bundler 1.7.11 → 1.7.12
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bundler might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/bundler/fetcher.rb +39 -42
- data/lib/bundler/version.rb +1 -1
- data/spec/install/gems/dependency_api_spec.rb +11 -0
- data/spec/support/artifice/endpoint_api_forbidden.rb +11 -0
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f78506794e1236e20baeec03409bf31851b62ae8
|
4
|
+
data.tar.gz: 6235c60a7baa56c9d99ea70f5a86854c0cd37ffa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5f23150e0c391c85c40af0e6e9c11aa372ccbdc3c7dc671b7258bbc622a721a6ce6de4700da3b817e5625ac30409c9e5265a4902a7f5240c07be3cb2f9ffee49
|
7
|
+
data.tar.gz: 1c906be004088ce34030dec90bc4aeebb48387b92386659c73125d3a670c75a2f0578b88a583555e7c0aa0b707259a112bf8bf52ade4838ec4740a347aab38d2
|
data/CHANGELOG.md
CHANGED
data/lib/bundler/fetcher.rb
CHANGED
@@ -95,8 +95,7 @@ module Bundler
|
|
95
95
|
@api_timeout = 10 # How long to wait for each API call
|
96
96
|
@max_retries = 3 # How many retries for the API call
|
97
97
|
|
98
|
-
@
|
99
|
-
@anonymizable_uri = AnonymizableURI.new(@remote_uri.dup) unless @remote_uri.nil?
|
98
|
+
@anonymizable_uri = resolve_remote_uri(remote_uri)
|
100
99
|
|
101
100
|
Socket.do_not_reverse_lookup = true
|
102
101
|
connection # create persistent connection
|
@@ -104,14 +103,14 @@ module Bundler
|
|
104
103
|
|
105
104
|
def connection
|
106
105
|
@connection ||= begin
|
107
|
-
needs_ssl =
|
106
|
+
needs_ssl = remote_uri.scheme == "https" ||
|
108
107
|
Bundler.settings[:ssl_verify_mode] ||
|
109
108
|
Bundler.settings[:ssl_client_cert]
|
110
109
|
raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
|
111
110
|
|
112
111
|
con = Net::HTTP::Persistent.new 'bundler', :ENV
|
113
112
|
|
114
|
-
if
|
113
|
+
if remote_uri.scheme == "https"
|
115
114
|
con.verify_mode = (Bundler.settings[:ssl_verify_mode] ||
|
116
115
|
OpenSSL::SSL::VERIFY_PEER)
|
117
116
|
con.cert_store = bundler_cert_store
|
@@ -130,7 +129,7 @@ module Bundler
|
|
130
129
|
end
|
131
130
|
|
132
131
|
def uri
|
133
|
-
@anonymizable_uri.without_credentials
|
132
|
+
@anonymizable_uri.without_credentials
|
134
133
|
end
|
135
134
|
|
136
135
|
# fetch a gem specification
|
@@ -138,7 +137,7 @@ module Bundler
|
|
138
137
|
spec = spec - [nil, 'ruby', '']
|
139
138
|
spec_file_name = "#{spec.join '-'}.gemspec"
|
140
139
|
|
141
|
-
uri = URI.parse("#{
|
140
|
+
uri = URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
|
142
141
|
if uri.scheme == 'file'
|
143
142
|
Bundler.load_marshal Gem.inflate(Gem.read_binary(uri.path))
|
144
143
|
elsif cached_spec_path = gemspec_cached_path(spec_file_name)
|
@@ -176,7 +175,7 @@ module Bundler
|
|
176
175
|
end
|
177
176
|
end
|
178
177
|
|
179
|
-
specs[
|
178
|
+
specs[remote_uri].each do |name, version, platform, dependencies|
|
180
179
|
next if name == 'bundler'
|
181
180
|
spec = nil
|
182
181
|
if dependencies
|
@@ -208,7 +207,7 @@ module Bundler
|
|
208
207
|
Bundler.ui.info ".", false
|
209
208
|
end
|
210
209
|
|
211
|
-
return {
|
210
|
+
return {remote_uri => last_spec_list} if query_list.empty?
