# Generated from rack-deadline-1.0.1.gem by gem2rpm -*- rpm-spec -*- %global gem_name rack-deadline Name: rubygem-%{gem_name} Version: 1.0.1 Release: 1%{?dist} Summary: Automatically clears sessions open too long License: MIT URL: http://github.com/jeremyevans/rack-deadline Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem BuildRequires: ruby(release) BuildRequires: rubygems-devel BuildRequires: ruby BuildArch: noarch %description rack-deadline is a simple rack middleware that automatically clears sessions that have been open too long (by default, 1 day). This is designed for use with cookie stores to mitigate the risk of session fixation, since it is impossible to invalidate older sessions with a pure cookie-based approach. It is impossible to enforce a deadline with the standard rack cookie session API. The expire_after setting is not part of the session itself (it's part of the cookie, and not cryptographically signed), and an attacker who has access to a previous cookie can just omit it when making a request. This stores a deadline inside the crytographically signed session, and once the deadline is passed, the session will no longer be valid. %package doc Summary: Documentation for %{name} Requires: %{name} = %{version}-%{release} BuildArch: noarch %description doc Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} %build # Create the gem as gem install only works on a gem file gem build ../%{gem_name}-%{version}.gemspec # %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir # by default, so that we can move it into the buildroot in %%install %gem_install %install mkdir -p %{buildroot}%{gem_dir} cp -a .%{gem_dir}/* \ %{buildroot}%{gem_dir}/ %check pushd .%{gem_instdir} # Run the test suite. popd %files %dir %{gem_instdir} %license %{gem_instdir}/MIT-LICENSE %{gem_libdir} %exclude %{gem_cache} %{gem_spec} %files doc %doc %{gem_docdir} %doc %{gem_instdir}/CHANGELOG %doc %{gem_instdir}/README.rdoc %{gem_instdir}/Rakefile %{gem_instdir}/test %changelog * Wed Apr 20 2022 mockbuilder - 1.0.1-1 - Initial package