bundler 1.3.0.pre.7 → 1.3.0.pre.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bundler might be problematic. Click here for more details.

Files changed (69) hide show
  1. data/.rspec +1 -1
  2. data/.travis.yml +5 -0
  3. data/CHANGELOG.md +47 -0
  4. data/CONTRIBUTE.md +1 -2
  5. data/CONTRIBUTING.md +1 -1
  6. data/{LICENSE → LICENSE.md} +1 -1
  7. data/Rakefile +16 -13
  8. data/bundler.gemspec +20 -24
  9. data/lib/bundler.rb +6 -6
  10. data/lib/bundler/cli.rb +48 -11
  11. data/lib/bundler/deployment.rb +2 -1
  12. data/lib/bundler/deprecate.rb +1 -1
  13. data/lib/bundler/dsl.rb +4 -1
  14. data/lib/bundler/env.rb +1 -1
  15. data/lib/bundler/fetcher.rb +85 -57
  16. data/lib/bundler/friendly_errors.rb +0 -12
  17. data/lib/bundler/index.rb +2 -2
  18. data/lib/bundler/injector.rb +1 -1
  19. data/lib/bundler/installer.rb +7 -3
  20. data/lib/bundler/resolver.rb +17 -0
  21. data/lib/bundler/rubygems_ext.rb +4 -3
  22. data/lib/bundler/rubygems_integration.rb +38 -19
  23. data/lib/bundler/runtime.rb +9 -3
  24. data/lib/bundler/source/git.rb +20 -12
  25. data/lib/bundler/source/git/git_proxy.rb +1 -0
  26. data/lib/bundler/source/path/installer.rb +1 -1
  27. data/lib/bundler/source/rubygems.rb +25 -31
  28. data/lib/bundler/templates/newgem/.travis.yml.tt +3 -0
  29. data/lib/bundler/templates/newgem/LICENSE.txt.tt +1 -1
  30. data/lib/bundler/templates/newgem/newgem.gemspec.tt +17 -16
  31. data/lib/bundler/templates/newgem/test/test_newgem.rb.tt +1 -1
  32. data/lib/bundler/ui.rb +3 -2
  33. data/lib/bundler/vendor/net/http/persistent.rb +743 -91
  34. data/lib/bundler/vendor/net/http/persistent/ssl_reuse.rb +129 -0
  35. data/lib/bundler/vendored_persistent.rb +11 -0
  36. data/lib/bundler/version.rb +1 -1
  37. data/lib/bundler/vlad.rb +1 -1
  38. data/man/bundle-config.ronn +3 -2
  39. data/man/bundle-install.ronn +19 -4
  40. data/man/bundle-package.ronn +1 -1
  41. data/man/bundle-platform.ronn +1 -1
  42. data/man/bundle-update.ronn +5 -5
  43. data/man/gemfile.5.ronn +1 -1
  44. data/spec/bundler/bundler_spec.rb +26 -0
  45. data/spec/cache/git_spec.rb +1 -1
  46. data/spec/install/gems/dependency_api_spec.rb +12 -23
  47. data/spec/install/gems/flex_spec.rb +1 -0
  48. data/spec/install/gems/groups_spec.rb +0 -19
  49. data/spec/install/gems/simple_case_spec.rb +4 -1
  50. data/spec/install/gems/sudo_spec.rb +11 -15
  51. data/spec/install/git_spec.rb +17 -0
  52. data/spec/install/security_policy_spec.rb +78 -0
  53. data/spec/other/licenses_spec.rb +18 -0
  54. data/spec/other/newgem_spec.rb +36 -0
  55. data/spec/other/outdated_spec.rb +10 -2
  56. data/spec/other/show_spec.rb +6 -1
  57. data/spec/realworld/dependency_api_spec.rb +2 -2
  58. data/spec/realworld/edgecases_spec.rb +3 -3
  59. data/spec/resolver/basic_spec.rb +7 -1
  60. data/spec/resolver/platform_spec.rb +1 -1
  61. data/spec/runtime/executable_spec.rb +2 -2
  62. data/spec/runtime/setup_spec.rb +14 -1
  63. data/spec/support/artifice/endpoint.rb +2 -0
  64. data/spec/support/builders.rb +74 -1
  65. data/spec/support/fakeweb/windows.rb +1 -1
  66. data/spec/support/indexes.rb +22 -0
  67. data/spec/support/path.rb +4 -0
  68. data/spec/support/rubygems_ext.rb +1 -0
  69. metadata +63 -83
@@ -0,0 +1,129 @@
1
+ ##
2
+ # This Net::HTTP subclass adds SSL session reuse and Server Name Indication
3
+ # (SNI) RFC 3546.
4
+ #
5
+ # DO NOT DEPEND UPON THIS CLASS
6
+ #
7
+ # This class is an implementation detail and is subject to change or removal
8
+ # at any time.
9
+
10
+ class Net::HTTP::Persistent::SSLReuse < Net::HTTP
11
+
12
+ @is_proxy_class = false
13
+ @proxy_addr = nil
14
+ @proxy_port = nil
15
+ @proxy_user = nil
16
+ @proxy_pass = nil
17
+
18
+ def initialize address, port = nil # :nodoc:
19
+ super
20
+
21
+ @ssl_session = nil
22
+ end
23
+
24
+ ##
25
+ # From ruby trunk r33086 including http://redmine.ruby-lang.org/issues/5341
26
+
27
+ def connect # :nodoc:
28
+ D "opening connection to #{conn_address()}..."
29
+ s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
30
+ D "opened"
31
+ if use_ssl?
32
+ ssl_parameters = Hash.new
