bundler 1.7.3 → 1.7.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bundler might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 46bd149bdc713f4dbee824a21e2dfe9fb85b134e
4
- data.tar.gz: 258468570e8baadd905738b57aa8a0f902419738
3
+ metadata.gz: 0db99e813ff94da575f3001947d5dcf86a777946
4
+ data.tar.gz: f649bbd231e496fa19cfbf3c8b629d1570c307c9
5
5
  SHA512:
6
- metadata.gz: 1a88ee0a1485e450a80fbcbe658c6af25d90fd7d6200265a0bea4aa8ef239893b339755b3abf8c3ea4c3f593dbd8e8049c94696ad437a8b6350a569eb33d32d1
7
- data.tar.gz: 8872770af18aff6463c6d047eea3142d405897b898c8cfc8f9e2bf83a2504ead14e68e733f1754398bb2972e4a3d12815bdf3c7c3002a20cd2fb2f62b1376ac0
6
+ metadata.gz: 2c9cc0716eff3f0ae1564b4bcfaa8a46bbc00f5e2b323bde78ff175f873bba072bb5d8d7ed8da11481b04076fd3732b56c4bd18ee2d013dca1f6ee6a9582629f
7
+ data.tar.gz: 72490c914b8efb8be01fd067172c549bbf25ed83bf8db52f4009e75ab9c1c6b8b0d548196ee7e924dbaa001407ba2a684833104105b290e327f1987169d37b1a
@@ -76,6 +76,9 @@ matrix:
76
76
  env: RGV=v1.3.6
77
77
 
78
78
  # ALLOWED FAILURES
79
+ # For no apparent reason, this often goes over the Travis limit
80
+ - rvm: 1.8.7
81
+ env: RGV=v2.1.11
79
82
  # Ruby 1.9.2 sanity check
80
83
  # (but it's just too slow and sometimes goes over the Travis limit)
81
84
  - rvm: 1.9.2
@@ -90,7 +93,9 @@ matrix:
90
93
  - rvm: rbx
91
94
  env: RGV=v2.2.2
92
95
  allow_failures:
93
- - rvm: ruby-head
96
+ - rvm: 1.8.7
97
+ env: RGV=2.1.11
94
98
  - rvm: 1.9.2
99
+ - rvm: ruby-head
95
100
  - rvm: jruby
96
101
  - rvm: rbx
@@ -1,3 +1,12 @@
1
+ ## 1.7.4 (2014-10-19)
2
+
3
+ Bugfixes:
4
+
5
+ - Allow --deployment after `pack` while using source blocks (#3167, @tmoore)
6
+ - Use dependency API even when HTTP credentials are in ENV (#3191, @fvaleur)
7
+ - Silence warnings (including root warning) in --quiet mode (#3186, @indirect)
8
+ - Stop asking gem servers for gems already found locally (#2909, @dubek)
9
+
1
10
  ## 1.7.3 (2014-09-14)
2
11
 
3
12
  Bugfixes:
@@ -28,11 +37,11 @@ Security:
28
37
  Features:
29
38
 
30
39
  - Gemfile `source` calls now take a block containing gems from that source (@tmoore)
31
- - added the `:source` option to `gem` to specify a source (@tmoore)
40
+ - Added the `:source` option to `gem` to specify a source (@tmoore)
32
41
 
33
42
  Bugfixes:
34
43
 
35
- - warn on ambiguous gems available from more than one source (@tmoore)
44
+ - Warn on ambiguous gems available from more than one source (@tmoore)
36
45
 
37
46
  ## 1.6.5 (2014-07-23)
38
47
 
@@ -6,6 +6,8 @@ module Bundler
6
6
  end
7
7
 
8
8
  def run
9
+ Bundler.ui.level = "error" if options[:quiet]
10
+
9
11
  warn_if_root
10
12
 
11
13
  if options[:without]
@@ -66,7 +68,6 @@ module Bundler
66
68
  Bundler.settings[:no_prune] = true if options["no-prune"]
67
69
  Bundler.settings[:clean] = options["clean"] if options["clean"]
68
70
  Bundler.settings.without = options[:without]
69
- Bundler.ui.level = "warn" if options[:quiet]
70
71
  Bundler::Fetcher.disable_endpoint = options["full-index"]
71
72
  Bundler.settings[:disable_shared_gems] = Bundler.settings[:path] ? '1' : nil
72
73
 
