bundler 1.9.0 → 1.17.3

data/lib/bundler/feature_flag.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Bundler
+  class FeatureFlag
+    def self.settings_flag(flag, &default)
+      unless Bundler::Settings::BOOL_KEYS.include?(flag.to_s)
+        raise "Cannot use `#{flag}` as a settings feature flag since it isn't a bool key"
+      end
+
+      settings_method("#{flag}?", flag, &default)
+    end
+    private_class_method :settings_flag
+
+    def self.settings_option(key, &default)
+      settings_method(key, key, &default)
+    end
+    private_class_method :settings_option
+
+    def self.settings_method(name, key, &default)
+      define_method(name) do
+        value = Bundler.settings[key]
+        value = instance_eval(&default) if value.nil? && !default.nil?
+        value
+      end
+    end
+    private_class_method :settings_method
+
+    (1..10).each {|v| define_method("bundler_#{v}_mode?") { major_version >= v } }
+
+    settings_flag(:allow_bundler_dependency_conflicts) { bundler_2_mode? }
+    settings_flag(:allow_offline_install) { bundler_2_mode? }
+    settings_flag(:auto_clean_without_path) { bundler_2_mode? }
+    settings_flag(:auto_config_jobs) { bundler_2_mode? }
+    settings_flag(:cache_all) { bundler_2_mode? }
+    settings_flag(:cache_command_is_package) { bundler_2_mode? }
+    settings_flag(:console_command) { !bundler_2_mode? }
+    settings_flag(:default_install_uses_path) { bundler_2_mode? }
+    settings_flag(:deployment_means_frozen) { bundler_2_mode? }
+    settings_flag(:disable_multisource) { bundler_2_mode? }
+    settings_flag(:error_on_stderr) { bundler_2_mode? }
+    settings_flag(:forget_cli_options) { bundler_2_mode? }
+    settings_flag(:global_path_appends_ruby_scope) { bundler_2_mode? }
+    settings_flag(:global_gem_cache) { bundler_2_mode? }
+    settings_flag(:init_gems_rb) { bundler_2_mode? }
+    settings_flag(:list_command) { bundler_2_mode? }
+    settings_flag(:lockfile_uses_separate_rubygems_sources) { bundler_2_mode? }
+    settings_flag(:only_update_to_newer_versions) { bundler_2_mode? }
+    settings_flag(:path_relative_to_cwd) { bundler_2_mode? }
+    settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") }
+    settings_flag(:prefer_gems_rb) { bundler_2_mode? }
+    settings_flag(:print_only_version_number) { bundler_2_mode? }
+    settings_flag(:setup_makes_kernel_gem_public) { !bundler_2_mode? }
+    settings_flag(:skip_default_git_sources) { bundler_2_mode? }
+    settings_flag(:specific_platform) { bundler_2_mode? }
+    settings_flag(:suppress_install_using_messages) { bundler_2_mode? }
+    settings_flag(:unlock_source_unlocks_spec) { !bundler_2_mode? }
+    settings_flag(:update_requires_all_flag) { bundler_2_mode? }
+    settings_flag(:use_gem_version_promoter_for_major_updates) { bundler_2_mode? }
+    settings_flag(:viz_command) { !bundler_2_mode? }
+
+    settings_option(:default_cli_command) { bundler_2_mode? ? :cli_help : :install }
+
+    settings_method(:github_https?, "github.https") { bundler_2_mode? }
+
+    def initialize(bundler_version)
+      @bundler_version = Gem::Version.create(bundler_version)
+    end
+
+    def major_version
+      @bundler_version.segments.first
+    end
+    private :major_version
+  end
+end

data/lib/bundler/fetcher.rb

@@ -1,11 +1,18 @@
-require 'bundler/vendored_persistent'
-require 'securerandom'
-require 'cgi'
+# frozen_string_literal: true
 
-module Bundler
+require "bundler/vendored_persistent"
+require "cgi"
+require "securerandom"
+require "zlib"
 