33
+ iv_list = instance_variables
34
+ SSL_ATTRIBUTES.each do |name|
35
+ ivname = "@#{name}".intern
36
+ if iv_list.include?(ivname) and
37
+ value = instance_variable_get(ivname)
38
+ ssl_parameters[name] = value
39
+ end
40
+ end
41
+ unless @ssl_context then
42
+ @ssl_context = OpenSSL::SSL::SSLContext.new
43
+ @ssl_context.set_params(ssl_parameters)
44
+ end
45
+ s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
46
+ s.sync_close = true
47
+ end
48
+ @socket = Net::BufferedIO.new(s)
49
+ @socket.read_timeout = @read_timeout
50
+ @socket.continue_timeout = @continue_timeout if
51
+ @socket.respond_to? :continue_timeout
52
+ @socket.debug_output = @debug_output
53
+ if use_ssl?
54
+ begin
55
+ if proxy?
56
+ @socket.writeline sprintf('CONNECT %s:%s HTTP/%s',
57
+ @address, @port, HTTPVersion)
58
+ @socket.writeline "Host: #{@address}:#{@port}"
59
+ if proxy_user
60
+ credential = ["#{proxy_user}:#{proxy_pass}"].pack('m')
61
+ credential.delete!("\r\n")
62
+ @socket.writeline "Proxy-Authorization: Basic #{credential}"
63
+ end
64
+ @socket.writeline ''
65
+ Net::HTTPResponse.read_new(@socket).value
66
+ end
67
+ s.session = @ssl_session if @ssl_session
68
+ # Server Name Indication (SNI) RFC 3546
69
+ s.hostname = @address if s.respond_to? :hostname=
70
+ timeout(@open_timeout) { s.connect }
71
+ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
72
+ s.post_connection_check(@address)
73
+ end
74
+ @ssl_session = s.session
75
+ rescue => exception
76
+ D "Conn close because of connect error #{exception}"
77
+ @socket.close if @socket and not @socket.closed?
78
+ raise exception
79
+ end
80
+ end
81
+ on_connect
82
+ end if RUBY_VERSION > '1.9'
83
+
84
+ ##
85
+ # From ruby_1_8_7 branch r29865 including a modified
86
+ # http://redmine.ruby-lang.org/issues/5341
87
+
88
+ def connect # :nodoc:
89
+ D "opening connection to #{conn_address()}..."
90
+ s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
91
+ D "opened"
92
+ if use_ssl?
93
+ unless @ssl_context.verify_mode
94
+ warn "warning: peer certificate won't be verified in this SSL session"
95
+ @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
96
+ end
97
+ s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
98
+ s.sync_close = true
99
+ end
100
+ @socket = Net::BufferedIO.new(s)
101
+ @socket.read_timeout = @read_timeout
102
+ @socket.debug_output = @debug_output
103
+ if use_ssl?
104
+ if proxy?
105
+ @socket.writeline sprintf('CONNECT %s:%s HTTP/%s',
106
+ @address, @port, HTTPVersion)
107
+ @socket.writeline "Host: #{@address}:#{@port}"
108
+ if proxy_user
109
+ credential = ["#{proxy_user}:#{proxy_pass}"].pack('m')
110
+ credential.delete!("\r\n")
111
+ @socket.writeline "Proxy-Authorization: Basic #{credential}"
112
+ end
113
+ @socket.writeline ''
114
+ Net::HTTPResponse.read_new(@socket).value
115
+ end
116
+ s.session = @ssl_session if @ssl_session
117
+ s.connect
118
+ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
119
+ s.post_connection_check(@address)
120
+ end
121
+ @ssl_session = s.session
122
+ end
123
+ on_connect
124
+ end if RUBY_VERSION < '1.9'
125
+
126
+ private :connect
127
+
128
+ end
129
+
@@ -1,3 +1,14 @@
1
+ begin
2
+ require 'openssl'
3
+ # ensure OpenSSL is loaded
4
+ OpenSSL
5
+ rescue LoadError, NameError => e
6
+ raise Bundler::HTTPError, "\nCould not load OpenSSL." \
7
+ "\nYou must recompile Ruby with OpenSSL support or change the sources in your" \
8
+ "\nGemfile from 'https' to 'http'. Instructions for compiling with OpenSSL" \
9
+ "\nusing RVM are available at rvm.io/packages/openssl."
10
+ end
11
+
1
12
  vendor = File.expand_path('../vendor', __FILE__)
2
13
  $:.unshift(vendor) unless $:.include?(vendor)
3
14
  require 'net/http/persistent'
@@ -2,5 +2,5 @@ module Bundler
2
2
  # We're doing this because we might write tests that deal
3
3
  # with other versions of bundler and we are unsure how to
4
4
  # handle this better.
5
- VERSION = "1.3.0.pre.7" unless defined?(::Bundler::VERSION)
5
+ VERSION = "1.3.0.pre.8" unless defined?(::Bundler::VERSION)
6
6
  end
@@ -8,4 +8,4 @@ include Rake::DSL if defined? Rake::DSL
8
8
 