@@ -7,10 +7,12 @@ module Bundler
7
7
  end
8
8
 
9
9
  def run
10
- Bundler.ui.level = "warn" if options[:quiet]
10
+ Bundler.ui.level = "error" if options[:quiet]
11
11
  Bundler.settings[:path] = File.expand_path(options[:path]) if options[:path]
12
+
12
13
  setup_cache_all
13
14
  install
15
+
14
16
  # TODO: move cache contents here now that all bundles are locked
15
17
  custom_path = Pathname.new(options[:path]) if options[:path]
16
18
  Bundler.load.cache(custom_path)
@@ -7,10 +7,10 @@ module Bundler
7
7
  end
8
8
 
9
9
  def run
10
+ Bundler.ui.level = "error" if options[:quiet]
10
11
 
11
12
  sources = Array(options[:source])
12
13
  groups = Array(options[:group]).map(&:to_sym)
13
- Bundler.ui.level = "warn" if options[:quiet]
14
14
 
15
15
  if gems.empty? && sources.empty? && groups.empty?
16
16
  # We're doing a full update
@@ -197,12 +197,12 @@ module Bundler
197
197
 
198
198
  def index
199
199
  @index ||= Index.build do |idx|
200
- dependency_names = @dependencies.dup || []
201
- dependency_names.map! {|d| d.name }
200
+ dependency_names = @dependencies.map { |d| d.name }
202
201
 
203
202
  sources.all_sources.each do |s|
204
- s.dependency_names = dependency_names
203
+ s.dependency_names = dependency_names.dup
205
204
  idx.add_source s.specs
205
+ s.specs.each { |spec| dependency_names.delete(spec.name) }
206
206
  dependency_names.push(*s.unmet_deps).uniq!
207
207
  end
208
208
  end
@@ -313,7 +313,7 @@ module Bundler
313
313
  deleted = []
314
314
  changed = []
315
315
 
316
- gemfile_sources = sources.all_sources
316
+ gemfile_sources = sources.lock_sources
317
317
  if @locked_sources != gemfile_sources
318
318
  new_sources = gemfile_sources - @locked_sources
319
319
  deleted_sources = @locked_sources - gemfile_sources
@@ -451,12 +451,11 @@ module Bundler
451
451
 
452
452
  # Get the Rubygems sources from the Gemfile.lock
453
453
  locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) }
454
- # Get the Rubygems sources from the Gemfile
455
- actual_gem_sources = @sources.rubygems_sources
454
+ # Get the Rubygems remotes from the Gemfile
455
+ actual_remotes = sources.rubygems_remotes
456
456
 
457
457
  # If there is a Rubygems source in both
458
- unless locked_gem_sources.empty? && actual_gem_sources.empty?
459
- actual_remotes = actual_gem_sources.map(&:remotes).flatten.uniq
458
+ if !locked_gem_sources.empty? && !actual_remotes.empty?
460
459
  locked_gem_sources.each do |locked_gem|
461
460
  # Merge the remotes from the Gemfile into the Gemfile.lock
462
461
  changes = changes | locked_gem.replace_remotes(actual_remotes)
@@ -466,11 +465,9 @@ module Bundler
466
465
  # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
467
466
  # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
468
467
  # source in the Gemfile.lock, use the one from the Gemfile.
469
- sources.replace_sources!(@locked_sources)
470
- gemfile_sources = sources.all_sources
471
- changes = changes | (Set.new(gemfile_sources) != Set.new(@locked_sources))
468
+ changes = changes | sources.replace_sources!(@locked_sources)
472
469
 
473
- gemfile_sources.each do |source|
470
+ sources.all_sources.each do |source|
474
471
  # If the source is unlockable and the current command allows an unlock of
475
472
  # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
476
473
  # gem), unlock it. For git sources, this means to unlock the revision, which
@@ -226,6 +226,12 @@ module Bundler
226
226
  end
227
227
 
228
228
  def use_api
229
+ _use_api(true)
230
+ rescue AuthenticationRequiredError
231
+ retry_with_auth{_use_api(false)}
232
+ end
233
+
234
+ def _use_api(reraise_auth_error = false)
229
235
  return @use_api if defined?(@use_api)
230
236
 
