bundler 2.0.2

data/lib/bundler/source/rubygems/remote.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Bundler
+  class Source
+    class Rubygems
+      class Remote
+        attr_reader :uri, :anonymized_uri, :original_uri
+
+        def initialize(uri)
+          orig_uri = uri
+          uri = Bundler.settings.mirror_for(uri)
+          @original_uri = orig_uri if orig_uri != uri
+          fallback_auth = Bundler.settings.credentials_for(uri)
+
+          @uri = apply_auth(uri, fallback_auth).freeze
+          @anonymized_uri = remove_auth(@uri).freeze
+        end
+
+        # @return [String] A slug suitable for use as a cache key for this
+        #         remote.
+        #
+        def cache_slug
+          @cache_slug ||= begin
+            return nil unless SharedHelpers.md5_available?
+
+            cache_uri = original_uri || uri
+
+            # URI::File of Ruby 2.6 returns empty string when given "file://".
+            host = defined?(URI::File) && cache_uri.is_a?(URI::File) ? nil : cache_uri.host
+
+            uri_parts = [host, cache_uri.user, cache_uri.port, cache_uri.path]
+            uri_digest = SharedHelpers.digest(:MD5).hexdigest(uri_parts.compact.join("."))
+
+            uri_parts[-1] = uri_digest
+            uri_parts.compact.join(".")
+          end
+        end
+
+        def to_s
+          "rubygems remote at #{anonymized_uri}"
+        end
+
+      private
+
+        def apply_auth(uri, auth)
+          if auth && uri.userinfo.nil?
+            uri = uri.dup
+            uri.userinfo = auth
+          end
+
+          uri
+        rescue URI::InvalidComponentError
+          error_message = "Please CGI escape your usernames and passwords before " \
+                          "setting them for authentication."
+          raise HTTPError.new(error_message)
+        end
+
+        def remove_auth(uri)
+          if uri.userinfo
+            uri = uri.dup
+            uri.user = uri.password = nil
+          end
+
+          uri
+        end
+      end
+    end
+  end
+end

