bundler 2.2.26 → 2.3.26

data/lib/bundler/source/rubygems.rb

@@ -26,6 +26,13 @@ module Bundler
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
       end
 
+      def local_only!
+        @specs = nil
+        @allow_local = true
+        @allow_cached = false
+        @allow_remote = false
+      end
+
       def local!
         return if @allow_local
 
@@ -91,26 +98,30 @@ module Bundler
         out << "  specs:\n"
       end
 
-      def to_err
+      def to_s
         if remotes.empty?
           "locally installed gems"
-        elsif @allow_remote
+        elsif @allow_remote && @allow_cached && @allow_local
+          "rubygems repository #{remote_names}, cached gems or installed locally"
+        elsif @allow_remote && @allow_local
           "rubygems repository #{remote_names} or installed locally"
-        elsif @allow_cached
-          "cached gems from rubygems repository #{remote_names} or installed locally"
+        elsif @allow_remote
+          "rubygems repository #{remote_names}"
+        elsif @allow_cached && @allow_local
+          "cached gems or installed locally"
         else
           "locally installed gems"
         end
       end
 
-      def to_s
+      def identifier
         if remotes.empty?
           "locally installed gems"
         else
-          "rubygems repository #{remote_names} or installed locally"
+          "rubygems repository #{remote_names}"
         end
       end
-      alias_method :name, :to_s
+      alias_method :name, :identifier
 
       def specs
         @specs ||= begin
@@ -124,101 +135,104 @@ module Bundler
         end
       end
 
-      def install(spec, opts = {})
-        force = opts[:force]
-        ensure_builtin_gems_cached = opts[:ensure_builtin_gems_cached]
+      def install(spec, options = {})
+        force = options[:force]
+        ensure_builtin_gems_cached = options[:ensure_builtin_gems_cached]
 
-        if ensure_builtin_gems_cached && builtin_gem?(spec)
-          if !cached_path(spec)
-            cached_built_in_gem(spec) unless spec.remote
-            force = true
-          else
-            spec.loaded_from = loaded_from(spec)
-          end
+        if ensure_builtin_gems_cached && spec.default_gem? && !cached_path(spec)
+          cached_built_in_gem(spec) unless spec.remote
+          force = true
         end
 
-        if (installed?(spec) || Plugin.installed?(spec.name)) && !force
+        if installed?(spec) && !force
           print_using_message "Using #{version_message(spec)}"
           return nil # no post-install message
         end
 
-        # Download the gem to get the spec, because some specs that are returned
-        # by rubygems.org are broken and wrong.
         if spec.remote
           # Check for this spec from other sources
-          uris = [spec.remote.anonymized_uri]
-          uris += remotes_for_spec(spec).map(&:anonymized_uri)
-          uris.uniq!
+          uris = [spec.remote, *remotes_for_spec(spec)].map(&:anonymized_uri).uniq
           Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1
+        end
+
+        path = fetch_gem_if_possible(spec, options[:previous_spec])
+        raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
+
+        return if Bundler.settings[:no_install]
+
+        if requires_sudo?
+          install_path = Bundler.tmp(spec.full_name)
+          bin_path     = install_path.join("bin")
+        else
+          install_path = rubygems_dir
+          bin_path     = Bundler.system_bindir
+        end
+
+        Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
+
+        require_relative "../rubygems_gem_installer"
+
+        installer = Bundler::RubyGemsGemInstaller.at(
+          path,
+          :security_policy     => Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
+          :install_dir         => install_path.to_s,
+          :bin_dir             => bin_path.to_s,
+          :ignore_dependencies => true,
+          :wrappers            => true,
+          :env_shebang         => true,
+          :build_args          => options[:build_args],
+          :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
+          :bundler_extension_cache_path => extension_cache_path(spec)
+        )
 
-          path = fetch_gem(spec)
-          begin
-            s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"])
-            spec.__swap__(s)
-          rescue StandardError
+        if spec.remote
+          s = begin
+            installer.spec
+          rescue Gem::Package::FormatError
             Bundler.rm_rf(path)
             raise
+          rescue Gem::Security::Exception => e
+            raise SecurityError,
+             "The gem #{File.basename(path, ".gem")} can't be installed because " \
+             "the security policy didn't allow it, with the message: #{e.message}"
           end
+
+          spec.__swap__(s)
         end
 
