diff options
27 files changed, 277 insertions, 77 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb index b2363a25f4..8b9e870f7b 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -198,7 +198,7 @@ module Bundler def frozen_bundle? frozen = settings[:deployment] - frozen ||= settings[:frozen] unless feature_flag.deployment_means_frozen? + frozen ||= settings[:frozen] frozen end diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb index c702eb14d1..47c1da10e7 100644 --- a/lib/bundler/cli/install.rb +++ b/lib/bundler/cli/install.rb @@ -33,12 +33,8 @@ module Bundler options[:local] = true if Bundler.app_cache.exist? - if Bundler.feature_flag.deployment_means_frozen? - Bundler.settings.set_command_option :deployment, true - else - Bundler.settings.set_command_option :deployment, true if options[:deployment] - Bundler.settings.set_command_option :frozen, true if options[:frozen] - end + Bundler.settings.set_command_option :deployment, true if options[:deployment] + Bundler.settings.set_command_option :frozen, true if options[:frozen] end # When install is called with --no-deployment, disable deployment mode @@ -62,7 +58,10 @@ module Bundler definition.validate_runtime! installer = Installer.install(Bundler.root, definition, options) - Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle? + + Bundler.settings.temporary(:cache_all_platforms => options[:local] ? false : Bundler.settings[:cache_all_platforms]) do + Bundler.load.cache if Bundler.app_cache.exist? && !options["no-cache"] && !Bundler.frozen_bundle? + end Bundler.ui.confirm "Bundle complete! #{dependencies_count_for(definition)}, #{gems_installed_for(definition)}." Bundler::CLI::Common.output_without_groups_message(:install) diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index bc75e83908..274b558c1b 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -107,12 +107,14 @@ module Bundler end @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } - @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?) + @multisource_allowed = @locked_gem_sources.any?(&:multiple_remotes?) && (sources.aggregate_global_source? || Bundler.frozen_bundle?) - unless @disable_multisource - msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch." + if @multisource_allowed + unless sources.aggregate_global_source? + msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." - Bundler::SharedHelpers.major_deprecation 2, msg + Bundler::SharedHelpers.major_deprecation 2, msg + end @sources.merged_gem_lockfile_sections! end @@ -156,8 +158,8 @@ module Bundler end end - def disable_multisource? - @disable_multisource + def multisource_allowed? + @multisource_allowed end def resolve_only_locally! @@ -510,7 +512,7 @@ module Bundler private def precompute_source_requirements_for_indirect_dependencies? - sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && sources.no_aggregate_global_source? + sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source? end def current_ruby_platform_locked? @@ -627,7 +629,7 @@ module Bundler end def converge_rubygems_sources - return false if disable_multisource? + return false unless multisource_allowed? return false if locked_gem_sources.empty? diff --git a/lib/bundler/feature_flag.rb b/lib/bundler/feature_flag.rb index 53d76b8ae8..aee127ba80 100644 --- a/lib/bundler/feature_flag.rb +++ b/lib/bundler/feature_flag.rb @@ -31,7 +31,6 @@ module Bundler