bundler 1.17.0.pre.2 → 2.1.0.pre.2

data/lib/bundler/installer/gem_installer.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "shellwords"
+
 module Bundler
   class GemInstaller
     attr_reader :spec, :standalone, :worker, :force, :installer
@@ -56,7 +58,9 @@ module Bundler
 
     def spec_settings
       # Fetch the build settings, if there are any
-      Bundler.settings["build.#{spec.name}"]
+      if settings = Bundler.settings["build.#{spec.name}"]
+        Shellwords.shellsplit(settings)
+      end
     end
 
     def install

data/lib/bundler/installer/parallel_installer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require "bundler/worker"
-require "bundler/installer/gem_installer"
+require_relative "../worker"
+require_relative "gem_installer"
 
 module Bundler
   class ParallelInstaller
@@ -91,10 +91,6 @@ module Bundler
     end
 
     def call
-      # Since `autoload` has the potential for threading issues on 1.8.7
-      # TODO:  remove in bundler 2.0
-      require "bundler/gem_remote_fetcher" if RUBY_VERSION < "1.9"
-
       check_for_corrupt_lockfile
 
       if @size > 1
@@ -115,7 +111,7 @@ module Bundler
           s,
           s.missing_lockfile_dependencies(@specs.map(&:name)),
         ]
-      end.reject { |a| a.last.empty? }
+      end.reject {|a| a.last.empty? }
       return if missing_dependencies.empty?
 
       warning = []
@@ -150,7 +146,7 @@ module Bundler
     end
 
     def worker_pool
-      @worker_pool ||= Bundler::Worker.new @size, "Parallel Installer", lambda { |spec_install, worker_num|
+      @worker_pool ||= Bundler::Worker.new @size, "Parallel Installer", lambda {|spec_install, worker_num|
         do_install(spec_install, worker_num)
       }
     end

data/lib/bundler/installer/standalone.rb

@@ -12,8 +12,7 @@ module Bundler
       end
       File.open File.join(bundler_path, "setup.rb"), "w" do |file|
         file.puts "require 'rbconfig'"
-        file.puts "# ruby 1.8.7 doesn't define RUBY_ENGINE"
-        file.puts "ruby_engine = defined?(RUBY_ENGINE) ? RUBY_ENGINE : 'ruby'"
+        file.puts "ruby_engine = RUBY_ENGINE"
         file.puts "ruby_version = RbConfig::CONFIG[\"ruby_version\"]"
         file.puts "path = File.expand_path('..', __FILE__)"
         paths.each do |path|

data/lib/bundler/lazy_specification.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "uri"
-require "bundler/match_platform"
+require_relative "match_platform"
 
 module Bundler
   class LazySpecification
@@ -77,7 +77,7 @@ module Bundler
         if search && Gem::Platform.new(search.platform) != Gem::Platform.new(platform) && !search.runtime_dependencies.-(dependencies.reject {|d| d.type == :development }).empty?
           Bundler.ui.warn "Unable to use the platform-specific (#{search.platform}) version of #{name} (#{version}) " \
             "because it has different dependencies from the #{platform} version. " \
-            "To use the platform-specific version of the gem, run `bundle config specific_platform true` and install again."
+            "To use the platform-specific version of the gem, run `bundle config set specific_platform true` and install again."
           search = source.specs.search(self).last
         end
         search.dependencies = dependencies if search && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))

data/lib/bundler/lockfile_parser.rb

@@ -23,16 +23,14 @@ module Bundler
     PATH         = "PATH".freeze
     PLUGIN       = "PLUGIN SOURCE".freeze
     SPECS        = "  specs:".freeze
-    OPTIONS      = /^  ([a-z]+): (.*)$/i
+    OPTIONS      = /^  ([a-z]+): (.*)$/i.freeze
     SOURCE       = [GIT, GEM, PATH, PLUGIN].freeze
 
