bundler 1.3.0.pre.7 → 1.3.0.pre.8

data/lib/bundler/vendor/net/http/persistent/ssl_reuse.rb

@@ -0,0 +1,129 @@
+##
+# This Net::HTTP subclass adds SSL session reuse and Server Name Indication
+# (SNI) RFC 3546.
+#
+# DO NOT DEPEND UPON THIS CLASS
+#
+# This class is an implementation detail and is subject to change or removal
+# at any time.
+
+class Net::HTTP::Persistent::SSLReuse < Net::HTTP
+
+  @is_proxy_class = false
+  @proxy_addr = nil
+  @proxy_port = nil
+  @proxy_user = nil
+  @proxy_pass = nil
+
+  def initialize address, port = nil # :nodoc:
+    super
+
+    @ssl_session = nil
+  end
+
+  ##
+  # From ruby trunk r33086 including http://redmine.ruby-lang.org/issues/5341
+
+  def connect # :nodoc:
+    D "opening connection to #{conn_address()}..."
+    s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
+    D "opened"
+    if use_ssl?
+      ssl_parameters = Hash.new
+      iv_list = instance_variables
+      SSL_ATTRIBUTES.each do |name|
+        ivname = "@#{name}".intern
+        if iv_list.include?(ivname) and
+           value = instance_variable_get(ivname)
+          ssl_parameters[name] = value
+        end
+      end
+      unless @ssl_context then
+        @ssl_context = OpenSSL::SSL::SSLContext.new
+        @ssl_context.set_params(ssl_parameters)
+      end
+      s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
+      s.sync_close = true
+    end
+    @socket = Net::BufferedIO.new(s)
+    @socket.read_timeout = @read_timeout
+    @socket.continue_timeout = @continue_timeout if
+      @socket.respond_to? :continue_timeout
+    @socket.debug_output = @debug_output
+    if use_ssl?
+      begin
+        if proxy?
+          @socket.writeline sprintf('CONNECT %s:%s HTTP/%s',
+                                    @address, @port, HTTPVersion)
+          @socket.writeline "Host: #{@address}:#{@port}"
+          if proxy_user
+            credential = ["#{proxy_user}:#{proxy_pass}"].pack('m')
+            credential.delete!("\r\n")
+            @socket.writeline "Proxy-Authorization: Basic #{credential}"
+          end
+          @socket.writeline ''
+          Net::HTTPResponse.read_new(@socket).value
+        end
+        s.session = @ssl_session if @ssl_session
+        # Server Name Indication (SNI) RFC 3546
+        s.hostname = @address if s.respond_to? :hostname=
+        timeout(@open_timeout) { s.connect }
+        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          s.post_connection_check(@address)
+        end
+        @ssl_session = s.session
+      rescue => exception
+        D "Conn close because of connect error #{exception}"
+        @socket.close if @socket and not @socket.closed?
+        raise exception
+      end
+    end
+    on_connect
+  end if RUBY_VERSION > '1.9'
+
+  ##
+  # From ruby_1_8_7 branch r29865 including a modified
+  # http://redmine.ruby-lang.org/issues/5341
+
+  def connect # :nodoc:
+    D "opening connection to #{conn_address()}..."
+    s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
+    D "opened"
+    if use_ssl?
+      unless @ssl_context.verify_mode
+        warn "warning: peer certificate won't be verified in this SSL session"
+        @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
+      s.sync_close = true
+    end
+    @socket = Net::BufferedIO.new(s)
+    @socket.read_timeout = @read_timeout
+    @socket.debug_output = @debug_output
+    if use_ssl?
+      if proxy?
+        @socket.writeline sprintf('CONNECT %s:%s HTTP/%s',
+                                  @address, @port, HTTPVersion)
+        @socket.writeline "Host: #{@address}:#{@port}"
+        if proxy_user
+          credential = ["#{proxy_user}:#{proxy_pass}"].pack('m')
+          credential.delete!("\r\n")
+          @socket.writeline "Proxy-Authorization: Basic #{credential}"
+        end
+        @socket.writeline ''
+        Net::HTTPResponse.read_new(@socket).value
+      end
+      s.session = @ssl_session if @ssl_session
+      s.connect
+      if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+        s.post_connection_check(@address)
+      end
+      @ssl_session = s.session
+    end
+    on_connect
+  end if RUBY_VERSION < '1.9'
+
+  private :connect
+
+end
+

