diff options
Diffstat (limited to 'lib/bundler/definition.rb')
| -rw-r--r-- | lib/bundler/definition.rb | 926 |
1 files changed, 484 insertions, 442 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index fc30dd5ca8..c8faf77b3b 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -16,10 +16,10 @@ module Bundler :locked_deps, :locked_gems, :platforms, - :requires, :ruby_version, :lockfile, - :gemfiles + :gemfiles, + :locked_checksums ) # Given a gemfile and lockfile creates a Bundler definition @@ -61,10 +61,8 @@ module Bundler @unlocking_bundler = false @unlocking = unlock else - unlock = unlock.dup @unlocking_bundler = unlock.delete(:bundler) - unlock.delete_if {|_k, v| Array(v).empty? } - @unlocking = !unlock.empty? + @unlocking = unlock.any? {|_k, v| !Array(v).empty? } end @dependencies = dependencies @@ -72,28 +70,34 @@ module Bundler @unlock = unlock @optional_groups = optional_groups @remote = false + @prefer_local = false @specs = nil @ruby_version = ruby_version @gemfiles = gemfiles @lockfile = lockfile @lockfile_contents = String.new + @locked_bundler_version = nil - @locked_ruby_version = nil - @locked_specs_incomplete_for_platform = false + @resolved_bundler_version = nil + + @locked_ruby_version = nil @new_platform = nil + @removed_platform = nil - if lockfile && File.exist?(lockfile) + if lockfile_exists? @lockfile_contents = Bundler.read_file(lockfile) @locked_gems = LockfileParser.new(@lockfile_contents) @locked_platforms = @locked_gems.platforms @platforms = @locked_platforms.dup @locked_bundler_version = @locked_gems.bundler_version @locked_ruby_version = @locked_gems.ruby_version + @originally_locked_specs = SpecSet.new(@locked_gems.specs) + @locked_checksums = @locked_gems.checksums if unlock != true @locked_deps = @locked_gems.dependencies - @locked_specs = SpecSet.new(@locked_gems.specs) + @locked_specs = @originally_locked_specs @locked_sources = @locked_gems.sources else @unlock = {} @@ -107,62 +111,58 @@ module Bundler @locked_gems = nil @locked_deps = {} @locked_specs = SpecSet.new([]) + @originally_locked_specs = @locked_specs @locked_sources = [] @locked_platforms = [] + @locked_checksums = nil end - @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } - @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?) + locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } + @multisource_allowed = locked_gem_sources.size == 1 && locked_gem_sources.first.multiple_remotes? && Bundler.frozen_bundle? - unless @disable_multisource - msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch." + if @multisource_allowed + unless sources.aggregate_global_source? + msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. Make sure you run `bundle install` in non frozen mode and commit the result to make your lockfile secure." - Bundler::SharedHelpers.major_deprecation 2, msg + Bundler::SharedHelpers.major_deprecation 2, msg + end - @sources.merged_gem_lockfile_sections! + @sources.merged_gem_lockfile_sections!(locked_gem_sources.first) end - @unlock[:gems] ||= [] @unlock[:sources] ||= [] @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object @ruby_version.diff(locked_ruby_version_object) end @unlocking ||= @unlock[:ruby] ||= (!@locked_ruby_version ^ !@ruby_version) - add_current_platform unless current_ruby_platform_locked? || Bundler.frozen_bundle? + add_current_platform unless Bundler.frozen_bundle? converge_path_sources_to_gemspec_sources @path_changes = converge_paths @source_changes = converge_sources - unless @unlock[:lock_shared_dependencies] - eager_unlock = expand_dependencies(@unlock[:gems], true) - @unlock[:gems] = @locked_specs.for(eager_unlock, [], false, false, false).map(&:name) + if @unlock[:conservative] + @unlock[:gems] ||= @dependencies.map(&:name) + else + eager_unlock = (@unlock[:gems] || []).map {|name| Dependency.new(name, ">= 0") } + @unlock[:gems] = @locked_specs.for(eager_unlock, false, platforms).map(&:name).uniq end @dependency_changes = converge_dependencies @local_changes = converge_locals - @requires = compute_requires + check_lockfile end def gem_version_promoter - @gem_version_promoter ||= begin - locked_specs = - if unlocking? && @locked_specs.empty? && !@lockfile_contents.empty? - # Definition uses an empty set of locked_specs to indicate all gems - # are unlocked, but GemVersionPromoter needs the locked_specs - # for conservative comparison. - Bundler::SpecSet.new(@locked_gems.specs) - else - @locked_specs - end - GemVersionPromoter.new(locked_specs, @unlock[:gems]) - end + @gem_version_promoter ||= GemVersionPromoter.new end - def disable_multisource? - @disable_multisource + def resolve_only_locally! + @remote = false + sources.local_only! + resolve end def resolve_with_cache! @@ -176,6 +176,23 @@ module Bundler resolve end + def resolution_mode=(options) + if options["local"] + @remote = false + else + @remote = true + @prefer_local = options["prefer-local"] + end + end + + def setup_sources_for_resolve + if @remote == false + sources.cached! + else + sources.remote! + end + end + # For given dependency list returns a SpecSet with Gemspec of all the required # dependencies. # 1. The method first resolves the dependencies specified in Gemfile @@ -183,25 +200,7 @@ module Bundler # # @return [Bundler::SpecSet] def specs - @specs ||= begin - begin - specs = resolve.materialize(requested_dependencies) - rescue GemNotFound => e # Handle yanked gem - gem_name, gem_version = extract_gem_info(e) - locked_gem = @locked_specs[gem_name].last - raise if locked_gem.nil? || locked_gem.version.to_s != gem_version || !