     SECTIONS_BY_VERSION_INTRODUCED = {
-      # The strings have to be dup'ed for old RG on Ruby 2.3+
-      # TODO: remove dup in Bundler 2.0
-      Gem::Version.create("1.0".dup) => [DEPENDENCIES, PLATFORMS, GIT, GEM, PATH].freeze,
-      Gem::Version.create("1.10".dup) => [BUNDLED].freeze,
-      Gem::Version.create("1.12".dup) => [RUBY].freeze,
-      Gem::Version.create("1.13".dup) => [PLUGIN].freeze,
+      Gem::Version.create("1.0") => [DEPENDENCIES, PLATFORMS, GIT, GEM, PATH].freeze,
+      Gem::Version.create("1.10") => [BUNDLED].freeze,
+      Gem::Version.create("1.12") => [RUBY].freeze,
+      Gem::Version.create("1.13") => [PLUGIN].freeze,
     }.freeze
 
     KNOWN_SECTIONS = SECTIONS_BY_VERSION_INTRODUCED.values.flatten.freeze
@@ -90,7 +88,7 @@ module Bundler
           send("parse_#{@state}", line)
         end
       end
-      @sources << @rubygems_aggregate unless Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+      @sources << @rubygems_aggregate unless Bundler.feature_flag.disable_multisource?
       @specs = @specs.values.sort_by(&:identifier)
       warn_for_outdated_bundler_version
     rescue ArgumentError => e
@@ -103,17 +101,11 @@ module Bundler
       return unless bundler_version
       prerelease_text = bundler_version.prerelease? ? " --pre" : ""
       current_version = Gem::Version.create(Bundler::VERSION)
-      case current_version.segments.first <=> bundler_version.segments.first
-      when -1
-        raise LockfileError, "You must use Bundler #{bundler_version.segments.first} or greater with this lockfile."
-      when 0
-        if current_version < bundler_version
-          Bundler.ui.warn "Warning: the running version of Bundler (#{current_version}) is older " \
-               "than the version that created the lockfile (#{bundler_version}). We suggest you " \
-               "upgrade to the latest version of Bundler by running `gem " \
-               "install bundler#{prerelease_text}`.\n"
-        end
-      end
+      return unless current_version < bundler_version
+      Bundler.ui.warn "Warning: the running version of Bundler (#{current_version}) is older " \
+           "than the version that created the lockfile (#{bundler_version}). We suggest you to " \
+           "upgrade to the version that created the lockfile by running `gem install " \
+           "bundler:#{bundler_version}#{prerelease_text}`.\n"
     end
 
   private
@@ -141,7 +133,7 @@ module Bundler
             @sources << @current_source
           end
         when GEM
-          if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+          if Bundler.feature_flag.disable_multisource?
             @opts["remotes"] = @opts.delete("remote")
             @current_source = TYPES[@type].from_lock(@opts)
             @sources << @current_source
@@ -185,7 +177,7 @@ module Bundler
       (?:-(.*))?\))?                                     # Optional platform
       (!)?                                               # Optional pinned marker
       $                                                  # Line end
-    /xo
+    /xo.freeze
 
     def parse_dependency(line)
       return unless line =~ NAME_VERSION

data/lib/bundler/match_platform.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "bundler/gem_helpers"
+require_relative "gem_helpers"
 
 module Bundler
   module MatchPlatform

data/lib/bundler/plugin.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-require "bundler/plugin/api"
+require_relative "plugin/api"
 
 module Bundler
   module Plugin
-    autoload :DSL,        "bundler/plugin/dsl"
-    autoload :Events,     "bundler/plugin/events"
-    autoload :Index,      "bundler/plugin/index"
-    autoload :Installer,  "bundler/plugin/installer"
-    autoload :SourceList, "bundler/plugin/source_list"
+    autoload :DSL,        File.expand_path("plugin/dsl", __dir__)
+    autoload :Events,     File.expand_path("plugin/events", __dir__)
+    autoload :Index,      File.expand_path("plugin/index", __dir__)
+    autoload :Installer,  File.expand_path("plugin/installer", __dir__)
+    autoload :SourceList, File.expand_path("plugin/source_list", __dir__)
 
     class MalformattedPlugin < PluginError; end
     class UndefinedCommandError < PluginError; end
@@ -47,26 +47,48 @@ module Bundler
       Bundler.ui.error "Failed to install plugin #{name}: #{e.message}\n  #{e.backtrace.join("\n ")}"
     end
 