231
237
  if @remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
@@ -233,6 +239,9 @@ module Bundler
233
239
  elsif fetch(dependency_api_uri)
234
240
  @use_api = true
235
241
  end
242
+ rescue AuthenticationRequiredError => e
243
+ raise e if reraise_auth_error
244
+ false
236
245
  rescue HTTPError
237
246
  @use_api = false
238
247
  end
@@ -268,6 +277,8 @@ module Bundler
268
277
  response.body
269
278
  when Net::HTTPRequestEntityTooLarge
270
279
  raise FallbackError, response.body
280
+ when Net::HTTPUnauthorized
281
+ raise AuthenticationRequiredError, "#{response.class}: #{response.body}"
271
282
  else
272
283
  raise HTTPError, "#{response.class}: #{response.body}"
273
284
  end
@@ -282,8 +293,6 @@ module Bundler
282
293
  req.basic_auth(user, password)
283
294
  end
284
295
  connection.request(uri, req)
285
- rescue Net::HTTPUnauthorized, Net::HTTPForbidden
286
- retry_with_auth { request(uri) }
287
296
  rescue OpenSSL::SSL::SSLError
288
297
  raise CertificateFailureError.new(uri)
289
298
  rescue *HTTP_ERRORS => e
@@ -52,9 +52,9 @@ module Bundler
52
52
 
53
53
  def to_lock
54
54
  out = "GEM\n"
55
- out << remotes.map { |remote|
56
- " remote: #{suppress_configured_credentials remote}\n"
57
- }.join
55
+ remotes.reverse_each do |remote|
56
+ out << " remote: #{suppress_configured_credentials remote}\n"
57
+ end
58
58
  out << " specs:\n"
59
59
  end
60
60
 
@@ -1,14 +1,13 @@
1
1
  module Bundler
2
2
  class SourceList
3
3
  attr_reader :path_sources,
4
- :git_sources,
5
- :rubygems_sources
4
+ :git_sources
6
5
 
7
6
  def initialize
8
7
  @path_sources = []
9
8
  @git_sources = []
10
9
  @rubygems_aggregate = Source::Rubygems.new
11
- @rubygems_sources = [@rubygems_aggregate]
10
+ @rubygems_sources = []
12
11
  end
13
12
 
14
13
  def add_path_source(options = {})
@@ -28,6 +27,14 @@ module Bundler
28
27
  @rubygems_aggregate
29
28
  end
30
29
 
30
+ def rubygems_sources
31
+ @rubygems_sources + [@rubygems_aggregate]
32
+ end
33
+
34
+ def rubygems_remotes
35
+ rubygems_sources.map(&:remotes).flatten.uniq
36
+ end
37
+
31
38
  def all_sources
32
39
  path_sources + git_sources + rubygems_sources
33
40
  end
@@ -42,11 +49,21 @@ module Bundler
42
49
  end
43
50
 
44
51
  def replace_sources!(replacement_sources)
45
- [path_sources, git_sources, rubygems_sources].each do |source_list|
52
+ return true if replacement_sources.empty?
53
+
54
+ [path_sources, git_sources].each do |source_list|
46
55
  source_list.map! do |source|
47
56
  replacement_sources.find { |s| s == source } || source
48
57
  end
49
58
  end
59
+
60
+ replacement_rubygems =
61
+ replacement_sources.detect { |s| s.is_a?(Source::Rubygems) }
62
+ @rubygems_aggregate = replacement_rubygems
63
+
64
+ # Return true if there were changes
65
+ all_sources.to_set != replacement_sources.to_set ||
66
+ rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
50
67
  end
51
68
 
52
69
  def cached!
@@ -74,7 +91,7 @@ module Bundler
74
91
  end
75
92
 
76
93
  def combine_rubygems_sources
77
- Source::Rubygems.new("remotes" => rubygems_sources.map(&:remotes).flatten.uniq.reverse)
94
+ Source::Rubygems.new("remotes" => rubygems_remotes)
78
95
  end
79
96
  end
80
97
  end
@@ -2,5 +2,5 @@ module Bundler
2
2
  # We're doing this because we might write tests that deal
3
3
  # with other versions of bundler and we are unsure how to
4
4
  # handle this better.
5
- VERSION = "1.7.3" unless defined?(::Bundler::VERSION)
5
+ VERSION = "1.7.4" unless defined?(::Bundler::VERSION)
6
6
  end
@@ -145,11 +145,26 @@ Finally, Bundler also ensures that the current revision in the
145
145
  `Gemfile.lock` exists in the local git repository. By doing this, Bundler
146
146
  forces you to fetch the latest changes in the remotes.
147
147
 
