bundler 2.2.16 → 2.4.19

data/lib/bundler/rubygems_integration.rb

@@ -12,32 +12,30 @@ module Bundler
       EXT_LOCK = Monitor.new
     end
 
-    def self.version
-      @version ||= Gem::Version.new(Gem::VERSION)
-    end
-
-    def self.provides?(req_str)
-      Gem::Requirement.new(req_str).satisfied_by?(version)
-    end
-
     def initialize
       @replaced_methods = {}
       backport_ext_builder_monitor
     end
 
     def version
-      self.class.version
+      @version ||= Gem.rubygems_version
     end
 
     def provides?(req_str)
-      self.class.provides?(req_str)
+      Gem::Requirement.new(req_str).satisfied_by?(version)
+    end
+
+    def supports_bundler_trampolining?
+      provides?(">= 3.3.0.a")
     end
 
     def build_args
+      require "rubygems/command"
       Gem::Command.build_args
     end
 
     def build_args=(args)
+      require "rubygems/command"
       Gem::Command.build_args = args
     end
 
@@ -84,16 +82,12 @@ module Bundler
     def spec_missing_extensions?(spec, default = true)
       return spec.missing_extensions? if spec.respond_to?(:missing_extensions?)
 
-      return false if spec_default_gem?(spec)
+      return false if spec.default_gem?
       return false if spec.extensions.empty?
 
       default
     end
 
-    def spec_default_gem?(spec)
-      spec.respond_to?(:default_gem?) && spec.default_gem?
-    end
-
     def spec_matches_for_glob(spec, glob)
       return spec.matches_for_glob(glob) if spec.respond_to?(:matches_for_glob)
 
@@ -110,18 +104,6 @@ module Bundler
       obj.to_s
     end
 
-    def configuration
-      require_relative "psyched_yaml"
-      Gem.configuration
-    rescue Gem::SystemExitException, LoadError => e
-      Bundler.ui.error "#{e.class}: #{e.message}"
-      Bundler.ui.trace e
-      raise
-    rescue YamlLibrarySyntaxError => e
-      raise YamlSyntaxError.new(e, "Your RubyGems configuration, which is " \
-        "usually located in ~/.gemrc, contains invalid YAML syntax.")
-    end
-
     def ruby_engine
       Gem.ruby_engine
     end
@@ -144,19 +126,6 @@ module Bundler
       end
     end
 
-    def sources=(val)
-      # Gem.configuration creates a new Gem::ConfigFile, which by default will read ~/.gemrc
-      # If that file exists, its settings (including sources) will overwrite the values we
-      # are about to set here. In order to avoid that, we force memoizing the config file now.
-      configuration
-
-      Gem.sources = val
-    end
-
-    def sources
-      Gem.sources
-    end
-
     def gem_dir
       Gem.dir
     end
@@ -234,32 +203,9 @@ module Bundler
       EXT_LOCK
     end
 
-    def with_build_args(args)
-      ext_lock.synchronize do
-        old_args = build_args
-        begin
-          self.build_args = args
-          yield
-        ensure
-          self.build_args = old_args
-        end
-      end
-    end
-
-    def spec_from_gem(path, policy = nil)
-      require "rubygems/security"
-      require_relative "psyched_yaml"
-      gem_from_path(path, security_policies[policy]).spec
-    rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
-      if e.is_a?(Gem::Security::Exception) ||
-          e.message =~ /unknown trust policy|unsigned gem/i ||
-          e.message =~ /couldn't verify (meta)?data signature/i
-        raise SecurityError,
-          "The gem #{File.basename(path, ".gem")} can't be installed because " \
-          "the security policy didn't allow it, with the message: #{e.message}"
-      else
-        raise e
-      end
+    def spec_from_gem(path)
+      require "rubygems/package"
+      Gem::Package.new(path).spec
     end
 