|
212
211
|
|
213
212
|
remote_specs = Bundler::Retry.new("dependency api", AUTH_ERRORS).attempts do
|
214
213
|
fetch_dependency_remote_specs(query_list)
|
@@ -225,22 +224,16 @@ module Bundler
|
|
225
224
|
end
|
226
225
|
|
227
226
|
def use_api
|
228
|
-
_use_api(true)
|
229
|
-
rescue AuthenticationRequiredError
|
230
|
-
retry_with_auth{_use_api(false)}
|
231
|
-
end
|
232
|
-
|
233
|
-
def _use_api(reraise_auth_error = false)
|
234
227
|
return @use_api if defined?(@use_api)
|
235
228
|
|
236
|
-
if
|
229
|
+
if remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
|
237
230
|
@use_api = false
|
238
231
|
elsif fetch(dependency_api_uri)
|
239
232
|
@use_api = true
|
240
233
|
end
|
241
|
-
rescue AuthenticationRequiredError
|
242
|
-
|
243
|
-
|
234
|
+
rescue AuthenticationRequiredError
|
235
|
+
# We got a 401 from the server. Don't fall back to the full index, just fail.
|
236
|
+
raise
|
244
237
|
rescue HTTPError
|
245
238
|
@use_api = false
|
246
239
|
end
|
@@ -276,8 +269,8 @@ module Bundler
|
|
276
269
|
response.body
|
277
270
|
when Net::HTTPRequestEntityTooLarge
|
278
271
|
raise FallbackError, response.body
|
279
|
-
when Net::HTTPUnauthorized
|
280
|
-
raise AuthenticationRequiredError,
|
272
|
+
when Net::HTTPUnauthorized
|
273
|
+
raise AuthenticationRequiredError, remote_uri
|
281
274
|
else
|
282
275
|
raise HTTPError, "#{response.class}: #{response.body}"
|
283
276
|
end
|
@@ -328,16 +321,20 @@ module Bundler
|
|
328
321
|
# fetch from modern index: specs.4.8.gz
|
329
322
|
def fetch_all_remote_specs
|
330
323
|
old_sources = Bundler.rubygems.sources
|
331
|
-
Bundler.rubygems.sources = [
|
324
|
+
Bundler.rubygems.sources = [remote_uri.to_s]
|
332
325
|
Bundler.rubygems.fetch_all_remote_specs
|
333
326
|
rescue Gem::RemoteFetcher::FetchError, OpenSSL::SSL::SSLError => e
|
334
327
|
case e.message
|
335
328
|
when /certificate verify failed/
|
336
329
|
raise CertificateFailureError.new(uri)
|
337
|
-
when /401
|
338
|
-
|
339
|
-
|
340
|
-
|
330
|
+
when /401/
|
331
|
+
raise AuthenticationRequiredError, remote_uri
|
332
|
+
when /403/
|
333
|
+
if remote_uri.userinfo
|
334
|
+
raise BadAuthenticationError, remote_uri
|
335
|
+
else
|
336
|
+
raise AuthenticationRequiredError, remote_uri
|
337
|
+
end
|
341
338
|
else
|
342
339
|
Bundler.ui.trace e
|
343
340
|
raise HTTPError, "Could not fetch specs from #{uri}"
|
@@ -374,35 +371,35 @@ module Bundler
|
|
374
371
|
store
|
375
372
|
end
|
376
373
|
|
377
|
-
|
378
|
-
# the caller should use this to re-attempt the failing request with the altered `@remote_uri`.
|
379
|
-
def retry_with_auth
|
380
|
-
# Authentication has already been attempted and failed.
|
381
|
-
raise BadAuthenticationError.new(uri) if @remote_uri.user
|
382
|
-
|
383
|
-
auth = Bundler.settings[@remote_uri.to_s]
|
384
|
-
|
385
|
-
# Authentication isn't provided at all, by "bundle config" or in the URI.
|
386
|
-
raise AuthenticationRequiredError.new(uri) if auth.nil?
