bundler 1.7.0 → 1.7.1.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 155503cb2801c3408a1a6290488e86d95fc44377
-  data.tar.gz: 155ff56ba76e00285762682095374af6978dc701
+  metadata.gz: 1213efeb576d584ede27b76fe40b77dbd6448ccf
+  data.tar.gz: 9117d8aa3a74e6a2141341beb3c46f355dcb0e8b
 SHA512:
-  metadata.gz: 79b16bf6b319c496e5dd80d74582217e9def1ca17f937c7173e20b973066064406d0a21f092e175a504ad1743ee86ff17b56639c336b3c78ea621485b790cea8
-  data.tar.gz: c61d725503a3ac4d74a1708ee30ce80bea1b075118df1bc054c0339fd538809284f2dcda20057bba1950ae1414297118dc869cf1d6752f3fa0d09001522d0b83
+  metadata.gz: dfc4d08a4d524d312750479bb191421316e2b3f031aac807ee6032ab15d028718929691de7392cd99bdf16d6365764a4ceb5ee46264db96ecf05953e8a90c745
+  data.tar.gz: 0dfeea04bba5099692f3f90e68f6b4aae7fa682e040974d17087c43de38327a16fc87781f7693b3b40ccead090484229e51ecf8bbec7b8f64609aa73a1271130

data/CHANGELOG.md

@@ -1,8 +1,14 @@
+## 1.7.1
+
+Bugfixes:
+
+  - Install gems from one source needed by gems in another source (@indirect)
+
 ## 1.7.0 (2014-08-13)
 
 Security:
 
-  - Fix for CVE-2013-0334, installing gems from an unexpected source
+  - Fix for CVE-2013-0334, installing gems from an unexpected source (@tmoore)
 
 Features:
 

data/lib/bundler/definition.rb

@@ -189,15 +189,6 @@ module Bundler
         else
           last_resolve = converge_locked_specs
 
-          # Record the specs available in each gem's source, so that those
-          # specs will be available later when the resolver knows where to
-          # look for that gemspec (or its dependencies)
-          source_requirements = {}
-          dependencies.each do |dep|
-            next unless dep.source
-            source_requirements[dep.name] = dep.source.specs
-          end
-
           # Run a resolve against the locally available gems
           last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve)
         end
@@ -210,14 +201,9 @@ module Bundler
         dependency_names.map! {|d| d.name }
 
         sources.all_sources.each do |s|
-          if s.is_a?(Bundler::Source::Rubygems)
-            s.dependency_names = dependency_names.uniq
-            idx.add_source s.specs
-          else
-            source_index = s.specs
-            dependency_names += source_index.unmet_dependency_names
-            idx.add_source source_index
-          end
+          s.dependency_names = dependency_names
+          idx.add_source s.specs
+          dependency_names.push(*s.unmet_deps).uniq!
         end
       end
     end
@@ -462,8 +448,19 @@ module Bundler
     def converge_sources
       changes = false
 
-      # Get the Rubygems source from the Gemfile.lock
-      locked_gem = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) }
+      # Get the Rubygems sources from the Gemfile.lock
+      locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) }
+      # Get the Rubygems sources from the Gemfile
+      actual_gem_sources = @sources.rubygems_sources
+
+      # If there is a Rubygems source in both
+      unless locked_gem_sources.empty? && actual_gem_sources.empty?
+        actual_remotes = actual_gem_sources.map(&:remotes).flatten.uniq
+        locked_gem_sources.each do |locked_gem|
+          # Merge the remotes from the Gemfile into the Gemfile.lock
+          changes = changes | locked_gem.replace_remotes(actual_remotes)
+        end
+      end
 