148
- ## MIRRORS OF GEM REPOSITORIES
148
+ ## MIRRORS OF GEM SOURCES
149
149
 
150
150
  Bundler supports overriding gem sources with mirrors. This allows you to
151
151
  configure rubygems.org as the gem source in your Gemfile while still using your
152
152
  mirror to fetch gems.
153
153
 
154
+ bundle config mirror.SOURCE_URL MIRROR_URL
155
+
156
+ For example, to use a mirror of rubygems.org hosted at
157
+
154
158
  bundle config mirror.http://rubygems.org http://rubygems-mirror.org
155
159
 
160
+ ## CREDENTIALS FOR GEM SOURCES
161
+
162
+ Bundler allows you to configure credentials for any gem source, which allows
163
+ you to avoid putting secrets into your Gemfile.
164
+
165
+ bundle config SOURCE_URL USERNAME:PASSWORD
166
+
167
+ For example, to save the credentials of user `claudette` for the gem source at
168
+ `gems.longerous.com`, you would run:
169
+
170
+ bundle config https://gems.longerous.com/ claudette:s00pers3krit
@@ -33,6 +33,23 @@ be selected for gems that need to use a non-standard repository, suppressing
33
33
  this warning, by using the [`:source` option](#SOURCE-source-) or a
34
34
  [`source` block](#BLOCK-FORM-OF-SOURCE-GIT-PATH-GROUP-and-PLATFORMS).
35
35
 
36
+ ### CREDENTIALS (#credentials)
37
+
38
+ Some gem sources require a username and password. Use `bundle config` to set
39
+ the username and password for any sources that need it. The command must be run
40
+ once on each computer that will install the Gemfile, but this keeps the
41
+ credentials from being stored in plain text in version control.
42
+
43
+ bundle config https://gems.example.com/ user:password
44
+
45
+ For some sources, like a company Gemfury account, it may be easier to simply
46
+ include the credentials in the Gemfile as part of the source URL.
47
+
48
+ source "https://user:password@gems.example.com"
49
+
50
+ Credentials in the source URL will take precedence over credentials set using
51
+ `config`.
52
+
36
53
  ## RUBY (#ruby)
37
54
 
38
55
  If your application requires a specific Ruby version or engine, specify your
@@ -277,17 +277,17 @@ describe Bundler::SourceList do
277
277
  end
278
278
 
279
279
  describe "#lock_sources" do
280
- it "combines the rubygems sources into a single instance, removing duplicate remotes from the front" do
280
+ it "combines the rubygems sources into a single instance, removing duplicate remotes from the end" do
281
281
  source_list.add_git_source('uri' => 'git://third-git.org/path.git')
282
- source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org']) # intentional duplicate
282
+ source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org'])
283
283
  source_list.add_path_source('path' => '/third/path/to/gem')
284
- source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org'])
284
+ source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org'])
285
285
  source_list.add_path_source('path' => '/second/path/to/gem')
286
286
  source_list.add_rubygems_source('remotes' => ['https://second-rubygems.org'])
287
287
  source_list.add_git_source('uri' => 'git://second-git.org/path.git')
288
- source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org'])
288
+ source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org'])
289
289
  source_list.add_path_source('path' => '/first/path/to/gem')
290
- source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org'])
290
+ source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org'])
291
291
  source_list.add_git_source('uri' => 'git://first-git.org/path.git')
292
292
 
293
293
  expect(source_list.lock_sources).to eq [
@@ -298,10 +298,10 @@ describe Bundler::SourceList do
298
298
  Bundler::Source::Path.new('path' => '/second/path/to/gem'),
299
299
  Bundler::Source::Path.new('path' => '/third/path/to/gem'),
300
300
  Bundler::Source::Rubygems.new('remotes' => [
301
+ 'https://duplicate-rubygems.org',
301
302
  'https://first-rubygems.org',
302
303
  'https://second-rubygems.org',
303
304
  'https://third-rubygems.org',
304
- 'https://fourth-rubygems.org',
305
305
  ]),
306
306
  ]
307
307
  end
@@ -79,6 +79,19 @@ describe "install with --deployment or --frozen" do
79
79
  expect(exitstatus).to eq(0)
80
80
  end
81
81
 