data/lib/bundler/vendored_persistent.rb

@@ -1,3 +1,14 @@
+begin
+  require 'openssl'
+  # ensure OpenSSL is loaded
+  OpenSSL
+rescue LoadError, NameError => e
+  raise Bundler::HTTPError, "\nCould not load OpenSSL." \
+    "\nYou must recompile Ruby with OpenSSL support or change the sources in your" \
+    "\nGemfile from 'https' to 'http'. Instructions for compiling with OpenSSL" \
+    "\nusing RVM are available at rvm.io/packages/openssl."
+end
+
 vendor = File.expand_path('../vendor', __FILE__)
 $:.unshift(vendor) unless $:.include?(vendor)
 require 'net/http/persistent'

data/lib/bundler/version.rb

@@ -2,5 +2,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.3.0.pre.7" unless defined?(::Bundler::VERSION)
+  VERSION = "1.3.0.pre.8" unless defined?(::Bundler::VERSION)
 end

data/lib/bundler/vlad.rb

@@ -8,4 +8,4 @@ include Rake::DSL if defined? Rake::DSL
 
 namespace :vlad do
   Bundler::Deployment.define_task(Rake::RemoteTask, :remote_task, :roles => :app)
-end
+end

data/man/bundle-config.ronn

@@ -21,7 +21,8 @@ setting, and where it was set.
 
 Executing `bundle config <name> <value>` will set that configuration to the
 value specified for all bundles executed as the current user. The configuration
-will be stored in `~/.bundle/config`.
+will be stored in `~/.bundle/config`. If <name> already is set, <name> will be
+overridden and user will be warned.
 
 Executing `bundle config --global <name> <value>` works the same as above.
 
@@ -29,7 +30,7 @@ Executing `bundle config --local <name> <value>` will set that configuration to
 the local application. The configuration will be stored in `app/.bundle/config`.
 
 Executing `bundle config --delete <name>` will delete the configuration in both
-local and global sources.
+local and global sources. Not compatible with --global or --local flag.
 
 Executing bundle with the `BUNDLE_IGNORE_CONFIG` environment variable set will
 cause it to ignore all configuration.

data/man/bundle-install.ronn

@@ -9,8 +9,9 @@ bundle-install(1) -- Install the dependencies specified in your Gemfile
                  [--local] [--deployment]
                  [--binstubs[=DIRECTORY]]
                  [--standalone[=GROUP1[ GROUP2...]]]
-                 [--quiet]
+                 [--trust-policy=POLICY]
                  [--no-cache]
+                 [--quiet]
 
 ## DESCRIPTION
 
@@ -82,11 +83,20 @@ update process below under [CONSERVATIVE UPDATING][].
   `bundle` directory and installs the bundle there. It also generates
   a `bundle/bundler/setup.rb` file to replace Bundler's own setup.
 
+* `--trust-policy=[<policy>]`:
+  Apply the Rubygems security policy named <policy>, where policy is one of
+  HighSecurity, MediumSecurity, LowSecurity, or NoSecurity. For more detail,
+  see the Rubygems signing documentation, linked below in [SEE ALSO][].
+
 * `--no-cache`:
   Do not update the cache in `vendor/cache` with the newly bundled gems. This
   does not remove any existing cached gems, only stops the newly bundled gems
   from being cached during the install.
 
+* `--quiet`:
+  Do not print progress information to stdout. Instead, communicate the
+  success of the install operation via exit status code.
+
 ## DEPLOYMENT MODE
 
 Bundler's defaults are optimized for development. To switch to
@@ -182,7 +192,7 @@ third-party code being used in different environments.`
 
 For a simple illustration, consider the following Gemfile(5):
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "sinatra"
 
@@ -278,7 +288,7 @@ same versions of all dependencies as it used before the update.
 
 Let's take a look at an example. Here's your original Gemfile(5):
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "actionpack", "2.3.8"
     gem "activemerchant"
@@ -294,7 +304,7 @@ gems in your Gemfile(5).
 
