bundler 1.9.0 → 1.17.3

data/lib/bundler/lockfile_generator.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module Bundler
+  class LockfileGenerator
+    attr_reader :definition
+    attr_reader :out
+
+    # @private
+    def initialize(definition)
+      @definition = definition
+      @out = String.new
+    end
+
+    def self.generate(definition)
+      new(definition).generate!
+    end
+
+    def generate!
+      add_sources
+      add_platforms
+      add_dependencies
+      add_locked_ruby_version
+      add_bundled_with
+
+      out
+    end
+
+  private
+
+    def add_sources
+      definition.send(:sources).lock_sources.each_with_index do |source, idx|
+        out << "\n" unless idx.zero?
+
+        # Add the source header
+        out << source.to_lock
+
+        # Find all specs for this source
+        specs = definition.resolve.select {|s| source.can_lock?(s) }
+        add_specs(specs)
+      end
+    end
+
+    def add_specs(specs)
+      # This needs to be sorted by full name so that
+      # gems with the same name, but different platform
+      # are ordered consistently
+      specs.sort_by(&:full_name).each do |spec|
+        next if spec.name == "bundler".freeze
+        out << spec.to_lock
+      end
+    end
+
+    def add_platforms
+      add_section("PLATFORMS", definition.platforms)
+    end
+
+    def add_dependencies
+      out << "\nDEPENDENCIES\n"
+
+      handled = []
+      definition.dependencies.sort_by(&:to_s).each do |dep|
+        next if handled.include?(dep.name)
+        out << dep.to_lock
+        handled << dep.name
+      end
+    end
+
+    def add_locked_ruby_version
+      return unless locked_ruby_version = definition.locked_ruby_version
+      add_section("RUBY VERSION", locked_ruby_version.to_s)
+    end
+
+    def add_bundled_with
+      add_section("BUNDLED WITH", definition.locked_bundler_version.to_s)
+    end
+
+    def add_section(name, value)
+      out << "\n#{name}\n"
+      case value
+      when Array
+        value.map(&:to_s).sort.each do |val|
+          out << "  #{val}\n"
+        end
+      when Hash
+        value.to_a.sort_by {|k, _| k.to_s }.each do |key, val|
+          out << "  #{key}: #{val}\n"
+        end
+      when String
+        out << "   #{value}\n"
+      else
+        raise ArgumentError, "#{value.inspect} can't be serialized in a lockfile"
+      end
+    end
+  end
+end

data/lib/bundler/lockfile_parser.rb

@@ -1,4 +1,4 @@
-require "strscan"
+# frozen_string_literal: true
 
 # Some versions of the Bundler 1.1 RC series introduced corrupted
 # lockfiles. There were two major problems:
@@ -12,60 +12,121 @@ require "strscan"
 
 module Bundler
   class LockfileParser
-    attr_reader :sources, :dependencies, :specs, :platforms
-
-    DEPENDENCIES = "DEPENDENCIES"
-    PLATFORMS    = "PLATFORMS"
-    GIT          = "GIT"
-    GEM          = "GEM"
-    PATH         = "PATH"
-    SPECS        = "  specs:"
+    attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version
+
+    BUNDLED      = "BUNDLED WITH".freeze
+    DEPENDENCIES = "DEPENDENCIES".freeze
+    PLATFORMS    = "PLATFORMS".freeze
+    RUBY         = "RUBY VERSION".freeze
+    GIT          = "GIT".freeze
+    GEM          = "GEM".freeze
+    PATH         = "PATH".freeze
+    PLUGIN       = "PLUGIN SOURCE".freeze
+    SPECS        = "  specs:".freeze
     OPTIONS      = /^  ([a-z]+): (.*)$/i
+    SOURCE       = [GIT, GEM, PATH, PLUGIN].freeze
+
+    SECTIONS_BY_VERSION_INTRODUCED = {
+      # The strings have to be dup'ed for old RG on Ruby 2.3+
+      # TODO: remove dup in Bundler 2.0
+      Gem::Version.create("1.0".dup) => [DEPENDENCIES, PLATFORMS, GIT, GEM, PATH].freeze,
+      Gem::Version.create("1.10".dup) => [BUNDLED].freeze,
+      Gem::Version.create("1.12".dup) => [RUBY].freeze,
+      Gem::Version.create("1.13".dup) => [PLUGIN].freeze,
+    }.freeze
+
+    KNOWN_SECTIONS = SECTIONS_BY_VERSION_INTRODUCED.values.flatten.freeze
+
+    ENVIRONMENT_VERSION_SECTIONS = [BUNDLED, RUBY].freeze
+
+    def self.sections_in_lockfile(lockfile_contents)
+      lockfile_contents.scan(/^\w[\w ]*$/).uniq
+    end
+
+    def self.unknown_sections_in_lockfile(lockfile_contents)
+      sections_in_lockfile(lockfile_contents) - KNOWN_SECTIONS
+    end
+
+    def self.sections_to_ignore(base_version = nil)
+      base_version &&= base_version.release
+      base_version ||= Gem::Version.create("1.0".dup)
+      attributes = []
+      SECTIONS_BY_VERSION_INTRODUCED.each do |version, introduced|
+        next if version <= base_version
+        attributes += introduced
+      end
+      attributes
+    end
 