+    # List installed plugins and commands
+    #
+    def list
+      installed_plugins = index.installed_plugins
+      if installed_plugins.any?
+        output = String.new
+        installed_plugins.each do |plugin|
+          output << "#{plugin}\n"
+          output << "-----\n"
+          index.plugin_commands(plugin).each do |command|
+            output << "  #{command}\n"
+          end
+          output << "\n"
+        end
+      else
+        output = "No plugins installed"
+      end
+      Bundler.ui.info output
+    end
+
     # Evaluates the Gemfile with a limited DSL and installs the plugins
     # specified by plugin method
     #
     # @param [Pathname] gemfile path
     # @param [Proc] block that can be evaluated for (inline) Gemfile
     def gemfile_install(gemfile = nil, &inline)
-      builder = DSL.new
-      if block_given?
-        builder.instance_eval(&inline)
-      else
-        builder.eval_gemfile(gemfile)
-      end
-      definition = builder.to_definition(nil, true)
+      Bundler.settings.temporary(:frozen => false, :deployment => false) do
+        builder = DSL.new
+        if block_given?
+          builder.instance_eval(&inline)
+        else
+          builder.eval_gemfile(gemfile)
+        end
+        definition = builder.to_definition(nil, true)
 
-      return if definition.dependencies.empty?
+        return if definition.dependencies.empty?
 
-      plugins = definition.dependencies.map(&:name).reject {|p| index.installed? p }
-      installed_specs = Installer.new.install_definition(definition)
+        plugins = definition.dependencies.map(&:name).reject {|p| index.installed? p }
+        installed_specs = Installer.new.install_definition(definition)
 
-      save_plugins plugins, installed_specs, builder.inferred_plugins
+        save_plugins plugins, installed_specs, builder.inferred_plugins
+      end
     rescue RuntimeError => e
       unless e.is_a?(GemfileError)
         Bundler.ui.error "Failed to install plugin: #{e.message}\n  #{e.backtrace[0]}"
@@ -234,7 +256,7 @@ module Bundler
       @hooks_by_event = Hash.new {|h, k| h[k] = [] }
 
       load_paths = spec.load_paths
-      add_to_load_path(load_paths)
+      Bundler.rubygems.add_to_load_path(load_paths)
       path = Pathname.new spec.full_gem_path
 
       begin
@@ -266,7 +288,7 @@ module Bundler
       # done to avoid conflicts
       path = index.plugin_path(name)
 
-      add_to_load_path(index.load_paths(name))
+      Bundler.rubygems.add_to_load_path(index.load_paths(name))
 
       load path.join(PLUGIN_FILE_NAME)
 
@@ -276,17 +298,8 @@ module Bundler
       raise
     end
 
-    def add_to_load_path(load_paths)
-      if insert_index = Bundler.rubygems.load_path_insert_index
-        $LOAD_PATH.insert(insert_index, *load_paths)
-      else
-        $LOAD_PATH.unshift(*load_paths)
-      end
-    end
-
     class << self
-      private :load_plugin, :register_plugin, :save_plugins, :validate_plugin!,
-        :add_to_load_path
+      private :load_plugin, :register_plugin, :save_plugins, :validate_plugin!
     end
   end
 end

data/lib/bundler/plugin/api.rb

@@ -23,7 +23,7 @@ module Bundler
   # and hooks).
   module Plugin
     class API
-      autoload :Source, "bundler/plugin/api/source"
+      autoload :Source, File.expand_path("api/source", __dir__)
 
       # The plugins should declare that they handle a command through this helper.
       #

data/lib/bundler/plugin/api/source.rb

@@ -37,7 +37,7 @@ module Bundler
       #
       # @!attribute [rw] dependency_names
       #   @return [Array<String>] Names of dependencies that the source should
-      #     try to resolve. It is not necessary to use this list intenally. This
+      #     try to resolve. It is not necessary to use this list internally. This
       #     is present to be compatible with `Definition` and is used by
       #     rubygems source.
       module Source
@@ -196,7 +196,7 @@ module Bundler
         # This shall check if two source object represent the same source.
         #
         # The comparison shall take place only on the attribute that can be
-        # inferred from the options passed from Gemfile and not on attibutes
+        # inferred from the options passed from Gemfile and not on attributes
         # that are used to pin down the gem to specific version (e.g. Git
         # sources should compare on branch and tag but not on commit hash)
         #

data/lib/bundler/plugin/index.rb

@@ -58,7 +58,10 @@ module Bundler
         raise SourceConflict.new(name, common) unless common.empty?
         sources.each {|k| @sources[k] = name }
 