data/lib/bundler/source_list.rb

@@ -0,0 +1,186 @@
+# frozen_string_literal: true
+
+module Bundler
+  class SourceList
+    attr_reader :path_sources,
+      :git_sources,
+      :plugin_sources,
+      :global_rubygems_source,
+      :metadata_source
+
+    def initialize
+      @path_sources           = []
+      @git_sources            = []
+      @plugin_sources         = []
+      @global_rubygems_source = nil
+      @rubygems_aggregate     = rubygems_aggregate_class.new
+      @rubygems_sources       = []
+      @metadata_source        = Source::Metadata.new
+    end
+
+    def add_path_source(options = {})
+      if options["gemspec"]
+        add_source_to_list Source::Gemspec.new(options), path_sources
+      else
+        add_source_to_list Source::Path.new(options), path_sources
+      end
+    end
+
+    def add_git_source(options = {})
+      add_source_to_list(Source::Git.new(options), git_sources).tap do |source|
+        warn_on_git_protocol(source)
+      end
+    end
+
+    def add_rubygems_source(options = {})
+      add_source_to_list Source::Rubygems.new(options), @rubygems_sources
+    end
+
+    def add_plugin_source(source, options = {})
+      add_source_to_list Plugin.source(source).new(options), @plugin_sources
+    end
+
+    def global_rubygems_source=(uri)
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
+      end
+      add_rubygems_remote(uri)
+    end
+
+    def add_rubygems_remote(uri)
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        return if Bundler.feature_flag.disable_multisource?
+        raise InvalidOption, "`lockfile_uses_separate_rubygems_sources` cannot be set without `disable_multisource` being set"
+      end
+      @rubygems_aggregate.add_remote(uri)
+      @rubygems_aggregate
+    end
+
+    def default_source
+      global_rubygems_source || @rubygems_aggregate
+    end
+
+    def rubygems_sources
+      @rubygems_sources + [default_source]
+    end
+
+    def rubygems_remotes
+      rubygems_sources.map(&:remotes).flatten.uniq
+    end
+
+    def all_sources
+      path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source]
+    end
+
+    def get(source)
+      source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) }
+    end
+
+    def lock_sources
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        [[default_source], @rubygems_sources, git_sources, path_sources, plugin_sources].map do |sources|
+          sources.sort_by(&:to_s)
+        end.flatten(1)
+      else
+        lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
+        lock_sources << combine_rubygems_sources
+      end
+    end
+
+    # Returns true if there are changes
+    def replace_sources!(replacement_sources)
+      return true if replacement_sources.empty?
+
+      [path_sources, git_sources, plugin_sources].each do |source_list|
+        source_list.map! do |source|
+          replacement_sources.find {|s| s == source } || source
+        end
+      end
+
+      replacement_rubygems = !Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? &&
+        replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
+      @rubygems_aggregate = replacement_rubygems if replacement_rubygems
+
+      return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
+      return true if replacement_rubygems && rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
+
+      false
+    end
+
+    def cached!
+      all_sources.each(&:cached!)
+    end
+
+    def remote!
+      all_sources.each(&:remote!)
+    end
+
+    def rubygems_primary_remotes
+      @rubygems_aggregate.remotes
+    end
+
+  private
+
+    def rubygems_aggregate_class
+      Source::Rubygems
+    end
+
+    def add_source_to_list(source, list)
+      list.unshift(source).uniq!
+      source
+    end
+
+    def source_list_for(source)
+      case source
+      when Source::Git          then git_sources
+      when Source::Path         then path_sources
+      when Source::Rubygems     then rubygems_sources
+      when Plugin::API::Source  then plugin_sources
+      else raise ArgumentError, "Invalid source: #{source.inspect}"
+      end
+    end
+
+    def combine_rubygems_sources
+      Source::Rubygems.new("remotes" => rubygems_remotes)
+    end
+
+    def warn_on_git_protocol(source)
+      return if Bundler.settings["git.allow_insecure"]
+
+      if source.uri =~ /^git\:/
+        Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \
+          "which transmits data without encryption. Disable this warning with " \
+          "`bundle config git.allow_insecure true`, or switch to the `https` " \
+          "protocol to keep your data secure."
+      end
+    end
+
+    def equal_sources?(lock_sources, replacement_sources)
+      lock_sources.to_set == replacement_sources.to_set
+    end
+
+    def equal_source?(source, other_source)
+      source == other_source
+    end
+
+    def equivalent_source?(source, other_source)
+      return false unless Bundler.settings[:allow_deployment_source_credential_changes] && source.is_a?(Source::Rubygems)
+
+      equivalent_rubygems_sources?([source], [other_source])
+    end
+
+    def equivalent_sources?(lock_sources, replacement_sources)
+      return false unless Bundler.settings[:allow_deployment_source_credential_changes]
+
+      lock_rubygems_sources, lock_other_sources = lock_sources.partition {|s| s.is_a?(Source::Rubygems) }
+      replacement_rubygems_sources, replacement_other_sources = replacement_sources.partition {|s| s.is_a?(Source::Rubygems) }
+
+      equivalent_rubygems_sources?(lock_rubygems_sources, replacement_rubygems_sources) && equal_sources?(lock_other_sources, replacement_other_sources)
+    end
+
+    def equivalent_rubygems_sources?(lock_sources, replacement_sources)
+      actual_remotes = replacement_sources.map(&:remotes).flatten.uniq
+      lock_sources.all? {|s| s.equivalent_remotes?(actual_remotes) }
+    end
+  end
+end