+module Bundler
   # Handles all the fetching with the rubygems server
   class Fetcher
+    autoload :CompactIndex, "bundler/fetcher/compact_index"
+    autoload :Downloader, "bundler/fetcher/downloader"
+    autoload :Dependency, "bundler/fetcher/dependency"
+    autoload :Index, "bundler/fetcher/index"
+
     # This error is raised when it looks like the network is down
     class NetworkDownError < HTTPError; end
     # This error is raised if the API returns a 413 (only printed in verbose)
@@ -13,11 +20,12 @@ module Bundler
     # This is the error raised if OpenSSL fails the cert verification
     class CertificateFailureError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Could not verify the SSL certificate for #{remote_uri}.\nThere" \
           " is a chance you are experiencing a man-in-the-middle attack, but" \
           " most likely your system doesn't have the CA certificates needed" \
           " for verification. For information about OpenSSL certificates, see" \
-          " bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile" \
+          " http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile" \
           " sources and change 'https' to 'http'."
       end
     end
@@ -33,6 +41,7 @@ module Bundler
     # This error is raised if HTTP authentication is required, but not provided.
     class AuthenticationRequiredError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Authentication is required for #{remote_uri}.\n" \
           "Please supply credentials for this source. You can do this by running:\n" \
           " bundle config #{remote_uri} username:password"
@@ -41,6 +50,7 @@ module Bundler
     # This error is raised if HTTP authentication is provided, but incorrect.
     class BadAuthenticationError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Bad username or password for #{remote_uri}.\n" \
           "Please double-check your credentials and correct them."
       end
@@ -48,207 +58,154 @@ module Bundler
 
     # Exceptions classes that should bypass retry attempts. If your password didn't work the
     # first time, it's not going to the third time.
-    AUTH_ERRORS = [AuthenticationRequiredError, BadAuthenticationError]
+    NET_ERRORS = [:HTTPBadGateway, :HTTPBadRequest, :HTTPFailedDependency,
+                  :HTTPForbidden, :HTTPInsufficientStorage, :HTTPMethodNotAllowed,
+                  :HTTPMovedPermanently, :HTTPNoContent, :HTTPNotFound,
+                  :HTTPNotImplemented, :HTTPPreconditionFailed, :HTTPRequestEntityTooLarge,
+                  :HTTPRequestURITooLong, :HTTPUnauthorized, :HTTPUnprocessableEntity,
+                  :HTTPUnsupportedMediaType, :HTTPVersionNotSupported].freeze
+    FAIL_ERRORS = begin
+      fail_errors = [AuthenticationRequiredError, BadAuthenticationError, FallbackError]
+      fail_errors << Gem::Requirement::BadRequirementError if defined?(Gem::Requirement::BadRequirementError)
+      fail_errors.concat(NET_ERRORS.map {|e| SharedHelpers.const_get_safely(e, Net) }.compact)
+    end.freeze
 
     class << self
       attr_accessor :disable_endpoint, :api_timeout, :redirect_limit, :max_retries
-
-      def download_gem_from_uri(spec, uri)
-        spec.fetch_platform
-
-        download_path = Bundler.requires_sudo? ? Bundler.tmp(spec.full_name) : Bundler.rubygems.gem_dir
-        gem_path = "#{Bundler.rubygems.gem_dir}/cache/#{spec.full_name}.gem"
-
-        FileUtils.mkdir_p("#{download_path}/cache")
-        Bundler.rubygems.download_gem(spec, uri, download_path)
-
-        if Bundler.requires_sudo?
-          Bundler.mkdir_p "#{Bundler.rubygems.gem_dir}/cache"
-          Bundler.sudo "mv #{Bundler.tmp(spec.full_name)}/cache/#{spec.full_name}.gem #{gem_path}"
-        end
-
-        gem_path
-      end
-
-      def user_agent
-        @user_agent ||= begin
-          ruby = Bundler.ruby_version
-
-          agent = "bundler/#{Bundler::VERSION}"
-          agent << " rubygems/#{Gem::VERSION}"
-          agent << " ruby/#{ruby.version}"
-          agent << " (#{ruby.host})"
-          agent << " command/#{ARGV.first}"
-
-          if ruby.engine != "ruby"
-            # engine_version raises on unknown engines
-            engine_version = ruby.engine_version rescue "???"
-            agent << " #{ruby.engine}/#{engine_version}"
-          end
-
-          agent << " options/#{Bundler.settings.all.join(",")}"
-
-          # add a random ID so we can consolidate runs server-side
-          agent << " " << SecureRandom.hex(8)
-
-          # add any user agent strings set in the config
-          extra_ua = Bundler.settings[:user_agent]
-          agent << " " << extra_ua if extra_ua
-
-          agent
-        end
-      end
-
     end
 