-        hooks.each {|e| (@hooks[e] ||= []) << name }
+        hooks.each do |event|
+          event_hooks = (@hooks[event] ||= []) << name
+          event_hooks.uniq!
+        end
 
         @plugin_paths[name] = path
         @load_paths[name] = load_paths
@@ -100,6 +103,14 @@ module Bundler
         @plugin_paths[name]
       end
 
+      def installed_plugins
+        @plugin_paths.keys
+      end
+
+      def plugin_commands(plugin)
+        @commands.find_all {|_, n| n == plugin }.map(&:first)
+      end
+
       def source?(source)
         @sources.key? source
       end
@@ -128,7 +139,7 @@ module Bundler
 
           data = index_f.read
 
-          require "bundler/yaml_serializer"
+          require_relative "../yaml_serializer"
           index = YAMLSerializer.load(data)
 
           @commands.merge!(index["commands"])
@@ -151,7 +162,7 @@ module Bundler
           "sources"      => @sources,
         }
 
-        require "bundler/yaml_serializer"
+        require_relative "../yaml_serializer"
         SharedHelpers.filesystem_access(index_file) do |index_f|
           FileUtils.mkdir_p(index_f.dirname)
           File.open(index_f, "w") {|f| f.puts YAMLSerializer.dump(index) }

data/lib/bundler/plugin/installer.rb

@@ -8,14 +8,19 @@ module Bundler
   # are heavily dependent on the Gemfile.
   module Plugin
     class Installer
-      autoload :Rubygems, "bundler/plugin/installer/rubygems"
-      autoload :Git,      "bundler/plugin/installer/git"
+      autoload :Rubygems, File.expand_path("installer/rubygems", __dir__)
+      autoload :Git,      File.expand_path("installer/git", __dir__)
 
       def install(names, options)
+        check_sources_consistency!(options)
+
         version = options[:version] || [">= 0"]
-        Bundler.settings.temporary(:lockfile_uses_separate_rubygems_sources => false, :disable_multisource => false) do
+
+        Bundler.settings.temporary(:disable_multisource => false) do
           if options[:git]
             install_git(names, version, options)
+          elsif options[:local_git]
+            install_local_git(names, version, options)
           else
             sources = options[:source] || Bundler.rubygems.sources
             install_rubygems(names, version, sources)
@@ -38,22 +43,24 @@ module Bundler
 
     private
 
+      def check_sources_consistency!(options)
+        if options.key?(:git) && options.key?(:local_git)
+          raise InvalidOption, "Remote and local plugin git sources can't be both specified"
+        end
+      end
+
       def install_git(names, version, options)
         uri = options.delete(:git)
         options["uri"] = uri
 
-        source_list = SourceList.new
-        source_list.add_git_source(options)
-
-        # To support both sources
-        if options[:source]
-          source_list.add_rubygems_source("remotes" => options[:source])
-        end
+        install_all_sources(names, version, options, options[:source])
+      end
 
-        deps = names.map {|name| Dependency.new name, version }
+      def install_local_git(names, version, options)
+        uri = options.delete(:local_git)
+        options["uri"] = uri
 
-        definition = Definition.new(nil, deps, source_list, true)
-        install_definition(definition)
+        install_all_sources(names, version, options, options[:source])
       end
 
       # Installs the plugin from rubygems source and returns the path where the
@@ -65,10 +72,16 @@ module Bundler
       #
       # @return [Hash] map of names to the specs of plugins installed
       def install_rubygems(names, version, sources)
-        deps = names.map {|name| Dependency.new name, version }
+        install_all_sources(names, version, nil, sources)
+      end
 
