bundler 1.13.6 → 1.17.3

data/lib/bundler/similarity_detector.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Bundler
   class SimilarityDetector
     SimilarityScore = Struct.new(:string, :distance)

data/lib/bundler/source.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
+
 module Bundler
   class Source
     autoload :Gemspec,  "bundler/source/gemspec"
     autoload :Git,      "bundler/source/git"
+    autoload :Metadata, "bundler/source/metadata"
     autoload :Path,     "bundler/source/path"
     autoload :Rubygems, "bundler/source/rubygems"
 
@@ -14,12 +16,13 @@ module Bundler
 
     def version_message(spec)
       message = "#{spec.name} #{spec.version}"
+      message += " (#{spec.platform})" if spec.platform != Gem::Platform::RUBY && !spec.platform.nil?
 
       if Bundler.locked_gems
         locked_spec = Bundler.locked_gems.specs.find {|s| s.name == spec.name }
         locked_spec_version = locked_spec.version if locked_spec
         if locked_spec_version && spec.version != locked_spec_version
-          message += Bundler.ui.add_color(" (was #{locked_spec_version})", :green)
+          message += Bundler.ui.add_color(" (was #{locked_spec_version})", version_color(spec.version, locked_spec_version))
         end
       end
 
@@ -30,8 +33,62 @@ module Bundler
       spec.source == self
     end
 
+    # it's possible that gems from one source depend on gems from some
+    # other source, so now we download gemspecs and iterate over those
+    # dependencies, looking for gems we don't have info on yet.
+    def double_check_for(*); end
+
+    def dependency_names_to_double_check
+      specs.dependency_names
+    end
+
     def include?(other)
       other == self
     end
+
+    def inspect
+      "#<#{self.class}:0x#{object_id} #{self}>"
+    end
+
+    def path?
+      instance_of?(Bundler::Source::Path)
+    end
+
+    def extension_cache_path(spec)
+      return unless Bundler.feature_flag.global_gem_cache?
+      return unless source_slug = extension_cache_slug(spec)
+      Bundler.user_cache.join(
+        "extensions", Gem::Platform.local.to_s, Bundler.ruby_scope,
+        source_slug, spec.full_name
+      )
+    end
+
+  private
+
+    def version_color(spec_version, locked_spec_version)
+      if Gem::Version.correct?(spec_version) && Gem::Version.correct?(locked_spec_version)
+        # display yellow if there appears to be a regression
+        earlier_version?(spec_version, locked_spec_version) ? :yellow : :green
+      else
+        # default to green if the versions cannot be directly compared
+        :green
+      end
+    end
+
+    def earlier_version?(spec_version, locked_spec_version)
+      Gem::Version.new(spec_version) < Gem::Version.new(locked_spec_version)
+    end
+
+    def print_using_message(message)
+      if !message.include?("(was ") && Bundler.feature_flag.suppress_install_using_messages?
+        Bundler.ui.debug message
+      else
+        Bundler.ui.info message
+      end
+    end
+
+    def extension_cache_slug(_)
+      nil
+    end
   end
 end

data/lib/bundler/source/gemspec.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Bundler
   class Source
     class Gemspec < Path

data/lib/bundler/source/git.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-require "fileutils"
+
+require "bundler/vendored_fileutils"
 require "uri"
-require "digest/sha1"
 
 module Bundler
   class Source
@@ -18,9 +18,10 @@ module Bundler
         @allow_remote = false
 
         # Stringify options that could be set as symbols
-        %w(ref branch tag revision).each {|k| options[k] = options[k].to_s if options[k] }
+        %w[ref branch tag revision].each {|k| options[k] = options[k].to_s if options[k] }
 