     def build_gem(gem_dir, spec)
@@ -281,10 +227,14 @@ module Bundler
 
     def reverse_rubygems_kernel_mixin
       # Disable rubygems' gem activation system
-      kernel = (class << ::Kernel; self; end)
-      [kernel, ::Kernel].each do |k|
-        if k.private_method_defined?(:gem_original_require)
-          redefine_method(k, :require, k.instance_method(:gem_original_require))
+      if Gem.respond_to?(:discover_gems_on_require=)
+        Gem.discover_gems_on_require = false
+      else
+        kernel = (class << ::Kernel; self; end)
+        [kernel, ::Kernel].each do |k|
+          if k.private_method_defined?(:gem_original_require)
+            redefine_method(k, :require, k.instance_method(:gem_original_require))
+          end
         end
       end
     end
@@ -297,7 +247,7 @@ module Bundler
       kernel = (class << ::Kernel; self; end)
       [kernel, ::Kernel].each do |kernel_class|
         redefine_method(kernel_class, :gem) do |dep, *reqs|
-          if executables && executables.include?(File.basename(caller.first.split(":").first))
+          if executables&.include?(File.basename(caller.first.split(":").first))
             break
           end
 
@@ -326,11 +276,7 @@ module Bundler
 
           e = Gem::LoadError.new(message)
           e.name = dep.name
-          if e.respond_to?(:requirement=)
-            e.requirement = dep.requirement
-          elsif e.respond_to?(:version_requirement=)
-            e.version_requirement = dep.requirement
-          end
+          e.requirement = dep.requirement
           raise e
         end
 
@@ -502,14 +448,15 @@ module Bundler
     end
 
     def fetch_specs(remote, name)
+      require "rubygems/remote_fetcher"
       path = remote.uri.to_s + "#{name}.#{Gem.marshal_version}.gz"
       fetcher = gem_remote_fetcher
       fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri
       string = fetcher.fetch_path(path)
-      Bundler.load_marshal(string)
-    rescue Gem::RemoteFetcher::FetchError => e
+      Bundler.safe_load_marshal(string)
+    rescue Gem::RemoteFetcher::FetchError
       # it's okay for prerelease to fail
-      raise e unless name == "prerelease_specs"
+      raise unless name == "prerelease_specs"
     end
 
     def fetch_all_remote_specs(remote)
@@ -519,27 +466,41 @@ module Bundler
       specs.concat(pres)
     end
 
-    def download_gem(spec, uri, path)
+    def download_gem(spec, uri, cache_dir)
+      require "rubygems/remote_fetcher"
       uri = Bundler.settings.mirror_for(uri)
       fetcher = gem_remote_fetcher
       fetcher.headers = { "X-Gemfile-Source" => spec.remote.original_uri.to_s } if spec.remote.original_uri
       Bundler::Retry.new("download gem from #{uri}").attempts do
-        fetcher.download(spec, uri, path)
+        gem_file_name = spec.file_name
+        local_gem_path = File.join cache_dir, gem_file_name
+        return if File.exist? local_gem_path
+
+        begin
+          remote_gem_path = uri + "gems/#{gem_file_name}"
+          remote_gem_path = remote_gem_path.to_s if provides?("< 3.2.0.rc.1")
+
+          SharedHelpers.filesystem_access(local_gem_path) do
+            fetcher.cache_update_path remote_gem_path, local_gem_path
+          end
+        rescue Gem::RemoteFetcher::FetchError
+          raise if spec.original_platform == spec.platform
+
+          original_gem_file_name = "#{spec.original_name}.gem"
+          raise if gem_file_name == original_gem_file_name
+
+          gem_file_name = original_gem_file_name
+          retry
+        end
       end
+    rescue Gem::RemoteFetcher::FetchError => e
+      raise Bundler::HTTPError, "Could not download gem from #{uri} due to underlying error <#{e.message}>"
     end
 