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
@@ -593,5 +590,19 @@ module Bundler
       groups.map! { |g| g.to_sym }
       dependencies.reject { |d| !d.should_include? || (d.groups & groups).empty? }
     end
+
+    def source_requirements
+      # Load all specs from remote sources
+      index
+
+      # Record the specs available in each gem's source, so that those
+      # specs will be available later when the resolver knows where to
+      # look for that gemspec (or its dependencies)
+      dependencies.each_with_object({}) do |dep, source_requirements|
+        next unless dep.source
+        source_requirements[dep.name] = dep.source.specs
+      end
+    end
+
   end
 end

data/lib/bundler/fetcher.rb

@@ -161,6 +161,7 @@ module Bundler
 
     # return the specs in the bundler format as an index
     def specs(gem_names, source)
+      old = Bundler.rubygems.sources
       index = Index.new
 
       if gem_names && use_api
@@ -193,6 +194,8 @@ module Bundler
     rescue CertificateFailureError => e
       Bundler.ui.info "" if gem_names && use_api # newline after dots
       raise e
+    ensure
+      Bundler.rubygems.sources = old
     end
 
     # fetch index
@@ -289,9 +292,9 @@ module Bundler
     end
 
     def dependency_api_uri(gem_names = [])
-      url = "#{redirected_uri}api/v1/dependencies"
-      url << "?gems=#{URI.encode(gem_names.join(","))}" if gem_names.any?
-      URI.parse(url)
+      uri = fetch_uri + "api/v1/dependencies"
+      uri.query = "gems=#{URI.encode(gem_names.join(","))}" if gem_names.any?
+      uri
     end
 
     # fetch from Gemcutter Dependency Endpoint API
@@ -378,18 +381,18 @@ module Bundler
       yield
     end
 
-    private
-    def redirected_uri
-      return bundler_uri if rubygems?
-      return @remote_uri
-    end
-
-    def rubygems?
-      @remote_uri.host == "rubygems.org"
-    end
+  private
 
-    def bundler_uri
-      URI.parse("#{@remote_uri.scheme}://bundler.#{@remote_uri.host}/")
+    def fetch_uri
+      @fetch_uri ||= begin
+        if @remote_uri.host == "rubygems.org"
+          uri = @remote_uri.dup 
+          uri.host = "bundler.rubygems.org"
+          uri
+        else
+          @remote_uri
+        end
+      end
     end
 
   end

data/lib/bundler/index.rb

@@ -106,12 +106,11 @@ module Bundler
 
     # returns a list of the dependencies
     def unmet_dependency_names
-      dependency_names = specs.values.map do |array_of_s|
-        array_of_s.map do |s|
-          s.dependencies.map{|d| d.name }
-        end
-      end.flatten.uniq
-      dependency_names.select{|name| name != 'bundler' && specs_by_name(name).empty? }
+      names = []
+      each{|s| names.push *s.dependencies.map{|d| d.name } }
+      names.uniq!
+      names.delete_if{|n| n == "bundler" }
+      names.select{|n| search(n).empty? }
     end
 
     def use(other, override_dupes = false)

data/lib/bundler/source.rb

@@ -14,6 +14,12 @@ module Bundler
       mirrors[normalized_key] || uri
     end
 
+    attr_accessor :dependency_names
+
+    def unmet_deps
+      specs.unmet_dependency_names
+    end
+
     def version_message(spec)
       locked_spec = Bundler.locked_gems.specs.find { |s| s.name == spec.name } if Bundler.locked_gems
       locked_spec_version = locked_spec.version if locked_spec

data/lib/bundler/source/rubygems.rb

@@ -8,12 +8,10 @@ module Bundler
       API_REQUEST_LIMIT = 100 # threshold for switching back to the modern index instead of fetching every spec
 
       attr_reader :remotes, :caches
-      attr_accessor :dependency_names
 
       def initialize(options = {})
         @options = options
         @remotes = []
-        @fetchers = {}
         @dependency_names = []
         @allow_remote = false
         @allow_cached = false
@@ -35,7 +33,7 @@ module Bundler
       end
 