         @uri        = options["uri"] || ""
+        @safe_uri   = URICredentialsFilter.credential_filtered_uri(@uri)
         @branch     = options["branch"]
         @ref        = options["ref"] || options["branch"] || options["tag"] || "master"
         @submodules = options["submodules"]
@@ -39,7 +40,7 @@ module Bundler
         out = String.new("GIT\n")
         out << "  remote: #{@uri}\n"
         out << "  revision: #{revision}\n"
-        %w(ref branch tag submodules).each do |opt|
+        %w[ref branch tag submodules].each do |opt|
           out << "  #{opt}: #{options[opt]}\n" if options[opt]
         end
         out << "  glob: #{@glob}\n" unless @glob == DEFAULT_GLOB
@@ -61,8 +62,12 @@ module Bundler
       def to_s
         at = if local?
           path
-        elsif options["ref"]
-          shortref_for_display(options["ref"])
+        elsif user_ref = options["ref"]
+          if ref =~ /\A[a-z0-9]{4,}\z/i
+            shortref_for_display(user_ref)
+          else
+            user_ref
+          end
         else
           ref
         end
@@ -73,7 +78,7 @@ module Bundler
                 nil
               end
 
-        "#{uri} (at #{at}#{rev})"
+        "#{@safe_uri} (at #{at}#{rev})"
       end
 
       def name
@@ -105,6 +110,8 @@ module Bundler
 
       def unlock!
         git_proxy.revision = nil
+        options["revision"] = nil
+
         @unlocked = true
       end
 
@@ -147,7 +154,6 @@ module Bundler
         changed
       end
 
-      # TODO: cache git specs
       def specs(*)
         set_local!(app_cache_path) if has_app_cache? && !local?
 
@@ -161,23 +167,27 @@ module Bundler
         local_specs
       end
 
-      def install(spec, force = false)
-        Bundler.ui.info "Using #{version_message(spec)} from #{self}"
+      def install(spec, options = {})
+        force = options[:force]
 
-        if requires_checkout? && !@copied && !force
+        print_using_message "Using #{version_message(spec)} from #{self}"
+
+        if (requires_checkout? && !@copied) || force
           Bundler.ui.debug "  * Checking out revision: #{ref}"
           git_proxy.copy_to(install_path, submodules)
           serialize_gemspecs_in(install_path)
           @copied = true
         end
-        generate_bin(spec, !Bundler.rubygems.spec_missing_extensions?(spec))
+
+        generate_bin_options = { :disable_extensions => !Bundler.rubygems.spec_missing_extensions?(spec), :build_args => options[:build_args] }
+        generate_bin(spec, generate_bin_options)
 
         requires_checkout? ? spec.post_install_message : nil
       end
 
       def cache(spec, custom_path = nil)
         app_cache_path = app_cache_path(custom_path)
-        return unless Bundler.settings[:cache_all]
+        return unless Bundler.feature_flag.cache_all?
         return if path == app_cache_path
         cached!
         FileUtils.rm_rf(app_cache_path)
@@ -199,13 +209,11 @@ module Bundler
       # When using local git repos, this is set to the local repo.
       def cache_path
         @cache_path ||= begin
-          git_scope = "#{base_name}-#{uri_hash}"
-
-          if Bundler.requires_sudo?
-            Bundler.user_bundle_path.join("cache/git", git_scope)
+          if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
+            Bundler.user_cache
           else
-            Bundler.cache.join("git", git_scope)
-          end
+            Bundler.bundle_path.join("cache", "bundler")
+          end.join("git", git_scope)
         end
       end
 
@@ -231,6 +239,8 @@ module Bundler
           # The gemspecs we cache should already be evaluated.
           spec = Bundler.load_gemspec(spec_path)
           next unless spec
+          Bundler.rubygems.set_installed_by_version(spec)
+          Bundler.rubygems.validate(spec)
           File.open(spec_path, "wb") {|file| file.write(spec.to_ruby) }
         end
       end
@@ -274,7 +284,7 @@ module Bundler
           # If there is no URI scheme, assume it is an ssh/git URI
           input = uri
         end
-        Digest::SHA1.hexdigest(input)
+        SharedHelpers.digest(:SHA1).hexdigest(input)
       end
 