     def gem_remote_fetcher
-      require "resolv"
-      proxy = configuration[:http_proxy]
-      dns = Resolv::DNS.new
-      Gem::RemoteFetcher.new(proxy, dns)
-    end
-
-    def gem_from_path(path, policy = nil)
-      require "rubygems/package"
-      p = Gem::Package.new(path)
-      p.security_policy = policy if policy
-      p
+      require "rubygems/remote_fetcher"
+      proxy = Gem.configuration[:http_proxy]
+      Gem::RemoteFetcher.new(proxy)
     end
 
     def build(spec, skip_validation = false)
@@ -547,14 +508,6 @@ module Bundler
       Gem::Package.build(spec, skip_validation)
     end
 
-    def repository_subdirectories
-      Gem::REPOSITORY_SUBDIRECTORIES
-    end
-
-    def install_with_build_args(args)
-      yield
-    end
-
     def path_separator
       Gem.path_separator
     end
@@ -584,6 +537,10 @@ module Bundler
       end
     end
 
+    def find_bundler(version)
+      find_name("bundler").find {|s| s.version.to_s == version }
+    end
+
     def find_name(name)
       Gem::Specification.stubs_for(name).map(&:to_spec)
     end
@@ -597,14 +554,6 @@ module Bundler
         Gem::Specification.send(:default_stubs, "*.gemspec")
       end
     end
-
-    def use_gemdeps(gemfile)
-      ENV["BUNDLE_GEMFILE"] ||= File.expand_path(gemfile)
-      require_relative "gemdeps"
-      runtime = Bundler.setup
-      activated_spec_names = runtime.requested_specs.map(&:to_spec).sort_by(&:name)
-      [Gemdeps.new(runtime), activated_spec_names]
-    end
   end
 
   def self.rubygems

data/lib/bundler/runtime.rb

@@ -12,22 +12,16 @@ module Bundler
     def setup(*groups)
       @definition.ensure_equivalent_gemfile_and_lockfile if Bundler.frozen_bundle?
 
-      groups.map!(&:to_sym)
-
       # Has to happen first
       clean_load_path
 
-      specs = groups.any? ? @definition.specs_for(groups) : requested_specs
+      specs = @definition.specs_for(groups)
 
       SharedHelpers.set_bundle_environment
       Bundler.rubygems.replace_entrypoints(specs)
 
       # Activate the specs
       load_paths = specs.map do |spec|
-        unless spec.loaded_from
-          raise GemNotFound, "#{spec.full_name} is missing. Run `bundle install` to get it."
-        end
-
         check_for_activated_spec!(spec)
 
         Bundler.rubygems.mark_loaded(spec)
@@ -100,13 +94,13 @@ module Bundler
     definition_method :requires
 
     def lock(opts = {})
-      return if @definition.nothing_changed? && !@definition.unlocking?
+      return if @definition.no_resolve_needed?
       @definition.lock(Bundler.default_lockfile, opts[:preserve_unknown_sections])
     end
 
     alias_method :gems, :specs
 
-    def cache(custom_path = nil)
+    def cache(custom_path = nil, local = false)
       cache_path = Bundler.app_cache(custom_path)
       SharedHelpers.filesystem_access(cache_path) do |p|
         FileUtils.mkdir_p(p)
@@ -114,11 +108,23 @@ module Bundler
 
       Bundler.ui.info "Updating files in #{Bundler.settings.app_cache_path}"
 
-      specs_to_cache = Bundler.settings[:cache_all_platforms] ? @definition.resolve.materialized_for_all_platforms : specs
+      specs_to_cache = if Bundler.settings[:cache_all_platforms]
+        @definition.resolve.materialized_for_all_platforms
+      else
+        begin
+          specs
+        rescue GemNotFound
+          if local
+            Bundler.ui.warn "Some gems seem to be missing from your #{Bundler.settings.app_cache_path} directory."
+          end
+
+          raise
+        end
+      end
+
       specs_to_cache.each do |spec|
         next if spec.name == "bundler"
         next if spec.source.is_a?(Source::Gemspec)
-        spec.source.send(:fetch_gem, spec) if Bundler.settings[:cache_all_platforms] && spec.source.respond_to?(:fetch_gem, true)
         spec.source.cache(spec, custom_path) if spec.source.respond_to?(:cache)
       end
 