     def initialize(lockfile)
       @platforms    = []
       @sources      = []
-      @dependencies = []
-      @state        = :source
+      @dependencies = {}
+      @state        = nil
       @specs        = {}
 
       @rubygems_aggregate = Source::Rubygems.new
 
       if lockfile.match(/<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|/)
-        raise LockfileError, "Your Gemfile.lock contains merge conflicts.\n" \
-          "Run `git checkout HEAD -- Gemfile.lock` first to get a clean lock."
+        raise LockfileError, "Your #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)} contains merge conflicts.\n" \
+          "Run `git checkout HEAD -- #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` first to get a clean lock."
       end
 
       lockfile.split(/(?:\r?\n)+/).each do |line|
-        if line == DEPENDENCIES
+        if SOURCE.include?(line)
+          @state = :source
+          parse_source(line)
+        elsif line == DEPENDENCIES
           @state = :dependency
         elsif line == PLATFORMS
           @state = :platform
-        else
+        elsif line == RUBY
+          @state = :ruby
+        elsif line == BUNDLED
+          @state = :bundled_with
+        elsif line =~ /^[^\s]/
+          @state = nil
+        elsif @state
           send("parse_#{@state}", line)
         end
       end
-      @sources << @rubygems_aggregate
-      @specs = @specs.values
+      @sources << @rubygems_aggregate unless Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+      @specs = @specs.values.sort_by(&:identifier)
+      warn_for_outdated_bundler_version
     rescue ArgumentError => e
       Bundler.ui.debug(e)
-      raise LockfileError, "Your lockfile is unreadable. Run `rm Gemfile.lock` " \
+      raise LockfileError, "Your lockfile is unreadable. Run `rm #{Bundler.default_lockfile.relative_path_from(SharedHelpers.pwd)}` " \
         "and then `bundle install` to generate a new lockfile."
     end
 
+    def warn_for_outdated_bundler_version
+      return unless bundler_version
+      prerelease_text = bundler_version.prerelease? ? " --pre" : ""
+      current_version = Gem::Version.create(Bundler::VERSION)
+      case current_version.segments.first <=> bundler_version.segments.first
+      when -1
+        raise LockfileError, "You must use Bundler #{bundler_version.segments.first} or greater with this lockfile."
+      when 0
+        if current_version < bundler_version
+          Bundler.ui.warn "Warning: the running version of Bundler (#{current_version}) is older " \
+               "than the version that created the lockfile (#{bundler_version}). We suggest you " \
+               "upgrade to the latest version of Bundler by running `gem " \
+               "install bundler#{prerelease_text}`.\n"
+        end
+      end
+    end
+
   private
 
