class Gem::RemoteFetcher

RemoteFetcher handles the details of fetching gems and gem information from a remote source.

Constants

BASE64_URI_TRANSLATE

Attributes

headers[RW]

Public Class Methods

fetcher() click to toggle source

Cached RemoteFetcher instance.

# File lib/rubygems/remote_fetcher.rb, line 51
def self.fetcher
  @fetcher ||= self.new Gem.configuration[:http_proxy]
end
fetcher=(fetcher) click to toggle source
# File lib/rubygems/test_utilities.rb, line 176
def self.fetcher=(fetcher)
  @fetcher = fetcher
end
new(proxy=nil, dns=Resolv::DNS.new, headers={}) click to toggle source

Initialize a remote fetcher using the source URI and possible proxy information.

proxy

  • [String]: explicit specification of proxy; overrides any environment

    variable setting
    
  • nil: respect environment variables (HTTP_PROXY, HTTP_PROXY_USER,

    HTTP_PROXY_PASS)
  • :no_proxy: ignore environment variables and _don't_ use a proxy

dns: An object to use for DNS resolution of the API endpoint.

By default, use Resolv::DNS.

headers: A set of additional HTTP headers to be sent to the server when

fetching the gem.
# File lib/rubygems/remote_fetcher.rb, line 74
def initialize(proxy=nil, dns=Resolv::DNS.new, headers={})
  require 'net/http'
  require 'stringio'
  require 'time'
  require 'uri'

  Socket.do_not_reverse_lookup = true

  @proxy = proxy
  @pools = {}
  @pool_lock = Mutex.new
  @cert_files = Gem::Request.get_cert_files

  @dns = dns
  @headers = headers
end

Public Instance Methods

api_endpoint(uri) click to toggle source

Given a source at uri, calculate what hostname to actually connect to query the data for it.

# File lib/rubygems/remote_fetcher.rb, line 95
def api_endpoint(uri)
  host = uri.host

  begin
    res = @dns.getresource "_rubygems._tcp.#{host}",
                           Resolv::DNS::Resource::IN::SRV
  rescue Resolv::ResolvError => e
    verbose "Getting SRV record failed: #{e}"
    uri
  else
    target = res.target.to_s.strip

    if URI("http://" + target).host.end_with?(".#{host}")
      return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
    end

    uri
  end
end
cache_update_path(uri, path = nil, update = true) click to toggle source

Downloads uri to path if necessary. If no path is given, it just passes the data.

# File lib/rubygems/remote_fetcher.rb, line 315
def cache_update_path uri, path = nil, update = true
  mtime = path && File.stat(path).mtime rescue nil

  data = fetch_path(uri, mtime)

  if data == nil # indicates the server returned 304 Not Modified
    return Gem.read_binary(path)
  end

  if update and path
    begin
      open(path, 'wb') do |io|
        io.flock(File::LOCK_EX)
        io.write data
      end
    rescue Errno::ENOLCK # NFS
      if Thread.main != Thread.current
        raise
      else
        open(path, 'wb') do |io|
          io.write data
        end
      end
    end
  end

  data
end
close_all() click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 381
def close_all
  @pools.each_value {|pool| pool.close_all}
end
correct_for_windows_path(path) click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 353
def correct_for_windows_path(path)
  if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
    path[1..-1]
  else
    path
  end
end
download(spec, source_uri, install_dir = Gem.dir) click to toggle source

Moves the gem spec from source_uri to the cache dir unless it is already there. If the source_uri is local the gem cache dir copy is always replaced.

# File lib/rubygems/remote_fetcher.rb, line 137
def download(spec, source_uri, install_dir = Gem.dir)
  cache_dir =
    if Dir.pwd == install_dir then # see fetch_command
      install_dir
    elsif File.writable? install_dir then
      File.join install_dir, "cache"
    else
      File.join Gem.user_dir, "cache"
    end

  gem_file_name = File.basename spec.cache_file
  local_gem_path = File.join cache_dir, gem_file_name