@@ -258,7 +264,7 @@ module Bundler
 
       return if manuals.empty?
       Bundler::SharedHelpers.set_env "MANPATH", manuals.concat(
-        ENV["MANPATH"].to_s.split(File::PATH_SEPARATOR)
+        ENV["MANPATH"] ? ENV["MANPATH"].to_s.split(File::PATH_SEPARATOR) : [""]
       ).uniq.join(File::PATH_SEPARATOR)
     end
 
@@ -284,7 +290,7 @@ module Bundler
       return unless activated_spec = Bundler.rubygems.loaded_specs(spec.name)
       return if activated_spec.version == spec.version
 
-      suggestion = if Bundler.rubygems.spec_default_gem?(activated_spec)
+      suggestion = if activated_spec.default_gem?
         "Since #{spec.name} is a default gem, you can either remove your dependency on it" \
         " or try updating to a newer version of bundler that supports #{spec.name} as a default gem."
       else
@@ -294,11 +300,7 @@ module Bundler
       e = Gem::LoadError.new "You have already activated #{activated_spec.name} #{activated_spec.version}, " \
                              "but your Gemfile requires #{spec.name} #{spec.version}. #{suggestion}"
       e.name = spec.name
-      if e.respond_to?(:requirement=)
-        e.requirement = Gem::Requirement.new(spec.version.to_s)
-      else
-        e.version_requirement = Gem::Requirement.new(spec.version.to_s)
-      end
+      e.requirement = Gem::Requirement.new(spec.version.to_s)
       raise e
     end
   end

data/lib/bundler/safe_marshal.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Bundler
+  module SafeMarshal
+    ALLOWED_CLASSES = [
+      Array,
+      FalseClass,
+      Gem::Specification,
+      Gem::Version,
+      Hash,
+      String,
+      Symbol,
+      Time,
+      TrueClass,
+    ].freeze
+
+    ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
+
+    PROC = proc do |object|
+      object.tap do
+        unless ALLOWED_CLASSES.include?(object.class)
+          raise TypeError, format(ERROR, object.class, ALLOWED_CLASSES.join(", "))
+        end
+      end
+    end
+
+    def self.proc
+      PROC
+    end
+  end
+end