 Next, you modify your Gemfile(5) to:
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "actionpack", "3.0.0.rc"
     gem "activemerchant"
@@ -333,3 +343,8 @@ which other gems in the Gemfile(5) still depend on, run
 should first try to run `bundle install`, which will guarantee that no
 other gems in the Gemfile(5) are impacted by the change. If that
 does not work, run [bundle update(1)][bundle-update].
+
+## SEE ALSO
+
+* Gem install docs: http://docs.rubygems.org/read/chapter/2
+* Rubygems signing docs: http://docs.rubygems.org/read/chapter/21

data/man/bundle-package.ronn

@@ -26,7 +26,7 @@ in `vendor/cache`.
 
 For instance, consider this Gemfile(5):
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "nokogiri"
 

data/man/bundle-platform.ronn

@@ -12,7 +12,7 @@ VM about your platform.
 
 For instance, using this Gemfile(5):
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     ruby "1.9.3"
 

data/man/bundle-update.ronn

@@ -30,7 +30,7 @@ based on the latest versions of all gems available in the sources.
 
 Consider the following Gemfile(5):
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "rails", "3.0.0.rc"
     gem "nokogiri"
@@ -38,8 +38,8 @@ Consider the following Gemfile(5):
 When you run [bundle install(1)][bundle-install] the first time, bundler will resolve
 all of the dependencies, all the way down, and install what you need:
 
-    Fetching source index for http://rubygems.org/
-    Installing rake (0.8.7)
+    Fetching source index for https://rubygems.org/
+    Installing rake (10.0.2)
     Installing abstract (1.0.0)
     Installing activesupport (3.0.0.rc)
     Installing builder (2.1.2)
@@ -103,7 +103,7 @@ Sometimes, multiple gems declared in your Gemfile(5) are satisfied by the same
 second-level dependency. For instance, consider the case of `thin` and
 `rack-perftools-profiler`.
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
 
     gem "thin"
     gem "rack-perftools-profiler"
@@ -111,7 +111,7 @@ second-level dependency. For instance, consider the case of `thin` and
 The `thin` gem depends on `rack >= 1.0`, while `rack-perftools-profiler` depends
 on `rack ~> 1.0`. If you run bundle install, you get:
 
-    Fetching source index for http://rubygems.org/
+    Fetching source index for https://rubygems.org/
     Installing daemons (1.1.0)
     Installing eventmachine (0.12.10) with native extensions
     Installing open4 (1.0.1)

data/man/gemfile.5.ronn

@@ -20,7 +20,7 @@ a number of methods used to describe the gem requirements.
 At the top of the `Gemfile`, add one line for each `Rubygems` source that
 might contain the gems listed in the `Gemfile`.
 
-    source "http://rubygems.org"
+    source "https://rubygems.org"
     source "http://gems.github.com"
 
 Each of these _source_s `MUST` be a valid Rubygems repository. Sources are

data/spec/bundler/bundler_spec.rb

@@ -1,3 +1,4 @@
+# encoding: utf-8
 require 'spec_helper'
 require 'bundler'
 
@@ -45,5 +46,30 @@ describe Bundler do
       end
     end
 
+    it "can load a gemspec with unicode characters with default ruby encoding" do
+      # spec_helper forces the external encoding to UTF-8 but that's not the
+      # ruby default.
+      encoding = nil
+
+      if defined?(Encoding)
+        encoding = Encoding.default_external
+        Encoding.default_external = "ASCII"
+      end
+
+      File.open(tmp("test.gemspec"), "wb") do |file|
+        file.puts <<-G.gsub(/^\s+/, '')
+          # -*- encoding: utf-8 -*-
+          Gem::Specification.new do |gem|
+            gem.author = "André the Giant"
+          end
+        G
+      end
+
+      gemspec = Bundler.load_gemspec_uncached(tmp("test.gemspec"))
+      expect(gemspec.author).to eq("André the Giant")
+
+      Encoding.default_external = encoding if defined?(Encoding)
+    end
+
   end
 end

data/spec/cache/git_spec.rb

@@ -166,7 +166,7 @@ end
       expect(out).not_to include("Your Gemfile contains path and git dependencies.")
     end
 
-    it "evaluates gemspecs and writes them out" do
+    it "caches pre-evaluated gemspecs" do
       git = build_git "foo"
 
