bundler 2.2.3 → 2.3.5

data/lib/bundler/source/git.rb

@@ -22,7 +22,7 @@ module Bundler
         @uri        = options["uri"] || ""
         @safe_uri   = URICredentialsFilter.credential_filtered_uri(@uri)
         @branch     = options["branch"]
-        @ref        = options["ref"] || options["branch"] || options["tag"] || "master"
+        @ref        = options["ref"] || options["branch"] || options["tag"]
         @submodules = options["submodules"]
         @name       = options["name"]
         @version    = options["version"].to_s.strip.gsub("-", ".pre.")
@@ -42,7 +42,7 @@ module Bundler
         %w[ref branch tag submodules].each do |opt|
           out << "  #{opt}: #{options[opt]}\n" if options[opt]
         end
-        out << "  glob: #{@glob}\n" unless @glob == DEFAULT_GLOB
+        out << "  glob: #{@glob}\n" unless default_glob?
         out << "  specs:\n"
       end
 
@@ -60,25 +60,35 @@ module Bundler
       alias_method :==, :eql?
 
       def to_s
-        at = if local?
-          path
-        elsif user_ref = options["ref"]
-          if ref =~ /\A[a-z0-9]{4,}\z/i
-            shortref_for_display(user_ref)
+        begin
+          at = if local?
+            path
+          elsif user_ref = options["ref"]
+            if ref =~ /\A[a-z0-9]{4,}\z/i
+              shortref_for_display(user_ref)
+            else
+              user_ref
+            end
+          elsif ref
+            ref
           else
-            user_ref
+            git_proxy.branch
           end
-        else
-          ref
+
+          rev = "at #{at}@#{shortref_for_display(revision)}"
+        rescue GitError
+          ""
         end
 
-        rev = begin
-                "@#{shortref_for_display(revision)}"
-              rescue GitError
-                nil
-              end
+        specifiers = [rev, glob_for_display].compact
+        suffix =
+          if specifiers.any?
+            " (#{specifiers.join(", ")})"
+          else
+            ""
+          end
 
-        "#{@safe_uri} (at #{at}#{rev})"
+        "#{@safe_uri}#{suffix}"
       end
 
       def name
@@ -146,7 +156,7 @@ module Bundler
 
         changed = cached_revision && cached_revision != git_proxy.revision
 
-        if changed && !@unlocked && !git_proxy.contains?(cached_revision)
+        if !Bundler.settings[:disable_local_revision_check] && changed && !@unlocked && !git_proxy.contains?(cached_revision)
           raise GitError, "The Gemfile lock is pointing to revision #{shortref_for_display(cached_revision)} " \
             "but the current branch in your local override for #{name} does not contain such commit. " \
             "Please make sure your branch is up to date."
@@ -280,6 +290,14 @@ module Bundler
         ref[0..11]
       end
 
+      def glob_for_display
+        default_glob? ? nil : "glob: #{@glob}"
+      end
+
+      def default_glob?
+        @glob == DEFAULT_GLOB
+      end
+
       def uri_hash
         if uri =~ %r{^\w+://(\w+@)?}
           # Downcase the domain component of the URI
@@ -289,7 +307,9 @@ module Bundler
           # If there is no URI scheme, assume it is an ssh/git URI
           input = uri
         end
-        SharedHelpers.digest(:SHA1).hexdigest(input)
+        # We use SHA1 here for historical reason and to preserve backward compatibility.
+        # But a transition to a simpler mangling algorithm would be welcome.
+        Bundler::Digest.sha1(input)
       end
 
       def cached_revision

data/lib/bundler/source/metadata.rb

@@ -25,7 +25,7 @@ module Bundler
             s.loaded_from = File.expand_path("..", __FILE__)
           end
 
-          if local_spec = Bundler.rubygems.find_name("bundler").find {|s| s.version.to_s == VERSION }
+          if local_spec = Bundler.rubygems.find_bundler(VERSION)
             idx << local_spec
           end
 