@remote - raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \ - "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \ - "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \ - "removed in order to install." - end - unless specs["bundler"].any? - bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", VERSION)).last - specs["bundler"] = bundler - end - - specs - end + @specs ||= materialize(requested_dependencies) end def new_specs @@ -213,9 +212,7 @@ module Bundler end def missing_specs - missing = [] - resolve.materialize(requested_dependencies, missing) - missing + resolve.materialize(requested_dependencies).missing_specs end def missing_specs? @@ -224,8 +221,9 @@ module Bundler Bundler.ui.debug "The definition is missing #{missing.map(&:full_name)}" true rescue BundlerError => e - @index = nil @resolve = nil + @resolver = nil + @resolution_packages = nil @specs = nil @gem_version_promoter = nil @@ -234,34 +232,57 @@ module Bundler end def requested_specs - @requested_specs ||= begin - groups = requested_groups - groups.map!(&:to_sym) - specs_for(groups) - end + specs_for(requested_groups) end def requested_dependencies - groups = requested_groups - groups.map!(&:to_sym) - dependencies_for(groups) + dependencies_for(requested_groups) end def current_dependencies + filter_relevant(dependencies) + end + + def current_locked_dependencies + filter_relevant(locked_dependencies) + end + + def filter_relevant(dependencies) + platforms_array = [generic_local_platform].freeze dependencies.select do |d| - d.should_include? && !d.gem_platforms(@platforms).empty? + d.should_include? && !d.gem_platforms(platforms_array).empty? end end + def locked_dependencies + @locked_deps.values + end + + def new_deps + @new_deps ||= @dependencies - locked_dependencies + end + + def deleted_deps + @deleted_deps ||= locked_dependencies - @dependencies + end + def specs_for(groups) + return specs if groups.empty? deps = dependencies_for(groups) - specs.for(expand_dependencies(deps)) + materialize(deps) end def dependencies_for(groups) - current_dependencies.reject do |d| - (d.groups & groups).empty? + groups.map!(&:to_sym) + deps = current_dependencies # always returns a new array + deps.select! do |d| + if RUBY_VERSION >= "3.1" + d.groups.intersect?(groups) + else + !(d.groups & groups).empty? + end end + deps end # Resolve all the dependencies specified in Gemfile. It ensures that @@ -270,70 +291,26 @@ module Bundler # # @return [SpecSet] resolved dependencies def resolve - @resolve ||= begin - last_resolve = converge_locked_specs - if Bundler.frozen_bundle? - Bundler.ui.debug "Frozen, using resolution from the lockfile" - last_resolve - elsif !unlocking? && nothing_changed? - Bundler.ui.debug("Found no changes, using resolution from the lockfile") - last_resolve + @resolve ||= if Bundler.frozen_bundle? + Bundler.ui.debug "Frozen, using resolution from the lockfile" + @locked_specs + elsif no_resolve_needed? + if deleted_deps.any? + Bundler.ui.debug "Some dependencies were deleted, using a subset of the resolution from the lockfile" + SpecSet.new(filter_specs(@locked_specs, @dependencies - deleted_deps)) else - # Run a resolve against the locally available gems - Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}") - expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote) - Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms) - end - end - end - - def index - @index ||= Index.build do |idx| - dependency_names = @dependencies.map(&:name) - - sources.all_sources.each do |source| - source.dependency_names = dependency_names - pinned_spec_names(source) - idx.add_source source.specs - dependency_names.concat(source.unmet_deps).uniq! - end - - double_check_for_index(idx, dependency_names) - end - end - - # Suppose the gem Foo depends on the gem Bar. Foo exists in Source A. Bar has some versions that exist in both - # sources A and B. At this point, the API request will have found all the versions of Bar in source A, - # but will not have found any versions of Bar from source B, which is a problem if the requested version - # of Foo specifically depends on a version of Bar that is only found in source B. This ensures that for - # each spec we found, we add all possible versions from all sources to the index. - def double_check_for_index(idx, dependency_names) - pinned_names = pinned_spec_names - loop do - idxcount = idx.size - - names = :names # do this so we only have to traverse to get dependency_names from the index once - unmet_dependency_names = lambda do - return names unless names == :names - new_names = sources.all_sources.map(&:dependency_names_to_double_check) - return names = nil if new_names.compact! - names = new_names.flatten(1).concat(dependency_names) - names.uniq! - names -= pinned_names - names - end - - sources.all_sources.each do |source| - source.double_check_for(unmet_dependency_names) + Bundler.ui.debug "Found no changes, using resolution from the lockfile" + if @removed_platform || @locked_gems.may_include_redundant_platform_specific_gems? + SpecSet.new(filter_specs(@locked_specs, @dependencies)) + else + @locked_specs + end end - - break if idxcount == idx.size + else + Bundler.ui.debug "Found changes from the lockfile, re-resolving dependencies because #{change_reason}" + start_resolution end end - private :double_check_for_index - - def has_rubygems_remotes? - sources.rubygems_sources.any? {|s| s.remotes.any? } - end def spec_git_paths sources.git_sources.map {|s| File.realpath(s.path) if File.exist?