OpenSSL::X509::StoreContext#current_cert returns an empty and invalid
OpenSSL::X509::Certificate instance if it is called before starting a
certificate verification.
https://redirect.github.com/ruby/openssl/pull/919 will change it to
return nil instead in such a case.
Adjust test_verify_certificate_extra_message to actually complete
StoreContext#verify so that it will not rely on this behavior.
823799088d
RubyGems generated binstubs still provide support for this ancient
version. This makes no sense since we prevent downgrades to such old
versions.
089cdc3b77
We sometimes send HEAD requests. The s3_uri_signer.rb code allways assumed GETs.
This lead to consistently getting 403 responses back from S3. Recently, S3
attempted to change the behaviour of how 403s are handled when TCP connections
are reused, which escalated this bug from "just noise" to "breaks gem installs".
They've reverted that behaviour, so the severity of this problem is back to
"just noise". Either way, it's a bug in rubygems and warrants a fix it.
c38f502b73
Currently to test Bundler 3 mode we have to actually edit the version
file to simulate we're running a future version. This is inconvenient.
Instead, allow passing an environment variable, `BUNDLER_3_MODE`, to set
the "working mode" Bundler should use.
This can now be set easily by end users to enable them to try out the
changes in the future version and give us feedback.
It's unclear how version auto-switching should work when this
environment variable is set, so the auto-switching feature will be
disabled in that case.
4e92e9b209
If a previous copy of a gem is already installed, RubyGems will not
reinstall the gem but only recompile its extensions. This seems like a
good idea, but only if the gem is being installed from the registry.
If we are installing a locally built package, then the package should be
completely reinstalled and extensions compiled from the sources in the
locally built package, not from the sources in the previous
installation.
1c282d98d5
If `gem pristine foo` is run, and there's a default copy of foo, only
executables for it are reset. However, that was causing other copies of
`foo` to only reset executables, which is unexpected.
We should not modify `options[:only_executables]`, but respect its value
for every gem, and make sure special handling for default gems does not
leak to other gems.
2c3039f1b0
- the x64-mingw32 platform has been superseded by x64-mingw-ucrt
- the mingw-ucrt platform is present as of Windows 10, which was released 10 years ago in 2015 and all versions prior to 10 are end-of-life and 10 will be by mid October 2025
- newer rubies use the mingw-ucrt platform instead of the mingw32 platform, meaning using the deprecated platform can cause issues during gem installation
b9d871022e
The issue was that the property that
```ruby
platform = Gem::Platform.new $string
platform == Gem::Platform.new(platform.to_s)
```
was not always true.
This property (of acchieving a fix point) is important,
since `Gem::Platform` gets serialized to a string and
then deserialized back to a `Gem::Platform` object.
If it doesn't deserialize to the same object, then
different platforms are used for the initial serialization
than subsequent runs.
I used https://github.com/segiddins/Scratch/blob/main/2025/03/rubygems-platform.rb
to find the failing cases and then fixed them.
With this patch, the prop check test now passes.
313fb4bcec
Since 9e21dd9, Gem::Package::TarWriter#add_file adds the file to
the tar with Gem.source_date_epoch for its mtime.
This behavior breaks the code depending on the previous add_file
behavior.
Therefore, add_file accepts mtime as an argument, and uses
Gem.source_date_epoch if not specified.
7020ea98a0
Copying the URL is painful here because the URL is embedded within a paragraph of text. I presume we don't want to automatically open the browser.
Instead, move the URL to its own line so that "triple click" will automatically select the whole thing.
21532a69ae
When `gem exec foo` is run, and "foo" is a gem that has multiple
executables, none of them named "foo", raise an error explaining the
situation and telling user to be more specific.
Currently the first command in the executables array is run, but this
may come as surprising sometimes, so better raise an error.
acda5d8f6e
