diff options
| author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2022-07-13 14:44:32 +0900 |
|---|---|---|
| committer | nagachika <nagachika@ruby-lang.org> | 2022-09-03 15:54:07 +0900 |
| commit | a01f5ad1ec2455e97e27eb2758588ff5e63c4131 (patch) | |
| tree | cd3fd955c118214e37017265687c48d231ae0cce /lib/bundler | |
| parent | b9f6a09bd2127ea51612bd27bef5830831b48d4f (diff) | |
Merge RubyGems-3.3.16 and Bundler-2.3.16
Diffstat (limited to 'lib/bundler')
| -rw-r--r-- | lib/bundler/cli.rb | 8 | ||||
| -rw-r--r-- | lib/bundler/cli/cache.rb | 2 | ||||
| -rw-r--r-- | lib/bundler/cli/install.rb | 2 | ||||
| -rw-r--r-- | lib/bundler/definition.rb | 36 | ||||
| -rw-r--r-- | lib/bundler/dependency.rb | 2 | ||||
| -rw-r--r-- | lib/bundler/dsl.rb | 4 | ||||
| -rw-r--r-- | lib/bundler/errors.rb | 2 | ||||
| -rw-r--r-- | lib/bundler/fetcher.rb | 4 | ||||
| -rw-r--r-- | lib/bundler/fetcher/base.rb | 14 | ||||
| -rw-r--r-- | lib/bundler/plugin/api/source.rb | 6 | ||||
| -rw-r--r-- | lib/bundler/resolver.rb | 22 | ||||
| -rw-r--r-- | lib/bundler/rubygems_gem_installer.rb | 8 | ||||
| -rw-r--r-- | lib/bundler/rubygems_integration.rb | 24 | ||||
| -rw-r--r-- | lib/bundler/source/git.rb | 12 | ||||
| -rw-r--r-- | lib/bundler/source/rubygems.rb | 153 | ||||
| -rw-r--r-- | lib/bundler/version.rb | 2 |
16 files changed, 141 insertions, 160 deletions
diff --git a/lib/bundler/cli.rb b/lib/bundler/cli.rb index e1c284130b..3d93ce5e6f 100644 --- a/lib/bundler/cli.rb +++ b/lib/bundler/cli.rb @@ -251,9 +251,7 @@ module Bundler remembered_negative_flag_deprecation("no-deployment") require_relative "cli/install" - Bundler.settings.temporary(:no_install => false) do - Install.new(options.dup).run - end + Install.new(options.dup).run end map aliases_for("install") @@ -299,9 +297,7 @@ module Bundler def update(*gems) SharedHelpers.major_deprecation(2, "The `--force` option has been renamed to `--redownload`") if ARGV.include?("--force") require_relative "cli/update" - Bundler.settings.temporary(:no_install => false) do - Update.new(options, gems).run - end + Update.new(options, gems).run end desc "show GEM [OPTIONS]", "Shows all gems that are part of the bundle, or the path to a given gem" diff --git a/lib/bundler/cli/cache.rb b/lib/bundler/cli/cache.rb index c8698ed7e3..eb5dd23092 100644 --- a/lib/bundler/cli/cache.rb +++ b/lib/bundler/cli/cache.rb @@ -14,7 +14,7 @@ module Bundler Bundler.settings.set_command_option_if_given :cache_path, options["cache-path"] setup_cache_all - install + install unless Bundler.settings[:no_install] # TODO: move cache contents here now that all bundles are locked custom_path = Bundler.settings[:path] if options[:path] diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb index e9b85f7f6f..acf92f28ad 100644 --- a/lib/bundler/cli/install.rb +++ b/lib/bundler/cli/install.rb @@ -161,8 +161,6 @@ module Bundler Bundler.settings.set_command_option_if_given :no_prune, options["no-prune"] - Bundler.settings.set_command_option_if_given :no_install, options["no-install"] - Bundler.settings.set_command_option_if_given :clean, options["clean"] normalize_groups if options[:without] || options[:with] diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index 4fca763bcc..2e0f23a402 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -255,20 +255,18 @@ module Bundler # # @return [SpecSet] resolved dependencies def resolve - @resolve ||= begin - if Bundler.frozen_bundle? - Bundler.ui.debug "Frozen, using resolution from the lockfile" - @locked_specs - elsif !unlocking? && nothing_changed? - Bundler.ui.debug("Found no changes, using resolution from the lockfile") - SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? })) - else - last_resolve = converge_locked_specs - # Run a resolve against the locally available gems - Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}") - expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true) - Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms) - end + @resolve ||= if Bundler.frozen_bundle? + Bundler.ui.debug "Frozen, using resolution from the lockfile" + @locked_specs + elsif !unlocking? && nothing_changed? + Bundler.ui.debug("Found no changes, using resolution from the lockfile") + SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? })) + else + last_resolve = converge_locked_specs + # Run a resolve against the locally available gems + Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}") + expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true) + Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms) end end @@ -735,12 +733,10 @@ module Bundler end def metadata_dependencies - @metadata_dependencies ||= begin - [ - Dependency.new("Ruby\0", RubyVersion.system.gem_version), - Dependency.new("RubyGems\0", Gem::VERSION), - ] - end + @metadata_dependencies ||= [ + Dependency.new("Ruby\0", RubyVersion.system.gem_version), + Dependency.new("RubyGems\0", Gem::VERSION), + ] end def expand_dependencies(dependencies, remote = false) diff --git a/lib/bundler/dependency.rb b/lib/bundler/dependency.rb index d12b120bba..018a3182b9 100644 --- a/lib/bundler/dependency.rb +++ b/lib/bundler/dependency.rb @@ -9,6 +9,7 @@ module Bundler attr_reader :autorequire attr_reader :groups, :platforms, :gemfile, :git, :github, :branch, :ref + # rubocop:disable Naming/VariableNumber PLATFORM_MAP = { :ruby => Gem::Platform::RUBY, :ruby_18 => Gem::Platform::RUBY, @@ -91,6 +92,7 @@ module Bundler :x64_mingw_30 => Gem::Platform::X64_MINGW, :x64_mingw_31 => Gem::Platform::X64_MINGW, }.freeze + # rubocop:enable Naming/VariableNumber def initialize(name, version, options = {}, &blk) type = options["type"] || :runtime diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb index 1ae19a46e9..bfa078046c 100644 --- a/lib/bundler/dsl.rb +++ b/lib/bundler/dsl.rb @@ -511,9 +511,7 @@ module Bundler # be raised. # def contents - @contents ||= begin - dsl_path && File.exist?(dsl_path) && File.read(dsl_path) - end + @contents ||= dsl_path && File.exist?(dsl_path) && File.read(dsl_path) end # The message of the exception reports the content of podspec for the diff --git a/lib/bundler/errors.rb b/lib/bundler/errors.rb index 0bc1a860df..f10b6cc68f 100644 --- a/lib/bundler/errors.rb +++ b/lib/bundler/errors.rb @@ -41,12 +41,14 @@ module Bundler class GemspecError < BundlerError; status_code(14); end class InvalidOption < BundlerError; status_code(15); end class ProductionError < BundlerError; status_code(16); end + class HTTPError < BundlerError status_code(17) def filter_uri(uri) URICredentialsFilter.credential_filtered_uri(uri) end end + class RubyVersionMismatch < BundlerError; status_code(18); end class SecurityError < BundlerError; status_code(19); end class LockfileError < BundlerError; status_code(20); end diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb index 6fe047568f..e9d5dd505c 100644 --- a/lib/bundler/fetcher.rb +++ b/lib/bundler/fetcher.rb @@ -20,6 +20,7 @@ module Bundler class TooManyRequestsError < HTTPError; end # This error is raised if the API returns a 413 (only printed in verbose) class FallbackError < HTTPError; end + # This is the error raised if OpenSSL fails the cert verification class CertificateFailureError < HTTPError def initialize(remote_uri) @@ -33,6 +34,7 @@ module Bundler " sources and change 'https' to 'http'." end end + # This is the error raised when a source is HTTPS and OpenSSL didn't load class SSLError < HTTPError def initialize(msg = nil) @@ -42,6 +44,7 @@ module Bundler "using RVM are available at rvm.io/packages/openssl." end end + # This error is raised if HTTP authentication is required, but not provided. class AuthenticationRequiredError < HTTPError def initialize(remote_uri) @@ -52,6 +55,7 @@ module Bundler "or by storing the credentials in the `#{Settings.key_for(remote_uri)}` environment variable" end end + # This error is raised if HTTP authentication is provided, but incorrect. class