(s.path) }.compact @@ -343,45 +320,26 @@ module Bundler dependencies.map(&:groups).flatten.uniq end - def lock(file, preserve_unknown_sections = false) - return if Definition.no_lock - - contents = to_lock - - # Convert to \r\n if the existing lock has them - # i.e., Windows with `git config core.autocrlf=true` - contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match("\r\n") - - if @locked_bundler_version - locked_major = @locked_bundler_version.segments.first - current_major = Gem::Version.create(Bundler::VERSION).segments.first + def lock(file_or_preserve_unknown_sections = false, preserve_unknown_sections_or_unused = false) + if [true, false, nil].include?(file_or_preserve_unknown_sections) + target_lockfile = lockfile || Bundler.default_lockfile + preserve_unknown_sections = file_or_preserve_unknown_sections + else + target_lockfile = file_or_preserve_unknown_sections + preserve_unknown_sections = preserve_unknown_sections_or_unused - if updating_major = locked_major < current_major - Bundler.ui.warn "Warning: the lockfile is being updated to Bundler #{current_major}, " \ - "after which you will be unable to return to Bundler #{@locked_bundler_version.segments.first}." + suggestion = if target_lockfile == lockfile + "To fix this warning, remove it from the `Definition#lock` call." + else + "Instead, instantiate a new definition passing `#{target_lockfile}`, and call `lock` without a file argument on that definition" end - end - - preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler)) - return if file && File.exist?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections) + msg = "`Definition#lock` was passed a target file argument. #{suggestion}" - if Bundler.frozen_bundle? - Bundler.ui.error "Cannot write a changed lockfile while frozen." - return - end - - SharedHelpers.filesystem_access(file) do |p| - File.open(p, "wb") {|f| f.puts(contents) } - end - end - - def locked_bundler_version - if @locked_bundler_version && @locked_bundler_version < Gem::Version.new(Bundler::VERSION) - new_version = Bundler::VERSION + Bundler::SharedHelpers.major_deprecation 2, msg end - new_version || @locked_bundler_version || Bundler::VERSION + write_lock(target_lockfile, preserve_unknown_sections) end def locked_ruby_version @@ -405,27 +363,16 @@ module Bundler end end + def bundler_version_to_lock + @resolved_bundler_version || Bundler.gem_version + end + def to_lock require_relative "lockfile_generator" LockfileGenerator.generate(self) end def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false) - msg = String.new - msg << "You are trying to install in deployment mode after changing\n" \ - "your Gemfile. Run `bundle install` elsewhere and add the\n" \ - "updated #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} to version control." - - unless explicit_flag - suggested_command = if Bundler.settings.locations("frozen").keys.&([:global, :local]).any? - "bundle config unset frozen" - elsif Bundler.settings.locations("deployment").keys.&([:global, :local]).any? - "bundle config unset deployment" - end - msg << "\n\nIf this is a development machine, remove the #{Bundler.default_gemfile} " \ - "freeze \nby running `#{suggested_command}`." - end - added = [] deleted = [] changed = [] @@ -435,52 +382,40 @@ module Bundler added.concat new_platforms.map {|p| "* platform: #{p}" } deleted.concat deleted_platforms.map {|p| "* platform: #{p}" } - gemfile_sources = sources.lock_sources - - new_sources = gemfile_sources - @locked_sources - deleted_sources = @locked_sources - gemfile_sources - - new_deps = @dependencies - @locked_deps.values - deleted_deps = @locked_deps.values - @dependencies - - # Check if it is possible that the source is only changed thing - if (new_deps.empty? && deleted_deps.empty?) && (!new_sources.empty? && !deleted_sources.empty?) - new_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) } - deleted_sources.reject! {|source| (source.path? && source.path.exist?) || equivalent_rubygems_remotes?(source) } - end - - if @locked_sources != gemfile_sources - if new_sources.any? - added.concat new_sources.map {|source| "* source: #{source}" } - end - - if deleted_sources.any? - deleted.concat deleted_sources.map {|source| "* source: #{source}" } - end - end - added.concat new_deps.map {|d| "* #{pretty_dep(d)}" } if new_deps.any? - if deleted_deps.any? - deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } - end + deleted.concat deleted_deps.map {|d| "* #{pretty_dep(d)}" } if deleted_deps.any? both_sources = Hash.new {|h, k| h[k] = [] } - @dependencies.each {|d| both_sources[d.name][0] = d } - @locked_deps.each {|name, d| both_sources[name][1] = d.source } + current_dependencies.each {|d| both_sources[d.name][0] = d } + current_locked_dependencies.each {|d| both_sources[d.name][1] = d } + + both_sources.each do |name, (dep, lock_dep)| + next if dep.nil? || lock_dep.nil? - both_sources.each do |name, (dep, lock_source)| - next if lock_source.nil? || (dep && lock_source.can_lock?