-        unless Bundler.settings[:no_install]
-          message = "Installing #{version_message(spec)}"
-          message += " with native extensions" if spec.extensions.any?
-          Bundler.ui.confirm message
+        message = "Installing #{version_message(spec, options[:previous_spec])}"
+        message += " with native extensions" if spec.extensions.any?
+        Bundler.ui.confirm message
 
-          path = cached_gem(spec)
-          if requires_sudo?
-            install_path = Bundler.tmp(spec.full_name)
-            bin_path     = install_path.join("bin")
-          else
-            install_path = rubygems_dir
-            bin_path     = Bundler.system_bindir
-          end
+        installed_spec = installer.install
 
-          Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
-
-          require_relative "../rubygems_gem_installer"
-
-          installed_spec = Bundler::RubyGemsGemInstaller.at(
-            path,
-            :install_dir         => install_path.to_s,
-            :bin_dir             => bin_path.to_s,
-            :ignore_dependencies => true,
-            :wrappers            => true,
-            :env_shebang         => true,
-            :build_args          => opts[:build_args],
-            :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
-            :bundler_extension_cache_path => extension_cache_path(spec)
-          ).install
-          spec.full_gem_path = installed_spec.full_gem_path
-
-          # SUDO HAX
-          if requires_sudo?
-            Bundler.rubygems.repository_subdirectories.each do |name|
-              src = File.join(install_path, name, "*")
-              dst = File.join(rubygems_dir, name)
-              if name == "extensions" && Dir.glob(src).any?
-                src = File.join(src, "*/*")
-                ext_src = Dir.glob(src).first
-                ext_src.gsub!(src[0..-6], "")
-                dst = File.dirname(File.join(dst, ext_src))
-              end
-              SharedHelpers.filesystem_access(dst) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+        spec.full_gem_path = installed_spec.full_gem_path
+        spec.loaded_from = installed_spec.loaded_from
+
+        # SUDO HAX
+        if requires_sudo?
+          Bundler.rubygems.repository_subdirectories.each do |name|
+            src = File.join(install_path, name, "*")
+            dst = File.join(rubygems_dir, name)
+            if name == "extensions" && Dir.glob(src).any?
+              src = File.join(src, "*/*")
+              ext_src = Dir.glob(src).first
+              ext_src.gsub!(src[0..-6], "")
+              dst = File.dirname(File.join(dst, ext_src))
+            end
+            SharedHelpers.filesystem_access(dst) do |p|
+              Bundler.mkdir_p(p)
             end
+            Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+          end
 
-            spec.executables.each do |exe|
-              SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
+          spec.executables.each do |exe|
+            SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
+              Bundler.mkdir_p(p)
             end
+            Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
           end
-          installed_spec.loaded_from = loaded_from(spec)
         end
-        spec.loaded_from = loaded_from(spec)
 
         spec.post_install_message
       ensure
@@ -226,12 +240,8 @@ module Bundler
       end
 
       def cache(spec, custom_path = nil)
-        if builtin_gem?(spec)
-          cached_path = cached_built_in_gem(spec)
-        else
-          cached_path = cached_gem(spec)
-        end
-        raise GemNotFound, "Missing gem file '#{spec.full_name}.gem'." unless cached_path
+        cached_path = Bundler.settings[:cache_all_platforms] ? fetch_gem_if_possible(spec) : cached_gem(spec)
+        raise GemNotFound, "Missing gem file '#{spec.file_name}'." unless cached_path
         return if File.dirname(cached_path) == Bundler.app_cache.to_s
         Bundler.ui.info "  * #{File.basename(cached_path)}"
         FileUtils.cp(cached_path, Bundler.app_cache(custom_path))
@@ -258,10 +268,6 @@ module Bundler
         @remotes.unshift(uri) unless @remotes.include?(uri)
       end
 