BadAuthenticationError < HTTPError def initialize(remote_uri) diff --git a/lib/bundler/fetcher/base.rb b/lib/bundler/fetcher/base.rb index 16cc98273a..62cc75add8 100644 --- a/lib/bundler/fetcher/base.rb +++ b/lib/bundler/fetcher/base.rb @@ -19,14 +19,12 @@ module Bundler end def fetch_uri - @fetch_uri ||= begin - if remote_uri.host == "rubygems.org" - uri = remote_uri.dup - uri.host = "index.rubygems.org" - uri - else - remote_uri - end + @fetch_uri ||= if remote_uri.host == "rubygems.org" + uri = remote_uri.dup + uri.host = "index.rubygems.org" + uri + else + remote_uri end end diff --git a/lib/bundler/plugin/api/source.rb b/lib/bundler/plugin/api/source.rb index a6ae08237c..67c45bd204 100644 --- a/lib/bundler/plugin/api/source.rb +++ b/lib/bundler/plugin/api/source.rb @@ -258,7 +258,7 @@ module Bundler @dependencies |= Array(names) end - # Note: Do not override if you don't know what you are doing. + # NOTE: Do not override if you don't know what you are doing. def can_lock?(spec) spec.source == self end @@ -285,7 +285,7 @@ module Bundler end alias_method :identifier, :to_s - # Note: Do not override if you don't know what you are doing. + # NOTE: Do not override if you don't know what you are doing. def include?(other) other == self end @@ -294,7 +294,7 @@ module Bundler SharedHelpers.digest(:SHA1).hexdigest(uri) end - # Note: Do not override if you don't know what you are doing. + # NOTE: Do not override if you don't know what you are doing. def gem_install_dir Bundler.install_path end diff --git a/lib/bundler/resolver.rb b/lib/bundler/resolver.rb index d749694952..18eb18160d 100644 --- a/lib/bundler/resolver.rb +++ b/lib/bundler/resolver.rb @@ -233,19 +233,17 @@ module Bundler # before dependencies that are unconstrained def amount_constrained(dependency) @amount_constrained ||= {} - @amount_constrained[dependency.name] ||= begin - if (base = @base[dependency.name]) && !base.empty? - dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1 - else - all = index_for(dependency).search(dependency.name).size + @amount_constrained[dependency.name] ||= if (base = @base[dependency.name]) && !base.empty? + dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1 + else + all = index_for(dependency).search(dependency.name).size - if all <= 1 - all - 1_000_000 - else - search = search_for(dependency) - search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? } - search - all - end + if all <= 1 + all - 1_000_000 + else + search = search_for(dependency) + search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? } + search - all end end end diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb index 87b9772c27..df2dcdb454 100644 --- a/lib/bundler/rubygems_gem_installer.rb +++ b/lib/bundler/rubygems_gem_installer.rb @@ -90,6 +90,14 @@ module Bundler end end + def spec + if Bundler.rubygems.provides?("< 3.3.12") # RubyGems implementation rescues and re-raises errors before 3.3.12 and we don't want that + @package.spec + else + super + end + end + private def strict_rm_rf(dir) diff --git a/lib/bundler/rubygems_integration.rb b/lib/bundler/rubygems_integration.rb index 1c2b374d8b..a6180d5160 100644 --- a/lib/bundler/rubygems_integration.rb +++ b/lib/bundler/rubygems_integration.rb @@ -203,20 +203,9 @@ module Bundler EXT_LOCK end - def spec_from_gem(path, policy = nil) - require "rubygems/security" - require "psych" - gem_from_path(path, security_policies[policy]).spec - rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException - if e.is_a?