(dep)) - gemfile_source_name = (dep && dep.source) || "no specified source" - lockfile_source_name = lock_source - changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`" + gemfile_source = dep.source || default_source + lock_source = lock_dep.source || default_source + next if lock_source.include?(gemfile_source) + + gemfile_source_name = dep.source ? gemfile_source.to_gemfile : "no specified source" + lockfile_source_name = lock_dep.source ? lock_source.to_gemfile : "no specified source" + changed << "* #{name} from `#{lockfile_source_name}` to `#{gemfile_source_name}`" end reason = change_reason - msg << "\n\n#{reason.split(", ").map(&:capitalize).join("\n")}" unless reason.strip.empty? + msg = String.new + msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because frozen mode is set" msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any? msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any? msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any? - msg << "\n" + msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n" + + unless explicit_flag + suggested_command = unless Bundler.settings.locations("frozen").keys.include?(:env) + "bundle config set frozen false" + end + msg << "If this is a development machine, remove the #{SharedHelpers.relative_lockfile_path} " \ + "freeze by running `#{suggested_command}`." if suggested_command + end raise ProductionError, msg if added.any? || deleted.any? || changed.any? || !nothing_changed? end @@ -519,8 +454,8 @@ module Bundler return if current_platform_locked? raise ProductionError, "Your bundle only supports platforms #{@platforms.map(&:to_s)} " \ - "but your local platform is #{Bundler.local_platform}. " \ - "Add the current platform to the lockfile with `bundle lock --add-platform #{Bundler.local_platform}` and try again." + "but your local platform is #{local_platform}. " \ + "Add the current platform to the lockfile with\n`bundle lock --add-platform #{local_platform}` and try again." end def add_platform(platform) @@ -529,7 +464,9 @@ module Bundler end def remove_platform(platform) - return if @platforms.delete(Gem::Platform.new(platform)) + removed_platform = @platforms.delete(Gem::Platform.new(platform)) + @removed_platform ||= removed_platform + return if removed_platform raise InvalidOption, "Unable to remove the platform `#{platform}` since the only platforms are #{@platforms.join ", "}" end @@ -539,22 +476,23 @@ module Bundler end end - def find_resolved_spec(current_spec) - specs.find_by_name_and_platform(current_spec.name, current_spec.platform) - end - - def find_indexed_specs(current_spec) - index[current_spec.name].select {|spec| spec.match_platform(current_spec.platform) }.sort_by(&:version) - end - attr_reader :sources private :sources - attr_reader :locked_gem_sources - private :locked_gem_sources - def nothing_changed? - !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform + !@source_changes && + !@dependency_changes && + !@new_platform && + !@path_changes && + !@local_changes && + !@missing_lockfile_dep && + !@unlocking_bundler && + !@locked_spec_with_missing_deps && + !@locked_spec_with_invalid_deps + end + + def no_resolve_needed? + !unlocking? && nothing_changed? end def unlocking? @@ -563,19 +501,171 @@ module Bundler private + def should_add_extra_platforms? + !lockfile_exists? && generic_local_platform_is_ruby? && !Bundler.settings[:force_ruby_platform] + end + + def lockfile_exists? + file_exists?(lockfile) + end + + def file_exists?(file) + file && File.exist?(file) + end + + def write_lock(file, preserve_unknown_sections) + return if Definition.no_lock + + contents = to_lock + + # Convert to \r\n if the existing lock has them + # i.e., Windows with `git config core.autocrlf=true` + contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match?("\r\n") + + if @locked_bundler_version + locked_major = @locked_bundler_version.segments.first + current_major = bundler_version_to_lock.segments.first + + updating_major = locked_major < current_major + end + + preserve_unknown_sections ||= !updating_major && (Bundler.frozen_bundle? || !(unlocking? || @unlocking_bundler)) + + if file_exists?(file) && lockfiles_equal?(@lockfile_contents, contents, preserve_unknown_sections) + return if Bundler.frozen_bundle? + SharedHelpers.filesystem_access(file) { FileUtils.touch(file) } + return + end + + if Bundler.frozen_bundle? + Bundler.ui.error "Cannot write a changed lockfile while frozen." + return + end + + SharedHelpers.filesystem_access(file) do |p| + File.open(p, "wb") {|f| f.puts(contents) } + end + end + + def resolver + @resolver ||= Resolver.new(resolution_packages, gem_version_promoter) + end + + def expanded_dependencies + dependencies_with_bundler + metadata_dependencies + end + + def dependencies_with_bundler + return dependencies unless @unlocking_bundler + return dependencies if dependencies.map(&:name).include?("bundler") + + [Dependency.new("bundler", @unlocking_bundler)] + dependencies + end + + def resolution_packages + @resolution_packages ||= begin + last_resolve = converge_locked_specs + remove_invalid_platforms!