9
9
  namespace :vlad do
10
10
  Bundler::Deployment.define_task(Rake::RemoteTask, :remote_task, :roles => :app)
11
- end
11
+ end
@@ -21,7 +21,8 @@ setting, and where it was set.
21
21
 
22
22
  Executing `bundle config <name> <value>` will set that configuration to the
23
23
  value specified for all bundles executed as the current user. The configuration
24
- will be stored in `~/.bundle/config`.
24
+ will be stored in `~/.bundle/config`. If <name> already is set, <name> will be
25
+ overridden and user will be warned.
25
26
 
26
27
  Executing `bundle config --global <name> <value>` works the same as above.
27
28
 
@@ -29,7 +30,7 @@ Executing `bundle config --local <name> <value>` will set that configuration to
29
30
  the local application. The configuration will be stored in `app/.bundle/config`.
30
31
 
31
32
  Executing `bundle config --delete <name>` will delete the configuration in both
32
- local and global sources.
33
+ local and global sources. Not compatible with --global or --local flag.
33
34
 
34
35
  Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
35
36
  cause it to ignore all configuration.
@@ -9,8 +9,9 @@ bundle-install(1) -- Install the dependencies specified in your Gemfile
9
9
  [--local] [--deployment]
10
10
  [--binstubs[=DIRECTORY]]
11
11
  [--standalone[=GROUP1[ GROUP2...]]]
12
- [--quiet]
12
+ [--trust-policy=POLICY]
13
13
  [--no-cache]
14
+ [--quiet]
14
15
 