settings_flag(:auto_clean_without_path) { bundler_3_mode? } settings_flag(:cache_all) { bundler_3_mode? } settings_flag(:default_install_uses_path) { bundler_3_mode? } - settings_flag(:deployment_means_frozen) { bundler_3_mode? } settings_flag(:forget_cli_options) { bundler_3_mode? } settings_flag(:global_gem_cache) { bundler_3_mode? } settings_flag(:path_relative_to_cwd) { bundler_3_mode? } diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb index 0304155bdd..bc69b884ec 100644 --- a/lib/bundler/fetcher/compact_index.rb +++ b/lib/bundler/fetcher/compact_index.rb @@ -111,7 +111,7 @@ module Bundler def bundle_worker(func = nil) @bundle_worker ||= begin worker_name = "Compact Index (#{display_uri.host})" - Bundler::Worker.new(Bundler.current_ruby.rbx? ? 1 : 25, worker_name, func) + Bundler::Worker.new(Bundler.settings.processor_count, worker_name, func) end @bundle_worker.tap do |worker| worker.instance_variable_set(:@func, func) if func diff --git a/lib/bundler/installer.rb b/lib/bundler/installer.rb index 09c8b1c157..a88fb91cb5 100644 --- a/lib/bundler/installer.rb +++ b/lib/bundler/installer.rb @@ -222,14 +222,7 @@ module Bundler # Parallelization has some issues on Windows, so it's not yet the default return 1 if Gem.win_platform? - processor_count - end - - def processor_count - require "etc" - Etc.nprocessors - rescue StandardError - 1 + Bundler.settings.processor_count end def load_plugins diff --git a/lib/bundler/resolver.rb b/lib/bundler/resolver.rb index 9a25e49d4b..fac5070619 100644 --- a/lib/bundler/resolver.rb +++ b/lib/bundler/resolver.rb @@ -30,8 +30,10 @@ module Bundler @resolver = Molinillo::Resolver.new(self, self) @search_for = {} @base_dg = Molinillo::DependencyGraph.new + aggregate_global_source = @source_requirements[:default].is_a?(Source::RubygemsAggregate) @base.each do |ls| dep = Dependency.new(ls.name, ls.version) + ls.source = source_for(ls.name) unless aggregate_global_source @base_dg.add_vertex(ls.name, DepProxy.get_proxy(dep, ls.platform), true) end additional_base_requirements.each {|d| @base_dg.add_vertex(d.name, d) } diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb index 11227314a7..13fcb447d0 100644 --- a/lib/bundler/settings.rb +++ b/lib/bundler/settings.rb @@ -16,7 +16,6 @@ module Bundler clean default_install_uses_path deployment - deployment_means_frozen disable_checksum_validation disable_exec_load disable_local_branch_check @@ -210,6 +209,13 @@ module Bundler locations end + def processor_count + require "etc" + Etc.nprocessors + rescue StandardError + 1 + end + # for legacy reasons, in Bundler 2, we do not respect :disable_shared_gems def path configs.each do |_level, settings| diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 590c3ec939..0e9b4e02a5 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -67,12 +67,12 @@ module Bundler o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty? end - def disable_multisource? - @remotes.size <= 1 + def multiple_remotes? + @remotes.size > 1 end def can_lock?(spec) - return super if disable_multisource? + return super unless multiple_remotes? spec.source.is_a?(Rubygems) end diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index 584d693dea..9a7f0ea0a2 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -32,8 +32,8 @@ module Bundler @merged_gem_lockfile_sections = true end - def no_aggregate_global_source? - global_rubygems_source.remotes.size <= 1 + def aggregate_global_source? + global_rubygems_source.multiple_remotes? end def add_path_source(options = {}) @@ -185,6 +185,8 @@ module Bundler end def equal_source?(source, other_source) + return source.include?(other_source) if source.is_a?(Source::Rubygems) && other_source.is_a?