From 0476ce0370c1ee56de690d43c15d5e8d7893dedd Mon Sep 17 00:00:00 2001 From: Hiroshi SHIBATA Date: Wed, 10 Mar 2021 12:08:20 +0900 Subject: Merge RubyGems-3.2.14 and Bundler-2.2.14 --- lib/bundler/compact_index_client/updater.rb | 2 +- lib/bundler/definition.rb | 22 +++++++++++++++++++--- lib/bundler/dsl.rb | 9 +++------ lib/bundler/installer/parallel_installer.rb | 14 ++++++-------- lib/bundler/lockfile_parser.rb | 18 ++---------------- lib/bundler/plugin/api/source.rb | 7 +++++++ lib/bundler/source.rb | 6 ++++++ lib/bundler/source/metadata.rb | 4 ---- lib/bundler/source/rubygems.rb | 24 ++++++++++++++++++++---- lib/bundler/source_list.rb | 18 ++++++++++++++---- lib/bundler/spec_set.rb | 2 ++ lib/bundler/version.rb | 2 +- lib/rubygems.rb | 2 +- lib/rubygems/platform.rb | 10 +++------- lib/rubygems/remote_fetcher.rb | 11 +++-------- 15 files changed, 88 insertions(+), 63 deletions(-) (limited to 'lib') diff --git a/lib/bundler/compact_index_client/updater.rb b/lib/bundler/compact_index_client/updater.rb index 7959e5c089..9e0180fac7 100644 --- a/lib/bundler/compact_index_client/updater.rb +++ b/lib/bundler/compact_index_client/updater.rb @@ -54,7 +54,7 @@ module Bundler if response.is_a?(Net::HTTPPartialContent) && local_temp_path.size.nonzero? local_temp_path.open("a") {|f| f << slice_body(content, 1..-1) } else - local_temp_path.open("w") {|f| f << content } + local_temp_path.open("wb") {|f| f << content } end end diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index a09d661a07..686721cd32 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -106,6 +106,17 @@ module Bundler @locked_platforms = [] end + @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } + @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?) + + unless @disable_multisource + msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch." + + Bundler::SharedHelpers.major_deprecation 2, msg + + @sources.merged_gem_lockfile_sections! + end + @unlock[:gems] ||= [] @unlock[:sources] ||= [] @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object @@ -145,6 +156,10 @@ module Bundler end end + def disable_multisource? + @disable_multisource + end + def resolve_with_cache! raise "Specs already loaded" if @specs sources.cached! @@ -530,6 +545,9 @@ module Bundler attr_reader :sources private :sources + attr_reader :locked_gem_sources + private :locked_gem_sources + def nothing_changed? !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform end @@ -654,10 +672,8 @@ module Bundler end def converge_rubygems_sources - return false if Bundler.feature_flag.disable_multisource? + return false if disable_multisource? - # Get the RubyGems sources from the Gemfile.lock - locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } return false if locked_gem_sources.empty? # Get the RubyGems remotes from the Gemfile diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb index 23fba99ffa..313d1a9a41 100644 --- a/lib/bundler/dsl.rb +++ b/lib/bundler/dsl.rb @@ -460,19 +460,16 @@ repo_name ||= user_name @sources.add_rubygems_remote(source) end - if Bundler.feature_flag.disable_multisource? + if Bundler.feature_flag.bundler_3_mode? msg = "This Gemfile contains multiple primary sources. " \ "Each source after the first must include a block to indicate which gems " \ - "should come from that source. To downgrade this error to a warning, run " \ - "`bundle config unset disable_multisource`" + "should come from that source" raise GemfileEvalError, msg else Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \ "Using `source` more than once without a block is a security risk, and " \ "may result in installing unexpected gems. To resolve this warning, use " \ - "a block to indicate which gems should come from the secondary source. " \ - "To upgrade this warning to an error, run `bundle config set --local " \ - "disable_multisource true`." + "a block to indicate which gems should come from the secondary source." end end diff --git a/lib/bundler/installer/parallel_installer.rb b/lib/bundler/installer/parallel_installer.rb index a6d1de29e6..c3bf5843b7 100644 --- a/lib/bundler/installer/parallel_installer.rb +++ b/lib/bundler/installer/parallel_installer.rb @@ -27,13 +27,8 @@ module Bundler state == :failed end - def installation_attempted? - installed? || failed? - end - - # Only true when spec in neither installed nor already enqueued def ready_to_enqueue? - !enqueued? && !installation_attempted? + state == :none end def has_post_install_message? @@ -93,6 +88,11 @@ module Bundler def call check_for_corrupt_lockfile + if @rake + do_install(@rake, 0) + Gem::Specification.reset + end + if @size > 1 install_with_worker else @@ -217,8 +217,6 @@ module Bundler # are installed. def enqueue_specs @specs.select(&:ready_to_enqueue?).each do |spec| - next if @rake && !