bundler 1.6.9 → 1.7.0

data/lib/bundler/fetcher.rb

@@ -316,7 +316,8 @@ module Bundler
 
     # fetch from modern index: specs.4.8.gz
     def fetch_all_remote_specs
-      Bundler.rubygems.sources = ["#{@remote_uri}"]
+      old_sources = Bundler.rubygems.sources
+      Bundler.rubygems.sources = [@remote_uri.to_s]
       Bundler.rubygems.fetch_all_remote_specs
     rescue Gem::RemoteFetcher::FetchError, OpenSSL::SSL::SSLError => e
       case e.message
@@ -330,6 +331,8 @@ module Bundler
         Bundler.ui.trace e
         raise HTTPError, "Could not fetch specs from #{uri}"
       end
+    ensure
+      Bundler.rubygems.sources = old_sources
     end
 
     def well_formed_dependency(name, *requirements)

data/lib/bundler/index.rb

@@ -10,13 +10,14 @@ module Bundler
       i
     end
 
-    attr_reader :specs, :sources
-    protected   :specs
+    attr_reader :specs, :all_specs, :sources
+    protected   :specs, :all_specs
 
     def initialize
       @sources = []
       @cache = {}
       @specs = Hash.new { |h,k| h[k] = [] }
+      @all_specs = Hash.new { |h,k| h[k] = [] }
     end
 
     def initialize_copy(o)
@@ -24,10 +25,14 @@ module Bundler
       @sources = @sources.dup
       @cache = {}
       @specs = Hash.new { |h,k| h[k] = [] }
+      @all_specs = Hash.new { |h,k| h[k] = [] }
 
       o.specs.each do |name, array|
         @specs[name] = array.dup
       end
+      o.all_specs.each do |name, array|
+        @all_specs[name] = array.dup
+      end
     end
 
     def inspect
@@ -39,6 +44,14 @@ module Bundler
       true
     end
 
+    def search_all(name)
+      all_matches = @all_specs[name] + local_search(name)
+      @sources.each do |source|
+        all_matches.concat(source.search_all(name))
+      end
+      all_matches
+    end
+
     # Search this index's specs, and any source indexes that this index knows
     # about, returning all of the results.
     def search(query, base = nil)
@@ -105,6 +118,7 @@ module Bundler
       return unless other
       other.each do |s|
         if (dupes = search_by_spec(s)) && dupes.any?
+          @all_specs[s.name] = [s] + dupes
           next unless override_dupes
           @specs[s.name] -= dupes
         end

data/lib/bundler/installer.rb

@@ -5,7 +5,10 @@ require 'bundler/parallel_workers'
 module Bundler
   class Installer < Environment
     class << self
-      attr_accessor :post_install_messages
+      attr_accessor :post_install_messages, :ambiguous_gems
+
+      Installer.post_install_messages = {}
+      Installer.ambiguous_gems = []
     end
 
     # Begins the installation process for Bundler.
@@ -75,10 +78,6 @@ module Bundler
       unless local
         options["local"] ? @definition.resolve_with_cache! : @definition.resolve_remotely!
       end
-      # Must install gems in the order that the resolver provides
-      # as dependencies might actually affect the installation of
-      # the gem.
-      Installer.post_install_messages = {}
 
       # the order that the resolver provides is significant, since
       # dependencies might actually affect the installation of a gem.

data/lib/bundler/lockfile_parser.rb

@@ -29,6 +29,8 @@ module Bundler
       @state        = :source
       @specs        = {}
 
+      @rubygems_aggregate = Source::Rubygems.new
+
       if lockfile.match(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
         raise LockfileError, "Your Gemfile.lock contains merge conflicts.\n" \
           "Run `git checkout HEAD -- Gemfile.lock` first to get a clean lock."
@@ -43,6 +45,7 @@ module Bundler
           send("parse_#{@state}", line)
         end
       end
+      @sources << @rubygems_aggregate
       @specs = @specs.values
     end
 