       def cached_revision
@@ -291,9 +301,28 @@ module Bundler
 
       def fetch
         git_proxy.checkout
-      rescue GitError
-        raise unless Bundler.settings[:allow_offline_install]
-        Bundler.ui.warn "Using cached git data because of network errors"
+      rescue GitError => e
+        raise unless Bundler.feature_flag.allow_offline_install?
+        Bundler.ui.warn "Using cached git data because of network errors:\n#{e}"
+      end
+
+      # no-op, since we validate when re-serializing the gemspec
+      def validate_spec(_spec); end
+
+      if Bundler.rubygems.stubs_provide_full_functionality?
+        def load_gemspec(file)
+          stub = Gem::StubSpecification.gemspec_stub(file, install_path.parent, install_path.parent)
+          stub.full_gem_path = Pathname.new(file).dirname.expand_path(root).to_s.untaint
+          StubSpecification.from_stub(stub)
+        end
+      end
+
+      def git_scope
+        "#{base_name}-#{uri_hash}"
+      end
+
+      def extension_cache_slug(_)
+        extension_dir_name
       end
     end
   end

data/lib/bundler/source/git/git_proxy.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
+
+require "shellwords"
 require "tempfile"
 module Bundler
   class Source
-    class Git < Path
+    class Git
       class GitNotInstalledError < GitError
         def initialize
           msg = String.new
@@ -61,7 +63,7 @@ module Bundler
           begin
             @revision ||= find_local_revision
           rescue GitCommandError
-            raise MissingGitRevisionError.new(ref, uri)
+            raise MissingGitRevisionError.new(ref, URICredentialsFilter.credential_filtered_uri(uri))
           end
 
           @revision
@@ -89,18 +91,21 @@ module Bundler
         end
 
         def checkout
-          if path.exist?
-            return if has_revision_cached?
-            Bundler.ui.info "Fetching #{URICredentialsFilter.credential_filtered_uri(uri)}"
-            in_path do
-              git_retry %(fetch --force --quiet --tags #{uri_escaped_with_configured_credentials} "refs/heads/*:refs/heads/*")
-            end
-          else
-            Bundler.ui.info "Fetching #{URICredentialsFilter.credential_filtered_uri(uri)}"
+          return if path.exist? && has_revision_cached?
+          extra_ref = "#{Shellwords.shellescape(ref)}:#{Shellwords.shellescape(ref)}" if ref && ref.start_with?("refs/")
+
+          Bundler.ui.info "Fetching #{URICredentialsFilter.credential_filtered_uri(uri)}"
+
+          unless path.exist?
             SharedHelpers.filesystem_access(path.dirname) do |p|
               FileUtils.mkdir_p(p)
             end
             git_retry %(clone #{uri_escaped_with_configured_credentials} "#{path}" --bare --no-hardlinks --quiet)
+            return unless extra_ref
+          end
+
+          in_path do
+            git_retry %(fetch --force --quiet --tags #{uri_escaped_with_configured_credentials} "refs/heads/*:refs/heads/*" #{extra_ref})
           end
         end
 
@@ -126,12 +131,17 @@ module Bundler
           # method 2
           SharedHelpers.chdir(destination) do
             git_retry %(fetch --force --quiet --tags "#{path}")
-            git "reset --hard #{@revision}"
+
+            begin
+              git "reset --hard #{@revision}"
+            rescue GitCommandError
+              raise MissingGitRevisionError.new(@revision, URICredentialsFilter.credential_filtered_uri(uri))
+            end
 
             if submodules
               git_retry "submodule update --init --recursive"
             elsif Gem::Version.create(version) >= Gem::Version.create("2.9.0")
-              git_retry "submodule deinit --all"
+              git_retry "submodule deinit --all --force"
             end
           end
         end
@@ -148,7 +158,7 @@ module Bundler
         end
 
         def git_retry(command)
-          Bundler::Retry.new("`git #{command}`", GitNotAllowedError).attempts do
+          Bundler::Retry.new("`git #{URICredentialsFilter.credential_filtered_string(command, uri)}`", GitNotAllowedError).attempts do
             git(command)
           end
         end
@@ -180,7 +190,7 @@ module Bundler
 
         def find_local_revision
           allowed_in_path do
-            git("rev-parse --verify #{ref}", true).strip
+            git("rev-parse --verify #{Shellwords.shellescape(ref)}", true).strip
           end
         end
 