  FileUtils.mkdir_p cache_dir rescue nil unless File.exist? cache_dir

  # Always escape URI's to deal with potential spaces and such
  # It should also be considered that source_uri may already be
  # a valid URI with escaped characters. e.g. "{DESede}" is encoded
  # as "%7BDESede%7D". If this is escaped again the percentage
  # symbols will be escaped.
  unless source_uri.is_a?(URI::Generic)
    begin
      source_uri = URI.parse(source_uri)
    rescue
      source_uri = URI.parse(URI.const_defined?(:DEFAULT_PARSER) ?
                             URI::DEFAULT_PARSER.escape(source_uri.to_s) :
                             URI.escape(source_uri.to_s))
    end
  end

  scheme = source_uri.scheme

  # URI.parse gets confused by MS Windows paths with forward slashes.
  scheme = nil if scheme =~ /^[a-z]$/i

  # REFACTOR: split this up and dispatch on scheme (eg download_http)
  # REFACTOR: be sure to clean up fake fetcher when you do this... cleaner
  case scheme
  when 'http', 'https', 's3' then
    unless File.exist? local_gem_path then
      begin
        verbose "Downloading gem #{gem_file_name}"

        remote_gem_path = source_uri + "gems/#{gem_file_name}"

        self.cache_update_path remote_gem_path, local_gem_path
      rescue Gem::RemoteFetcher::FetchError
        raise if spec.original_platform == spec.platform

        alternate_name = "#{spec.original_name}.gem"

        verbose "Failed, downloading gem #{alternate_name}"

        remote_gem_path = source_uri + "gems/#{alternate_name}"

        self.cache_update_path remote_gem_path, local_gem_path
      end
    end
  when 'file' then
    begin
      path = source_uri.path
      path = File.dirname(path) if File.extname(path) == '.gem'

      remote_gem_path = correct_for_windows_path(File.join(path, 'gems', gem_file_name))

      FileUtils.cp(remote_gem_path, local_gem_path)
    rescue Errno::EACCES
      local_gem_path = source_uri.to_s
    end

    verbose "Using local gem #{local_gem_path}"
  when nil then # TODO test for local overriding cache
    source_path = if Gem.win_platform? && source_uri.scheme &&
                     !source_uri.path.include?(':') then
                    "#{source_uri.scheme}:#{source_uri.path}"
                  else
                    source_uri.path
                  end

    source_path = Gem::UriFormatter.new(source_path).unescape

    begin
      FileUtils.cp source_path, local_gem_path unless
        File.identical?(source_path, local_gem_path)
    rescue Errno::EACCES
      local_gem_path = source_uri.to_s
    end

    verbose "Using local gem #{local_gem_path}"
  else
    raise ArgumentError, "unsupported URI scheme #{source_uri.scheme}"
  end

  local_gem_path
end
download_to_cache(dependency) click to toggle source

Given a name and requirement, downloads this gem into cache and returns the filename. Returns nil if the gem cannot be located.

# File lib/rubygems/remote_fetcher.rb, line 122
  def download_to_cache dependency
    found, _ = Gem::SpecFetcher.fetcher.spec_for_dependency dependency

    return if found.empty?

    spec, source = found.max_by { |(s,_)| s.version }

    download spec, source.uri.to_s
  end

  ##
  # Moves the gem +spec+ from +source_uri+ to the cache dir unless it is
  # already there.  If the source_uri is local the gem cache dir copy is
  # always replaced.

  def download(spec, source_uri, install_dir = Gem.dir)
    cache_dir =
      if Dir.pwd == install_dir then # see fetch_command
        install_dir
      elsif File.writable? install_dir then
        File.join install_dir, "cache"
      else
        File.join Gem.user_dir, "cache"
      end

    gem_file_name = File.basename spec.cache_file
    local_gem_path = File.join cache_dir, gem_file_name

