bundler 1.13.0.rc.1 → 1.13.0.rc.2

data/lib/bundler/shared_helpers.rb

@@ -23,7 +23,7 @@ module Bundler
     def default_gemfile
       gemfile = find_gemfile
       raise GemfileNotFound, "Could not locate Gemfile" unless gemfile
-      Pathname.new(gemfile)
+      Pathname.new(gemfile).untaint
     end
 
     def default_lockfile
@@ -32,7 +32,7 @@ module Bundler
       case gemfile.basename.to_s
       when "gems.rb" then Pathname.new(gemfile.sub(/.rb$/, ".locked"))
       else Pathname.new("#{gemfile}.lock")
-      end
+      end.untaint
     end
 
     def default_bundle_dir
@@ -102,7 +102,7 @@ module Bundler
     #
     # @see {Bundler::PermissionError}
     def filesystem_access(path, action = :write)
-      yield path
+      yield path.dup.untaint
     rescue Errno::EACCES
       raise PermissionError.new(path, action)
     rescue Errno::EAGAIN
@@ -128,6 +128,7 @@ module Bundler
     end
 
     def print_major_deprecations!
+      deprecate_gemfile(find_gemfile) if find_gemfile == find_file("Gemfile")
       if RUBY_VERSION < "2"
         major_deprecation("Bundler will only support ruby >= 2.0, you are running #{RUBY_VERSION}")
       end
@@ -140,7 +141,6 @@ module Bundler
     def find_gemfile
       given = ENV["BUNDLE_GEMFILE"]
       return given if given && !given.empty?
-
       find_file("Gemfile", "gems.rb")
     end
 
@@ -158,7 +158,7 @@ module Bundler
 
     def search_up(*names)
       previous = nil
-      current  = File.expand_path(SharedHelpers.pwd)
+      current  = File.expand_path(SharedHelpers.pwd).untaint
 
       until !File.directory?(current) || current == previous
         if ENV["BUNDLE_SPEC_RUN"]
@@ -230,6 +230,12 @@ module Bundler
       true
     end
 
+    def deprecate_gemfile(gemfile)
+      return unless gemfile && File.basename(gemfile) == "Gemfile"
+      Bundler::SharedHelpers.major_deprecation \
+        "gems.rb and gems.locked will be prefered to Gemfile and Gemfile.lock."
+    end
+
     extend self
   end
 end

data/lib/bundler/source/gemspec.rb

@@ -8,6 +8,10 @@ module Bundler
         super
         @gemspec = options["gemspec"]
       end
+
+      def as_path_source
+        Path.new(options)
+      end
     end
   end
 end

data/lib/bundler/source/git.rb

@@ -152,7 +152,7 @@ module Bundler
         set_local!(app_cache_path) if has_app_cache? && !local?
 
         if requires_checkout? && !@copied
-          git_proxy.checkout
+          fetch
           git_proxy.copy_to(install_path, submodules)
           serialize_gemspecs_in(install_path)
           @copied = true
@@ -170,7 +170,7 @@ module Bundler
           serialize_gemspecs_in(install_path)
           @copied = true
         end
-        generate_bin(spec)
+        generate_bin(spec, !Bundler.rubygems.spec_missing_extensions?(spec))
 
         requires_checkout? ? spec.post_install_message : nil
       end
@@ -223,10 +223,6 @@ module Bundler
 
     private
 
-      def build_extensions(installer)
-        super if Bundler.rubygems.spec_missing_extensions?(installer.spec)
-      end
-
       def serialize_gemspecs_in(destination)
         destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|
@@ -292,6 +288,13 @@ module Bundler
       def git_proxy
         @git_proxy ||= GitProxy.new(cache_path, uri, ref, cached_revision, self)
       end
+
+      def fetch
+        git_proxy.checkout
+      rescue GitError
+        raise unless Bundler.settings[:allow_offline_install]
+        Bundler.ui.warn "Using cached git data because of network errors"
+      end
     end
   end
 end

data/lib/bundler/source/git/git_proxy.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require "tempfile"
 module Bundler
   class Source
     class Git < Path
@@ -80,6 +81,10 @@ module Bundler
         end
 
         def version
+          git("--version").match(/(git version\s*)?((\.?\d+)+).*/)[2]
+        end
+
+        def full_version
           git("--version").sub("git version", "").strip
         end
 