       # Insert a gemspec method that shells out

data/spec/install/gems/dependency_api_spec.rb

@@ -108,7 +108,7 @@ describe "gemcutter's dependency API" do
     G
 
     bundle :install, :fakeweb => "windows"
-    expect(out).to include("\nFetching full source index from #{source_uri}")
+    expect(out).to include("Fetching source index from #{source_uri}")
     should_be_installed "rcov 1.0.0"
   end
 
@@ -124,7 +124,7 @@ describe "gemcutter's dependency API" do
       gem "rails"
     G
     bundle :install, :artifice => "endpoint_fallback"
-    expect(out).to include("\nFetching full source index from #{source_uri}")
+    expect(out).to include("Fetching source index from #{source_uri}")
 
     should_be_installed(
       "activesupport 2.3.2",
@@ -144,7 +144,7 @@ describe "gemcutter's dependency API" do
     G
 
     bundle :install, :artifice => "endpoint_marshal_fail"
-    expect(out).to include("\nFetching full source index from #{source_uri}")
+    expect(out).to include("Fetching source index from #{source_uri}")
     should_be_installed "rack 1.0.0"
   end
 
@@ -216,11 +216,8 @@ describe "gemcutter's dependency API" do
 
     bundle :install, :artifice => "endpoint_extra"
 
-    output = <<-OUTPUT.gsub(/^ +/,'')
-      Fetching gem metadata from http://localgemserver.test/..
-      Fetching gem metadata from http://localgemserver.test/extra/.
-    OUTPUT
-    expect(out).to include(output)
+    expect(out).to include("Fetching gem metadata from http://localgemserver.test/..")
+    expect(out).to include("Fetching source index from http://localgemserver.test/extra")
   end
 
   it "does not fetch every specs if the index of gems is large when doing back deps" do
@@ -230,7 +227,7 @@ describe "gemcutter's dependency API" do
       end
       build_gem "missing"
       # need to hit the limit
-      1.upto(Bundler::Source::Rubygems::FORCE_MODERN_INDEX_LIMIT) do |i|
+      1.upto(Bundler::Source::Rubygems::API_REQUEST_LIMIT) do |i|
         build_gem "gem#{i}"
       end
 
@@ -289,7 +286,7 @@ describe "gemcutter's dependency API" do
     expect(out).to include("Fetching gem metadata from #{source_uri}")
   end
 
-  it "should install when EndpointSpecification with a bin dir owned by root", :sudo => true do
+  fit "should install when EndpointSpecification with a bin dir owned by root", :sudo => true do
     sudo "mkdir -p #{system_gem_path("bin")}"
     sudo "chown -R root #{system_gem_path("bin")}"
 
@@ -298,6 +295,7 @@ describe "gemcutter's dependency API" do
       gem "rails"
     G
     bundle :install, :artifice => "endpoint"
+    puts out, err
     should_be_installed "rails 2.3.2"
   end
 
@@ -408,15 +406,7 @@ describe "gemcutter's dependency API" do
       bundled_app("broken_ssl").mkpath
       bundled_app("broken_ssl/openssl.rb").open("w") do |f|
         f.write <<-RUBY
-          $:.delete File.expand_path("..", __FILE__)
-          require 'openssl'
-
-          require 'bundler'
-          class Bundler::Fetcher
-            def fetch(*)
-              raise LoadError, "cannot load such file -- openssl"
-            end
-          end
+          raise LoadError, "cannot load such file -- openssl"
         RUBY
       end
     end
@@ -427,16 +417,15 @@ describe "gemcutter's dependency API" do
         gem "rack"
       G
 
-      bundle :install, :artifice => "endpoint",
-        :env => {"RUBYOPT" => "-I#{bundled_app("broken_ssl")}"}
-      expect(out).to include("Could not load OpenSSL.")
+      bundle :install, :env => {"RUBYOPT" => "-I#{bundled_app("broken_ssl")}"}
+      expect(out).to include("OpenSSL")
     end
   end
 
   context ".gemrc with sources is present" do
     before do
       File.open(home('.gemrc'), 'w') do |file|
-        file.puts({:sources => ["http://rubygems.org"]}.to_yaml)
+        file.puts({:sources => ["https://rubygems.org"]}.to_yaml)
       end
     end