(current_dependencies) + packages = Resolver::Base.new(source_requirements, expanded_dependencies, last_resolve, @platforms, locked_specs: @originally_locked_specs, unlock: @unlock[:gems], prerelease: gem_version_promoter.pre?) + additional_base_requirements_for_resolve(packages, last_resolve) + end + end + + def filter_specs(specs, deps) + SpecSet.new(specs).for(deps, false, platforms) + end + + def materialize(dependencies) + specs = resolve.materialize(dependencies) + missing_specs = specs.missing_specs + + if missing_specs.any? + missing_specs.each do |s| + locked_gem = @locked_specs[s.name].last + next if locked_gem.nil? || locked_gem.version != s.version || !@remote + raise GemNotFound, "Your bundle is locked to #{locked_gem} from #{locked_gem.source}, but that version can " \ + "no longer be found in that source. That means the author of #{locked_gem} has removed it. " \ + "You'll need to update your bundle to a version other than #{locked_gem} that hasn't been " \ + "removed in order to install." + end + + missing_specs_list = missing_specs.group_by(&:source).map do |source, missing_specs_for_source| + "#{missing_specs_for_source.map(&:full_name).join(", ")} in #{source}" + end + + raise GemNotFound, "Could not find #{missing_specs_list.join(" nor ")}" + end + + incomplete_specs = specs.incomplete_specs + loop do + break if incomplete_specs.empty? + + Bundler.ui.debug("The lockfile does not have all gems needed for the current platform though, Bundler will still re-resolve dependencies") + setup_sources_for_resolve + resolution_packages.delete(incomplete_specs) + @resolve = start_resolution + specs = resolve.materialize(dependencies) + + still_incomplete_specs = specs.incomplete_specs + + if still_incomplete_specs == incomplete_specs + package = resolution_packages.get_package(incomplete_specs.first.name) + resolver.raise_not_found! package + end + + incomplete_specs = still_incomplete_specs + end + + bundler = sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last + specs["bundler"] = bundler + + specs + end + + def start_resolution + result = SpecSet.new(resolver.start) + + @resolved_bundler_version = result.find {|spec| spec.name == "bundler" }&.version + @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms? + + result.complete_platforms!(platforms) + + SpecSet.new(result.for(dependencies, false, @platforms)) + end + + def precompute_source_requirements_for_indirect_dependencies? + sources.non_global_rubygems_sources.all?(&:dependency_api_available?) && !sources.aggregate_global_source? + end + + def pin_locally_available_names(source_requirements) + source_requirements.each_with_object({}) do |(name, original_source), new_source_requirements| + local_source = original_source.dup + local_source.local_only! + + new_source_requirements[name] = if local_source.specs.search(name).any? + local_source + else + original_source + end + end + end + def current_ruby_platform_locked? - return false unless generic_local_platform == Gem::Platform::RUBY + return false unless generic_local_platform_is_ruby? + return false if Bundler.settings[:force_ruby_platform] && !@platforms.include?(Gem::Platform::RUBY) current_platform_locked? end def current_platform_locked? @platforms.any? do |bundle_platform| - MatchPlatform.platforms_match?(bundle_platform, Bundler.local_platform) + MatchPlatform.platforms_match?(bundle_platform, local_platform) end end def add_current_platform + return if current_ruby_platform_locked? + add_platform(local_platform) end @@ -597,12 +687,15 @@ module Bundler [@new_platform, "you added a new platform to your gemfile"], [@path_changes, "the gemspecs for path gems changed"], [@local_changes, "the gemspecs for git local gems changed"], - [@locked_specs_incomplete_for_platform, "the lockfile does not have all gems needed for the current platform"], + [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""], + [@unlocking_bundler, "an update to the version of Bundler itself was requested"], + [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"], + [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""], ].select(&:first).map(&:last).join(", ") end - def pretty_dep(dep, source = false) - SharedHelpers.pretty_dependency(dep, source) + def pretty_dep(dep) + SharedHelpers.pretty_dependency(dep) end # Check if the specs of the given source changed @@ -615,7 +708,7 @@ module Bundler def dependencies_for_source_changed?(source, locked_source = source) deps_for_source = @dependencies.select {|s| s.source == source } - locked_deps_for_source = @locked_deps.values.select {|dep| dep.source == locked_source } + locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source } deps_for_source.uniq.sort != locked_deps_for_source.sort end @@ -624,8 +717,7 @@ module Bundler locked_index = Index.new locked_index.use(@locked_specs.select {|s| source.can_lock?(s) }) - # order here matters, since Index#== is checking source.specs.include?(locked_index) - locked_index != source.specs + !locked_index.subset?(source.specs) rescue PathError, GitError => e Bundler.ui.debug "Assuming that #{source} has not changed since fetching its specs errored (#{e})" false @@ -639,8 +731,8 @@ module Bundler Bundler.settings.local_overrides.map do |k, v| spec = @dependencies.find {|s| s.name == k } - source = spec && spec.source - if source && source.respond_to?(:local_override!) + source = spec&.source + if source&.respond_to?(:local_override!) source.unlock! if @unlock[:gems].include?