From 78257c30b76995b4a94a0e1523a01eb1715efde6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 10:23:07 +0000 Subject: [PATCH 1/3] Initial plan From 9916ed307c883b3df6bc49fcd9cbb22a88e0a79f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 10:26:20 +0000 Subject: [PATCH 2/3] Use Tempfile for auto-attestation bundles and clean up after use Co-authored-by: hsbt <12301+hsbt@users.noreply.github.com> --- lib/rubygems/commands/push_command.rb | 15 +++++++++++++-- test/rubygems/test_gem_commands_push_command.rb | 5 +++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/rubygems/commands/push_command.rb b/lib/rubygems/commands/push_command.rb index b8af8cfd9188..c3599ff729fc 100644 --- a/lib/rubygems/commands/push_command.rb +++ b/lib/rubygems/commands/push_command.rb @@ -121,7 +121,12 @@ def send_push_request_with_attestation(name, args) Gem.read_binary(attestation) end else - [Gem.read_binary(attest!(name))] + bundle_path = attest!(name) + begin + [Gem.read_binary(bundle_path)] + ensure + File.unlink(bundle_path) if bundle_path && File.exist?(bundle_path) + end end bundles = "[" + attestations.join(",") + "]" @@ -136,8 +141,14 @@ def send_push_request_with_attestation(name, args) def attest!(name) require "open3" + require "tempfile" + + # Create a temporary file for the bundle + basename = File.basename(name, ".*") + tempfile = Tempfile.new([basename, ".sigstore.json"]) + bundle = tempfile.path + tempfile.close - bundle = "#{name}.sigstore.json" env = defined?(Bundler.unbundled_env) ? Bundler.unbundled_env : ENV.to_h out, st = Open3.capture2e( env, diff --git a/test/rubygems/test_gem_commands_push_command.rb b/test/rubygems/test_gem_commands_push_command.rb index 704c1115c721..188fd742aaf0 100644 --- a/test/rubygems/test_gem_commands_push_command.rb +++ b/test/rubygems/test_gem_commands_push_command.rb @@ -123,7 +123,8 @@ def test_execute_attestation_auto @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") attestation_path = "#{@path}.sigstore.json" - File.write(attestation_path, "auto-attestation") + attestation_content = "auto-attestation" + File.write(attestation_path, attestation_content) @cmd.options[:args] = [@path] @cmd.stub(:attest!, attestation_path) do @@ -133,7 +134,7 @@ def test_execute_attestation_auto assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class content_length = @fetcher.last_request["Content-Length"].to_i assert_equal content_length, @fetcher.last_request.body.length - assert_attestation_multipart Gem.read_binary(attestation_path) + assert_attestation_multipart attestation_content end def test_execute_attestation_fallback From ffcce01f2558cb1b8a7e7c653d713dc284cda30b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Feb 2026 10:27:16 +0000 Subject: [PATCH 3/3] Fix Tempfile to not auto-delete on close Co-authored-by: hsbt <12301+hsbt@users.noreply.github.com> --- lib/rubygems/commands/push_command.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rubygems/commands/push_command.rb b/lib/rubygems/commands/push_command.rb index c3599ff729fc..8c0f5c908722 100644 --- a/lib/rubygems/commands/push_command.rb +++ b/lib/rubygems/commands/push_command.rb @@ -147,7 +147,7 @@ def attest!(name) basename = File.basename(name, ".*") tempfile = Tempfile.new([basename, ".sigstore.json"]) bundle = tempfile.path - tempfile.close + tempfile.close(false) # Close but don't unlink - we need the file for sigstore-cli env = defined?(Bundler.unbundled_env) ? Bundler.unbundled_env : ENV.to_h out, st = Open3.capture2e(