@@ -60,14 +63,24 @@ module Bundler
         @current_source = nil
         @opts, @type = {}, line
       when SPECS
-        @current_source = TYPES[@type].from_lock(@opts)
-
-        # Strip out duplicate GIT sections
-        if @sources.include?(@current_source) && @current_source.is_a?(Bundler::Source::Git)
-          @current_source = @sources.find { |s| s == @current_source }
+        case @type
+        when "PATH"
+          @current_source = TYPES[@type].from_lock(@opts)
+          @sources << @current_source
+        when "GIT"
+          @current_source = TYPES[@type].from_lock(@opts)
+          # Strip out duplicate GIT sections
+          if @type == "GIT" && @sources.include?(@current_source)
+            @current_source = @sources.find { |s| s == @current_source }
+          else
+            @sources << @current_source
+          end
+        when "GEM"
+          Array(@opts["remote"]).each do |url|
+            @rubygems_aggregate.add_remote(url)
+          end
+          @current_source = @rubygems_aggregate
         end
-
-        @sources << @current_source
       when OPTIONS
         value = $2
         value = true if value == "true"

data/lib/bundler/runtime.rb

@@ -139,7 +139,7 @@ module Bundler
       gemspec_files        = Dir["#{Gem.dir}/specifications/*.gemspec"]
       spec_gem_paths       = []
       # need to keep git sources around
-      spec_git_paths       = @definition.sources.select {|s| s.is_a?(Bundler::Source::Git) }.map {|s| s.path.to_s }
+      spec_git_paths       = @definition.spec_git_paths
       spec_git_cache_dirs  = []
       spec_gem_executables = []
       spec_cache_paths     = []

data/lib/bundler/source.rb

@@ -24,5 +24,8 @@ module Bundler
       message
     end
 
+    def can_lock?(spec)
+      spec.source == self
+    end
   end
 end

data/lib/bundler/source/rubygems.rb

@@ -12,12 +12,14 @@ module Bundler
 
       def initialize(options = {})
         @options = options
-        @remotes = (options["remotes"] || []).map { |r| normalize_uri(r) }
+        @remotes = []
         @fetchers = {}
         @dependency_names = []
         @allow_remote = false
         @allow_cached = false
         @caches = [Bundler.app_cache, *Bundler.rubygems.gem_cache]
+
+        Array(options["remotes"] || []).reverse_each{|r| add_remote(r) }
       end
 
       def remote!
@@ -29,23 +31,25 @@ module Bundler
       end
 
       def hash
-        Rubygems.hash
+        @remotes.hash
       end
 
       def eql?(o)
-        o.is_a?(Rubygems)
+        o.is_a?(Rubygems) && remotes == o.remotes
       end
 
       alias == eql?
 
+      def can_lock?(spec)
+        spec.source.is_a?(Rubygems)
+      end
+
       def options
         { "remotes" => @remotes.map { |r| r.to_s } }
       end
 
       def self.from_lock(options)
-        s = new(options)
-        Array(options["remote"]).each { |r| s.add_remote(r) }
-        s
+        new(options)
       end
 
       def to_lock
@@ -72,6 +76,13 @@ module Bundler
         # Download the gem to get the spec, because some specs that are returned
         # by rubygems.org are broken and wrong.
         if spec.source_uri
+          # Check for this spec from other sources
+          uris = [spec.source_uri]
+          uris += source_uris_for_spec(spec)
+          uris.compact!
+          uris.uniq!
+          Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1
+
           s = Bundler.rubygems.spec_from_gem(fetch_gem(spec), Bundler.settings["trust-policy"])
           spec.__swap__(s)
         end
@@ -148,18 +159,14 @@ module Bundler
       end
 
       def add_remote(source)
-        @remotes << normalize_uri(source)
+        uri = normalize_uri(source)
+        @remotes.unshift(uri) unless @remotes.include?(uri)
       end
 
-      def replace_remotes(source)
-        return false if source.remotes == @remotes
-
-        @remotes = []
-        source.remotes.each do |r|
-          add_remote r.to_s
-        end
+    protected
 
-        true
+      def source_uris_for_spec(spec)
+        specs.search_all(spec.name).map{|s| s.source_uri }
       end
 
     private
@@ -186,7 +193,7 @@ module Bundler
       end
 
       def suppress_configured_credentials(remote)
-        remote_nouser = remote.dup.tap { |uri| uri.user = uri.password = nil }.to_s
+        remote_nouser = remote.tap { |uri| uri.user = uri.password = nil }.to_s
         if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser]
           remote_nouser
         else