@rake.installed? && spec.name != @rake.name - if spec.dependencies_installed? @specs spec.state = :enqueued worker_pool.enq spec diff --git a/lib/bundler/lockfile_parser.rb b/lib/bundler/lockfile_parser.rb index 058d353bbe..f87faff70c 100644 --- a/lib/bundler/lockfile_parser.rb +++ b/lib/bundler/lockfile_parser.rb @@ -131,18 +131,8 @@ module Bundler @sources << @current_source end when GEM - source_remotes = Array(@opts["remote"]) - - if source_remotes.size == 1 - @opts["remotes"] = @opts.delete("remote") - @current_source = TYPES[@type].from_lock(@opts) - else - source_remotes.each do |url| - rubygems_aggregate.add_remote(url) - end - @current_source = rubygems_aggregate - end - + @opts["remotes"] = Array(@opts.delete("remote")).reverse + @current_source = TYPES[@type].from_lock(@opts) @sources << @current_source when PLUGIN @current_source = Plugin.source_from_lock(@opts) @@ -245,9 +235,5 @@ module Bundler def parse_ruby(line) @ruby_version = line.strip end - - def rubygems_aggregate - @rubygems_aggregate ||= Source::Rubygems.new - end end end diff --git a/lib/bundler/plugin/api/source.rb b/lib/bundler/plugin/api/source.rb index e1f0826874..d70a16f4bc 100644 --- a/lib/bundler/plugin/api/source.rb +++ b/lib/bundler/plugin/api/source.rb @@ -140,6 +140,13 @@ module Bundler end end + # Set internal representation to fetch the gems/specs locally. + # + # When this is called, the source should try to fetch the specs and + # install from the local system. + def local! + end + # Set internal representation to fetch the gems/specs from remote. # # When this is called, the source should try to fetch the specs and diff --git a/lib/bundler/source.rb b/lib/bundler/source.rb index be00143f5a..a3f4b09cce 100644 --- a/lib/bundler/source.rb +++ b/lib/bundler/source.rb @@ -33,6 +33,12 @@ module Bundler spec.source == self end + def local!; end + + def cached!; end + + def remote!; end + # it's possible that gems from one source depend on gems from some # other source, so now we download gemspecs and iterate over those # dependencies, looking for gems we don't have info on yet. diff --git a/lib/bundler/source/metadata.rb b/lib/bundler/source/metadata.rb index 0867879861..50b65ce0ea 100644 --- a/lib/bundler/source/metadata.rb +++ b/lib/bundler/source/metadata.rb @@ -33,10 +33,6 @@ module Bundler end end - def cached!; end - - def remote!; end - def options {} end diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 5b89b1645d..cede580b0a 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -20,17 +20,29 @@ module Bundler @dependency_names = [] @allow_remote = false @allow_cached = false + @allow_local = options["allow_local"] || false @caches = [cache_path, *Bundler.rubygems.gem_cache] - Array(options["remotes"] || []).reverse_each {|r| add_remote(r) } + Array(options["remotes"]).reverse_each {|r| add_remote(r) } + end + + def local! + return if @allow_local + + @specs = nil + @allow_local = true end def remote! + return if @allow_remote + @specs = nil @allow_remote = true end def cached! + return if @allow_cached + @specs = nil @allow_cached = true end @@ -49,8 +61,12 @@ module Bundler o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty? end + def disable_multisource? + @remotes.size <= 1 + end + def can_lock?(spec) - return super if Bundler.feature_flag.disable_multisource? + return super if disable_multisource? spec.source.is_a?(Rubygems) end @@ -87,7 +103,7 @@ module Bundler # small_idx.use large_idx. idx = @allow_remote ? remote_specs.dup : Index.new idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote - idx.use(installed_specs, :override_dupes) + idx.use(installed_specs, :override_dupes) if @allow_local idx end end @@ -365,7 +381,7 @@ module Bundler def cached_specs @cached_specs ||= begin - idx = installed_specs.dup + idx = @allow_local ? installed_specs.dup : Index.new Dir["#{cache_path}/*.gem"].each do |gemfile| next if gemfile =~ /^bundler\-[\d\.]+?