(Source::Rubygems) && !merged_gem_lockfile_sections? + source == other_source end diff --git a/lib/bundler/templates/newgem/newgem.gemspec.tt b/lib/bundler/templates/newgem/newgem.gemspec.tt index 7032004076..91ce856bff 100644 --- a/lib/bundler/templates/newgem/newgem.gemspec.tt +++ b/lib/bundler/templates/newgem/newgem.gemspec.tt @@ -16,7 +16,7 @@ Gem::Specification.new do |spec| <%- end -%> spec.required_ruby_version = ">= <%= config[:required_ruby_version] %>" - spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'" + spec.metadata["allowed_push_host"] = "TODO: Set to 'https://mygemserver.com'" spec.metadata["homepage_uri"] = spec.homepage spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here." diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 4302fb9892..1c34797243 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false module Bundler - VERSION = "2.2.20".freeze + VERSION = "2.2.21".freeze def self.bundler_major_version @bundler_major_version ||= VERSION.split(".").first.to_i diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 57d0140d8b..9d16f6ecf8 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -8,7 +8,7 @@ require 'rbconfig' module Gem - VERSION = "3.2.20".freeze + VERSION = "3.2.21".freeze end # Must be first since it unloads the prelude from 1.9.2 diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb index 9dc41a2995..3746d7aab0 100644 --- a/lib/rubygems/config_file.rb +++ b/lib/rubygems/config_file.rb @@ -320,7 +320,7 @@ if you believe they were disclosed to a third party. config = load_file(credentials_path).merge(host => api_key) dirname = File.dirname credentials_path - Dir.mkdir(dirname) unless File.exist? dirname + FileUtils.mkdir_p(dirname) unless File.exist? dirname Gem.load_yaml diff --git a/lib/rubygems/request.rb b/lib/rubygems/request.rb index 1ed0fbcb99..5bda0b2e5e 100644 --- a/lib/rubygems/request.rb +++ b/lib/rubygems/request.rb @@ -44,7 +44,7 @@ class Gem::Request end def self.configure_connection_for_https(connection, cert_files) - raise Gem::Exception.new('OpenSSl is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources') unless Gem::HAVE_OPENSSL + raise Gem::Exception.new('OpenSSL is not available. Install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources') unless Gem::HAVE_OPENSSL connection.use_ssl = true connection.verify_mode = diff --git a/lib/rubygems/util/licenses.rb b/lib/rubygems/util/licenses.rb index 29bf310ea0..98cbd8929b 100644 --- a/lib/rubygems/util/licenses.rb +++ b/lib/rubygems/util/licenses.rb @@ -18,6 +18,8 @@ class Gem::Licenses AFL-2.1 AFL-3.0 AGPL-1.0 + AGPL-1.0-only + AGPL-1.0-or-later AGPL-3.0 AGPL-3.0-only AGPL-3.0-or-later @@ -25,6 +27,7 @@ class Gem::Licenses AML AMPAS ANTLR-PD + ANTLR-PD-fallback APAFML APL-1.0 APSL-1.0 @@ -48,29 +51,41 @@ class Gem::Licenses BSD-2-Clause-FreeBSD BSD-2-Clause-NetBSD BSD-2-Clause-Patent + BSD-2-Clause-Views BSD-3-Clause BSD-3-Clause-Attribution BSD-3-Clause-Clear BSD-3-Clause-LBNL + BSD-3-Clause-Modification + BSD-3-Clause-No-Military-License BSD-3-Clause-No-Nuclear-License BSD-3-Clause-No-Nuclear-License-2014 BSD-3-Clause-No-Nuclear-Warranty + BSD-3-Clause-Open-MPI BSD-4-Clause + BSD-4-Clause-Shortened BSD-4-Clause-UC BSD-Protection BSD-Source-Code BSL-1.0 + BUSL-1.1 Bahyph Barr Beerware BitTorrent-1.0 BitTorrent-1.1 + BlueOak-1.0.0 Borceux + C-UDA-1.0 + CAL-1.0 + CAL-1.0-Combined-Work-Exception CATOSL-1.1 CC-BY-1.0 CC-BY-2.0 CC-BY-2.5 CC-BY-3.0 + CC-BY-3.0-AT + CC-BY-3.0-US CC-BY-4.0 CC-BY-NC-1.0 CC-BY-NC-2.0 @@ -81,6 +96,7 @@ class Gem::Licenses CC-BY-NC-ND-2.0 