(spec.name) locals << [source, source.local_override!(v)] end @@ -652,6 +744,39 @@ module Bundler !sources_with_changes.each {|source| @unlock[:sources] << source.name }.empty? end + def check_lockfile + @missing_lockfile_dep = nil + + @locked_spec_with_invalid_deps = nil + @locked_spec_with_missing_deps = nil + + missing = [] + invalid = [] + + @locked_specs.each do |s| + validation = @locked_specs.validate_deps(s) + + missing << s if validation == :missing + invalid << s if validation == :invalid + end + + if missing.any? + @locked_specs.delete(missing) + + @locked_spec_with_missing_deps = missing.first.name + elsif !@dependency_changes + @missing_lockfile_dep = current_dependencies.find do |d| + @locked_specs[d.name].empty? && d.name != "bundler" + end&.name + end + + if invalid.any? + @locked_specs.delete(invalid) + + @locked_spec_with_invalid_deps = invalid.first.name + end + end + def converge_paths sources.path_sources.any? do |source| specs_changed?(source) @@ -676,37 +801,18 @@ module Bundler end end - def converge_rubygems_sources - return false if disable_multisource? - - return false if locked_gem_sources.empty? - - # Get the RubyGems remotes from the Gemfile - actual_remotes = sources.rubygems_remotes - return false if actual_remotes.empty? - - changes = false - - # If there is a RubyGems source in both - locked_gem_sources.each do |locked_gem| - # Merge the remotes from the Gemfile into the Gemfile.lock - changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes]) - end - - changes - end - def converge_sources - changes = false - - changes |= converge_rubygems_sources - # Replace the sources from the Gemfile with the sources from the Gemfile.lock, # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent # source in the Gemfile.lock, use the one from the Gemfile. - changes |= sources.replace_sources!(@locked_sources) + changes = sources.replace_sources!(@locked_sources) sources.all_sources.each do |source| + # has to be done separately, because we want to keep the locked checksum + # store for a source, even when doing a full update + if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } + source.checksum_store.merge!(locked_source.checksum_store) + end # If the source is unlockable and the current command allows an unlock of # the source (for example, you are doing a `bundle update <foo>` of a git-pinned # gem), unlock it. For git sources, this means to unlock the revision, which @@ -722,25 +828,16 @@ module Bundler end def converge_dependencies - frozen = Bundler.frozen_bundle? - (@dependencies + @locked_deps.values).each do |dep| - locked_source = @locked_deps[dep.name] - # This is to make sure that if bundler is installing in deployment mode and - # after locked_source and sources don't match, we still use locked_source. - if frozen && !locked_source.nil? && - locked_source.respond_to?(:source) && locked_source.source.instance_of?(Source::Path) && locked_source.source.path.exist? - dep.source = locked_source.source - elsif dep.source + changes = false + + @dependencies.each do |dep| + if dep.source dep.source = sources.get(dep.source) end - end - changes = false - # We want to know if all match, but don't want to check all entries - # This means we need to return false if any dependency doesn't match - # the lock or doesn't exist in the lock. - @dependencies.each do |dependency| - unless locked_dep = @locked_deps[dependency.name] + next if unlocking? + + unless locked_dep = @locked_deps[dep.name] changes = true next end @@ -751,11 +848,11 @@ module Bundler # directive, the lockfile dependencies and resolved dependencies end up # with a mismatch on #type. Work around that by setting the type on the # dep from the lockfile. - locked_dep.instance_variable_set(:@type, dependency.type) + locked_dep.instance_variable_set(:@type, dep.type) # We already know the name matches from the hash lookup # so we only need to check the requirement now - changes ||= dependency.requirement != locked_dep.requirement + changes ||= dep.requirement != locked_dep.requirement end changes @@ -765,179 +862,146 @@ module Bundler # commonly happen if the Gemfile has changed since the lockfile was last # generated def converge_locked_specs - deps = [] + converged = converge_specs(@locked_specs) - # Build a list of dependencies that are the same in the Gemfile - # and Gemfile.lock. If the Gemfile modified a dependency, but - # the gem in the Gemfile.lock still satisfies it, this is fine - # too. - @dependencies.each do |dep| - locked_dep = @locked_deps[dep.name] + resolve = SpecSet.new(converged.reject {|s| @unlock[:gems].include?(s.name) }) - # If the locked_dep doesn't match the dependency we're looking for then we ignore the locked_dep - locked_dep = nil unless locked_dep == dep + diff = nil - if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep) - deps << dep - elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source) - @locked_specs.each do |s| - @unlock[:gems] << s.name if s.source == dep.source - end + # Now, we unlock any sources that do not have anymore gems pinned to it + sources.all_sources.each do |source| + next unless source.respond_to?(:unlock!) - dep.source.unlock! if dep.source.respond_to?