@@ -33,10 +33,6 @@ module Bundler
         end
       end
 
-      def cached!; end
-
-      def remote!; end
-
       def options
         {}
       end

data/lib/bundler/source/path/installer.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative "../../rubygems_gem_installer"
+
 module Bundler
   class Source
     class Path
@@ -33,7 +35,7 @@ module Bundler
             run_hooks(:post_build)
           end
 
-          generate_bin unless spec.executables.nil? || spec.executables.empty?
+          generate_bin unless spec.executables.empty?
 
           run_hooks(:post_install)
         ensure

data/lib/bundler/source/path.rb

@@ -82,7 +82,9 @@ module Bundler
       end
 
       def install(spec, options = {})
-        print_using_message "Using #{version_message(spec)} from #{self}"
+        using_message = "Using #{version_message(spec)} from #{self}"
+        using_message += " and installing its executables" unless spec.executables.empty?
+        print_using_message using_message
         generate_bin(spec, :disable_extensions => true)
         nil # no post-install message
       end

data/lib/bundler/source/rubygems.rb

@@ -20,18 +20,38 @@ module Bundler
         @dependency_names = []
         @allow_remote = false
         @allow_cached = false
+        @allow_local = options["allow_local"] || false
         @caches = [cache_path, *Bundler.rubygems.gem_cache]
 
-        Array(options["remotes"] || []).reverse_each {|r| add_remote(r) }
+        Array(options["remotes"]).reverse_each {|r| add_remote(r) }
+      end
+
+      def local_only!
+        @specs = nil
+        @allow_local = true
+        @allow_cached = false
+        @allow_remote = false
+      end
+
+      def local!
+        return if @allow_local
+
+        @specs = nil
+        @allow_local = true
       end
 
       def remote!
+        return if @allow_remote
+
         @specs = nil
         @allow_remote = true
       end
 
       def cached!
+        return if @allow_cached
+
         @specs = nil
+        @allow_local = true
         @allow_cached = true
       end
 
@@ -49,9 +69,17 @@ module Bundler
         o.is_a?(Rubygems) && (o.credless_remotes - credless_remotes).empty?
       end
 
+      def multiple_remotes?
+        @remotes.size > 1
+      end
+
+      def no_remotes?
+        @remotes.size == 0
+      end
+
       def can_lock?(spec)
-        return super if Bundler.feature_flag.disable_multisource?
-        spec.source.is_a?(Rubygems)
+        return super unless multiple_remotes?
+        include?(spec.source)
       end
 
       def options
@@ -73,12 +101,27 @@ module Bundler
       def to_s
         if remotes.empty?
           "locally installed gems"
-        else
-          remote_names = remotes.map(&:to_s).join(", ")
+        elsif @allow_remote && @allow_cached && @allow_local
+          "rubygems repository #{remote_names}, cached gems or installed locally"
+        elsif @allow_remote && @allow_local
           "rubygems repository #{remote_names} or installed locally"
+        elsif @allow_remote
+          "rubygems repository #{remote_names}"
+        elsif @allow_cached && @allow_local
+          "cached gems or installed locally"
+        else
+          "locally installed gems"
         end
       end
-      alias_method :name, :to_s
+
+      def identifier
+        if remotes.empty?
+          "locally installed gems"
+        else
+          "rubygems repository #{remote_names}"
+        end
+      end
+      alias_method :name, :identifier
 
       def specs
         @specs ||= begin
@@ -87,7 +130,7 @@ module Bundler
           # small_idx.use large_idx.
           idx = @allow_remote ? remote_specs.dup : Index.new
           idx.use(cached_specs, :override_dupes) if @allow_cached || @allow_remote
-          idx.use(installed_specs, :override_dupes)
+          idx.use(installed_specs, :override_dupes) if @allow_local
           idx
         end
       end
@@ -96,7 +139,7 @@ module Bundler
         force = opts[:force]
         ensure_builtin_gems_cached = opts[:ensure_builtin_gems_cached]
 