(Gem::Security::Exception) || - e.message =~ /unknown trust policy|unsigned gem/i || - e.message =~ /couldn't verify (meta)?data signature/i - raise SecurityError, - "The gem #{File.basename(path, ".gem")} can't be installed because " \ - "the security policy didn't allow it, with the message: #{e.message}" - else - raise e - end + def spec_from_gem(path) + require "rubygems/package" + Gem::Package.new(path).spec end def build_gem(gem_dir, spec) @@ -514,13 +503,6 @@ module Bundler Gem::RemoteFetcher.new(proxy) end - def gem_from_path(path, policy = nil) - require "rubygems/package" - p = Gem::Package.new(path) - p.security_policy = policy if policy - p - end - def build(spec, skip_validation = false) require "rubygems/package" Gem::Package.build(spec, skip_validation) diff --git a/lib/bundler/source/git.rb b/lib/bundler/source/git.rb index eb82544b86..ed66dcdc12 100644 --- a/lib/bundler/source/git.rb +++ b/lib/bundler/source/git.rb @@ -219,13 +219,11 @@ module Bundler # across different projects, this cache will be shared. # When using local git repos, this is set to the local repo. def cache_path - @cache_path ||= begin - if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache? - Bundler.user_cache - else - Bundler.bundle_path.join("cache", "bundler") - end.join("git", git_scope) - end + @cache_path ||= if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache? + Bundler.user_cache + else + Bundler.bundle_path.join("cache", "bundler") + end.join("git", git_scope) end def app_cache_dirname diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 5dceacbae4..f78e6a443b 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -139,13 +139,9 @@ module Bundler force = options[:force] ensure_builtin_gems_cached = options[:ensure_builtin_gems_cached] - if ensure_builtin_gems_cached && spec.default_gem? - if !cached_path(spec) - cached_built_in_gem(spec) unless spec.remote - force = true - else - spec.loaded_from = loaded_from(spec) - end + if ensure_builtin_gems_cached && spec.default_gem? && !cached_path(spec) + cached_built_in_gem(spec) unless spec.remote + force = true end if installed?(spec) && !force @@ -153,84 +149,90 @@ module Bundler return nil # no post-install message end - # Download the gem to get the spec, because some specs that are returned - # by rubygems.org are broken and wrong. if spec.remote # Check for this spec from other sources - uris = [spec.remote.anonymized_uri] - uris += remotes_for_spec(spec).map(&:anonymized_uri) - uris.uniq! + uris = [spec.remote, *remotes_for_spec(spec)].map(&:anonymized_uri).uniq Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1 path = fetch_gem(spec, options[:previous_spec]) - begin - s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"]) - spec.__swap__(s) + else + path = cached_gem(spec) + raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path + end + + if requires_sudo? + install_path = Bundler.tmp(spec.full_name) + bin_path = install_path.join("bin") + else + install_path = rubygems_dir + bin_path = Bundler.system_bindir + end + + Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5") + + require_relative "../rubygems_gem_installer" + + installer = Bundler::RubyGemsGemInstaller.at( + path, + :security_policy => Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]], + :install_dir => install_path.to_s, + :bin_dir => bin_path.to_s, + :ignore_dependencies => true, + :wrappers => true, + :env_shebang => true, + :build_args => options[:build_args], + :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum, + :bundler_extension_cache_path => extension_cache_path(spec) + ) + + if spec.remote + s = begin + installer.spec rescue Gem::Package::FormatError Bundler.rm_rf(path) raise + rescue Gem::Security::Exception => e + raise SecurityError, + "The gem #{File.basename(path, ".gem")} can't be installed because " \ + "the security policy didn't allow it, with the message: #{e.message}" end + + spec.