       def eql?(o)
-        o.is_a?(Rubygems) && remotes == o.remotes
+        o.is_a?(Rubygems) && remotes_equal?(o.remotes)
       end
 
       alias == eql?
@@ -67,7 +65,15 @@ module Bundler
       alias_method :name, :to_s
 
       def specs
-        @specs ||= fetch_specs
+        @specs ||= begin
+          # remote_specs usually generates a way larger Index than the other
+          # sources, and large_idx.use small_idx is way faster than
+          # small_idx.use large_idx.
+          idx = @allow_remote ? remote_specs.dup : Index.new
+          idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote
+          idx.use(installed_specs, :override_dupes)
+          idx
+        end
       end
 
       def install(spec)
@@ -163,6 +169,23 @@ module Bundler
         @remotes.unshift(uri) unless @remotes.include?(uri)
       end
 
+      def replace_remotes(other_remotes)
+        return false if other_remotes == @remotes
+
+        @remotes = []
+        other_remotes.reverse_each do |r|
+          add_remote r.to_s
+        end
+      end
+
+      def unmet_deps
+        if fetchers.any? && fetchers.all?{|f| f.use_api }
+          remote_specs.unmet_dependency_names
+        else
+          []
+        end
+      end
+
     protected
 
       def source_uris_for_spec(spec)
@@ -193,7 +216,7 @@ module Bundler
       end
 
       def suppress_configured_credentials(remote)
-        remote_nouser = remote.tap { |uri| uri.user = uri.password = nil }.to_s
+        remote_nouser = remote.dup.tap { |uri| uri.user = uri.password = nil }.to_s
         if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser]
           remote_nouser
         else
@@ -201,20 +224,6 @@ module Bundler
         end
       end
 
-      def fetch_specs
-        # remote_specs usually generates a way larger Index than the other
-        # sources, and large_idx.use small_idx is way faster than
-        # small_idx.use large_idx.
-        if @allow_remote
-          idx = remote_specs.dup
-        else
-          idx = Index.new
-        end
-        idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote
-        idx.use(installed_specs, :override_dupes)
-        idx
-      end
-
       def installed_specs
         @installed_specs ||= begin
           idx = Index.new
@@ -261,12 +270,14 @@ module Bundler
         idx
       end
 
-      def remote_specs
-        @remote_specs ||= begin
-          old = Bundler.rubygems.sources
-          idx = Index.new
+      def fetchers
+        @fetchers ||= remotes.map do |url|
+          Bundler::Fetcher.new(url)
+        end
+      end
 
-          fetchers       = remotes.map { |uri| Bundler::Fetcher.new(uri) }
+      def remote_specs
+        @remote_specs ||= Index.build do |idx|
           api_fetchers   = fetchers.select { |f| f.use_api }
           index_fetchers = fetchers - api_fetchers
 
@@ -275,7 +286,6 @@ module Bundler
             Bundler.ui.info "Fetching source index from #{f.uri}"
             idx.use f.specs(nil, self)
           end
-          return idx if api_fetchers.empty?
 
           # because ensuring we have all the gems we need involves downloading
           # the gemspecs of those gems, if the non-api sites contain more than
@@ -289,7 +299,7 @@ module Bundler
               Bundler.ui.info "" if !Bundler.ui.debug? # new line now that the dots are over
             end
 
-            if api_fetchers.all?{|f| f.use_api }
+            if api_fetchers.any? && api_fetchers.all?{|f| f.use_api }
               # it's possible that gems from one source depend on gems from some
               # other source, so now we download gemspecs and iterate over those
               # dependencies, looking for gems we don't have info on yet.
@@ -312,10 +322,6 @@ module Bundler
               idx.use f.specs(nil, self)
             end
           end
-
-          return idx
-        ensure
-          Bundler.rubygems.sources = old
         end
       end
 