@@ -110,7 +115,7 @@ module Bundler
                 FileUtils.rm_rf(p)
               end
               git_retry %(clone --no-checkout --quiet "#{path}" "#{destination}")
-              File.chmod(((File.stat(destination).mode | 0777) & ~File.umask), destination)
+              File.chmod(((File.stat(destination).mode | 0o777) & ~File.umask), destination)
             rescue Errno::EEXIST => e
               file_path = e.message[%r{.*?(/.*)}, 1]
               raise GitError, "Bundler could not install a gem because it needs to " \
@@ -143,7 +148,7 @@ module Bundler
         end
 
         def git_retry(command)
-          Bundler::Retry.new("git #{command}", GitNotAllowedError).attempts do
+          Bundler::Retry.new("`git #{command}`", GitNotAllowedError).attempts do
             git(command)
           end
         end
@@ -152,7 +157,9 @@ module Bundler
           command_with_no_credentials = URICredentialsFilter.credential_filtered_string(command, uri)
           raise GitNotAllowedError.new(command_with_no_credentials) unless allow?
 
-          out = SharedHelpers.with_clean_git_env { `git #{command}` }
+          out = SharedHelpers.with_clean_git_env do
+            capture_and_filter_stderr(uri) { `git #{command}` }
+          end
 
           stdout_with_no_credentials = URICredentialsFilter.credential_filtered_string(out, uri)
           raise GitCommandError.new(command_with_no_credentials, path, error_msg) if check_errors && !$?.success?
@@ -216,6 +223,23 @@ module Bundler
           return in_path { yield } if allow?
           raise GitError, "The git source #{uri} is not yet checked out. Please run `bundle install` before trying to start your application"
         end
+
+        def capture_and_filter_stderr(uri)
+          return_value, captured_err = ""
+          backup_stderr = STDERR.dup
+          begin
+            Tempfile.open("captured_stderr") do |f|
+              STDERR.reopen(f)
+              return_value = yield
+              f.rewind
+              captured_err = f.read
+            end
+          ensure
+            STDERR.reopen backup_stderr
+          end
+          $stderr.puts URICredentialsFilter.credential_filtered_string(captured_err, uri) if uri && !captured_err.empty?
+          return_value
+        end
       end
     end
   end

data/lib/bundler/source/path.rb

@@ -11,7 +11,7 @@ module Bundler
       DEFAULT_GLOB = "{,*,*/*}.gemspec".freeze
 
       def initialize(options)
-        @options = options
+        @options = options.dup
         @glob = options["glob"] || DEFAULT_GLOB
 
         @allow_cached = false
@@ -60,7 +60,7 @@ module Bundler
       end
 
       def eql?(other)
-        return unless other.class == Path || other.class == Gemspec
+        return unless other.class == self.class
         expanded_path == expand(other.path) &&
           version == other.version
       end
@@ -203,13 +203,8 @@ module Bundler
           end
         end.compact
 
-        SharedHelpers.chdir(gem_dir) do
-          installer = Path::Installer.new(spec, :env_shebang => false)
-          run_hooks(:pre_install, installer)
-          build_extensions(installer) unless disable_extensions
-          installer.generate_bin
-          run_hooks(:post_install, installer)
-        end
+        installer = Path::Installer.new(spec, :env_shebang => false, :disable_extensions => disable_extensions)
+        installer.post_install
       rescue Gem::InvalidSpecificationException => e
         Bundler.ui.warn "\n#{spec.name} at #{spec.full_gem_path} did not have a valid gemspec.\n" \
                         "This prevents bundler from installing bins or native extensions, but " \
@@ -223,23 +218,6 @@ module Bundler
 