@@ -216,6 +226,7 @@ module Bundler
 
         def in_path(&blk)
           checkout unless path.exist?
+          _ = URICredentialsFilter # load it before we chdir
           SharedHelpers.chdir(path, &blk)
         end
 
@@ -224,6 +235,11 @@ module Bundler
           raise GitError, "The git source #{uri} is not yet checked out. Please run `bundle install` before trying to start your application"
         end
 
+        # TODO: Replace this with Open3 when upgrading to bundler 2
+        # Similar to #git_null, as Open3 is not cross-platform,
+        # a temporary way is to use Tempfile to capture the stderr.
+        # When replacing this using Open3, make sure git_null is
+        # also replaced by Open3, so stdout and stderr all got handled properly.
         def capture_and_filter_stderr(uri)
           return_value, captured_err = ""
           backup_stderr = STDERR.dup

data/lib/bundler/source/metadata.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Bundler
+  class Source
+    class Metadata < Source
+      def specs
+        @specs ||= Index.build do |idx|
+          idx << Gem::Specification.new("ruby\0", RubyVersion.system.to_gem_version_with_patchlevel)
+          idx << Gem::Specification.new("rubygems\0", Gem::VERSION)
+
+          idx << Gem::Specification.new do |s|
+            s.name     = "bundler"
+            s.version  = VERSION
+            s.platform = Gem::Platform::RUBY
+            s.source   = self
+            s.authors  = ["bundler team"]
+            s.bindir   = "exe"
+            s.executables = %w[bundle]
+            # can't point to the actual gemspec or else the require paths will be wrong
+            s.loaded_from = File.expand_path("..", __FILE__)
+          end
+
+          if local_spec = Bundler.rubygems.find_name("bundler").find {|s| s.version.to_s == VERSION }
+            idx << local_spec
+          end
+
+          idx.each {|s| s.source = self }
+        end
+      end
+
+      def cached!; end
+
+      def remote!; end
+
+      def options
+        {}
+      end
+
+      def install(spec, _opts = {})
+        print_using_message "Using #{version_message(spec)}"
+        nil
+      end
+
+      def to_s
+        "the local ruby installation"
+      end
+
+      def ==(other)
+        self.class == other.class
+      end
+      alias_method :eql?, :==
+
+      def hash
+        self.class.hash
+      end
+
+      def version_message(spec)
+        "#{spec.name} #{spec.version}"
+      end
+    end
+  end
+end

data/lib/bundler/source/path.rb

@@ -1,13 +1,16 @@
 # frozen_string_literal: true
+
 module Bundler
   class Source
     class Path < Source
       autoload :Installer, "bundler/source/path/installer"
 
-      attr_reader :path, :options, :root_path
+      attr_reader :path, :options, :root_path, :original_path
       attr_writer :name
       attr_accessor :version
 
+      protected :original_path
+
       DEFAULT_GLOB = "{,*,*/*}.gemspec".freeze
 
       def initialize(options)
@@ -33,10 +36,12 @@ module Bundler
       end
 
       def remote!
+        @local_specs = nil
         @allow_remote = true
       end
 
       def cached!
+        @local_specs = nil
         @allow_cached = true
       end
 
@@ -46,7 +51,7 @@ module Bundler
 
       def to_lock
         out = String.new("PATH\n")
-        out << "  remote: #{relative_path}\n"
+        out << "  remote: #{lockfile_path}\n"
         out << "  glob: #{@glob}\n" unless @glob == DEFAULT_GLOB
         out << "  specs:\n"
       end
@@ -61,7 +66,7 @@ module Bundler
 
       def eql?(other)
         return unless other.class == self.class
-        expanded_path == expand(other.path) &&
+        expanded_original_path == other.expanded_original_path &&
           version == other.version
       end
 