+      def install_all_sources(names, version, git_source_options, rubygems_source)
         source_list = SourceList.new
-        source_list.add_rubygems_source("remotes" => sources)
+
+        source_list.add_git_source(git_source_options) if git_source_options
+        source_list.add_rubygems_source("remotes" => rubygems_source) if rubygems_source
+
+        deps = names.map {|name| Dependency.new name, version }
 
         definition = Definition.new(nil, deps, source_list, true)
         install_definition(definition)

data/lib/bundler/psyched_yaml.rb

@@ -27,7 +27,7 @@ module Bundler
   end
 end
 
-require "bundler/deprecate"
+require_relative "deprecate"
 begin
   Bundler::Deprecate.skip_during do
     require "rubygems/safe_yaml"

data/lib/bundler/resolver.rb

@@ -2,8 +2,8 @@
 
 module Bundler
   class Resolver
-    require "bundler/vendored_molinillo"
-    require "bundler/resolver/spec_group"
+    require_relative "vendored_molinillo"
+    require_relative "resolver/spec_group"
 
     # Figures out the best possible configuration of gems that satisfies
     # the list of passed dependencies and any child dependencies without
@@ -38,8 +38,8 @@ module Bundler
       @platforms = platforms
       @gem_version_promoter = gem_version_promoter
       @allow_bundler_dependency_conflicts = Bundler.feature_flag.allow_bundler_dependency_conflicts?
-      @lockfile_uses_separate_rubygems_sources = Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
       @use_gvp = Bundler.feature_flag.use_gem_version_promoter_for_major_updates? || !@gem_version_promoter.major?
+      @lockfile_uses_separate_rubygems_sources = Bundler.feature_flag.disable_multisource?
     end
 
     def start(requirements)
@@ -48,9 +48,12 @@ module Bundler
 
       verify_gemfile_dependencies_are_found!(requirements)
       dg = @resolver.resolve(requirements, @base_dg)
-      dg.map(&:payload).
+      dg.
+        tap {|resolved| validate_resolved_specs!(resolved) }.
+        map(&:payload).
         reject {|sg| sg.name.end_with?("\0") }.
-        map(&:to_specs).flatten
+        map(&:to_specs).
+        flatten
     rescue Molinillo::VersionConflict => e
       message = version_conflict_message(e)
       raise VersionConflict.new(e.conflicts.keys.uniq, message)
@@ -72,7 +75,7 @@ module Bundler
       return unless debug?
       debug_info = yield
       debug_info = debug_info.inspect unless debug_info.is_a?(String)
-      STDERR.puts debug_info.split("\n").map {|s| "  " * depth + s }
+      warn debug_info.split("\n").map {|s| "  " * depth + s }
     end
 
     def debug?
@@ -169,13 +172,13 @@ module Bundler
 
     def name_for_explicit_dependency_source
       Bundler.default_gemfile.basename.to_s
-    rescue
+    rescue StandardError
       "Gemfile"
     end
 
     def name_for_locking_dependency_source
       Bundler.default_lockfile.basename.to_s
-    rescue
+    rescue StandardError
       "Gemfile.lock"
     end
 
@@ -276,10 +279,10 @@ module Bundler
           versions_with_platforms = specs.map {|s| [s.version, s.platform] }
           message = String.new("Could not find gem '#{SharedHelpers.pretty_dependency(requirement)}' in #{source}#{cache_message}.\n")
           message << if versions_with_platforms.any?
-                       "The source contains '#{name}' at: #{formatted_versions_with_platforms(versions_with_platforms)}"
-                     else
-                       "The source does not contain any versions of '#{name}'"
-                     end
+            "The source contains '#{name}' at: #{formatted_versions_with_platforms(versions_with_platforms)}"
+          else
+            "The source does not contain any versions of '#{name}'"
+          end
         else
           message = "Could not find gem '#{requirement}' in any of the gem sources " \
             "listed in your Gemfile#{cache_message}."
@@ -300,9 +303,19 @@ module Bundler
     end
 