     TYPES = {
-      GIT  => Bundler::Source::Git,
-      GEM  => Bundler::Source::Rubygems,
-      PATH => Bundler::Source::Path,
-    }
+      GIT    => Bundler::Source::Git,
+      GEM    => Bundler::Source::Rubygems,
+      PATH   => Bundler::Source::Path,
+      PLUGIN => Bundler::Plugin,
+    }.freeze
 
     def parse_source(line)
       case line
-      when GIT, GEM, PATH
-        @current_source = nil
-        @opts, @type = {}, line
       when SPECS
         case @type
         when PATH
@@ -75,15 +136,24 @@ module Bundler
           @current_source = TYPES[@type].from_lock(@opts)
           # Strip out duplicate GIT sections
           if @sources.include?(@current_source)
-            @current_source = @sources.find { |s| s == @current_source }
+            @current_source = @sources.find {|s| s == @current_source }
           else
             @sources << @current_source
           end
         when GEM
-          Array(@opts["remote"]).each do |url|
-            @rubygems_aggregate.add_remote(url)
+          if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+            @opts["remotes"] = @opts.delete("remote")
+            @current_source = TYPES[@type].from_lock(@opts)
+            @sources << @current_source
+          else
+            Array(@opts["remote"]).each do |url|
+              @rubygems_aggregate.add_remote(url)
+            end
+            @current_source = @rubygems_aggregate
           end
-          @current_source = @rubygems_aggregate
+        when PLUGIN
+          @current_source = Plugin.source_from_lock(@opts)
+          @sources << @current_source
         end
       when OPTIONS
         value = $2
@@ -98,64 +168,89 @@ module Bundler
         else
           @opts[key] = value
         end
+      when *SOURCE
+        @current_source = nil
+        @opts = {}
+        @type = line
       else
         parse_spec(line)
       end
     end
 
-    NAME_VERSION = '(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?'
-    NAME_VERSION_2 = %r{^ {2}#{NAME_VERSION}(!)?$}
-    NAME_VERSION_4 = %r{^ {4}#{NAME_VERSION}$}
-    NAME_VERSION_6 = %r{^ {6}#{NAME_VERSION}$}
+    space = / /
+    NAME_VERSION = /
+      ^(#{space}{2}|#{space}{4}|#{space}{6})(?!#{space}) # Exactly 2, 4, or 6 spaces at the start of the line
+      (.*?)                                              # Name
+      (?:#{space}\(([^-]*)                               # Space, followed by version
+      (?:-(.*))?\))?                                     # Optional platform
+      (!)?                                               # Optional pinned marker
+      $                                                  # Line end
+    /xo
 
     def parse_dependency(line)
-      if line =~ NAME_VERSION_2
-        name, version, pinned = $1, $2, $4
-        version = version.split(",").map { |d| d.strip } if version
-
-        dep = Bundler::Dependency.new(name, version)
-
-        if pinned && dep.name != 'bundler'
-          spec = @specs.find {|k, v| v.name == dep.name }
-          dep.source = spec.last.source if spec
-
-          # Path sources need to know what the default name / version
-          # to use in the case that there are no gemspecs present. A fake
-          # gemspec is created based on the version set on the dependency
-          # TODO: Use the version from the spec instead of from the dependency
-          if version && version.size == 1 && version.first =~ /^\s*= (.+)\s*$/ && dep.source.is_a?(Bundler::Source::Path)
-            dep.source.name    = name
-            dep.source.version = $1
-          end
-        end
+      return unless line =~ NAME_VERSION
+      spaces = $1
+      return unless spaces.size == 2
+      name = $2
+      version = $3
+      pinned = $5
+
+      version = version.split(",").map(&:strip) if version
+
+      dep = Bundler::Dependency.new(name, version)
 
-        @dependencies << dep
+      if pinned && dep.name != "bundler"
+        spec = @specs.find {|_, v| v.name == dep.name }
+        dep.source = spec.last.source if spec
+
+        # Path sources need to know what the default name / version
+        # to use in the case that there are no gemspecs present. A fake
+        # gemspec is created based on the version set on the dependency
+        # TODO: Use the version from the spec instead of from the dependency
+        if version && version.size == 1 && version.first =~ /^\s*= (.+)\s*$/ && dep.source.is_a?(Bundler::Source::Path)
+          dep.source.name    = name
+          dep.source.version = $1
+        end
       end
+
+      @dependencies[dep.name] = dep
     end
 
     def parse_spec(line)
-      if line =~ NAME_VERSION_4
-        name, version = $1, Gem::Version.new($2)
-        platform = $3 ? Gem::Platform.new($3) : Gem::Platform::RUBY
+      return unless line =~ NAME_VERSION
+      spaces = $1
+      name = $2
+      version = $3
+      platform = $4
+
+      if spaces.size == 4
+        version = Gem::Version.new(version)
+        platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
         @current_spec = LazySpecification.new(name, version, platform)
         @current_spec.source = @current_source
 