(:unlock!) - dep.source.specs.each {|s| @unlock[:gems] << s.name } + unless resolve.any? {|s| s.source == source } + diff ||= @locked_specs.to_a - resolve.to_a + source.unlock! if diff.any? {|s| s.source == source } end end - unlock_source_unlocks_spec = Bundler.feature_flag.unlock_source_unlocks_spec? + resolve + end + def converge_specs(specs) converged = [] - @locked_specs.each do |s| - # Replace the locked dependency's source with the equivalent source from the Gemfile + deps = [] + + @specs_that_changed_sources = [] + + specs.each do |s| + name = s.name dep = @dependencies.find {|d| s.satisfies?(d) } - s.source = (dep && dep.source) || sources.get(s.source) + lockfile_source = s.source - # Don't add a spec to the list if its source is expired. For example, - # if you change a Git gem to RubyGems. - next if s.source.nil? - next if @unlock[:sources].include?(s.source.name) + if dep + gemfile_source = dep.source || default_source - # XXX This is a backwards-compatibility fix to preserve the ability to - # unlock a single gem by passing its name via `--source`. See issue #3759 - # TODO: delete in Bundler 2 - next if unlock_source_unlocks_spec && @unlock[:sources].include?(s.name) + @specs_that_changed_sources << s if gemfile_source != lockfile_source + deps << dep if !dep.source || lockfile_source.include?(dep.source) + @unlock[:gems] << name if lockfile_source.include?(dep.source) && lockfile_source != gemfile_source - # If the spec is from a path source and it doesn't exist anymore - # then we unlock it. + # Replace the locked dependency's source with the equivalent source from the Gemfile + s.source = gemfile_source + else + # Replace the locked dependency's source with the default source, if the locked source is no longer in the Gemfile + s.source = default_source unless sources.get(lockfile_source) + end + + next if @unlock[:sources].include?(s.source.name) # Path sources have special logic if s.source.instance_of?(Source::Path) || s.source.instance_of?(Source::Gemspec) new_specs = begin s.source.specs - rescue PathError, GitError + rescue PathError # if we won't need the source (according to the lockfile), - # don't error if the path/git source isn't available - next if @locked_specs. - for(requested_dependencies, [], false, true, false). + # don't error if the path source isn't available + next if specs. + for(requested_dependencies, false). none? {|locked_spec| locked_spec.source == s.source } raise end new_spec = new_specs[s].first - - # If the spec is no longer in the path source, unlock it. This - # commonly happens if the version changed in the gemspec - next unless new_spec - - s.dependencies.replace(new_spec.dependencies) + if new_spec + s.dependencies.replace(new_spec.dependencies) + else + # If the spec is no longer in the path source, unlock it. This + # commonly happens if the version changed in the gemspec + @unlock[:gems] << name + end end - converged << s - end - - resolve = SpecSet.new(converged) - @locked_specs_incomplete_for_platform = !resolve.for(expand_dependencies(requested_dependencies & deps), @unlock[:gems], true, true) - resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems], false, false, false) - diff = nil - - # Now, we unlock any sources that do not have anymore gems pinned to it - sources.all_sources.each do |source| - next unless source.respond_to?(:unlock!) - - unless resolve.any? {|s| s.source == source } - diff ||= @locked_specs.to_a - resolve.to_a - source.unlock! if diff.any? {|s| s.source == source } + if dep.nil? && requested_dependencies.find {|d| name == d.name } + @unlock[:gems] << s.name + else + converged << s end end - resolve - end - - def in_locked_deps?(dep, locked_dep) - # Because the lockfile can't link a dep to a specific remote, we need to - # treat sources as equivalent anytime the locked dep has all the remotes - # that the Gemfile dep does. - locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source) - end - - def satisfies_locked_spec?(dep) - @locked_specs[dep].any? {|s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) } + filter_specs(converged, deps) end def metadata_dependencies - @metadata_dependencies ||= begin - ruby_versions = ruby_version_requirements(@ruby_version) - [ - Dependency.new("Ruby\0", ruby_versions), - Dependency.new("RubyGems\0", Gem::VERSION), - ] - end - end - - def ruby_version_requirements(ruby_version) - return [] unless ruby_version - if ruby_version.patchlevel - [ruby_version.to_gem_version_with_patchlevel] - else - ruby_version.versions.map do |version| - requirement = Gem::Requirement.new(version) - if requirement.exact? - "~> #{version}.0" - else - requirement - end - end - end - end - - def expand_dependencies(dependencies, remote = false) - deps = [] - dependencies.each do |dep| - dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name) - next unless remote || dep.current_platform? - target_platforms = dep.gem_platforms(remote ? @platforms : [generic_local_platform]) - deps += expand_dependency_with_platforms(dep, target_platforms) - end - deps - end - - def expand_dependency_with_platforms(dep, platforms) - platforms.map do |p| - DepProxy.get_proxy(dep, p) - end + @metadata_dependencies ||= [ + Dependency.new("Ruby\0", Bundler::RubyVersion.system.gem_version), + Dependency.new("RubyGems\0", Gem::VERSION), + ] end def source_requirements - # Load all specs from remote sources - index - # Record the specs available in each gem's source, so that those # specs will be available later when the resolver knows where to # look for that gemspec (or its dependencies) - source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements) + source_requirements = if precompute_source_requirements_for_indirect_dependencies? + all_requirements = source_map.all_requirements + all_requirements = pin_locally_available_names(all_requirements) if @prefer_local + { default: default_source }.merge(all_requirements) + else + { default: Source::RubygemsAggregate.new(sources, source_map) }.merge(source_map.direct_requirements) + end + source_requirements.merge!