     def version_conflict_message(e)
+      # only show essential conflicts, if possible
+      conflicts = e.conflicts.dup
+      conflicts.delete_if do |_name, conflict|
+        deps = conflict.requirement_trees.map(&:last).flatten(1)
+        !Bundler::VersionRanges.empty?(*Bundler::VersionRanges.for_many(deps.map(&:requirement)))
+      end
+      e = Molinillo::VersionConflict.new(conflicts, e.specification_provider) unless conflicts.empty?
+
+      solver_name = "Bundler"
+      possibility_type = "gem"
       e.message_with_trees(
-        :solver_name => "Bundler",
-        :possibility_type => "gem",
+        :solver_name => solver_name,
+        :possibility_type => possibility_type,
         :reduce_trees => lambda do |trees|
           # called first, because we want to reduce the amount of work required to find maximal empty sets
           trees = trees.uniq {|t| t.flatten.map {|dep| [dep.name, dep.requirement] } }
@@ -314,10 +327,8 @@ module Bundler
           end.flatten(1).select do |deps|
             Bundler::VersionRanges.empty?(*Bundler::VersionRanges.for_many(deps.map(&:requirement)))
           end.min_by(&:size)
-          trees.reject! {|t| !maximal.include?(t.last) } if maximal
 
-          trees = trees.sort_by {|t| t.flatten.map(&:to_s) }
-          trees.uniq! {|t| t.flatten.map {|dep| [dep.name, dep.requirement] } }
+          trees.reject! {|t| !maximal.include?(t.last) } if maximal
 
           trees.sort_by {|t| t.reverse.map(&:name) }
         end,
@@ -325,7 +336,7 @@ module Bundler
         :additional_message_for_conflict => lambda do |o, name, conflict|
           if name == "bundler"
             o << %(\n  Current Bundler version:\n    bundler (#{Bundler::VERSION}))
-            other_bundler_required = !conflict.requirement.requirement.satisfied_by?(Gem::Version.new Bundler::VERSION)
+            other_bundler_required = !conflict.requirement.requirement.satisfied_by?(Gem::Version.new(Bundler::VERSION))
           end
 
           if name == "bundler" && other_bundler_required
@@ -352,7 +363,11 @@ module Bundler
               []
             end.compact.map(&:to_s).uniq.sort
 
-            o << "Could not find gem '#{SharedHelpers.pretty_dependency(conflict.requirement)}'"
+            metadata_requirement = name.end_with?("\0")
+
+            o << "Could not find gem '" unless metadata_requirement
+            o << SharedHelpers.pretty_dependency(conflict.requirement)
+            o << "'" unless metadata_requirement
             if conflict.requirement_trees.first.size > 1
               o << ", which is required by "
               o << "gem '#{SharedHelpers.pretty_dependency(conflict.requirement_trees.first[-2])}',"
@@ -360,14 +375,47 @@ module Bundler
             o << " "
 
             o << if relevant_sources.empty?
-                   "in any of the sources.\n"
-                 else
-                   "in any of the relevant sources:\n  #{relevant_sources * "\n  "}\n"
-                 end
+              "in any of the sources.\n"
+            elsif metadata_requirement
+              "is not available in #{relevant_sources.join(" or ")}"
+            else
+              "in any of the relevant sources:\n  #{relevant_sources * "\n  "}\n"
+            end
           end
         end,
-        :version_for_spec => lambda {|spec| spec.version }
+        :version_for_spec => lambda {|spec| spec.version },
+        :incompatible_version_message_for_conflict => lambda do |name, _conflict|
+          if name.end_with?("\0")
+            %(#{solver_name} found conflicting requirements for the #{name} version:)
+          else
+            %(#{solver_name} could not find compatible versions for #{possibility_type} "#{name}":)
+          end
+        end
       )
     end
+
+    def validate_resolved_specs!(resolved_specs)
+      resolved_specs.each do |v|
+        name = v.name
+        next unless sources = relevant_sources_for_vertex(v)
+        sources.compact!
+        if default_index = sources.index(@source_requirements[:default])
+          sources.delete_at(default_index)
+        end
+        sources.reject! {|s| s.specs[name].empty? }
+        sources.uniq!
+        next if sources.size <= 1
+
+        multisource_disabled = Bundler.feature_flag.disable_multisource?
+
+        msg = ["The gem '#{name}' was found in multiple relevant sources."]
+        msg.concat sources.map {|s| "  * #{s}" }.sort
+        msg << "You #{multisource_disabled ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+        msg = msg.join("\n")
+
+        raise SecurityError, msg if multisource_disabled
+        Bundler.ui.warn "Warning: #{msg}"
+      end
+    end
   end
 end