-    def initialize(remote_uri)
-      @redirect_limit = 5  # How many redirects to allow in one request
-      @api_timeout    = 10 # How long to wait for each API call
-      @max_retries    = 3  # How many retries for the API call
+    self.redirect_limit = Bundler.settings[:redirect] # How many redirects to allow in one request
+    self.api_timeout    = Bundler.settings[:timeout] # How long to wait for each API call
+    self.max_retries    = Bundler.settings[:retry] # How many retries for the API call
 
-      @anonymizable_uri = configured_uri_for(remote_uri)
+    def initialize(remote)
+      @remote = remote
 
       Socket.do_not_reverse_lookup = true
       connection # create persistent connection
     end
 
-    def connection
-      @connection ||= begin
-        needs_ssl = remote_uri.scheme == "https" ||
-          Bundler.settings[:ssl_verify_mode] ||
-          Bundler.settings[:ssl_client_cert]
-        raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
-
-        con = Net::HTTP::Persistent.new 'bundler', :ENV
-
-        if remote_uri.scheme == "https"
-          con.verify_mode = (Bundler.settings[:ssl_verify_mode] ||
-            OpenSSL::SSL::VERIFY_PEER)
-          con.cert_store = bundler_cert_store
-        end
-
-        if Bundler.settings[:ssl_client_cert]
-          pem = File.read(Bundler.settings[:ssl_client_cert])
-          con.cert = OpenSSL::X509::Certificate.new(pem)
-          con.key  = OpenSSL::PKey::RSA.new(pem)
-        end
-
-        con.read_timeout = @api_timeout
-        con.override_headers["User-Agent"] = self.class.user_agent
-        con
-      end
-    end
-
     def uri
-      @anonymizable_uri.without_credentials
+      @remote.anonymized_uri
     end
 
     # fetch a gem specification
     def fetch_spec(spec)
-      spec = spec - [nil, 'ruby', '']
-      spec_file_name = "#{spec.join '-'}.gemspec"
+      spec -= [nil, "ruby", ""]
+      spec_file_name = "#{spec.join "-"}.gemspec"
 
       uri = URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
-      if uri.scheme == 'file'
-        Bundler.load_marshal Gem.inflate(Gem.read_binary(uri.path))
+      if uri.scheme == "file"
+        Bundler.load_marshal Bundler.rubygems.inflate(Gem.read_binary(uri.path))
       elsif cached_spec_path = gemspec_cached_path(spec_file_name)
         Bundler.load_gemspec(cached_spec_path)
       else
-        Bundler.load_marshal Gem.inflate(fetch(uri))
+        Bundler.load_marshal Bundler.rubygems.inflate(downloader.fetch(uri).body)
       end
     rescue MarshalError
       raise HTTPError, "Gemspec #{spec} contained invalid data.\n" \
         "Your network or your gem server is probably having issues right now."
     end
 
-    # cached gem specification path, if one exists
-    def gemspec_cached_path spec_file_name
-      paths = Bundler.rubygems.spec_cache_dirs.map { |dir| File.join(dir, spec_file_name) }
-      paths = paths.select {|path| File.file? path }
-      paths.first
+    # return the specs in the bundler format as an index with retries
+    def specs_with_retry(gem_names, source)
+      Bundler::Retry.new("fetcher", FAIL_ERRORS).attempts do
+        specs(gem_names, source)
+      end
     end
 
     # return the specs in the bundler format as an index
     def specs(gem_names, source)
       old = Bundler.rubygems.sources
-      index = Index.new
-
-      if gem_names && use_api
-        specs = fetch_remote_specs(gem_names)
-      end
+      index = Bundler::Index.new
 
-      if specs.nil?
-        # API errors mean we should treat this as a non-API source
+      if Bundler::Fetcher.disable_endpoint
         @use_api = false
-
-        specs = Bundler::Retry.new("source fetch", AUTH_ERRORS).attempts do
-          fetch_all_remote_specs
+        specs = fetchers.last.specs(gem_names)
+      else
+        specs = []
+        fetchers.shift until fetchers.first.available? || fetchers.empty?
+        fetchers.dup.each do |f|
+          break unless f.api_fetcher? && !gem_names || !specs = f.specs(gem_names)
+          fetchers.delete(f)
         end
+        @use_api = false if fetchers.none?(&:api_fetcher?)
       end
 