CC-BY-NC-ND-2.5 CC-BY-NC-ND-3.0 + CC-BY-NC-ND-3.0-IGO CC-BY-NC-ND-4.0 CC-BY-NC-SA-1.0 CC-BY-NC-SA-2.0 @@ -94,12 +110,17 @@ class Gem::Licenses CC-BY-ND-4.0 CC-BY-SA-1.0 CC-BY-SA-2.0 + CC-BY-SA-2.0-UK + CC-BY-SA-2.1-JP CC-BY-SA-2.5 CC-BY-SA-3.0 + CC-BY-SA-3.0-AT CC-BY-SA-4.0 + CC-PDDC CC0-1.0 CDDL-1.0 CDDL-1.1 + CDL-1.0 CDLA-Permissive-1.0 CDLA-Sharing-1.0 CECILL-1.0 @@ -108,6 +129,11 @@ class Gem::Licenses CECILL-2.1 CECILL-B CECILL-C + CERN-OHL-1.1 + CERN-OHL-1.2 + CERN-OHL-P-2.0 + CERN-OHL-S-2.0 + CERN-OHL-W-2.0 CNRI-Jython CNRI-Python CNRI-Python-GPL-Compatible @@ -123,12 +149,14 @@ class Gem::Licenses Cube D-FSL-1.0 DOC + DRL-1.0 DSDP Dotseqn ECL-1.0 ECL-2.0 EFL-1.0 EFL-2.0 + EPICS EPL-1.0 EPL-2.0 EUDatagrid @@ -144,17 +172,32 @@ class Gem::Licenses FTL Fair Frameworx-1.0 + FreeBSD-DOC FreeImage + GD GFDL-1.1 + GFDL-1.1-invariants-only + GFDL-1.1-invariants-or-later + GFDL-1.1-no-invariants-only + GFDL-1.1-no-invariants-or-later GFDL-1.1-only GFDL-1.1-or-later GFDL-1.2 + GFDL-1.2-invariants-only + GFDL-1.2-invariants-or-later + GFDL-1.2-no-invariants-only + GFDL-1.2-no-invariants-or-later GFDL-1.2-only GFDL-1.2-or-later GFDL-1.3 + GFDL-1.3-invariants-only + GFDL-1.3-invariants-or-later + GFDL-1.3-no-invariants-only + GFDL-1.3-no-invariants-or-later GFDL-1.3-only GFDL-1.3-or-later GL2PS + GLWTPL GPL-1.0 GPL-1.0+ GPL-1.0-only @@ -178,7 +221,10 @@ class Gem::Licenses Glide Glulxe HPND + HPND-sell-variant + HTMLTIDY HaskellReport + Hippocratic-2.1 IBM-pibs ICU IJG @@ -191,6 +237,7 @@ class Gem::Licenses Intel Intel-ACPI Interbase-1.0 + JPNIC JSON JasPer-2.0 LAL-1.2 @@ -221,11 +268,15 @@ class Gem::Licenses LiLiQ-R-1.1 LiLiQ-Rplus-1.1 Libpng + Linux-OpenIB MIT + MIT-0 MIT-CMU + MIT-Modern-Variant MIT-advertising MIT-enna MIT-feh + MIT-open-group MITNFA MPL-1.0 MPL-1.1 @@ -237,12 +288,18 @@ class Gem::Licenses MakeIndex MirOS Motosoto + MulanPSL-1.0 + MulanPSL-2.0 Multics Mup + NAIST-2003 NASA-1.3 NBPL-1.0 + NCGL-UK-2.0 NCSA NGPL + NIST-PD + NIST-PD-fallback NLOD-1.0 NLPL NOSL @@ -251,6 +308,7 @@ class Gem::Licenses NPOSL-3.0 NRL NTP + NTP-0 Naumen Net-SNMP NetCDF @@ -258,11 +316,23 @@ class Gem::Licenses Nokia Noweb Nunit + O-UDA-1.0 OCCT-PL OCLC-2.0 + ODC-By-1.0 ODbL-1.0 OFL-1.0 + OFL-1.0-RFN + OFL-1.0-no-RFN OFL-1.1 + OFL-1.1-RFN + OFL-1.1-no-RFN + OGC-1.0 + OGDL-Taiwan-1.0 + OGL-Canada-2.0 + OGL-UK-1.0 + OGL-UK-2.0 + OGL-UK-3.0 OGTSL OLDAP-1.1 OLDAP-1.2 @@ -292,7 +362,12 @@ class Gem::Licenses PDDL-1.0 PHP-3.0 PHP-3.01 + PSF-2.0 + Parity-6.0.0 + Parity-7.0.0 Plexus + PolyForm-Noncommercial-1.0.0 + PolyForm-Small-Business-1.0.0 PostgreSQL Python-2.0 QPL-1.0 @@ -310,15 +385,21 @@ class Gem::Licenses SGI-B-1.0 SGI-B-1.1 SGI-B-2.0 + SHL-0.5 + SHL-0.51 SISSL SISSL-1.2 SMLNJ SMPPL SNIA SPL-1.0 + SSH-OpenSSH + SSH-short + SSPL-1.0 SWL Saxpath Sendmail + Sendmail-8.23 SimPL-2.0 Sleepycat Spencer-86 @@ -326,11 +407,15 @@ class Gem::Licenses Spencer-99 StandardML-NJ SugarCRM-1.1.3 + TAPR-OHL-1.0 TCL TCP-wrappers TMate TORQUE-1.1 TOSL + TU-Berlin-1.0 + TU-Berlin-2.0 + UCL-1.0 UPL-1.0 Unicode-DFS-2015 Unicode-DFS-2016 @@ -360,16 +445,22 @@ class Gem::Licenses Zimbra-1.3 Zimbra-1.4 Zlib + blessing bzip2-1.0.5 bzip2-1.0.6 + copyleft-next-0.3.0 + copyleft-next-0.3.1 curl diffmark dvipdfm eCos-2.0 eGenix + etalab-2.0 gSOAP-1.3b gnuplot iMatix + libpng-2.0 + libselinux-1.0 libtiff mpich2 psfrag @@ -395,12 +486,26 @@ class Gem::Licenses Font-exception-2.0 GCC-exception-2.0 GCC-exception-3.1 + GPL-3.0-linking-exception + GPL-3.0-linking-source-exception + GPL-CC-1.0 + LGPL-3.0-linking-exception + LLVM-exception LZMA-exception Libtool-exception Linux-syscall-note Nokia-Qt-exception-1.1 OCCT-exception-1.0 + OCaml-LGPL-linking-exception + OpenJDK-assembly-exception-1.0 + PS-or-PDF-font-exception-20170817 + Qt-GPL-exception-1.0 + Qt-LGPL-exception-1.1 Qwt-exception-1.0 + SHL-2.0 + SHL-2.1 + Swift-exception + Universal-FOSS-exception-1.0 WxWindows-exception-3.1 eCos-exception-2.0 freertos-exception-2.0 @@ -413,10 +518,10 @@ class Gem::Licenses REGEXP = %r{ \A - ( + (?: #{Regexp.union(LICENSE_IDENTIFIERS)} \+? - (\s WITH \s #{Regexp.union(EXCEPTION_IDENTIFIERS)})? + (?:\s WITH \s #{Regexp.union(EXCEPTION_IDENTIFIERS)})? | #{NONSTANDARD} ) \Z diff --git a/spec/bundler/commands/cache_spec.rb b/spec/bundler/commands/cache_spec.rb index 3bae384620..9bb85c6587 100644 --- a/spec/bundler/commands/cache_spec.rb +++ b/spec/bundler/commands/cache_spec.rb @@ -362,6 +362,24 @@ RSpec.describe "bundle install with gem sources" do expect(the_bundle).to include_gems "rack 1.0.0" end + it "does not hit the remote at all when cache_all_platforms configured" do + build_repo2 + install_gemfile <<-G + source "#{file_uri_for(gem_repo2)}" + gem "rack" + G + + bundle :cache + simulate_new_machine + FileUtils.rm_rf gem_repo2 + + bundle "config set --local cache_all_platforms true" + bundle "config set --local path vendor/bundle" + bundle "install --local" + expect(out).not_to include("Fetching gem metadata") + expect(the_bundle).to include_gems "rack 1.0.0" + end + it "does not reinstall already-installed gems" do install_gemfile <<-G source "#{file_uri_for(gem_repo1)}" diff --git a/spec/bundler/install/gemfile/sources_spec.rb b/spec/bundler/install/gemfile/sources_spec.rb index d13ba0e607..82129677b3 100644 --- a/spec/bundler/install/gemfile/sources_spec.rb +++ b/spec/bundler/install/gemfile/sources_spec.rb @@ -612,9 +612,66 @@ RSpec.describe "bundle install with gems on multiple sources" do L end - it "does not install newer versions or generate lockfile changes when running bundle install, and warns", :bundler => "< 3" do + it "does not install newer versions but updates the lockfile format when running bundle install in non frozen mode, and doesn't warn" do + bundle :install, :artifice => "compact_index" + expect(err).to be_empty + + expect(the_bundle).to include_gems("activesupport 6.0.3.4") + expect(the_bundle).not_to include_gems("activesupport 6.1.2.1") + expect(the_bundle).to include_gems("tzinfo 1.2.9") + expect(the_bundle).not_to include_gems("tzinfo 2.0.4") + expect(the_bundle).to include_gems("concurrent-ruby 1.1.8") + expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9") + + expect(lockfile).to eq <<~L + GEM + remote: https://gem.repo2/ + specs: + activesupport (6.0.3.4) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + zeitwerk (~> 2.2, >= 2.2.2) + concurrent-ruby (1.1.8) + connection_pool (2.2.3) + i18n (1.8.9) + concurrent-ruby (~> 1.0) + minitest (5.14.3) + rack (2.2.3) + redis (4.2.5) + sidekiq (6.1.3) + connection_pool (>= 2.2.2) + rack (~> 2.0) + redis (>= 4.2.0) + thread_safe (0.3.6) + tzinfo (1.2.9) + thread_safe (~> 0.1) + zeitwerk (2.4.2) + + GEM + remote: https://gem.repo3/ + specs: + sidekiq-pro (5.2.1) + connection_pool (>= 2.2.3) + sidekiq (>= 6.1.0) + + PLATFORMS + #{specific_local_platform} + + DEPENDENCIES + activesupport + sidekiq-pro! + + BUNDLED WITH + #{Bundler::VERSION} + L + end + + it "does not install newer versions or generate lockfile changes when running bundle install in frozen mode, and warns", :bundler => "< 3" do initial_lockfile = lockfile + bundle "config set --local frozen true" bundle :install, :artifice => "compact_index" expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") @@ -629,9 +686,10 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(lockfile).to eq(initial_lockfile) end - it "fails when running bundle install", :bundler => "3" do + it "fails when running bundle install in frozen mode", :bundler => "3" do initial_lockfile = lockfile + bundle "config set --local frozen true" bundle :install, :artifice => "compact_index", :raise_on_error => false expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") @@ -694,9 +752,9 @@ RSpec.describe "bundle install with gems on multiple sources" do L end - it "it keeps the current lockfile format and upgrades the requested gem when running bundle update with an argument, and warns", :bundler => "< 3" do + it "upgrades the lockfile format and upgrades the requested gem when running bundle update with an argument" do bundle "update concurrent-ruby", :artifice => "compact_index" - expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") + expect(err).to be_empty expect(the_bundle).to include_gems("activesupport 6.0.3.4") expect(the_bundle).not_to include_gems("activesupport 6.1.2.1") @@ -708,7 +766,6 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(lockfile).to eq <<~L GEM remote: https://gem.repo2/ - remote: https://gem.repo3/ specs: activesupport (6.0.3.4) concurrent-ruby (~> 1.0, >= 1.0.2) @@ -727,14 +784,18 @@ RSpec.describe "bundle install with gems on multiple sources" do connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) - sidekiq-pro (5.2.1) - connection_pool (>= 2.2.3) - sidekiq (>= 6.1.0) thread_safe (0.3.6) tzinfo (1.2.9) thread_safe (~> 0.1) zeitwerk (2.4.2) + GEM + remote: https://gem.repo3/ + specs: + sidekiq-pro (5.2.1) + connection_pool (>= 2.2.3) + sidekiq (>= 6.1.0) + PLATFORMS #{specific_local_platform} @@ -746,16 +807,6 @@ RSpec.describe "bundle install with gems on multiple sources" do #{Bundler::VERSION} L end - - it "fails when running bundle update with an argument", :bundler => "3" do - initial_lockfile = lockfile - - bundle "update concurrent-ruby", :artifice => "compact_index", :raise_on_error => false - - expect(err).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure.") - - expect(lockfile).to eq(initial_lockfile) - end end context "when a top-level gem has an indirect dependency present in the default source, but with a different version from the one resolved" do diff --git a/spec/bundler/other/major_deprecation_spec.rb b/spec/bundler/other/major_deprecation_spec.rb index 41d8ef56bc..494d6a27b5 100644 --- a/spec/bundler/other/major_deprecation_spec.rb +++ b/spec/bundler/other/major_deprecation_spec.rb @@ -387,10 +387,38 @@ RSpec.describe "major deprecations" do ) end + it "doesn't show lockfile deprecations if there's a lockfile", :bundler => "< 3" do + bundle "install" + + expect(deprecations).to include( + "Your Gemfile contains multiple primary sources. " \ + "Using `source` more than once without a block is a security risk, and " \ + "may result in installing unexpected gems. To resolve this warning, use " \ + "a block to indicate which gems should come from the secondary source." + ) + expect(deprecations).not_to include( + "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \ + "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." + ) + bundle "config set --local frozen true" + bundle "install" + + expect(deprecations).to include( + "Your Gemfile contains multiple primary sources. " \ + "Using `source` more