82
+ it "works with sources given by a block" do
83
+ install_gemfile <<-G
84
+ source "file://#{gem_repo1}" do
85
+ gem "rack"
86
+ end
87
+ G
88
+
89
+ bundle "install --deployment", :exitstatus => true
90
+
91
+ expect(exitstatus).to eq(0)
92
+ should_be_installed "rack 1.0"
93
+ end
94
+
82
95
  describe "with an existing lockfile" do
83
96
  before do
84
97
  bundle "install"
@@ -415,6 +415,26 @@ describe "bundle install with explicit source paths" do
415
415
  end
416
416
  end
417
417
 
418
+ describe "when there are both a gemspec and remote gems" do
419
+ it "doesn't query rubygems for local gemspec name" do
420
+ build_lib "private_lib", "2.2", :path => lib_path("private_lib")
421
+ gemfile = <<-G
422
+ source "http://localgemserver.test"
423
+ gemspec
424
+ gem 'rack'
425
+ G
426
+ File.open(lib_path("private_lib/Gemfile"), "w") {|f| f.puts gemfile }
427
+
428
+ Dir.chdir(lib_path("private_lib")) do
429
+ bundle :install, :env => {"DEBUG" => 1}, :artifice => "endpoint"
430
+ expect(out).to match(/^HTTP GET http:\/\/localgemserver\.test\/api\/v1\/dependencies\?gems=rack$/)
431
+ expect(out).not_to match(/^HTTP GET.*private_lib/)
432
+ should_be_installed "private_lib 2.2"
433
+ should_be_installed "rack 1.0"
434
+ end
435
+ end
436
+ end
437
+
418
438
  describe "gem install hooks" do
419
439
  it "runs pre-install hooks" do
420
440
  build_git "foo"
@@ -467,6 +467,8 @@ describe "gemcutter's dependency API" do
467
467
  bundle "config #{source_uri}/ #{user}:#{password}"
468
468
 
469
469
  bundle :install, :artifice => "endpoint_strict_basic_authentication"
470
+
471
+ expect(out).to include("Fetching gem metadata from #{source_uri}")
470
472
  should_be_installed "rack 1.0.0"
471
473
  end
472
474
 
@@ -291,7 +291,7 @@ describe "bundle install with gem sources" do
291
291
  G
292
292
 
293
293
  bundle :install, :expect_err => true
294
- expect(out).to match(/Your Gemfile has no gem server sources/i)
294
+ expect(out).to include("Your Gemfile has no gem server sources")
295
295
  end
296
296
 
297
297
  it "creates a Gemfile.lock on a blank Gemfile" do
@@ -363,23 +363,14 @@ describe "bundle install with gem sources" do
363
363
  end
364
364
 
365
365
  describe "when requesting a quiet install via --quiet" do
366
- it "should be quiet if there are no warnings" do
367
- gemfile <<-G
368
- source "file://#{gem_repo1}"
369
- gem 'rack'
370
- G
371
-
372
- bundle :install, :quiet => true
373
- expect(out).to eq("")
374
- end
375
-
376
- it "should still display warnings" do
366
+ it "should be quiet" do
377
367
  gemfile <<-G
378
368
  gem 'rack'
379
369
  G
380
370
 
381
371
  bundle :install, :quiet => true
382
- expect(out).to match(/Your Gemfile has no gem server sources/)
372
+ expect(out).to include("Could not find gem 'rack (>= 0) ruby'")
373
+ expect(out).to_not include("Your Gemfile has no gem server sources")
383
374
  end
384
375
  end
385
376
 
@@ -83,6 +83,18 @@ describe "bundle install with gems on multiple sources" do
83
83
  expect(out).not_to include("Warning")
84
84
  should_be_installed("rack-obama 1.0.0", "rack 1.0.0")
85
85
  end
86
+
87
+ it "can cache and deploy" do
88
+ bundle :package
89
+
90
+ expect(bundled_app("vendor/cache/rack-1.0.0.gem")).to exist
91
+ expect(bundled_app("vendor/cache/rack-obama-1.0.gem")).to exist
92
+
93
+ bundle "install --deployment", :exitstatus => true
94
+
95
+ expect(exitstatus).to eq(0)
96
+ should_be_installed("rack-obama 1.0.0", "rack 1.0.0")
97
+ end
86
98
  end
87
99
 
88
100
  context "with sources set by an option" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.3
4
+ version: 1.7.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - André Arko
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2014-09-14 00:00:00.000000000 Z
14
+ date: 2014-10-20 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rdiscount