         Bundler.ui.warn "The validation message from Rubygems was:\n  #{e.message}"
       end
-
-      def build_extensions(installer)
-        installer.build_extensions
-        run_hooks(:post_build, installer)
-      end
-
-      def run_hooks(type, installer)
-        hooks_meth = "#{type}_hooks"
-        return unless Gem.respond_to?(hooks_meth)
-        Gem.send(hooks_meth).each do |hook|
-          result = hook.call(installer)
-          next unless result == false
-          location = " at #{$1}" if hook.inspect =~ /@(.*:\d+)/
-          message = "#{type} hook#{location} failed for #{installer.spec.full_name}"
-          raise InstallHookError, message
-        end
-      end
     end
   end
 end

data/lib/bundler/source/path/installer.rb

@@ -6,13 +6,14 @@ module Bundler
         attr_reader :spec
 
         def initialize(spec, options = {})
-          @spec              = spec
-          @gem_dir           = Bundler.rubygems.path(spec.full_gem_path)
-          @wrappers          = true
-          @env_shebang       = true
-          @format_executable = options[:format_executable] || false
-          @build_args        = options[:build_args] || Bundler.rubygems.build_args
-          @gem_bin_dir       = "#{Bundler.rubygems.gem_dir}/bin"
+          @spec               = spec
+          @gem_dir            = Bundler.rubygems.path(spec.full_gem_path)
+          @wrappers           = true
+          @env_shebang        = true
+          @format_executable  = options[:format_executable] || false
+          @build_args         = options[:build_args] || Bundler.rubygems.build_args
+          @gem_bin_dir        = "#{Bundler.rubygems.gem_dir}/bin"
+          @disable_extentions = options[:disable_extensions]
 
           if Bundler.requires_sudo?
             @tmp_dir = Bundler.tmp(spec.full_name).to_s
@@ -22,9 +23,26 @@ module Bundler
           end
         end
 
-        def generate_bin
-          return if spec.executables.nil? || spec.executables.empty?
+        def post_install
+          SharedHelpers.chdir(@gem_dir) do
+            run_hooks(:pre_install)
+
+            unless @disable_extentions
+              build_extensions
+              run_hooks(:post_build)
+            end
+
+            generate_bin unless spec.executables.nil? || spec.executables.empty?
+
+            run_hooks(:post_install)
+          end
+        ensure
+          Bundler.rm_rf(@tmp_dir) if Bundler.requires_sudo?
+        end
+
+      private
 
+        def generate_bin
           super
 
           if Bundler.requires_sudo?
@@ -35,8 +53,18 @@ module Bundler
               Bundler.sudo "cp -R #{@bin_dir}/#{exe} #{@gem_bin_dir}"
             end
           end
-        ensure
-          Bundler.rm_rf(@tmp_dir) if Bundler.requires_sudo?
+        end
+
+        def run_hooks(type)
+          hooks_meth = "#{type}_hooks"
+          return unless Gem.respond_to?(hooks_meth)
+          Gem.send(hooks_meth).each do |hook|
+            result = hook.call(self)
+            next unless result == false
+            location = " at #{$1}" if hook.inspect =~ /@(.*:\d+)/
+            message = "#{type} hook#{location} failed for #{spec.full_name}"
+            raise InstallHookError, message
+          end
         end
       end
     end

data/lib/bundler/source/rubygems.rb

@@ -134,7 +134,7 @@ module Bundler
 
           installed_spec = nil
           Bundler.rubygems.preserve_paths do
-            installed_spec = Bundler::RubyGemsGemInstaller.new(
+            installed_spec = Bundler::RubyGemsGemInstaller.at(
               path,
               :install_dir         => install_path.to_s,
               :bin_dir             => bin_path.to_s,

data/lib/bundler/source_list.rb

@@ -2,11 +2,13 @@
 module Bundler
   class SourceList
     attr_reader :path_sources,
-      :git_sources
+      :git_sources,
+      :plugin_sources
 
     def initialize
       @path_sources       = []
       @git_sources        = []
+      @plugin_sources     = []
       @rubygems_aggregate = Source::Rubygems.new
       @rubygems_sources   = []
     end
@@ -20,13 +22,19 @@ module Bundler
     end
 
     def add_git_source(options = {})
-      add_source_to_list Source::Git.new(options), git_sources
+      add_source_to_list(Source::Git.new(options), git_sources).tap do |source|
+        warn_on_git_protocol(source)
+      end
     end
 
     def add_rubygems_source(options = {})
       add_source_to_list Source::Rubygems.new(options), @rubygems_sources
     end
 