-      specs[remote_uri].each do |name, version, platform, dependencies|
-        next if name == 'bundler'
-        spec = nil
-        if dependencies
-          spec = EndpointSpecification.new(name, version, platform, dependencies)
+      specs.each do |name, version, platform, dependencies, metadata|
+        next if name == "bundler"
+        spec = if dependencies
+          EndpointSpecification.new(name, version, platform, dependencies, metadata)
         else
-          spec = RemoteSpecification.new(name, version, platform, self)
+          RemoteSpecification.new(name, version, platform, self)
         end
         spec.source = source
-        spec.source_uri = @anonymizable_uri
+        spec.remote = @remote
         index << spec
       end
 
       index
-    rescue CertificateFailureError => e
+    rescue CertificateFailureError
       Bundler.ui.info "" if gem_names && use_api # newline after dots
-      raise e
+      raise
     ensure
       Bundler.rubygems.sources = old
     end
 
-    # fetch index
-    def fetch_remote_specs(gem_names, full_dependency_list = [], last_spec_list = [])
-      query_list = gem_names - full_dependency_list
+    def use_api
+      return @use_api if defined?(@use_api)
+
+      fetchers.shift until fetchers.first.available?
 
-      # only display the message on the first run
-      if Bundler.ui.debug?
-        Bundler.ui.debug "Query List: #{query_list.inspect}"
+      @use_api = if remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
+        false
       else
-        Bundler.ui.info ".", false
+        fetchers.first.api_fetcher?
       end
+    end
 
-      return {remote_uri => last_spec_list} if query_list.empty?
+    def user_agent
+      @user_agent ||= begin
+        ruby = Bundler::RubyVersion.system
+
+        agent = String.new("bundler/#{Bundler::VERSION}")
+        agent << " rubygems/#{Gem::VERSION}"
+        agent << " ruby/#{ruby.versions_string(ruby.versions)}"
+        agent << " (#{ruby.host})"
+        agent << " command/#{ARGV.first}"
+
+        if ruby.engine != "ruby"
+          # engine_version raises on unknown engines
+          engine_version = begin
+                             ruby.engine_versions
+                           rescue RuntimeError
+                             "???"
+                           end
+          agent << " #{ruby.engine}/#{ruby.versions_string(engine_version)}"
+        end
 
-      remote_specs = Bundler::Retry.new("dependency api", AUTH_ERRORS).attempts do
-        fetch_dependency_remote_specs(query_list)
-      end
+        agent << " options/#{Bundler.settings.all.join(",")}"
 
-      spec_list, deps_list = remote_specs
-      returned_gems = spec_list.map {|spec| spec.first }.uniq
-      fetch_remote_specs(deps_list, full_dependency_list + returned_gems, spec_list + last_spec_list)
-    rescue HTTPError, MarshalError, GemspecError
-      Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
-      Bundler.ui.debug "could not fetch from the dependency API, trying the full index"
-      @use_api = false
-      return nil
-    end
+        agent << " ci/#{cis.join(",")}" if cis.any?
 
-    def use_api
-      return @use_api if defined?(@use_api)
+        # add a random ID so we can consolidate runs server-side
+        agent << " " << SecureRandom.hex(8)
 
-      if remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
-        @use_api = false
-      elsif fetch(dependency_api_uri)
-        @use_api = true
+        # add any user agent strings set in the config
+        extra_ua = Bundler.settings[:user_agent]
+        agent << " " << extra_ua if extra_ua
+
+        agent
       end
-    rescue NetworkDownError => e
-      raise HTTPError, e.message
-    rescue AuthenticationRequiredError
-      # We got a 401 from the server. Don't fall back to the full index, just fail.
-      raise
-    rescue HTTPError
-      @use_api = false
+    end
+
+    def fetchers
+      @fetchers ||= FETCHERS.map {|f| f.new(downloader, @remote, uri) }
+    end
+
+    def http_proxy
+      return unless uri = connection.proxy_uri
+      uri.to_s
     end
 