__swap__(s) end - unless Bundler.settings[:no_install] - message = "Installing #{version_message(spec, options[:previous_spec])}" - message += " with native extensions" if spec.extensions.any? - Bundler.ui.confirm message + message = "Installing #{version_message(spec, options[:previous_spec])}" + message += " with native extensions" if spec.extensions.any? + Bundler.ui.confirm message - path = cached_gem(spec) - raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path - if requires_sudo? - install_path = Bundler.tmp(spec.full_name) - bin_path = install_path.join("bin") - else - install_path = rubygems_dir - bin_path = Bundler.system_bindir - end + installed_spec = installer.install + + spec.full_gem_path = installed_spec.full_gem_path + spec.loaded_from = installed_spec.loaded_from - Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5") - - require_relative "../rubygems_gem_installer" - - installed_spec = Bundler::RubyGemsGemInstaller.at( - path, - :install_dir => install_path.to_s, - :bin_dir => bin_path.to_s, - :ignore_dependencies => true, - :wrappers => true, - :env_shebang => true, - :build_args => options[:build_args], - :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum, - :bundler_extension_cache_path => extension_cache_path(spec) - ).install - spec.full_gem_path = installed_spec.full_gem_path - - # SUDO HAX - if requires_sudo? - Bundler.rubygems.repository_subdirectories.each do |name| - src = File.join(install_path, name, "*") - dst = File.join(rubygems_dir, name) - if name == "extensions" && Dir.glob(src).any? - src = File.join(src, "*/*") - ext_src = Dir.glob(src).first - ext_src.gsub!(src[0..-6], "") - dst = File.dirname(File.join(dst, ext_src)) - end - SharedHelpers.filesystem_access(dst) do |p| - Bundler.mkdir_p(p) - end - Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any? + # SUDO HAX + if requires_sudo? + Bundler.rubygems.repository_subdirectories.each do |name| + src = File.join(install_path, name, "*") + dst = File.join(rubygems_dir, name) + if name == "extensions" && Dir.glob(src).any? + src = File.join(src, "*/*") + ext_src = Dir.glob(src).first + ext_src.gsub!(src[0..-6], "") + dst = File.dirname(File.join(dst, ext_src)) end + SharedHelpers.filesystem_access(dst) do |p| + Bundler.mkdir_p(p) + end + Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any? + end - spec.executables.each do |exe| - SharedHelpers.filesystem_access(Bundler.system_bindir) do |p| - Bundler.mkdir_p(p) - end - Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/" + spec.executables.each do |exe| + SharedHelpers.filesystem_access(Bundler.system_bindir) do |p| + Bundler.mkdir_p(p) end + Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/" end - installed_spec.loaded_from = loaded_from(spec) end - spec.loaded_from = loaded_from(spec) spec.post_install_message ensure @@ -348,10 +350,6 @@ module Bundler end end - def loaded_from(spec) - "#{rubygems_dir}/specifications/#{spec.full_name}.gemspec" - end - def cached_gem(spec) if spec.default_gem? cached_built_in_gem(spec) @@ -364,10 +362,14 @@ module Bundler global_cache_path = download_cache_path(spec) @caches << global_cache_path if global_cache_path - possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" } + possibilities = @caches.map {|p| package_path(p, spec) } possibilities.find {|p| File.exist?(p) } end + def package_path(cache_path, spec) + "#{cache_path}/#{spec.file_name}" + end + def normalize_uri(uri) uri = uri.to_s uri = "#{uri}/" unless uri =~ %r{/$} @@ -459,12 +461,11 @@ module Bundler end def fetch_gem(spec, previous_spec = nil) - return false unless spec.remote - spec.fetch_platform cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir) - gem_path = "#{cache_path}/#{spec.file_name}" + gem_path = package_path(cache_path, spec) + return gem_path if File.exist?(gem_path) if requires_sudo? download_path = Bundler.tmp(spec.full_name) @@ -482,7 +483,7 @@ module Bundler SharedHelpers.filesystem_access(cache_path) do |p| Bundler.mkdir_p(p) end - Bundler.sudo "mv #{download_cache_path}/#{spec.file_name} #{gem_path}" + Bundler.sudo "mv #{package_path(download_cache_path, spec)} #{gem_path}" end gem_path diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 9e8fa48a1d..a9a2934be8 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false module Bundler - VERSION = "2.3.15".freeze + VERSION = "2.3.16".freeze def self.bundler_major_version @bundler_major_version ||= VERSION.split(".").first.to_i |