data/lib/bundler/source_list.rb

@@ -0,0 +1,79 @@
+module Bundler
+  class SourceList
+    attr_reader :path_sources,
+                :git_sources,
+                :rubygems_sources
+
+    def initialize
+      @path_sources       = []
+      @git_sources        = []
+      @rubygems_aggregate = Source::Rubygems.new
+      @rubygems_sources   = [@rubygems_aggregate]
+    end
+
+    def add_path_source(options = {})
+      add_source_to_list Source::Path.new(options), path_sources
+    end
+
+    def add_git_source(options = {})
+      add_source_to_list Source::Git.new(options), git_sources
+    end
+
+    def add_rubygems_source(options = {})
+      add_source_to_list Source::Rubygems.new(options), @rubygems_sources
+    end
+
+    def add_rubygems_remote(uri)
+      @rubygems_aggregate.add_remote(uri)
+      @rubygems_aggregate
+    end
+
+    def all_sources
+      path_sources + git_sources + rubygems_sources
+    end
+
+    def get(source)
+      source_list_for(source).find { |s| source == s }
+    end
+
+    def lock_sources
+      (path_sources + git_sources) << combine_rubygems_sources
+    end
+
+    def replace_sources!(replacement_sources)
+      [path_sources, git_sources, rubygems_sources].each do |source_list|
+        source_list.map! do |source|
+          replacement_sources.find { |s| s == source } || source
+        end
+      end
+    end
+
+    def cached!
+      all_sources.each(&:cached!)
+    end
+
+    def remote!
+      all_sources.each(&:remote!)
+    end
+
+  private
+
+    def add_source_to_list(source, list)
+      list.unshift(source).uniq!
+      source
+    end
+
+    def source_list_for(source)
+      case source
+      when Source::Git      then git_sources
+      when Source::Path     then path_sources
+      when Source::Rubygems then rubygems_sources
+      else raise ArgumentError, "Invalid source: #{source.inspect}"
+      end
+    end
+
+    def combine_rubygems_sources
+      Source::Rubygems.new("remotes" => rubygems_sources.map(&:remotes).flatten.uniq.reverse)
+    end
+  end
+end

data/lib/bundler/ssl_certs/certificate_manager.rb

@@ -1,6 +1,4 @@
 require 'fileutils'
-require 'net/https'
-require 'openssl'
 
 module Bundler
   module SSLCerts
@@ -11,21 +9,17 @@ module Bundler
         new(rubygems_path).update!
       end
 
-      def initialize(rubygems_path = nil)
-        if rubygems_path
-          rubygems_cert_path = File.join(rubygems_path, 'lib/rubygems/ssl_certs')
-          @rubygems_certs = certificates_in(rubygems_cert_path)
-        end
+      def initialize(rubygems_path)
+        rubygems_certs = File.join(rubygems_path, 'lib/rubygems/ssl_certs')
+        @rubygems_certs = certificates_in(rubygems_certs)
 
         @bundler_cert_path = File.expand_path("..", __FILE__)
         @bundler_certs = certificates_in(bundler_cert_path)
       end
 
       def up_to_date?
-        rubygems_certs.all? do |rc|
-          bundler_certs.find do |bc|
-            File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc)
-          end
+        bundler_certs.zip(rubygems_certs).all? do |bc, rc|
+          File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc)
         end
       end
 
@@ -36,30 +30,12 @@ module Bundler
         FileUtils.cp rubygems_certs, bundler_cert_path
       end
 
-      def connect_to(host)
-        http = Net::HTTP.new(host, 443)
-        http.use_ssl = true
-        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        http.cert_store = store
-        http.head('/')
-      end
-
     private
 
       def certificates_in(path)
         Dir[File.join(path, "*.pem")].sort
       end
 
-      def store
-        @store ||= begin
-          store = OpenSSL::X509::Store.new
-          bundler_certs.each do |cert|
-            store.add_file cert
-          end
-          store
-        end
-      end
-
     end
   end
 end

data/lib/bundler/version.rb

@@ -2,5 +2,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.6.9" unless defined?(::Bundler::VERSION)
+  VERSION = "1.7.0" unless defined?(::Bundler::VERSION)
 end

data/man/bundle-config.ronn

@@ -145,26 +145,11 @@ Finally, Bundler also ensures that the current revision in the
 `Gemfile.lock` exists in the local git repository. By doing this, Bundler
 forces you to fetch the latest changes in the remotes.
 
-## MIRRORS OF GEM SOURCES
+## MIRRORS OF GEM REPOSITORIES
 
 Bundler supports overriding gem sources with mirrors. This allows you to
 configure rubygems.org as the gem source in your Gemfile while still using your
 mirror to fetch gems.
 
-    bundle config mirror.SOURCE_URL MIRROR_URL
-
-For example, to use a mirror of rubygems.org hosted at
-
     bundle config mirror.http://rubygems.org http://rubygems-mirror.org
 
-## CREDENTIALS FOR GEM SOURCES
-
-Bundler allows you to configure credentials for any gem source, which allows
-you to avoid putting secrets into your Gemfile.
-
-    bundle config SOURCE_URL USERNAME:PASSWORD
-
-For example, to save the credentials of user `claudette` for the gem source at
-`gems.longerous.com`, you would run:
-
-    bundle config https://gems.longerous.com/ claudette:s00pers3krit

data/man/gemfile.5.ronn

@@ -15,33 +15,23 @@ directory as the `Rakefile`.
 A `Gemfile` is evaluated as Ruby code, in a context which makes available
 a number of methods used to describe the gem requirements.
 