-      def equivalent_remotes?(other_remotes)
-        other_remotes.map(&method(:remove_auth)) == @remotes.map(&method(:remove_auth))
-      end
-
       def spec_names
         if @allow_remote && dependency_api_available?
           remote_specs.spec_names
@@ -330,7 +336,11 @@ module Bundler
       end
 
       def credless_remotes
-        remotes.map(&method(:suppress_configured_credentials))
+        if Bundler.settings[:allow_deployment_source_credential_changes]
+          remotes.map(&method(:remove_auth))
+        else
+          remotes.map(&method(:suppress_configured_credentials))
+        end
       end
 
       def remotes_for_spec(spec)
@@ -340,23 +350,26 @@ module Bundler
         end
       end
 
-      def loaded_from(spec)
-        "#{rubygems_dir}/specifications/#{spec.full_name}.gemspec"
-      end
-
       def cached_gem(spec)
-        cached_gem = cached_path(spec)
-        unless cached_gem
-          raise Bundler::GemNotFound, "Could not find #{spec.file_name} for installation"
+        if spec.default_gem?
+          cached_built_in_gem(spec)
+        else
+          cached_path(spec)
         end
-        cached_gem
       end
 
       def cached_path(spec)
-        possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" }
+        global_cache_path = download_cache_path(spec)
+        @caches << global_cache_path if global_cache_path
+
+        possibilities = @caches.map {|p| package_path(p, spec) }
         possibilities.find {|p| File.exist?(p) }
       end
 
+      def package_path(cache_path, spec)
+        "#{cache_path}/#{spec.file_name}"
+      end
+
       def normalize_uri(uri)
         uri = uri.to_s
         uri = "#{uri}/" unless uri =~ %r{/$}
@@ -447,24 +460,38 @@ module Bundler
         end
       end
 
-      def fetch_gem(spec)
-        return false unless spec.remote
+      def fetch_gem_if_possible(spec, previous_spec = nil)
+        if spec.remote
+          fetch_gem(spec, previous_spec)
+        else
+          cached_gem(spec)
+        end
+      end
 
+      def fetch_gem(spec, previous_spec = nil)
         spec.fetch_platform
 
-        download_path = requires_sudo? ? Bundler.tmp(spec.full_name) : rubygems_dir
-        gem_path = "#{rubygems_dir}/cache/#{spec.full_name}.gem"
+        cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir)
+        gem_path = package_path(cache_path, spec)
+        return gem_path if File.exist?(gem_path)
 
-        SharedHelpers.filesystem_access("#{download_path}/cache") do |p|
+        if requires_sudo?
+          download_path = Bundler.tmp(spec.full_name)
+          download_cache_path = default_cache_path_for(download_path)
+        else
+          download_cache_path = cache_path
+        end
+
+        SharedHelpers.filesystem_access(download_cache_path) do |p|
           FileUtils.mkdir_p(p)
         end
-        download_gem(spec, download_path)
+        download_gem(spec, download_cache_path, previous_spec)
 
         if requires_sudo?
-          SharedHelpers.filesystem_access("#{rubygems_dir}/cache") do |p|
+          SharedHelpers.filesystem_access(cache_path) do |p|
             Bundler.mkdir_p(p)
           end
-          Bundler.sudo "mv #{download_path}/cache/#{spec.full_name}.gem #{gem_path}"
+          Bundler.sudo "mv #{package_path(download_cache_path, spec)} #{gem_path}"
         end
 
         gem_path
@@ -472,16 +499,8 @@ module Bundler
         Bundler.rm_rf(download_path) if requires_sudo?
       end
 
-      def builtin_gem?(spec)
-        # Ruby 2.1, where all included gems have this summary
-        return true if spec.summary =~ /is bundled with Ruby/
-
-        # Ruby 2.0, where gemspecs are stored in specifications/default/
-        spec.loaded_from && spec.loaded_from.include?("specifications/default/")
-      end
-
       def installed?(spec)
-        installed_specs[spec].any?
+        installed_specs[spec].any? && !spec.deleted_gem?
       end
 
       def requires_sudo?
@@ -489,7 +508,11 @@ module Bundler
       end
 
       def rubygems_dir
-        Bundler.rubygems.gem_dir
+        Bundler.bundle_path
+      end
+
+      def default_cache_path_for(dir)
+        "#{dir}/cache"
       end
 