@@ -331,6 +337,10 @@ module Bundler
         # Ruby 2.0, where gemspecs are stored in specifications/default/
         spec.loaded_from && spec.loaded_from.include?("specifications/default/")
       end
+
+      def remotes_equal?(other_remotes)
+        remotes.map(&method(:suppress_configured_credentials)) == other_remotes.map(&method(:suppress_configured_credentials))
+      end
     end
   end
 end

data/lib/bundler/version.rb

@@ -2,5 +2,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.7.0" unless defined?(::Bundler::VERSION)
+  VERSION = "1.7.1.pre" unless defined?(::Bundler::VERSION)
 end

data/spec/bundler/source_list_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Bundler::SourceList do
   before do
-    Bundler.stub(:root) { Pathname.new '/' }
+    allow(Bundler).to receive(:root) { Pathname.new '/' }
   end
 
   subject(:source_list) { Bundler::SourceList.new }
@@ -337,23 +337,12 @@ describe Bundler::SourceList do
     let(:git_source)      { source_list.add_git_source('uri' => 'git://host/path.git') }
     let(:path_source)     { source_list.add_path_source('path' => '/path/to/gem') }
 
-    before do
-      rubygems_source.stub(:cached!)
-      git_source.stub(:cached!)
-      path_source.stub(:cached!)
+    it "calls #cached! on all the sources" do
+      expect(rubygems_source).to receive(:cached!)
+      expect(git_source).to receive(:cached!)
+      expect(path_source).to receive(:cached!)
       source_list.cached!
     end
-
-    it "calls #cached! on the included rubygems source" do
-      expect(rubygems_source).to have_received(:cached!)
-    end
-
-    it "calls #cached! on the included git source" do
-      expect(git_source).to have_received(:cached!)
-    end
-    it "calls #cached! on the included path source" do
-      expect(path_source).to have_received(:cached!)
-    end
   end
 
   describe "#remote!" do
@@ -361,22 +350,12 @@ describe Bundler::SourceList do
     let(:git_source)      { source_list.add_git_source('uri' => 'git://host/path.git') }
     let(:path_source)     { source_list.add_path_source('path' => '/path/to/gem') }
 
-    before do
-      rubygems_source.stub(:remote!)
-      git_source.stub(:remote!)
-      path_source.stub(:remote!)
+    it "calls #remote! on all the sources" do
+      expect(rubygems_source).to receive(:remote!)
+      expect(git_source).to receive(:remote!)
+      expect(path_source).to receive(:remote!)
       source_list.remote!
     end
-
-    it "calls #remote! on the included rubygems source" do
-      expect(rubygems_source).to have_received(:remote!)
-    end
-
-    it "calls #remote! on the included git source" do
-      expect(git_source).to have_received(:remote!)
-    end
-    it "calls #remote! on the included path source" do
-      expect(path_source).to have_received(:remote!)
-    end
   end
+
 end

data/spec/install/deploy_spec.rb

@@ -67,6 +67,18 @@ describe "install with --deployment or --frozen" do
     expect(exitstatus).to eq(0)
   end
 
+  it "works when there are credentials in the source URL" do
+    install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true)
+      source "http://user:pass@localgemserver.test/"
+
+      gem "rack-obama", ">= 1.0"
+    G
+
+    bundle "install --deployment", :exitstatus => true, :artifice => "endpoint_strict_basic_authentication"
+
+    expect(exitstatus).to eq(0)
+  end
+
   describe "with an existing lockfile" do
     before do
       bundle "install"

data/spec/quality_spec.rb

@@ -46,7 +46,7 @@ describe "The library itself" do
       actual.empty?
     end
 
-    failure_message_for_should do |actual|
+    failure_message do |actual|
       actual.join("\n")
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.7.1.pre
 platform: ruby
 authors:
 - André Arko
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-14 00:00:00.000000000 Z
+date: 2014-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rdiscount
@@ -376,7 +376,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.1
 signing_key: 
 specification_version: 4
 summary: The best way to manage your application's dependencies