTP response object. request maintains a table of persistent
+ # connections to reduce connect overhead.
+
+ def request(uri, request_class, last_modified = nil)
+ proxy = proxy_for @proxy, uri
+ pool = pools_for(proxy).pool_for uri
+
+ request = Gem::Request.new uri, request_class, last_modified, pool
+
+ request.fetch do |req|
+ yield req if block_given?
+ end
+ end
+
+ def https?(uri)
+ uri.scheme.downcase == 'https'
+ end
+
+ def close_all
+ @pools.each_value {|pool| pool.close_all}
+ end
+
+ protected
+
+ # we have our own signing code here to avoid a dependency on the aws-sdk gem
+ # fortunately, a simple GET request isn't too complex to sign properly
+ def sign_s3_url(uri, expiration = nil)
+ require 'base64'
+ require 'openssl'
+
+ unless uri.user && uri.password
+ raise FetchError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/", uri.to_s)
+ end
+
+ expiration ||= s3_expiration
+ canonical_path = "/#{uri.host}#{uri.path}"
+ payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
+ digest = OpenSSL::HMAC.digest('sha1', uri.password, payload)
+ # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
+ signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
+ URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}")
+ end
+
+ def s3_expiration
+ (Time.now + 3600).to_i # one hour from now
+ end
+
+ BASE64_URI_TRANSLATE = { '+' => '%2B', '/' => '%2F', '=' => '%3D' }.freeze
+
+ private
+
+ def proxy_for proxy, uri
+ Gem::Request.proxy_uri(proxy || Gem::Request.get_proxy_from_env(uri.scheme))
+ end
+
+ def pools_for proxy
+ @pool_lock.synchronize do
+ @pools[proxy] ||= Gem::Request::ConnectionPools.new proxy, @cert_files
+ end
+ end
+end
+