data/lib/bundler/self_manager.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+
+module Bundler
+  #
+  # This class handles installing and switching to the version of bundler needed
+  # by an application.
+  #
+  class SelfManager
+    def restart_with_locked_bundler_if_needed
+      return unless needs_switching? && installed?
+
+      restart_with(lockfile_version)
+    end
+
+    def install_locked_bundler_and_restart_with_it_if_needed
+      return unless needs_switching?
+
+      Bundler.ui.info \
+        "Bundler #{current_version} is running, but your lockfile was generated with #{lockfile_version}. " \
+        "Installing Bundler #{lockfile_version} and restarting using that version."
+
+      install_and_restart_with(lockfile_version)
+    end
+
+    def update_bundler_and_restart_with_it_if_needed(target)
+      return unless autoswitching_applies?
+
+      spec = resolve_update_version_from(target)
+      return unless spec
+
+      version = spec.version
+
+      Bundler.ui.info "Updating bundler to #{version}."
+
+      install(spec)
+
+      restart_with(version)
+    end
+
+    private
+
+    def install_and_restart_with(version)
+      requirement = Gem::Requirement.new(version)
+      spec = find_latest_matching_spec(requirement)
+
+      if spec.nil?
+        Bundler.ui.warn "Your lockfile is locked to a version of bundler (#{lockfile_version}) that doesn't exist at https://rubygems.org/. Going on using #{current_version}"
+        return
+      end
+
+      install(spec)
+    rescue StandardError => e
+      Bundler.ui.trace e
+      Bundler.ui.warn "There was an error installing the locked bundler version (#{lockfile_version}), rerun with the `--verbose` flag for more details. Going on using bundler #{current_version}."
+    else
+      restart_with(version)
+    end
+
+    def install(spec)
+      spec.source.install(spec)
+    end
+
+    def restart_with(version)
+      configured_gem_home = ENV["GEM_HOME"]
+      configured_gem_path = ENV["GEM_PATH"]
+
+      cmd = [$PROGRAM_NAME, *ARGV]
+      cmd.unshift(Gem.ruby) unless File.executable?($PROGRAM_NAME)
+
+      Bundler.with_original_env do
+        Kernel.exec(
+          { "GEM_HOME" => configured_gem_home, "GEM_PATH" => configured_gem_path, "BUNDLER_VERSION" => version.to_s },
+          *cmd
+        )
+      end
+    end
+
+    def needs_switching?
+      autoswitching_applies? &&
+        released?(lockfile_version) &&
+        !running?(lockfile_version) &&
+        !updating?
+    end
+
+    def autoswitching_applies?
+      ENV["BUNDLER_VERSION"].nil? &&
+        Bundler.rubygems.supports_bundler_trampolining? &&
+        SharedHelpers.in_bundle? &&
+        lockfile_version
+    end
+
+    def resolve_update_version_from(target)
+      requirement = Gem::Requirement.new(target)
+      update_candidate = find_latest_matching_spec(requirement)
+
+      if update_candidate.nil?
+        raise InvalidOption, "The `bundle update --bundler` target version (#{target}) does not exist"
+      end
+
+      resolved_version = update_candidate.version
+      needs_update = requirement.specific? ? !running?(resolved_version) : running_older_than?(resolved_version)
+
+      return unless needs_update
+
+      update_candidate
+    end
+
+    def local_specs
+      @local_specs ||= Bundler::Source::Rubygems.new("allow_local" => true).specs.select {|spec| spec.name == "bundler" }
+    end
+
+    def remote_specs
+      @remote_specs ||= begin
+        source = Bundler::Source::Rubygems.new("remotes" => "https://rubygems.org")
+        source.remote!
+        source.add_dependency_names("bundler")
+        source.specs
+      end
+    end
+
+    def find_latest_matching_spec(requirement)
+      local_result = find_latest_matching_spec_from_collection(local_specs, requirement)
+      return local_result if local_result && requirement.specific?
+
+      remote_result = find_latest_matching_spec_from_collection(remote_specs, requirement)
+      return remote_result if local_result.nil?
+
+      [local_result, remote_result].max
+    end
+
+    def find_latest_matching_spec_from_collection(specs, requirement)
+      specs.sort.reverse_each.find {|spec| requirement.satisfied_by?(spec.version) }
+    end
+
+    def running?(version)
+      version == current_version
+    end
+
+    def running_older_than?(version)
+      current_version < version
+    end
+
+    def released?(version)
+      !version.to_s.end_with?(".dev")
+    end
+
+    def updating?
+      "update".start_with?(ARGV.first || " ") && ARGV[1..-1].any? {|a| a.start_with?("--bundler") }
+    end
+
+    def installed?
+      Bundler.configure
+
+      Bundler.rubygems.find_bundler(lockfile_version.to_s)
+    end
+
+    def current_version
+      @current_version ||= Gem::Version.new(Bundler::VERSION)
+    end
+
+    def lockfile_version
+      return @lockfile_version if defined?(@lockfile_version)
+
+      parsed_version = Bundler::LockfileParser.bundled_with
+      @lockfile_version = parsed_version ? Gem::Version.new(parsed_version) : nil
+    end
+  end
+end