@@ -71,15 +76,15 @@ module Bundler
         File.basename(expanded_path.to_s)
       end
 
-      def install(spec, force = false)
-        Bundler.ui.info "Using #{version_message(spec)} from #{self}"
-        generate_bin(spec, :disable_extensions)
+      def install(spec, options = {})
+        print_using_message "Using #{version_message(spec)} from #{self}"
+        generate_bin(spec, :disable_extensions => true)
         nil # no post-install message
       end
 
       def cache(spec, custom_path = nil)
         app_cache_path = app_cache_path(custom_path)
-        return unless Bundler.settings[:cache_all]
+        return unless Bundler.feature_flag.cache_all?
         return if expand(@original_path).to_s.index(root_path.to_s + "/") == 0
 
         unless @original_path.exist?
@@ -111,8 +116,8 @@ module Bundler
         Bundler.root
       end
 
-      def is_a_path?
-        instance_of?(Path)
+      def expanded_original_path
+        @expanded_original_path ||= expand(original_path)
       end
 
     private
@@ -129,6 +134,11 @@ module Bundler
           "`#{somepath}`.\nThe error message was: #{e.message}."
       end
 
+      def lockfile_path
+        return relative_path(original_path) if original_path.absolute?
+        expand(original_path).relative_path_from(Bundler.root)
+      end
+
       def app_cache_path(custom_path = nil)
         @app_cache_path ||= Bundler.app_cache(custom_path).join(app_cache_dirname)
       end
@@ -137,18 +147,28 @@ module Bundler
         SharedHelpers.in_bundle? && app_cache_path.exist?
       end
 
+      def load_gemspec(file)
+        return unless spec = Bundler.load_gemspec(file)
+        Bundler.rubygems.set_installed_by_version(spec)
+        spec
+      end
+
+      def validate_spec(spec)
+        Bundler.rubygems.validate(spec)
+      end
+
       def load_spec_files
         index = Index.new
 
         if File.directory?(expanded_path)
           # We sort depth-first since `<<` will override the earlier-found specs
           Dir["#{expanded_path}/#{@glob}"].sort_by {|p| -p.split(File::SEPARATOR).size }.each do |file|
-            next unless spec = Bundler.load_gemspec(file)
+            next unless spec = load_gemspec(file)
             spec.source = self
-            Bundler.rubygems.set_installed_by_version(spec)
+
             # Validation causes extension_dir to be calculated, which depends
             # on #source, so we validate here instead of load_gemspec
-            Bundler.rubygems.validate(spec)
+            validate_spec(spec)
             index << spec
           end
 
@@ -181,14 +201,14 @@ module Bundler
         index
       end
 
-      def relative_path
+      def relative_path(path = self.path)
         if path.to_s.start_with?(root_path.to_s)
           return path.relative_path_from(root_path)
         end
         path
       end
 
-      def generate_bin(spec, disable_extensions = false)
+      def generate_bin(spec, options = {})
         gem_dir = Pathname.new(spec.full_gem_path)
 
         # Some gem authors put absolute paths in their gemspec
@@ -203,7 +223,13 @@ module Bundler
           end
         end.compact
 
-        installer = Path::Installer.new(spec, :env_shebang => false, :disable_extensions => disable_extensions)
+        installer = Path::Installer.new(
+          spec,
+          :env_shebang => false,
+          :disable_extensions => options[:disable_extensions],
+          :build_args => options[:build_args],
+          :bundler_extension_cache_path => extension_cache_path(spec)
+        )
         installer.post_install
       rescue Gem::InvalidSpecificationException => e
         Bundler.ui.warn "\n#{spec.name} at #{spec.full_gem_path} did not have a valid gemspec.\n" \
@@ -216,7 +242,7 @@ module Bundler
                           "to modify their .gemspec so it can work with `gem build`."
         end
 
-        Bundler.ui.warn "The validation message from Rubygems was:\n  #{e.message}"
+        Bundler.ui.warn "The validation message from RubyGems was:\n  #{e.message}"
       end
     end
   end