    FileUtils.mkdir_p cache_dir rescue nil unless File.exist? cache_dir

    # Always escape URI's to deal with potential spaces and such
    # It should also be considered that source_uri may already be
    # a valid URI with escaped characters. e.g. "{DESede}" is encoded
    # as "%7BDESede%7D". If this is escaped again the percentage
    # symbols will be escaped.
    unless source_uri.is_a?(URI::Generic)
      begin
        source_uri = URI.parse(source_uri)
      rescue
        source_uri = URI.parse(URI.const_defined?(:DEFAULT_PARSER) ?
                               URI::DEFAULT_PARSER.escape(source_uri.to_s) :
                               URI.escape(source_uri.to_s))
      end
    end

    scheme = source_uri.scheme

    # URI.parse gets confused by MS Windows paths with forward slashes.
    scheme = nil if scheme =~ /^[a-z]$/i

    # REFACTOR: split this up and dispatch on scheme (eg download_http)
    # REFACTOR: be sure to clean up fake fetcher when you do this... cleaner
    case scheme
    when 'http', 'https', 's3' then
      unless File.exist? local_gem_path then
        begin
          verbose "Downloading gem #{gem_file_name}"

          remote_gem_path = source_uri + "gems/#{gem_file_name}"

          self.cache_update_path remote_gem_path, local_gem_path
        rescue Gem::RemoteFetcher::FetchError
          raise if spec.original_platform == spec.platform

          alternate_name = "#{spec.original_name}.gem"

          verbose "Failed, downloading gem #{alternate_name}"

          remote_gem_path = source_uri + "gems/#{alternate_name}"

          self.cache_update_path remote_gem_path, local_gem_path
        end
      end
    when 'file' then
      begin
        path = source_uri.path
        path = File.dirname(path) if File.extname(path) == '.gem'

        remote_gem_path = correct_for_windows_path(File.join(path, 'gems', gem_file_name))

        FileUtils.cp(remote_gem_path, local_gem_path)
      rescue Errno::EACCES
        local_gem_path = source_uri.to_s
      end

      verbose "Using local gem #{local_gem_path}"
    when nil then # TODO test for local overriding cache
      source_path = if Gem.win_platform? && source_uri.scheme &&
                       !source_uri.path.include?(':') then
                      "#{source_uri.scheme}:#{source_uri.path}"
                    else
                      source_uri.path
                    end

      source_path = Gem::UriFormatter.new(source_path).unescape

      begin
        FileUtils.cp source_path, local_gem_path unless
          File.identical?(source_path, local_gem_path)
      rescue Errno::EACCES
        local_gem_path = source_uri.to_s
      end

      verbose "Using local gem #{local_gem_path}"
    else
      raise ArgumentError, "unsupported URI scheme #{source_uri.scheme}"
    end

    local_gem_path
  end

  ##
  # File Fetcher. Dispatched by +fetch_path+. Use it instead.

  def fetch_file uri, *_
    Gem.read_binary correct_for_windows_path uri.path
  end

  ##
  # HTTP Fetcher. Dispatched by +fetch_path+. Use it instead.

  def fetch_http uri, last_modified = nil, head = false, depth = 0
    fetch_type = head ? Net::HTTP::Head : Net::HTTP::Get
    response   = request uri, fetch_type, last_modified do |req|
      headers.each { |k,v| req.add_field(k,v) }
    end

    case response
    when Net::HTTPOK, Net::HTTPNotModified then
      response.uri = uri if response.respond_to? :uri
      head ? response : response.body
    when Net::HTTPMovedPermanently, Net::HTTPFound, Net::HTTPSeeOther,
         Net::HTTPTemporaryRedirect then
      raise FetchError.new('too many redirects', uri) if depth > 10

      location = URI.parse response['Location']

      if https?(uri) && !https?(location)
        raise FetchError.new("redirecting to non-https resource: #{location}", uri)
      end

      fetch_http(location, last_modified, head, depth + 1)
    else
      raise FetchError.new("bad response #{response.message} #{response.code}", uri)
    end
  end

  alias :fetch_https :fetch_http

  ##
  # Downloads +uri+ and returns it as a String.

  def fetch_path(uri, mtime = nil, head = false)
    uri = URI.parse uri unless URI::Generic === uri

    raise ArgumentError, "bad uri: #{uri}" unless uri

    unless uri.scheme
      raise ArgumentError, "uri scheme is invalid: #{uri.scheme.inspect}"
    end

    data = send "fetch_#{uri.scheme}", uri, mtime, head

    if data and !head and uri.to_s =~ /\.gz$/
      begin
        data = Gem.gunzip data
      rescue Zlib::GzipFile::Error
        raise FetchError.new("server did not return a valid file", uri.to_s)
      end
    end