-## SOURCES (#source)
+## GLOBAL SOURCES (#source)
 
-At the top of the `Gemfile`, add one line for each `Rubygems` source that
-might contain the gems listed in the `Gemfile`.
+At the top of the `Gemfile`, add a line for the `Rubygems` source that contains
+the gems listed in the `Gemfile`.
 
     source "https://rubygems.org"
-    source "http://gems.github.com"
 
-Each of these _source_s `MUST` be a valid Rubygems repository. Sources are
-checked for gems following the heuristics described in [SOURCE PRIORITY][].
+It is possible, but not recommended as of Bundler 1.7, to add multiple global
+`source` lines. Each of these `source`s `MUST` be a valid Rubygems repository.
 
-### CREDENTIALS (#credentials)
-
-Some gem sources require a username and password. Use `bundle config` to set
-the username and password for any sources that need it. The command must be run
-once on each computer that will install the Gemfile, but this keeps the
-credentials from being stored in plain text in version control.
-
-    bundle config https://gems.example.com/ user:password
-
-For some sources, like a company Gemfury account, it may be easier to simply
-include the credentials in the Gemfile as part of the source URL.
-
-    source "https://user:password@gems.example.com"
-
-Credentials in the source URL will take precedence over credentials set using
-`config`.
+Sources are checked for gems following the heuristics described in
+[SOURCE PRIORITY][]. If a gem is found in more than one global source, Bundler
+will print a warning after installing the gem indicating which source was used,
+and listing the other sources where the gem is available. A specific source can
+be selected for gems that need to use a non-standard repository, suppressing
+this warning, by using the [`:source` option](#SOURCE-source-) or a
+[`source` block](#BLOCK-FORM-OF-SOURCE-GIT-PATH-GROUP-and-PLATFORMS).
 
 ## RUBY (#ruby)
 
@@ -217,6 +207,25 @@ All operations involving groups (`bundle install`, `Bundler.setup`,
 `Bundler.require`) behave exactly the same as if any groups not
 matching the current platform were explicitly excluded.
 
+### SOURCE (:source)
+
+You can select an alternate Rubygems repository for a gem using the ':source'
+option.
+
+    gem "some_internal_gem", :source => "https://gems.example.com"
+
+This forces the gem to be loaded from this source and ignores any global sources
+declared at the top level of the file. If the gem does not exist in this source,
+it will not be installed.
+
+Bundler will search for child dependencies of this gem by first looking in the
+source selected for the parent, but if they are not found there, it will fall
+back on global sources using the ordering described in [SOURCE PRIORITY][].
+
+Selecting a specific source repository this way also suppresses the ambiguous
+gem warning described above in
+[GLOBAL SOURCES (#source)](#GLOBAL-SOURCES-source-).
+
 ### GIT (:git)
 
 If necessary, you can specify that a gem is located at a particular
@@ -315,11 +324,16 @@ gems specified as paths.
 
     gem "rails", :path => "vendor/rails"
 
-## BLOCK FORM OF GIT, PATH, GROUP and PLATFORMS
+## BLOCK FORM OF SOURCE, GIT, PATH, GROUP and PLATFORMS
 
-The `:git`, `:path`, `:group`, and `:platforms` options may be
+The `:source`, `:git`, `:path`, `:group`, and `:platforms` options may be
 applied to a group of gems by using block form.
 
+    source "https://gems.example.com" do
+      gem "some_internal_gem"
+      gem "another_internal_gem"
+    end
+
     git "git://github.com/rails/rails.git" do
       gem "activesupport"
       gem "actionpack"
@@ -363,10 +377,11 @@ dependencies are included in.
 When attempting to locate a gem to satisfy a gem requirement,
 bundler uses the following priority order:
 
-  1. The source explicitly attached to the gem (using `:path` or `:git`)
-  2. For implicit gems (dependencies of explicit gems), any git or path
-     repository otherwise declared. This results in bundler prioritizing the
+  1. The source explicitly attached to the gem (using `:source`, `:path`, or
+     `:git`)
+  2. For implicit gems (dependencies of explicit gems), any source, git, or path
+     repository declared on the parent. This results in bundler prioritizing the
      ActiveSupport gem from the Rails git repository over ones from
      `rubygems.org`
-  3. The sources specified via `source`, searching each source in your `Gemfile`
-     from last added to first added.
+  3. The sources specified via global `source` lines, searching each source in
+     your `Gemfile` from last added to first added.