       def cache_path
@@ -504,52 +527,16 @@ module Bundler
       # @param  [Specification] spec
       #         the spec we want to download or retrieve from the cache.
       #
-      # @param  [String] download_path
+      # @param  [String] download_cache_path
       #         the local directory the .gem will end up in.
       #
-      def download_gem(spec, download_path)
-        local_path = File.join(download_path, "cache/#{spec.full_name}.gem")
-
-        if (cache_path = download_cache_path(spec)) && cache_path.file?
-          SharedHelpers.filesystem_access(local_path) do
-            FileUtils.cp(cache_path, local_path)
-          end
-        else
-          uri = spec.remote.uri
-          Bundler.ui.confirm("Fetching #{version_message(spec)}")
-          rubygems_local_path = Bundler.rubygems.download_gem(spec, uri, download_path)
-
-          # older rubygems return varying file:// variants depending on version
-          rubygems_local_path = rubygems_local_path.gsub(/\Afile:/, "") unless Bundler.rubygems.provides?(">= 3.2.0.rc.2")
-          rubygems_local_path = rubygems_local_path.gsub(%r{\A//}, "") if Bundler.rubygems.provides?("< 3.1.0")
-
-          if rubygems_local_path != local_path
-            SharedHelpers.filesystem_access(local_path) do
-              FileUtils.mv(rubygems_local_path, local_path)
-            end
-          end
-          cache_globally(spec, local_path)
-        end
-      end
-
-      # Checks if the requested spec exists in the global cache. If it does
-      # not, we create the relevant global cache subdirectory if it does not
-      # exist and copy the spec from the local cache to the global cache.
-      #
-      # @param  [Specification] spec
-      #         the spec we want to copy to the global cache.
-      #
-      # @param  [String] local_cache_path
-      #         the local directory from which we want to copy the .gem.
+      # @param  [Specification] previous_spec
+      #         the spec previously locked
       #
-      def cache_globally(spec, local_cache_path)
-        return unless cache_path = download_cache_path(spec)
-        return if cache_path.exist?
-
-        SharedHelpers.filesystem_access(cache_path.dirname, &:mkpath)
-        SharedHelpers.filesystem_access(cache_path) do
-          FileUtils.cp(local_cache_path, cache_path)
-        end
+      def download_gem(spec, download_cache_path, previous_spec = nil)
+        uri = spec.remote.uri
+        Bundler.ui.confirm("Fetching #{version_message(spec, previous_spec)}")
+        Bundler.rubygems.download_gem(spec, uri, download_cache_path)
       end
 
       # Returns the global cache path of the calling Rubygems::Source object.
@@ -568,7 +555,7 @@ module Bundler
         return unless remote = spec.remote
         return unless cache_slug = remote.cache_slug
 
-        Bundler.user_cache.join("gems", cache_slug, spec.file_name)
+        Bundler.user_cache.join("gems", cache_slug)
       end
 
       def extension_cache_slug(spec)

data/lib/bundler/source/rubygems_aggregate.rb

@@ -16,7 +16,7 @@ module Bundler
         @index
       end
 
-      def to_err
+      def identifier
         to_s
       end
 

data/lib/bundler/source.rb

@@ -15,13 +15,12 @@ module Bundler
       specs.unmet_dependency_names
     end
 
-    def version_message(spec)
+    def version_message(spec, locked_spec = nil)
       message = "#{spec.name} #{spec.version}"
       message += " (#{spec.platform})" if spec.platform != Gem::Platform::RUBY && !spec.platform.nil?
 