\.gem/ diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index 44b167ca3e..51698af46e 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -9,7 +9,7 @@ module Bundler :metadata_source def global_rubygems_source - @global_rubygems_source ||= rubygems_aggregate_class.new + @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true) end def initialize @@ -20,6 +20,16 @@ module Bundler @global_path_source = nil @rubygems_sources = [] @metadata_source = Source::Metadata.new + + @disable_multisource = true + end + + def disable_multisource? + @disable_multisource + end + + def merged_gem_lockfile_sections! + @disable_multisource = false end def add_path_source(options = {}) @@ -47,7 +57,7 @@ module Bundler end def global_rubygems_source=(uri) - @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri) + @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri, "allow_local" => true) end def add_rubygems_remote(uri) @@ -77,7 +87,7 @@ module Bundler def lock_sources lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s) - if Bundler.feature_flag.disable_multisource? + if disable_multisource? lock_sources + rubygems_sources.sort_by(&:to_s) else lock_sources << combine_rubygems_sources @@ -94,7 +104,7 @@ module Bundler end end - replacement_rubygems = !Bundler.feature_flag.disable_multisource? && + replacement_rubygems = !disable_multisource? && replacement_sources.detect {|s| s.is_a?(Source::Rubygems) } @global_rubygems_source = replacement_rubygems if replacement_rubygems diff --git a/lib/bundler/spec_set.rb b/lib/bundler/spec_set.rb index 399c91fea5..dfc3114c41 100644 --- a/lib/bundler/spec_set.rb +++ b/lib/bundler/spec_set.rb @@ -82,6 +82,7 @@ module Bundler materialized.map! do |s| next s unless s.is_a?(LazySpecification) s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=) + s.source.local! spec = s.__materialize__ unless spec unless missing_specs @@ -102,6 +103,7 @@ module Bundler @specs.map do |s| next s unless s.is_a?(LazySpecification) s.source.dependency_names = names if s.source.respond_to?(:dependency_names=) + s.source.local! s.source.remote! spec = s.__materialize__ raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 46c5ecb2f3..5e71e22df8 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false module Bundler - VERSION = "2.2.13".freeze + VERSION = "2.2.14".freeze def self.bundler_major_version @bundler_major_version ||= VERSION.split(".").first.to_i diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 609517e1e7..682360264a 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -8,7 +8,7 @@ require 'rbconfig' module Gem - VERSION = "3.2.13".freeze + VERSION = "3.2.14".freeze end # Must be first since it unloads the prelude from 1.9.2 diff --git a/lib/rubygems/platform.rb b/lib/rubygems/platform.rb index e01d0494d6..fd1c0a62ac 100644 --- a/lib/rubygems/platform.rb +++ b/lib/rubygems/platform.rb @@ -66,7 +66,7 @@ class Gem::Platform when String then arch = arch.split '-' - if arch.length > 2 and arch.last !~ /\d+(\.\d+)?$/ # reassemble x86-linux-{libc} + if arch.length > 2 and arch.last !~ /\d/ # reassemble x86-linux-gnu extra = arch.pop arch.last << "-#{extra}" end @@ -146,8 +146,7 @@ class Gem::Platform ## # Does +other+ match this platform? Two platforms match if they have the # same CPU, or either has a CPU of 'universal', they have the same OS, and - # they have the same version, or either has no version (except for 'linux' - # where the version is the libc name, with no version standing for 'gnu') + # they have the same version, or either has no version. # # Additionally, the platform will match if the local CPU is 'arm' and the # other CPU starts with "arm" (for generic ARM family support). @@ -163,10 +162,7 @@ class Gem::Platform @os == other.os and # version - ( - (@os != 'linux' and (@version.nil? or other.version.nil?)) or - @version == other.version - ) + (@version.nil? or other.version.nil? or @version == other.version) end ## diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb index 7ac334d30d..da7b46e06e 100644 --- a/lib/rubygems/remote_fetcher.rb +++ b/lib/rubygems/remote_fetcher.rb @@ -51,6 +51,7 @@ class Gem::RemoteFetcher class UnknownHostError < FetchError end + deprecate_constant(:UnknownHostError) @fetcher = nil @@ -262,15 +263,9 @@ class Gem::RemoteFetcher end data - rescue Timeout::Error - raise UnknownHostError.new('timed out', uri) - rescue IOError, SocketError, SystemCallError, + rescue Timeout::Error, IOError, SocketError, SystemCallError, *(OpenSSL::SSL::SSLError if Gem::HAVE_OPENSSL) => e - if e.message =~ /getaddrinfo/ - raise UnknownHostError.new('no such name', uri) - else - raise FetchError.new("#{e.class}: #{e}", uri) - end + raise FetchError.new("#{e.class}: #{e}", uri) end def fetch_s3(uri, mtime = nil, head = false) -- cgit v1.2.3