    data
  rescue FetchError
    raise
  rescue Timeout::Error
    raise UnknownHostError.new('timed out', uri.to_s)
  rescue IOError, SocketError, SystemCallError => e
    if e.message =~ /getaddrinfo/
      raise UnknownHostError.new('no such name', uri.to_s)
    else
      raise FetchError.new("#{e.class}: #{e}", uri.to_s)
    end
  end

  def fetch_s3(uri, mtime = nil, head = false)
    public_uri = sign_s3_url(uri)
    fetch_https public_uri, mtime, head
  end

  ##
  # Downloads +uri+ to +path+ if necessary. If no path is given, it just
  # passes the data.

  def cache_update_path uri, path = nil, update = true
    mtime = path && File.stat(path).mtime rescue nil

    data = fetch_path(uri, mtime)

    if data == nil # indicates the server returned 304 Not Modified
      return Gem.read_binary(path)
    end

    if update and path
      begin
        open(path, 'wb') do |io|
          io.flock(File::LOCK_EX)
          io.write data
        end
      rescue Errno::ENOLCK # NFS
        if Thread.main != Thread.current
          raise
        else
          open(path, 'wb') do |io|
            io.write data
          end
        end
      end
    end

    data
  end

  ##
  # Returns the size of +uri+ in bytes.

  def fetch_size(uri) # TODO: phase this out
    response = fetch_path(uri, nil, true)

    response['content-length'].to_i
  end

  def correct_for_windows_path(path)
    if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
      path[1..-1]
    else
      path
    end
  end

  ##
  # Performs a Net::HTTP request of type +request_class+ on +uri+ returning
  # a Net::HTTP response object.  request maintains a table of persistent
  # connections to reduce connect overhead.

  def request(uri, request_class, last_modified = nil)
    proxy = proxy_for @proxy, uri
    pool  = pools_for(proxy).pool_for uri

    request = Gem::Request.new uri, request_class, last_modified, pool

    request.fetch do |req|
      yield req if block_given?
    end
  end

  def https?(uri)
    uri.scheme.downcase == 'https'
  end

  def close_all
    @pools.each_value {|pool| pool.close_all}
  end

  protected

  # we have our own signing code here to avoid a dependency on the aws-sdk gem
  # fortunately, a simple GET request isn't too complex to sign properly
  def sign_s3_url(uri, expiration = nil)
    require 'base64'
    require 'openssl'

    unless uri.user && uri.password
      raise FetchError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/", uri.to_s)
    end

    expiration ||= s3_expiration
    canonical_path = "/#{uri.host}#{uri.path}"
    payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
    digest = OpenSSL::HMAC.digest('sha1', uri.password, payload)
    # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
    signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
    URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}")
  end

  def s3_expiration
    (Time.now + 3600).to_i # one hour from now
  end

  BASE64_URI_TRANSLATE = { '+' => '%2B', '/' => '%2F', '=' => '%3D' }.freeze

  private

  def proxy_for proxy, uri
    Gem::Request.proxy_uri(proxy || Gem::Request.get_proxy_from_env(uri.scheme))
  end

  def pools_for proxy
    @pool_lock.synchronize do
      @pools[proxy] ||= Gem::Request::ConnectionPools.new proxy, @cert_files
    end
  end
end
fetch_file(uri, *_) click to toggle source

File Fetcher. Dispatched by fetch_path. Use it instead.

# File lib/rubygems/remote_fetcher.rb, line 236
def fetch_file uri, *_
  Gem.read_binary correct_for_windows_path uri.path
end
fetch_http(uri, last_modified = nil, head = false, depth = 0) click to toggle source

HTTP Fetcher. Dispatched by fetch_path. Use it instead.

