[rubygems/rubygems] Prevent gem activation in standalone mode

As discussed in https://github.com/rubygems/rubygems/issues/6273#issuecomment-1449176658

The `gem` method behaves awkwardly in standalone mode. Assuming bundler
isn't loaded at all, a call to gem might activate a gem that is not part
of the bundle (because it's the gem method defined in
lib/rubygems/core_ext/kernel_gem.rb and not
lib/bundler/rubygems_integration.rb). And when running with
`--disable-gems`, the gem method won't be defined at all so we'll get a
NoMethodError.

Calls to `gem` can appear in dependencies outside an application's
control. To work around this at GitHub we defined our own `Kernel#gem`
that no-ops.

I agree with https://github.com/rubygems/rubygems/issues/6273#issuecomment-1440755882

> people using standalone mode don't want to activate gems like Kernel.gem

This commit redefines `Kernel#gem` in the standalone script to no-op.

https://github.com/rubygems/rubygems/commit/bea17b55f1

1 files changed, 14 insertions, 0 deletions

diff --git a/lib/bundler/installer/standalone.rb b/lib/bundler/installer/standalone.rb
index fed3d8c410..2cdada44d6 100644
--- a/lib/bundler/installer/standalone.rb
+++ b/lib/bundler/installer/standalone.rb
@@ -12,6 +12,7 @@ module Bundler
       end
       File.open File.join(bundler_path, "setup.rb"), "w" do |file|
         file.puts "require 'rbconfig'"
+        file.puts prevent_gem_activation
         file.puts define_path_helpers
         file.puts reverse_rubygems_kernel_mixin
         paths.each do |path|
@@ -62,6 +63,19 @@ module Bundler
       raise Gem::InvalidSpecificationException.new(error_message)
     end
 
+    def prevent_gem_activation
+      <<~'END'
+        module Kernel
+          remove_method(:gem) if private_method_defined?(:gem)
+
+          def gem(*)
+          end
+
+          private :gem
+        end
+      END
+    end
+
     def define_path_helpers
       <<~'END'
         unless defined?(Gem)