(source_map.locked_requirements) unless @remote metadata_dependencies.each do |dep| source_requirements[dep.name] = sources.metadata_source end - source_requirements[:global] = index unless Bundler.feature_flag.disable_multisource? - source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default] - source_requirements["bundler"] = sources.metadata_source # needs to come last to override + + default_bundler_source = source_requirements["bundler"] || default_source + + if @unlocking_bundler + default_bundler_source.add_dependency_names("bundler") + else + source_requirements[:default_bundler] = default_bundler_source + source_requirements["bundler"] = sources.metadata_source # needs to come last to override + end + + verify_changed_sources! source_requirements end - def pinned_spec_names(skip = nil) - dependency_source_requirements.reject {|_, source| source == skip }.keys + def default_source + sources.default_source + end + + def verify_changed_sources! + @specs_that_changed_sources.each do |s| + if s.source.specs.search(s.name).empty? + raise GemNotFound, "Could not find gem '#{s.name}' in #{s.source}" + end + end end def requested_groups - groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with] + values = groups - Bundler.settings[:without] - @optional_groups + Bundler.settings[:with] + values &= Bundler.settings[:only] unless Bundler.settings[:only].empty? + values end def lockfiles_equal?(current, proposed, preserve_unknown_sections) if preserve_unknown_sections sections_to_ignore = LockfileParser.sections_to_ignore(@locked_bundler_version) sections_to_ignore += LockfileParser.unknown_sections_in_lockfile(current) - sections_to_ignore += LockfileParser::ENVIRONMENT_VERSION_SECTIONS + sections_to_ignore << LockfileParser::RUBY + sections_to_ignore << LockfileParser::BUNDLED unless @unlocking_bundler pattern = /#{Regexp.union(sections_to_ignore)}\n(\s{2,}.*\n)+/ whitespace_cleanup = /\n{2,}/ current = current.gsub(pattern, "\n").gsub(whitespace_cleanup, "\n\n").strip @@ -946,54 +1010,32 @@ module Bundler current == proposed end - def extract_gem_info(error) - # This method will extract the error message like "Could not find foo-1.2.3 in any of the sources" - # to an array. The first element will be the gem name (e.g. foo), the second will be the version number. - error.message.scan(/Could not find (\w+)-(\d+(?:\.\d+)+)/).flatten - end - - def compute_requires - dependencies.reduce({}) do |requires, dep| - next requires unless dep.should_include? - requires[dep.name] = Array(dep.autorequire || dep.name).map do |file| - # Allow `require: true` as an alias for `require: <name>` - file == true ? dep.name : file - end - requires + def additional_base_requirements_for_resolve(resolution_packages, last_resolve) + return resolution_packages unless @locked_gems && !sources.expired_sources?(@locked_gems.sources) + converge_specs(@originally_locked_specs - last_resolve).each do |locked_spec| + next if locked_spec.source.is_a?(Source::Path) + resolution_packages.base_requirements[locked_spec.name] = Gem::Requirement.new(">= #{locked_spec.version}") end + resolution_packages end - def additional_base_requirements_for_resolve - return [] unless @locked_gems - dependencies_by_name = dependencies.inject({}) {|memo, dep| memo.update(dep.name => dep) } - @locked_gems.specs.reduce({}) do |requirements, locked_spec| - name = locked_spec.name - dependency = dependencies_by_name[name] - next requirements unless dependency - next requirements if @locked_gems.dependencies[name] != dependency - next requirements if dependency.source.is_a?(Source::Path) - dep = Gem::Dependency.new(name, ">= #{locked_spec.version}") - requirements[name] = DepProxy.get_proxy(dep, locked_spec.platform) - requirements - end.values - end + def remove_invalid_platforms!(dependencies) + return if Bundler.frozen_bundle? - def equivalent_rubygems_remotes?(source) - return false unless source.is_a?(Source::Rubygems) + platforms.reverse_each do |platform| + next if local_platform == platform || + (@new_platform && platforms.last == platform) || + @path_changes || + @dependency_changes || + !@originally_locked_specs.incomplete_for_platform?(dependencies, platform) - Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes) + remove_platform(platform) + add_current_platform if platform == Gem::Platform::RUBY + end end - def dependency_source_requirements - @dependency_source_requirements ||= begin - source_requirements = {} - default = sources.default_source - dependencies.each do |dep| - dep_source = dep.source || default - source_requirements[dep.name] = dep_source - end - source_requirements - end + def source_map + @source_map ||= SourceMap.new(sources, dependencies, @locked_specs) end end end |