15
16
  ## DESCRIPTION
16
17
 
@@ -82,11 +83,20 @@ update process below under [CONSERVATIVE UPDATING][].
82
83
  `bundle` directory and installs the bundle there. It also generates
83
84
  a `bundle/bundler/setup.rb` file to replace Bundler's own setup.
84
85
 
86
+ * `--trust-policy=[<policy>]`:
87
+ Apply the Rubygems security policy named <policy>, where policy is one of
88
+ HighSecurity, MediumSecurity, LowSecurity, or NoSecurity. For more detail,
89
+ see the Rubygems signing documentation, linked below in [SEE ALSO][].
90
+
85
91
  * `--no-cache`:
86
92
  Do not update the cache in `vendor/cache` with the newly bundled gems. This
87
93
  does not remove any existing cached gems, only stops the newly bundled gems
88
94
  from being cached during the install.
89
95
 
96
+ * `--quiet`:
97
+ Do not print progress information to stdout. Instead, communicate the
98
+ success of the install operation via exit status code.
99
+
90
100
  ## DEPLOYMENT MODE
91
101
 
92
102
  Bundler's defaults are optimized for development. To switch to
@@ -182,7 +192,7 @@ third-party code being used in different environments.`
182
192
 
183
193
  For a simple illustration, consider the following Gemfile(5):
184
194
 
185
- source "http://rubygems.org"
195
+ source "https://rubygems.org"
186
196
 
187
197
  gem "sinatra"
188
198
 
@@ -278,7 +288,7 @@ same versions of all dependencies as it used before the update.
278
288
 
279
289
  Let's take a look at an example. Here's your original Gemfile(5):
280
290
 
281
- source "http://rubygems.org"
291
+ source "https://rubygems.org"
282
292
 
283
293
  gem "actionpack", "2.3.8"
284
294
  gem "activemerchant"
@@ -294,7 +304,7 @@ gems in your Gemfile(5).
294
304
 
295
305
  Next, you modify your Gemfile(5) to:
296
306
 
297
- source "http://rubygems.org"
307
+ source "https://rubygems.org"
298
308
 
299
309
  gem "actionpack", "3.0.0.rc"
300
310
  gem "activemerchant"
@@ -333,3 +343,8 @@ which other gems in the Gemfile(5) still depend on, run
333
343
  should first try to run `bundle install`, which will guarantee that no
334
344
  other gems in the Gemfile(5) are impacted by the change. If that
335
345
  does not work, run [bundle update(1)][bundle-update].
346
+
347
+ ## SEE ALSO
348
+
349
+ * Gem install docs: http://docs.rubygems.org/read/chapter/2
350
+ * Rubygems signing docs: http://docs.rubygems.org/read/chapter/21
@@ -26,7 +26,7 @@ in `vendor/cache`.
26
26
 
27
27
  For instance, consider this Gemfile(5):
28
28
 
29
- source "http://rubygems.org"
29
+ source "https://rubygems.org"
30
30
 
31
31
  gem "nokogiri"
32
32
 
@@ -12,7 +12,7 @@ VM about your platform.
12
12
 
13
13
  For instance, using this Gemfile(5):
14
14
 
15
- source "http://rubygems.org"
15
+ source "https://rubygems.org"
16
16
 
17
17
  ruby "1.9.3"
18
18
 
@@ -30,7 +30,7 @@ based on the latest versions of all gems available in the sources.
30
30
 
31
31
  Consider the following Gemfile(5):
32
32
 
33
- source "http://rubygems.org"
33
+ source "https://rubygems.org"
34
34
 
35
35
  gem "rails", "3.0.0.rc"
36
36
  gem "nokogiri"
@@ -38,8 +38,8 @@ Consider the following Gemfile(5):
38
38
  When you run [bundle install(1)][bundle-install] the first time, bundler will resolve
39
39
  all of the dependencies, all the way down, and install what you need:
40
40
 