# File lib/rubygems/remote_fetcher.rb, line 243
def fetch_http uri, last_modified = nil, head = false, depth = 0
  fetch_type = head ? Net::HTTP::Head : Net::HTTP::Get
  response   = request uri, fetch_type, last_modified do |req|
    headers.each { |k,v| req.add_field(k,v) }
  end

  case response
  when Net::HTTPOK, Net::HTTPNotModified then
    response.uri = uri if response.respond_to? :uri
    head ? response : response.body
  when Net::HTTPMovedPermanently, Net::HTTPFound, Net::HTTPSeeOther,
       Net::HTTPTemporaryRedirect then
    raise FetchError.new('too many redirects', uri) if depth > 10

    location = URI.parse response['Location']

    if https?(uri) && !https?(location)
      raise FetchError.new("redirecting to non-https resource: #{location}", uri)
    end

    fetch_http(location, last_modified, head, depth + 1)
  else
    raise FetchError.new("bad response #{response.message} #{response.code}", uri)
  end
end
fetch_path(uri, mtime = nil, head = false) click to toggle source

Downloads uri and returns it as a String.

# File lib/rubygems/remote_fetcher.rb, line 274
def fetch_path(uri, mtime = nil, head = false)
  uri = URI.parse uri unless URI::Generic === uri

  raise ArgumentError, "bad uri: #{uri}" unless uri

  unless uri.scheme
    raise ArgumentError, "uri scheme is invalid: #{uri.scheme.inspect}"
  end

  data = send "fetch_#{uri.scheme}", uri, mtime, head

  if data and !head and uri.to_s =~ /\.gz$/
    begin
      data = Gem.gunzip data
    rescue Zlib::GzipFile::Error
      raise FetchError.new("server did not return a valid file", uri.to_s)
    end
  end

  data
rescue FetchError
  raise
rescue Timeout::Error
  raise UnknownHostError.new('timed out', uri.to_s)
rescue IOError, SocketError, SystemCallError => e
  if e.message =~ /getaddrinfo/
    raise UnknownHostError.new('no such name', uri.to_s)
  else
    raise FetchError.new("#{e.class}: #{e}", uri.to_s)
  end
end
fetch_s3(uri, mtime = nil, head = false) click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 306
def fetch_s3(uri, mtime = nil, head = false)
  public_uri = sign_s3_url(uri)
  fetch_https public_uri, mtime, head
end
fetch_size(uri) click to toggle source

Returns the size of uri in bytes.

# File lib/rubygems/remote_fetcher.rb, line 347
def fetch_size(uri) # TODO: phase this out
  response = fetch_path(uri, nil, true)

  response['content-length'].to_i
end
https?(uri) click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 377
def https?(uri)
  uri.scheme.downcase == 'https'
end
pools_for(proxy) click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 418
def pools_for proxy
  @pool_lock.synchronize do
    @pools[proxy] ||= Gem::Request::ConnectionPools.new proxy, @cert_files
  end
end
proxy_for(proxy, uri) click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 414
def proxy_for proxy, uri
  Gem::Request.proxy_uri(proxy || Gem::Request.get_proxy_from_env(uri.scheme))
end
request(uri, request_class, last_modified = nil) { |req| ... } click to toggle source

Performs a Net::HTTP request of type request_class on uri returning a Net::HTTP response object. request maintains a table of persistent connections to reduce connect overhead.

# File lib/rubygems/remote_fetcher.rb, line 366
def request(uri, request_class, last_modified = nil)
  proxy = proxy_for @proxy, uri
  pool  = pools_for(proxy).pool_for uri

  request = Gem::Request.new uri, request_class, last_modified, pool

  request.fetch do |req|
    yield req if block_given?
  end
end
s3_expiration() click to toggle source
# File lib/rubygems/remote_fetcher.rb, line 406
def s3_expiration
  (Time.now + 3600).to_i # one hour from now
end
sign_s3_url(uri, expiration = nil) click to toggle source

we have our own signing code here to avoid a dependency on the aws-sdk gem fortunately, a simple GET request isn't too complex to sign properly

# File lib/rubygems/remote_fetcher.rb, line 389
def sign_s3_url(uri, expiration = nil)
  require 'base64'
  require 'openssl'

  unless uri.user && uri.password
    raise FetchError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/", uri.to_s)
  end

  expiration ||= s3_expiration
  canonical_path = "/#{uri.host}#{uri.path}"
  payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
  digest = OpenSSL::HMAC.digest('sha1', uri.password, payload)
  # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
  signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
  URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}")
end