         # Avoid introducing multiple copies of the same spec (caused by
         # duplicate GIT sections)
         @specs[@current_spec.identifier] ||= @current_spec
-      elsif line =~ NAME_VERSION_6
-        name, version = $1, $2
-        version = version.split(',').map { |d| d.strip } if version
+      elsif spaces.size == 6
+        version = version.split(",").map(&:strip) if version
         dep = Gem::Dependency.new(name, version)
         @current_spec.dependencies << dep
       end
     end
 
     def parse_platform(line)
-      if line =~ /^  (.*)$/
-        @platforms << Gem::Platform.new($1)
-      end
+      @platforms << Gem::Platform.new($1) if line =~ /^  (.*)$/
+    end
+
+    def parse_bundled_with(line)
+      line = line.strip
+      return unless Gem::Version.correct?(line)
+      @bundler_version = Gem::Version.create(line)
     end
 
+    def parse_ruby(line)
+      @ruby_version = line.strip
+    end
   end
 end

data/lib/bundler/match_platform.rb

@@ -1,13 +1,24 @@
-require 'bundler/gem_helpers'
+# frozen_string_literal: true
+
+require "bundler/gem_helpers"
 
 module Bundler
   module MatchPlatform
     include GemHelpers
 
     def match_platform(p)
-      Gem::Platform::RUBY == platform or
-      platform.nil? or p == platform or
-      generic(Gem::Platform.new(platform)) == p
+      MatchPlatform.platforms_match?(platform, p)
+    end
+
+    def self.platforms_match?(gemspec_platform, local_platform)
+      return true if gemspec_platform.nil?
+      return true if Gem::Platform::RUBY == gemspec_platform
+      return true if local_platform == gemspec_platform
+      gemspec_platform = Gem::Platform.new(gemspec_platform)
+      return true if GemHelpers.generic(gemspec_platform) === local_platform
+      return true if gemspec_platform === local_platform
+
+      false
     end
   end
 end

