Class: Gem::Guardian::Verifier

Inherits:
Object
  • Object
show all
Defined in:
lib/gem/guardian/verifier.rb

Overview

Verifies gem artifacts against lockfile, registry, or artifact checksum sources.

Verification follows the trust-source priority documented in the README: lockfile checksums are preferred, registry or publisher checksums are used for ad-hoc verification when available, and artifact-only digests are recorded when no independent checksum exists.

Instance Method Summary collapse

Constructor Details

#initialize(client: RubygemsClient.new, artifact_store: nil, expected_checksums: {}) ⇒ Verifier

Returns a new instance of Verifier.



49
50
51
52
53
 
# File 'lib/gem/guardian/verifier.rb', line 49

def initialize(client: RubygemsClient.new, artifact_store: nil, expected_checksums: {})
  @client = client
  @artifact_store = artifact_store || ArtifactStore.new(client: @client)
  @expected_checksums = expected_checksums
end

Instance Method Details

#verify(dependency) ⇒ VerificationResult

Verifies one dependency.

Parameters:

  • dependency (Dependency)

    dependency to resolve, download, hash, and verify

Returns:



59
60
61
62
63
64
65
 
# File 'lib/gem/guardian/verifier.rb', line 59

def verify(dependency)
  resolved_dependency = resolve_dependency(dependency)
  expected, checksum_source = expected_sha256_for(dependency, resolved_dependency)
  build_verification_result(resolved_dependency, expected, checksum_source)
rescue StandardError => e
  build_error_result(dependency, e)
end

#verify_all(dependencies) ⇒ Array<VerificationResult>

Verifies each dependency in +dependencies+.

Parameters:

  • dependencies (Enumerable<Dependency>)

    dependencies to verify

Returns:



71
72
73
 
# File 'lib/gem/guardian/verifier.rb', line 71

def verify_all(dependencies)
  dependencies.map { |dependency| verify(dependency) }
end