     def inspect
@@ -257,165 +214,99 @@ module Bundler
 
   private
 
-    HTTP_ERRORS = [
-      Timeout::Error, EOFError, SocketError, Errno::ENETDOWN,
-      Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN,
-      Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
-      Net::HTTP::Persistent::Error
-    ]
-
-    def fetch(uri, counter = 0)
-      raise HTTPError, "Too many redirects" if counter >= @redirect_limit
-
-      response = request(uri)
-      Bundler.ui.debug("HTTP #{response.code} #{response.message}")
-
-      case response
-      when Net::HTTPRedirection
-        new_uri = URI.parse(response["location"])
-        if new_uri.host == uri.host
-          new_uri.user = uri.user
-          new_uri.password = uri.password
-        end
-        fetch(new_uri, counter + 1)
-      when Net::HTTPSuccess
-        response.body
-      when Net::HTTPRequestEntityTooLarge
-        raise FallbackError, response.body
-      when Net::HTTPUnauthorized
-        raise AuthenticationRequiredError, remote_uri.host
-      else
-        raise HTTPError, "#{response.class}: #{response.body}"
-      end
-    end
-
-    def request(uri)
-      Bundler.ui.debug "HTTP GET #{uri}"
-      req = Net::HTTP::Get.new uri.request_uri
-      if uri.user
-        user = CGI.unescape(uri.user)
-        password = uri.password ? CGI.unescape(uri.password) : nil
-        req.basic_auth(user, password)
-      end
-      connection.request(uri, req)
-    rescue OpenSSL::SSL::SSLError
-      raise CertificateFailureError.new(uri)
-    rescue *HTTP_ERRORS => e
-      Bundler.ui.trace e
-      case e.message
-      when /host down:/, /getaddrinfo: nodename nor servname provided/
-        raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
-        "connection and try again."
-      else
-        raise HTTPError, "Network error while fetching #{uri}"
-      end
+    FETCHERS = [CompactIndex, Dependency, Index].freeze
+
+    def cis
+      env_cis = {
+        "TRAVIS" => "travis",
+        "CIRCLECI" => "circle",
+        "SEMAPHORE" => "semaphore",
+        "JENKINS_URL" => "jenkins",
+        "BUILDBOX" => "buildbox",
+        "GO_SERVER_URL" => "go",
+        "SNAP_CI" => "snap",
+        "CI_NAME" => ENV["CI_NAME"],
+        "CI" => "ci"
+      }
+      env_cis.find_all {|env, _| ENV[env] }.map {|_, ci| ci }
     end
 
-    def dependency_api_uri(gem_names = [])
-      uri = fetch_uri + "api/v1/dependencies"
-      uri.query = "gems=#{URI.encode(gem_names.join(","))}" if gem_names.any?
-      uri
-    end
+    def connection
+      @connection ||= begin
+        needs_ssl = remote_uri.scheme == "https" ||
+          Bundler.settings[:ssl_verify_mode] ||
+          Bundler.settings[:ssl_client_cert]
+        raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
 
-    # fetch from Gemcutter Dependency Endpoint API
-    def fetch_dependency_remote_specs(gem_names)
-      Bundler.ui.debug "Query Gemcutter Dependency Endpoint API: #{gem_names.join(',')}"
-      gem_list = []
-      deps_list = []
+        con = PersistentHTTP.new "bundler", :ENV
+        if gem_proxy = Bundler.rubygems.configuration[:http_proxy]
+          con.proxy = URI.parse(gem_proxy) if gem_proxy != :no_proxy
+        end
 
-      gem_names.each_slice(Source::Rubygems::API_REQUEST_SIZE) do |names|
-        marshalled_deps = fetch dependency_api_uri(names)
-        gem_list += Bundler.load_marshal(marshalled_deps)
-      end
+        if remote_uri.scheme == "https"
+          con.verify_mode = (Bundler.settings[:ssl_verify_mode] ||
+            OpenSSL::SSL::VERIFY_PEER)
+          con.cert_store = bundler_cert_store
+        end
 
-      spec_list = gem_list.map do |s|
-        dependencies = s[:dependencies].map do |name, requirement|
-          dep = well_formed_dependency(name, requirement.split(", "))
-          deps_list << dep.name
-          dep
+        ssl_client_cert = Bundler.settings[:ssl_client_cert] ||
+          (Bundler.rubygems.configuration.ssl_client_cert if
+            Bundler.rubygems.configuration.respond_to?(:ssl_client_cert))
+        if ssl_client_cert
+          pem = File.read(ssl_client_cert)
+          con.cert = OpenSSL::X509::Certificate.new(pem)
+          con.key  = OpenSSL::PKey::RSA.new(pem)
         end
 