than once without a block is a security risk, and " \ + "may result in installing unexpected gems. To resolve this warning, use " \ + "a block to indicate which gems should come from the secondary source." + ) + expect(deprecations).not_to include( + "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \ + "Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." + ) + end + pending "fails with a helpful error", :bundler => "3" end - context "bundle install with a lockfile with a single rubygems section with multiple remotes" do + context "bundle install in frozen mode with a lockfile with a single rubygems section with multiple remotes" do before do build_repo gem_repo3 do build_gem "rack", "0.9.1" @@ -419,12 +447,14 @@ RSpec.describe "major deprecations" do BUNDLED WITH #{Bundler::VERSION} L + + bundle "config set --local frozen true" end it "shows a deprecation", :bundler => "< 3" do bundle "install" - expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch.") + expect(deprecations).to include("Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure.") end pending "fails with a helpful error", :bundler => "3" diff --git a/spec/bundler/quality_spec.rb b/spec/bundler/quality_spec.rb index 524870ca9e..08ec8bed5c 100644 --- a/spec/bundler/quality_spec.rb +++ b/spec/bundler/quality_spec.rb @@ -169,7 +169,6 @@ RSpec.describe "The library itself" do it "documents all used settings" do exemptions = %w[ - deployment_means_frozen forget_cli_options gem.changelog gem.ci diff --git a/test/rubygems/test_gem_commands_push_command.rb b/test/rubygems/test_gem_commands_push_command.rb index 4f0feabfa7..202e44e620 100644 --- a/test/rubygems/test_gem_commands_push_command.rb +++ b/test/rubygems/test_gem_commands_push_command.rb @@ -155,7 +155,6 @@ class TestGemCommandsPushCommand < Gem::TestCase @host => @api_key, } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end @@ -190,7 +189,6 @@ class TestGemCommandsPushCommand < Gem::TestCase @host => @api_key, } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end @@ -232,7 +230,6 @@ class TestGemCommandsPushCommand < Gem::TestCase :rubygems_api_key => @api_key, } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end @@ -274,7 +271,6 @@ class TestGemCommandsPushCommand < Gem::TestCase @host => @api_key, } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end @@ -305,7 +301,6 @@ class TestGemCommandsPushCommand < Gem::TestCase host => api_key, } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end diff --git a/test/rubygems/test_gem_commands_setup_command.rb b/test/rubygems/test_gem_commands_setup_command.rb index 94e7d7c82f..bd6c4f125f 100644 --- a/test/rubygems/test_gem_commands_setup_command.rb +++ b/test/rubygems/test_gem_commands_setup_command.rb @@ -175,7 +175,7 @@ class TestGemCommandsSetupCommand < Gem::TestCase assert_path_exist File.join(dir, 'bundler.rb') assert_path_exist File.join(dir, 'bundler/b.rb') - assert_path_exist File.join(dir, 'bundler/templates/.circleci/config.yml') unless RUBY_ENGINE == "truffleruby" # https://github.com/oracle/truffleruby/issues/2116 + assert_path_exist File.join(dir, 'bundler/templates/.circleci/config.yml') assert_path_exist File.join(dir, 'bundler/templates/.travis.yml') end end @@ -272,7 +272,7 @@ class TestGemCommandsSetupCommand < Gem::TestCase @cmd.remove_old_lib_files lib - files_that_go.each {|file| assert_path_not_exist(file) unless file == old_bundler_ci && RUBY_ENGINE == "truffleruby" } # https://github.com/oracle/truffleruby/issues/2116 + files_that_go.each {|file| assert_path_not_exist(file) unless file == old_bundler_ci } files_that_stay.each {|file| assert_path_exist file } end diff --git a/test/rubygems/test_gem_commands_signin_command.rb b/test/rubygems/test_gem_commands_signin_command.rb index 596f262082..d895d90b0c 100644 --- a/test/rubygems/test_gem_commands_signin_command.rb +++ b/test/rubygems/test_gem_commands_signin_command.rb @@ -26,6 +26,13 @@ class TestGemCommandsSigninCommand < Gem::TestCase assert_match %r{Signed in.