41
- Fetching source index for http://rubygems.org/
42
- Installing rake (0.8.7)
41
+ Fetching source index for https://rubygems.org/
42
+ Installing rake (10.0.2)
43
43
  Installing abstract (1.0.0)
44
44
  Installing activesupport (3.0.0.rc)
45
45
  Installing builder (2.1.2)
@@ -103,7 +103,7 @@ Sometimes, multiple gems declared in your Gemfile(5) are satisfied by the same
103
103
  second-level dependency. For instance, consider the case of `thin` and
104
104
  `rack-perftools-profiler`.
105
105
 
106
- source "http://rubygems.org"
106
+ source "https://rubygems.org"
107
107
 
108
108
  gem "thin"
109
109
  gem "rack-perftools-profiler"
@@ -111,7 +111,7 @@ second-level dependency. For instance, consider the case of `thin` and
111
111
  The `thin` gem depends on `rack >= 1.0`, while `rack-perftools-profiler` depends
112
112
  on `rack ~> 1.0`. If you run bundle install, you get:
113
113
 
114
- Fetching source index for http://rubygems.org/
114
+ Fetching source index for https://rubygems.org/
115
115
  Installing daemons (1.1.0)
116
116
  Installing eventmachine (0.12.10) with native extensions
117
117
  Installing open4 (1.0.1)
@@ -20,7 +20,7 @@ a number of methods used to describe the gem requirements.
20
20
  At the top of the `Gemfile`, add one line for each `Rubygems` source that
21
21
  might contain the gems listed in the `Gemfile`.
22
22
 
23
- source "http://rubygems.org"
23
+ source "https://rubygems.org"
24
24
  source "http://gems.github.com"
25
25
 
26
26
  Each of these _source_s `MUST` be a valid Rubygems repository. Sources are
@@ -1,3 +1,4 @@
1
+ # encoding: utf-8
1
2
  require 'spec_helper'
2
3
  require 'bundler'
3
4
 
@@ -45,5 +46,30 @@ describe Bundler do
45
46
  end
46
47
  end
47
48
 
49
+ it "can load a gemspec with unicode characters with default ruby encoding" do
50
+ # spec_helper forces the external encoding to UTF-8 but that's not the
51
+ # ruby default.
52
+ encoding = nil
53
+
54
+ if defined?(Encoding)
55
+ encoding = Encoding.default_external
56
+ Encoding.default_external = "ASCII"
57
+ end
58
+
59
+ File.open(tmp("test.gemspec"), "wb") do |file|
60
+ file.puts <<-G.gsub(/^\s+/, '')
61
+ # -*- encoding: utf-8 -*-
62
+ Gem::Specification.new do |gem|
63
+ gem.author = "André the Giant"
64
+ end
65
+ G
66
+ end
67
+
68
+ gemspec = Bundler.load_gemspec_uncached(tmp("test.gemspec"))
69
+ expect(gemspec.author).to eq("André the Giant")
70
+
71
+ Encoding.default_external = encoding if defined?(Encoding)
72
+ end
73
+
48
74
  end
49
75
  end
@@ -166,7 +166,7 @@ end
166
166
  expect(out).not_to include("Your Gemfile contains path and git dependencies.")
167
167
  end
168
168
 
169
- it "evaluates gemspecs and writes them out" do
169
+ it "caches pre-evaluated gemspecs" do
170
170
  git = build_git "foo"
171
171
 
172
172
  # Insert a gemspec method that shells out
@@ -108,7 +108,7 @@ describe "gemcutter's dependency API" do
108
108
  G
109
109
 
110
110
  bundle :install, :fakeweb => "windows"
111
- expect(out).to include("\nFetching full source index from #{source_uri}")
111
+ expect(out).to include("Fetching source index from #{source_uri}")
112
112
  should_be_installed "rcov 1.0.0"
113
113
  end
114
114
 
@@ -124,7 +124,7 @@ describe "gemcutter's dependency API" do
124
124
  gem "rails"
125
125
  G
126
126
  bundle :install, :artifice => "endpoint_fallback"
127
- expect(out).to include("\nFetching full source index from #{source_uri}")
127
+ expect(out).to include("Fetching source index from #{source_uri}")
128
128
 