data/lib/bundler/spec_set.rb

@@ -0,0 +1,208 @@
+# frozen_string_literal: true
+
+require "tsort"
+require "set"
+
+module Bundler
+  class SpecSet
+    include Enumerable
+    include TSort
+
+    def initialize(specs)
+      @specs = specs
+    end
+
+    def for(dependencies, skip = [], check = false, match_current_platform = false, raise_on_missing = true)
+      handled = Set.new
+      deps = dependencies.dup
+      specs = []
+      skip += ["bundler"]
+
+      loop do
+        break unless dep = deps.shift
+        next if !handled.add?(dep) || skip.include?(dep.name)
+
+        if spec = spec_for_dependency(dep, match_current_platform)
+          specs << spec
+
+          spec.dependencies.each do |d|
+            next if d.type == :development
+            d = DepProxy.new(d, dep.__platform) unless match_current_platform
+            deps << d
+          end
+        elsif check
+          return false
+        elsif raise_on_missing
+          others = lookup[dep.name] if match_current_platform
+          message = "Unable to find a spec satisfying #{dep} in the set. Perhaps the lockfile is corrupted?"
+          message += " Found #{others.join(", ")} that did not match the current platform." if others && !others.empty?
+          raise GemNotFound, message
+        end
+      end
+
+      if spec = lookup["bundler"].first
+        specs << spec
+      end
+
+      check ? true : SpecSet.new(specs)
+    end
+
+    def valid_for?(deps)
+      self.for(deps, [], true)
+    end
+
+    def [](key)
+      key = key.name if key.respond_to?(:name)
+      lookup[key].reverse
+    end
+
+    def []=(key, value)
+      @specs << value
+      @lookup = nil
+      @sorted = nil
+      value
+    end
+
+    def sort!
+      self
+    end
+
+    def to_a
+      sorted.dup
+    end
+
+    def to_hash
+      lookup.dup
+    end
+
+    def materialize(deps, missing_specs = nil)
+      materialized = self.for(deps, [], false, true, !missing_specs).to_a
+      deps = materialized.map(&:name).uniq
+      materialized.map! do |s|
+        next s unless s.is_a?(LazySpecification)
+        s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
+        spec = s.__materialize__
+        unless spec
+          unless missing_specs
+            raise GemNotFound, "Could not find #{s.full_name} in any of the sources"
+          end
+          missing_specs << s
+        end
+        spec
+      end
+      SpecSet.new(missing_specs ? materialized.compact : materialized)
+    end
+
+    # Materialize for all the specs in the spec set, regardless of what platform they're for
+    # This is in contrast to how for does platform filtering (and specifically different from how `materialize` calls `for` only for the current platform)
+    # @return [Array<Gem::Specification>]
+    def materialized_for_all_platforms
+      names = @specs.map(&:name).uniq
+      @specs.map do |s|
+        next s unless s.is_a?(LazySpecification)
+        s.source.dependency_names = names if s.source.respond_to?(:dependency_names=)
+        spec = s.__materialize__
+        raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
+        spec
+      end
+    end
+
+    def merge(set)
+      arr = sorted.dup
+      set.each do |set_spec|
+        full_name = set_spec.full_name
+        next if arr.any? {|spec| spec.full_name == full_name }
+        arr << set_spec
+      end
+      SpecSet.new(arr)
+    end
+
+    def find_by_name_and_platform(name, platform)
+      @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
+    end
+
+    def what_required(spec)
+      unless req = find {|s| s.dependencies.any? {|d| d.type == :runtime && d.name == spec.name } }
+        return [spec]
+      end
+      what_required(req) << spec
+    end
+
+    def <<(spec)
+      @specs << spec
+    end
+
+    def length
+      @specs.length
+    end
+
+    def size
+      @specs.size
+    end
+
+    def empty?
+      @specs.empty?
+    end
+
+    def each(&b)
+      sorted.each(&b)
+    end
+
+  private
+
+    def sorted
+      rake = @specs.find {|s| s.name == "rake" }
+      begin
+        @sorted ||= ([rake] + tsort).compact.uniq
+      rescue TSort::Cyclic => error
+        cgems = extract_circular_gems(error)
+        raise CyclicDependencyError, "Your bundle requires gems that depend" \
+          " on each other, creating an infinite loop. Please remove either" \
+          " gem '#{cgems[1]}' or gem '#{cgems[0]}' and try again."
+      end
+    end
+
+    def extract_circular_gems(error)
+      if Bundler.current_ruby.mri? && Bundler.current_ruby.on_19?
+        error.message.scan(/(\w+) \([^)]/).flatten
+      else
+        error.message.scan(/@name="(.*?)"/).flatten
+      end
+    end
+
+    def lookup
+      @lookup ||= begin
+        lookup = Hash.new {|h, k| h[k] = [] }
+        Index.sort_specs(@specs).reverse_each do |s|
+          lookup[s.name] << s
+        end
+        lookup
+      end
+    end
+
+    def tsort_each_node
+      # MUST sort by name for backwards compatibility
+      @specs.sort_by(&:name).each {|s| yield s }
+    end
+
+    def spec_for_dependency(dep, match_current_platform)
+      specs_for_platforms = lookup[dep.name]
+      if match_current_platform
+        Bundler.rubygems.platforms.reverse_each do |pl|
+          match = GemHelpers.select_best_platform_match(specs_for_platforms, pl)
+          return match if match
+        end
+        nil
+      else
+        GemHelpers.select_best_platform_match(specs_for_platforms, dep.__platform)
+      end
+    end
+
+    def tsort_each_child(s)
+      s.dependencies.sort_by(&:name).each do |d|
+        next if d.type == :development
+        lookup[d.name].each {|s2| yield s2 }
+      end
+    end
+  end
+end