-      if Bundler.locked_gems
-        locked_spec = Bundler.locked_gems.specs.find {|s| s.name == spec.name }
-        locked_spec_version = locked_spec.version if locked_spec
+      if locked_spec
+        locked_spec_version = locked_spec.version
         if locked_spec_version && spec.version != locked_spec_version
           message += Bundler.ui.add_color(" (was #{locked_spec_version})", version_color(spec.version, locked_spec_version))
         end
@@ -36,6 +35,8 @@ module Bundler
 
     def local!; end
 
+    def local_only!; end
+
     def cached!; end
 
     def remote!; end
@@ -65,7 +66,7 @@ module Bundler
       "#<#{self.class}:0x#{object_id} #{self}>"
     end
 
-    def to_err
+    def identifier
       to_s
     end
 

data/lib/bundler/source_list.rb

@@ -98,7 +98,11 @@ module Bundler
     end
 
     def get(source)
-      source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) }
+      source_list_for(source).find {|s| equivalent_source?(source, s) }
+    end
+
+    def get_with_fallback(source)
+      get(source) || default_source
     end
 
     def lock_sources
@@ -106,14 +110,14 @@ module Bundler
     end
 
     def lock_other_sources
-      (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
+      (path_sources + git_sources + plugin_sources).sort_by(&:identifier)
     end
 
     def lock_rubygems_sources
       if merged_gem_lockfile_sections?
         [combine_rubygems_sources]
       else
-        rubygems_sources.sort_by(&:to_s)
+        rubygems_sources.sort_by(&:identifier)
       end
     end
 
@@ -136,6 +140,10 @@ module Bundler
       different_sources?(lock_sources, replacement_sources)
     end
 
+    def local_only!
+      all_sources.each(&:local_only!)
+    end
+
     def cached!
       all_sources.each(&:cached!)
     end
@@ -169,7 +177,7 @@ module Bundler
     end
 
     def different_sources?(lock_sources, replacement_sources)
-      !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
+      !equivalent_sources?(lock_sources, replacement_sources)
     end
 
     def rubygems_aggregate_class
@@ -206,34 +214,12 @@ module Bundler
       end
     end
 
-    def equal_sources?(lock_sources, replacement_sources)
-      lock_sources.sort_by(&:to_s) == replacement_sources.sort_by(&:to_s)
-    end
-
-    def equal_source?(source, other_source)
-      return source.include?(other_source) if source.is_a?(Source::Rubygems) && other_source.is_a?(Source::Rubygems)
-
-      source == other_source
-    end
-
-    def equivalent_source?(source, other_source)
-      return false unless Bundler.settings[:allow_deployment_source_credential_changes] && source.is_a?(Source::Rubygems)
-
-      equivalent_rubygems_sources?([source], [other_source])
-    end
-
     def equivalent_sources?(lock_sources, replacement_sources)
-      return false unless Bundler.settings[:allow_deployment_source_credential_changes]
-
-      lock_rubygems_sources, lock_other_sources = lock_sources.partition {|s| s.is_a?(Source::Rubygems) }
-      replacement_rubygems_sources, replacement_other_sources = replacement_sources.partition {|s| s.is_a?(Source::Rubygems) }
-
-      equivalent_rubygems_sources?(lock_rubygems_sources, replacement_rubygems_sources) && equal_sources?(lock_other_sources, replacement_other_sources)
+      lock_sources.sort_by(&:identifier) == replacement_sources.sort_by(&:identifier)
     end
 
-    def equivalent_rubygems_sources?(lock_sources, replacement_sources)
-      actual_remotes = replacement_sources.map(&:remotes).flatten.uniq
-      lock_sources.all? {|s| s.equivalent_remotes?(actual_remotes) }
+    def equivalent_source?(source, other_source)
+      source == other_source
     end
   end
 end

data/lib/bundler/source_map.rb

@@ -2,11 +2,12 @@
 
 module Bundler
   class SourceMap
-    attr_reader :sources, :dependencies
+    attr_reader :sources, :dependencies, :locked_specs
 
-    def initialize(sources, dependencies)
+    def initialize(sources, dependencies, locked_specs)
       @sources = sources
       @dependencies = dependencies
+      @locked_specs = locked_specs
     end
 
     def pinned_spec_names(skip = nil)
@@ -54,5 +55,17 @@ module Bundler
         requirements
       end
     end
+
+    def locked_requirements
+      @locked_requirements ||= begin
+        requirements = {}
+        locked_specs.each do |locked_spec|
+          source = locked_spec.source
+          source.add_dependency_names(locked_spec.name)
+          requirements[locked_spec.name] = source
+        end
+        requirements
+      end
+    end
   end
 end