|
374
|
+
private
|
387
375
|
|
388
|
-
|
389
|
-
|
390
|
-
yield
|
376
|
+
def resolve_remote_uri(uri)
|
377
|
+
add_configured_credentials(Bundler::Source.mirror_for(uri))
|
391
378
|
end
|
392
379
|
|
393
|
-
|
380
|
+
def add_configured_credentials(uri)
|
381
|
+
auth = Bundler.settings[uri.to_s]
|
382
|
+
if auth
|
383
|
+
uri = uri.dup
|
384
|
+
uri.user, uri.password = *auth.split(":", 2)
|
385
|
+
end
|
386
|
+
AnonymizableURI.new(uri)
|
387
|
+
end
|
394
388
|
|
395
389
|
def fetch_uri
|
396
390
|
@fetch_uri ||= begin
|
397
|
-
if
|
398
|
-
uri =
|
391
|
+
if remote_uri.host == "rubygems.org"
|
392
|
+
uri = remote_uri.dup
|
399
393
|
uri.host = "bundler.rubygems.org"
|
400
394
|
uri
|
401
395
|
else
|
402
|
-
|
396
|
+
remote_uri
|
403
397
|
end
|
404
398
|
end
|
405
399
|
end
|
406
400
|
|
401
|
+
def remote_uri
|
402
|
+
@anonymizable_uri.original_uri
|
403
|
+
end
|
407
404
|
end
|
408
405
|
end
|
data/lib/bundler/version.rb
CHANGED
@@ -2,5 +2,5 @@ module Bundler
|
|
2
2
|
# We're doing this because we might write tests that deal
|
3
3
|
# with other versions of bundler and we are unsure how to
|
4
4
|
# handle this better.
|
5
|
-
VERSION = "1.7.
|
5
|
+
VERSION = "1.7.12" unless defined?(::Bundler::VERSION)
|
6
6
|
end
|
@@ -162,6 +162,17 @@ describe "gemcutter's dependency API" do
|
|
162
162
|
should_be_installed "rack 1.0.0"
|
163
163
|
end
|
164
164
|
|
165
|
+
it "falls back when the API URL returns 403 Forbidden" do
|
166
|
+
gemfile <<-G
|
167
|
+
source "#{source_uri}"
|
168
|
+
gem "rack"
|
169
|
+
G
|
170
|
+
|
171
|
+
bundle :install, :verbose => true, :artifice => "endpoint_api_forbidden"
|
172
|
+
expect(out).to include("Fetching source index from #{source_uri}")
|
173
|
+
should_be_installed "rack 1.0.0"
|
174
|
+
end
|
175
|
+
|
165
176
|
it "handles host redirects" do
|
166
177
|
gemfile <<-G
|
167
178
|
source "#{source_uri}"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- André Arko
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2015-01-
|
14
|
+
date: 2015-01-12 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: mustache
|
@@ -346,6 +346,7 @@ files:
|
|
346
346
|
- spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
|
347
347
|
- spec/support/artifice/endpoint.rb
|
348
348
|
- spec/support/artifice/endpoint_500.rb
|
349
|
+
- spec/support/artifice/endpoint_api_forbidden.rb
|
349
350
|
- spec/support/artifice/endpoint_api_missing.rb
|
350
351
|
- spec/support/artifice/endpoint_basic_authentication.rb
|
351
352
|
- spec/support/artifice/endpoint_creds_diff_host.rb
|
@@ -394,7 +395,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
394
395
|
version: 1.3.6
|
395
396
|
requirements: []
|
396
397
|
rubyforge_project:
|
397
|
-
rubygems_version: 2.
|
398
|
+
rubygems_version: 2.4.5
|
398
399
|
signing_key:
|
399
400
|
specification_version: 4
|
400
401
|
summary: The best way to manage your application's dependencies
|
@@ -480,6 +481,7 @@ test_files:
|
|
480
481
|
- spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
|
481
482
|
- spec/support/artifice/endpoint.rb
|
482
483
|
- spec/support/artifice/endpoint_500.rb
|
484
|
+
- spec/support/artifice/endpoint_api_forbidden.rb
|
483
485
|
- spec/support/artifice/endpoint_api_missing.rb
|
484
486
|
- spec/support/artifice/endpoint_basic_authentication.rb
|
485
487
|
- spec/support/artifice/endpoint_creds_diff_host.rb
|