129
129
  should_be_installed(
130
130
  "activesupport 2.3.2",
@@ -144,7 +144,7 @@ describe "gemcutter's dependency API" do
144
144
  G
145
145
 
146
146
  bundle :install, :artifice => "endpoint_marshal_fail"
147
- expect(out).to include("\nFetching full source index from #{source_uri}")
147
+ expect(out).to include("Fetching source index from #{source_uri}")
148
148
  should_be_installed "rack 1.0.0"
149
149
  end
150
150
 
@@ -216,11 +216,8 @@ describe "gemcutter's dependency API" do
216
216
 
217
217
  bundle :install, :artifice => "endpoint_extra"
218
218
 
219
- output = <<-OUTPUT.gsub(/^ +/,'')
220
- Fetching gem metadata from http://localgemserver.test/..
221
- Fetching gem metadata from http://localgemserver.test/extra/.
222
- OUTPUT
223
- expect(out).to include(output)
219
+ expect(out).to include("Fetching gem metadata from http://localgemserver.test/..")
220
+ expect(out).to include("Fetching source index from http://localgemserver.test/extra")
224
221
  end
225
222
 
226
223
  it "does not fetch every specs if the index of gems is large when doing back deps" do
@@ -230,7 +227,7 @@ describe "gemcutter's dependency API" do
230
227
  end
231
228
  build_gem "missing"
232
229
  # need to hit the limit
233
- 1.upto(Bundler::Source::Rubygems::FORCE_MODERN_INDEX_LIMIT) do |i|
230
+ 1.upto(Bundler::Source::Rubygems::API_REQUEST_LIMIT) do |i|
234
231
  build_gem "gem#{i}"
235
232
  end
236
233
 
@@ -289,7 +286,7 @@ describe "gemcutter's dependency API" do
289
286
  expect(out).to include("Fetching gem metadata from #{source_uri}")
290
287
  end
291
288
 
292
- it "should install when EndpointSpecification with a bin dir owned by root", :sudo => true do
289
+ fit "should install when EndpointSpecification with a bin dir owned by root", :sudo => true do
293
290
  sudo "mkdir -p #{system_gem_path("bin")}"
294
291
  sudo "chown -R root #{system_gem_path("bin")}"
295
292
 
@@ -298,6 +295,7 @@ describe "gemcutter's dependency API" do
298
295
  gem "rails"
299
296
  G
300
297
  bundle :install, :artifice => "endpoint"
298
+ puts out, err
301
299
  should_be_installed "rails 2.3.2"
302
300
  end
303
301
 
@@ -408,15 +406,7 @@ describe "gemcutter's dependency API" do
408
406
  bundled_app("broken_ssl").mkpath
409
407
  bundled_app("broken_ssl/openssl.rb").open("w") do |f|
410
408
  f.write <<-RUBY
411
- $:.delete File.expand_path("..", __FILE__)
412
- require 'openssl'
413
-
414
- require 'bundler'
415
- class Bundler::Fetcher
416
- def fetch(*)
417
- raise LoadError, "cannot load such file -- openssl"
418
- end
419
- end
409
+ raise LoadError, "cannot load such file -- openssl"
420
410
  RUBY
421
411
  end
422
412
  end
@@ -427,16 +417,15 @@ describe "gemcutter's dependency API" do
427
417
  gem "rack"
428
418
  G
429
419
 
430
- bundle :install, :artifice => "endpoint",
431
- :env => {"RUBYOPT" => "-I#{bundled_app("broken_ssl")}"}
432
- expect(out).to include("Could not load OpenSSL.")
420
+ bundle :install, :env => {"RUBYOPT" => "-I#{bundled_app("broken_ssl")}"}
421
+ expect(out).to include("OpenSSL")
433
422
  end
434
423
  end
435
424
 
436
425
  context ".gemrc with sources is present" do
437
426
  before do
438
427
  File.open(home('.gemrc'), 'w') do |file|
439
- file.puts({:sources => ["http://rubygems.org"]}.to_yaml)
428
+ file.puts({:sources => ["https://rubygems.org"]}.to_yaml)
440
429
  end
441
430
  end
442
431