-        [s[:name], Gem::Version.new(s[:number]), s[:platform], dependencies]
+        con.read_timeout = Fetcher.api_timeout
+        con.open_timeout = Fetcher.api_timeout
+        con.override_headers["User-Agent"] = user_agent
+        con.override_headers["X-Gemfile-Source"] = @remote.original_uri.to_s if @remote.original_uri
+        con
       end
-
-      [spec_list, deps_list.uniq]
     end
 
-    # fetch from modern index: specs.4.8.gz
-    def fetch_all_remote_specs
-      old_sources = Bundler.rubygems.sources
-      Bundler.rubygems.sources = [remote_uri.to_s]
-      Bundler.rubygems.fetch_all_remote_specs
-    rescue Gem::RemoteFetcher::FetchError, OpenSSL::SSL::SSLError => e
-      case e.message
-      when /certificate verify failed/
-        raise CertificateFailureError.new(uri)
-      when /401/
-        raise AuthenticationRequiredError, remote_uri
-      when /403/
-        if remote_uri.userinfo
-          raise BadAuthenticationError, remote_uri
-        else
-          raise AuthenticationRequiredError, remote_uri
-        end
-      else
-        Bundler.ui.trace e
-        raise HTTPError, "Could not fetch specs from #{uri}"
-      end
-    ensure
-      Bundler.rubygems.sources = old_sources
+    # cached gem specification path, if one exists
+    def gemspec_cached_path(spec_file_name)
+      paths = Bundler.rubygems.spec_cache_dirs.map {|dir| File.join(dir, spec_file_name) }
+      paths = paths.select {|path| File.file? path }
+      paths.first
     end
 
-    def well_formed_dependency(name, *requirements)
-      Gem::Dependency.new(name, *requirements)
-    rescue ArgumentError => e
-      illformed = 'Ill-formed requirement ["#<YAML::Syck::DefaultKey'
-      raise e unless e.message.include?(illformed)
-      puts # we shouldn't print the error message on the "fetching info" status line
-      raise GemspecError,
-        "Unfortunately, the gem #{s[:name]} (#{s[:number]}) has an invalid " \
-        "gemspec. \nPlease ask the gem author to yank the bad version to fix " \
-        "this issue. For more information, see http://bit.ly/syck-defaultkey."
-    end
+    HTTP_ERRORS = [
+      Timeout::Error, EOFError, SocketError, Errno::ENETDOWN, Errno::ENETUNREACH,
+      Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN,
+      Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
+      PersistentHTTP::Error, Zlib::BufError, Errno::EHOSTUNREACH
+    ].freeze
 
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
-      if Bundler.settings[:ssl_ca_cert]
-        if File.directory? Bundler.settings[:ssl_ca_cert]
-          store.add_path Bundler.settings[:ssl_ca_cert]
+      ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
+        (Bundler.rubygems.configuration.ssl_ca_cert if
+          Bundler.rubygems.configuration.respond_to?(:ssl_ca_cert))
+      if ssl_ca_cert
+        if File.directory? ssl_ca_cert
+          store.add_path ssl_ca_cert
         else
-          store.add_file Bundler.settings[:ssl_ca_cert]
+          store.add_file ssl_ca_cert
         end
       else
         store.set_default_paths
-        certs = File.expand_path("../ssl_certs/*.pem", __FILE__)
-        Dir.glob(certs).each { |c| store.add_file c }
+        certs = File.expand_path("../ssl_certs/*/*.pem", __FILE__)
+        Dir.glob(certs).each {|c| store.add_file c }
       end
       store
     end
 
   private
 
-    def configured_uri_for(uri)
-      uri = Bundler::Source.mirror_for(uri)
-      config_auth = Bundler.settings[uri.to_s] || Bundler.settings[uri.host]
-      AnonymizableURI.new(uri, config_auth)
-    end
-
-    def fetch_uri
-      @fetch_uri ||= begin
-        if remote_uri.host == "rubygems.org"
-          uri = remote_uri.dup
-          uri.host = "bundler.rubygems.org"
-          uri
-        else
-          remote_uri
-        end
-      end
+    def remote_uri
+      @remote.uri
     end
 
-    def remote_uri
-      @anonymizable_uri.original_uri
+    def downloader
+      @downloader ||= Downloader.new(connection, self.class.redirect_limit)
     end
   end
 end