data/lib/bundler/mirror.rb

@@ -0,0 +1,223 @@
+# frozen_string_literal: true
+
+require "socket"
+
+module Bundler
+  class Settings
+    # Class used to build the mirror set and then find a mirror for a given URI
+    #
+    # @param prober [Prober object, nil] by default a TCPSocketProbe, this object
+    #   will be used to probe the mirror address to validate that the mirror replies.
+    class Mirrors
+      def initialize(prober = nil)
+        @all = Mirror.new
+        @prober = prober || TCPSocketProbe.new
+        @mirrors = {}
+      end
+
+      # Returns a mirror for the given uri.
+      #
+      # Depending on the uri having a valid mirror or not, it may be a
+      #   mirror that points to the provided uri
+      def for(uri)
+        if @all.validate!(@prober).valid?
+          @all
+        else
+          fetch_valid_mirror_for(Settings.normalize_uri(uri))
+        end
+      end
+
+      def each
+        @mirrors.each do |k, v|
+          yield k, v.uri.to_s
+        end
+      end
+
+      def parse(key, value)
+        config = MirrorConfig.new(key, value)
+        mirror = if config.all?
+          @all
+        else
+          @mirrors[config.uri] ||= Mirror.new
+        end
+        config.update_mirror(mirror)
+      end
+
+    private
+
+      def fetch_valid_mirror_for(uri)
+        downcased = uri.to_s.downcase
+        mirror = @mirrors[downcased] || @mirrors[URI(downcased).host] || Mirror.new(uri)
+        mirror.validate!(@prober)
+        mirror = Mirror.new(uri) unless mirror.valid?
+        mirror
+      end
+    end
+
+    # A mirror
+    #
+    # Contains both the uri that should be used as a mirror and the
+    #   fallback timeout which will be used for probing if the mirror
+    #   replies on time or not.
+    class Mirror
+      DEFAULT_FALLBACK_TIMEOUT = 0.1
+
+      attr_reader :uri, :fallback_timeout
+
+      def initialize(uri = nil, fallback_timeout = 0)
+        self.uri = uri
+        self.fallback_timeout = fallback_timeout
+        @valid = nil
+      end
+
+      def uri=(uri)
+        @uri = if uri.nil?
+          nil
+        else
+          URI(uri.to_s)
+        end
+        @valid = nil
+      end
+
+      def fallback_timeout=(timeout)
+        case timeout
+        when true, "true"
+          @fallback_timeout = DEFAULT_FALLBACK_TIMEOUT
+        when false, "false"
+          @fallback_timeout = 0
+        else
+          @fallback_timeout = timeout.to_i
+        end
+        @valid = nil
+      end
+
+      def ==(other)
+        !other.nil? && uri == other.uri && fallback_timeout == other.fallback_timeout
+      end
+
+      def valid?
+        return false if @uri.nil?
+        return @valid unless @valid.nil?
+        false
+      end
+
+      def validate!(probe = nil)
+        @valid = false if uri.nil?
+        if @valid.nil?
+          @valid = fallback_timeout == 0 || (probe || TCPSocketProbe.new).replies?(self)
+        end
+        self
+      end
+    end
+
+    # Class used to parse one configuration line
+    #
+    # Gets the configuration line and the value.
+    #   This object provides a `update_mirror` method
+    #   used to setup the given mirror value.
+    class MirrorConfig
+      attr_accessor :uri, :value
+
+      def initialize(config_line, value)
+        uri, fallback =
+          config_line.match(%r{\Amirror\.(all|.+?)(\.fallback_timeout)?\/?\z}).captures
+        @fallback = !fallback.nil?
+        @all = false
+        if uri == "all"
+          @all = true
+        else
+          @uri = URI(uri).absolute? ? Settings.normalize_uri(uri) : uri
+        end
+        @value = value
+      end
+
+      def all?
+        @all
+      end
+
+      def update_mirror(mirror)
+        if @fallback
+          mirror.fallback_timeout = @value
+        else
+          mirror.uri = Settings.normalize_uri(@value)
+        end
+      end
+    end
+
+    # Class used for probing TCP availability for a given mirror.
+    class TCPSocketProbe
+      def replies?(mirror)
+        MirrorSockets.new(mirror).any? do |socket, address, timeout|
+          begin
+            socket.connect_nonblock(address)
+          rescue Errno::EINPROGRESS
+            wait_for_writtable_socket(socket, address, timeout)
+          rescue RuntimeError # Connection failed somehow, again
+            false
+          end
+        end
+      end
+
+    private
+
+      def wait_for_writtable_socket(socket, address, timeout)
+        if IO.select(nil, [socket], nil, timeout)
+          probe_writtable_socket(socket, address)
+        else # TCP Handshake timed out, or there is something dropping packets
+          false
+        end
+      end
+
+      def probe_writtable_socket(socket, address)
+        socket.connect_nonblock(address)
+      rescue Errno::EISCONN
+        true
+      rescue StandardError # Connection failed
+        false
+      end
+    end
+  end
+
+  # Class used to build the list of sockets that correspond to
+  #   a given mirror.
+  #
+  # One mirror may correspond to many different addresses, both
+  #   because of it having many dns entries or because
+  #   the network interface is both ipv4 and ipv5
+  class MirrorSockets
+    def initialize(mirror)
+      @timeout = mirror.fallback_timeout
+      @addresses = Socket.getaddrinfo(mirror.uri.host, mirror.uri.port).map do |address|
+        SocketAddress.new(address[0], address[3], address[1])
+      end
+    end
+
+    def any?
+      @addresses.any? do |address|
+        socket = Socket.new(Socket.const_get(address.type), Socket::SOCK_STREAM, 0)
+        socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+        value = yield socket, address.to_socket_address, @timeout
+        socket.close unless socket.closed?
+        value
+      end
+    end
+  end
+
+  # Socket address builder.
+  #
+  # Given a socket type, a host and a port,
+  #   provides a method to build sockaddr string
+  class SocketAddress
+    attr_reader :type, :host, :port
+
+    def initialize(type, host, port)
+      @type = type
+      @host = host
+      @port = port
+    end
+
+    def to_socket_address
+      Socket.pack_sockaddr_in(@port, @host)
+    end
+  end
+end