+    def add_plugin_source(source, options = {})
+      add_source_to_list Plugin.source(source).new(options), @plugin_sources
+    end
+
     def add_rubygems_remote(uri)
       @rubygems_aggregate.add_remote(uri)
       @rubygems_aggregate
@@ -41,7 +49,7 @@ module Bundler
     end
 
     def all_sources
-      path_sources + git_sources + rubygems_sources
+      path_sources + git_sources + plugin_sources + rubygems_sources
     end
 
     def get(source)
@@ -49,14 +57,14 @@ module Bundler
     end
 
     def lock_sources
-      lock_sources = (path_sources + git_sources).sort_by(&:to_s)
+      lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
       lock_sources << combine_rubygems_sources
     end
 
     def replace_sources!(replacement_sources)
       return true if replacement_sources.empty?
 
-      [path_sources, git_sources].each do |source_list|
+      [path_sources, git_sources, plugin_sources].each do |source_list|
         source_list.map! do |source|
           replacement_sources.find {|s| s == source } || source
         end
@@ -92,9 +100,10 @@ module Bundler
 
     def source_list_for(source)
       case source
-      when Source::Git      then git_sources
-      when Source::Path     then path_sources
-      when Source::Rubygems then rubygems_sources
+      when Source::Git          then git_sources
+      when Source::Path         then path_sources
+      when Source::Rubygems     then rubygems_sources
+      when Plugin::API::Source  then plugin_sources
       else raise ArgumentError, "Invalid source: #{source.inspect}"
       end
     end
@@ -102,5 +111,16 @@ module Bundler
     def combine_rubygems_sources
       Source::Rubygems.new("remotes" => rubygems_remotes)
     end
+
+    def warn_on_git_protocol(source)
+      return if Bundler.settings["git.allow_insecure"]
+
+      if source.uri =~ /^git\:/
+        Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \
+          "which transmits data without encryption. Disable this warning with " \
+          "`bundle config git.allow_insecure true`, or switch to the `https` " \
+          "protocol to keep your data secure."
+      end
+    end
   end
 end

data/lib/bundler/spec_set.rb

@@ -7,7 +7,7 @@ module Bundler
     extend Forwardable
     include TSort, Enumerable
 
-    def_delegators :@specs, :<<, :length, :add, :remove, :size
+    def_delegators :@specs, :<<, :length, :add, :remove, :size, :empty?
     def_delegators :sorted, :each
 
     def initialize(specs)

data/lib/bundler/templates/Executable.standalone

@@ -6,7 +6,9 @@
 # this file is here to facilitate running it.
 #
 
-$:.unshift File.expand_path '../<%= standalone_path %>', __FILE__
+require 'pathname'
+path = Pathname.new(__FILE__)
+$:.unshift File.expand_path '../<%= standalone_path %>', path.realpath
 
 require 'bundler/setup'
-load File.expand_path '../<%= executable_path %>', __FILE__
+load File.expand_path '../<%= executable_path %>', path.realpath

data/lib/bundler/templates/Gemfile

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# A sample Gemfile
 source "https://rubygems.org"
 
 # gem "rails"

data/lib/bundler/ui/shell.rb

@@ -17,8 +17,8 @@ module Bundler
         @warning_history = []
       end
 
-      def add_color(string, color)
-        @shell.set_color(string, color)
+      def add_color(string, *color)
+        @shell.set_color(string, *color)
       end
 
       def info(msg, newline = nil)
@@ -45,7 +45,7 @@ module Bundler
 
       def debug?
         # needs to be false instead of nil to be newline param to other methods
-        level("debug")
+        level("debug") ? true : false
       end
 
       def quiet?
@@ -95,6 +95,14 @@ module Bundler
         end
       end
 
+      def tell_err(message, color = nil, newline = nil)
+        buffer = @shell.send(:prepare_message, message, *color)
+        buffer << "\n" if newline && !message.to_s.end_with?("\n")
+
+        @shell.send(:stderr).print(buffer)
+        @shell.send(:stderr).flush
+      end
+
       def strip_leading_spaces(text)
         spaces = text[/\A\s+/, 0]
         spaces ? text.gsub(/#{spaces}/, "") : text