}, sign_in_ui.output end + def test_execute_when_not_already_signed_in_and_not_preexisting_credentials_folder + FileUtils.rm Gem.configuration.credentials_path + + sign_in_ui = util_capture { @cmd.execute } + assert_match %r{Signed in.}, sign_in_ui.output + end + def test_execute_when_already_signed_in_with_same_host host = 'http://some-gemcutter-compatible-host.org' diff --git a/test/rubygems/test_gem_gemcutter_utilities.rb b/test/rubygems/test_gem_gemcutter_utilities.rb index 27c99fd04d..ae31b9a7dd 100644 --- a/test/rubygems/test_gem_gemcutter_utilities.rb +++ b/test/rubygems/test_gem_gemcutter_utilities.rb @@ -35,8 +35,6 @@ class TestGemGemcutterUtilities < Gem::TestCase "http://rubygems.engineyard.com" => "EYKEY", } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path - File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end @@ -50,7 +48,6 @@ class TestGemGemcutterUtilities < Gem::TestCase def test_api_key keys = { :rubygems_api_key => 'KEY' } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml @@ -63,7 +60,6 @@ class TestGemGemcutterUtilities < Gem::TestCase def test_api_key_override keys = { :rubygems_api_key => 'KEY', :other => 'OTHER' } - FileUtils.mkdir_p File.dirname Gem.configuration.credentials_path File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml @@ -168,7 +164,6 @@ class TestGemGemcutterUtilities < Gem::TestCase api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903' other_api_key = 'f46dbb18bb6a9c97cdc61b5b85c186a17403cdcbf' - FileUtils.mkdir_p File.dirname(Gem.configuration.credentials_path) File.open Gem.configuration.credentials_path, 'w' do |f| f.write Hash[:other_api_key, other_api_key].to_yaml end @@ -246,7 +241,6 @@ class TestGemGemcutterUtilities < Gem::TestCase def test_verify_api_key keys = {:other => 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'} - FileUtils.mkdir_p File.dirname(Gem.configuration.credentials_path) File.open Gem.configuration.credentials_path, 'w' do |f| f.write keys.to_yaml end diff --git a/test/rubygems/test_require.rb b/test/rubygems/test_require.rb index f5d3480a4f..4591530156 100644 --- a/test/rubygems/test_require.rb +++ b/test/rubygems/test_require.rb @@ -679,8 +679,6 @@ class TestGemRequire < Gem::TestCase end def test_no_crash_when_overriding_warn_with_warning_module - pend "https://github.com/oracle/truffleruby/issues/2109" if RUBY_ENGINE == "truffleruby" - Dir.mktmpdir("warn_test") do |dir| File.write(dir + "/main.rb", "module Warning; def warn(str); super; end; end; warn 'Foo Bar'") _, err = capture_subprocess_io do diff --git a/tool/bundler/rubocop_gems.rb.lock b/tool/bundler/rubocop_gems.rb.lock index bcd1749b34..e2b5b76031 100644 --- a/tool/bundler/rubocop_gems.rb.lock +++ b/tool/bundler/rubocop_gems.rb.lock @@ -56,4 +56,4 @@ DEPENDENCIES test-unit BUNDLED WITH - 2.2.20 + 2.2.21 diff --git a/tool/bundler/test_gems.rb.lock b/tool/bundler/test_gems.rb.lock index 12e8c45714..e39db5fef0 100644 --- a/tool/bundler/test_gems.rb.lock +++ b/tool/bundler/test_gems.rb.lock @@ -40,4 +40,4 @@ DEPENDENCIES webrick (= 1.7.0) BUNDLED WITH - 2.2.20 + 2.2.21 |