-        if ensure_builtin_gems_cached && builtin_gem?(spec)
+        if ensure_builtin_gems_cached && spec.default_gem?
           if !cached_path(spec)
             cached_built_in_gem(spec) unless spec.remote
             force = true
@@ -105,7 +148,7 @@ module Bundler
           end
         end
 
-        if (installed?(spec) || Plugin.installed?(spec.name)) && !force
+        if installed?(spec) && !force
           print_using_message "Using #{version_message(spec)}"
           return nil # no post-install message
         end
@@ -123,7 +166,7 @@ module Bundler
           begin
             s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"])
             spec.__swap__(s)
-          rescue StandardError
+          rescue Gem::Package::FormatError
             Bundler.rm_rf(path)
             raise
           end
@@ -135,6 +178,7 @@ module Bundler
           Bundler.ui.confirm message
 
           path = cached_gem(spec)
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
           if requires_sudo?
             install_path = Bundler.tmp(spec.full_name)
             bin_path     = install_path.join("bin")
@@ -145,6 +189,8 @@ module Bundler
 
           Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
 
+          require_relative "../rubygems_gem_installer"
+
           installed_spec = Bundler::RubyGemsGemInstaller.at(
             path,
             :install_dir         => install_path.to_s,
@@ -192,12 +238,8 @@ module Bundler
       end
 
       def cache(spec, custom_path = nil)
-        if builtin_gem?(spec)
-          cached_path = cached_built_in_gem(spec)
-        else
-          cached_path = cached_gem(spec)
-        end
-        raise GemNotFound, "Missing gem file '#{spec.full_name}.gem'." unless cached_path
+        cached_path = cached_gem(spec)
+        raise GemNotFound, "Missing gem file '#{spec.file_name}'." unless cached_path
         return if File.dirname(cached_path) == Bundler.app_cache.to_s
         Bundler.ui.info "  * #{File.basename(cached_path)}"
         FileUtils.cp(cached_path, Bundler.app_cache(custom_path))
@@ -224,25 +266,16 @@ module Bundler
         @remotes.unshift(uri) unless @remotes.include?(uri)
       end
 
-      def equivalent_remotes?(other_remotes)
-        other_remotes.map(&method(:remove_auth)) == @remotes.map(&method(:remove_auth))
-      end
-
-      def replace_remotes(other_remotes, allow_equivalent = false)
-        return false if other_remotes == @remotes
-
-        equivalent = allow_equivalent && equivalent_remotes?(other_remotes)
-
-        @remotes = []
-        other_remotes.reverse_each do |r|
-          add_remote r.to_s
+      def spec_names
+        if @allow_remote && dependency_api_available?
+          remote_specs.spec_names
+        else
+          []
         end
-
-        !equivalent
       end
 
       def unmet_deps
-        if @allow_remote && api_fetchers.any?
+        if @allow_remote && dependency_api_available?
           remote_specs.unmet_dependency_names
         else
           []
@@ -258,7 +291,7 @@ module Bundler
 
       def double_check_for(unmet_dependency_names)
         return unless @allow_remote
-        return unless api_fetchers.any?
+        return unless dependency_api_available?
 
         unmet_dependency_names = unmet_dependency_names.call
         unless unmet_dependency_names.nil?
@@ -280,21 +313,32 @@ module Bundler
         remote_specs.each do |spec|
           case spec
           when EndpointSpecification, Gem::Specification, StubSpecification, LazySpecification
-            names.concat(spec.runtime_dependencies)
+            names.concat(spec.runtime_dependencies.map(&:name))
           when RemoteSpecification # from the full index
             return nil
           else
             raise "unhandled spec type (#{spec.inspect})"
           end
         end
-        names.map!(&:name) if names
         names
       end
 
+      def dependency_api_available?
+        api_fetchers.any?
+      end
+
       protected
 
+      def remote_names
+        remotes.map(&:to_s).join(", ")
+      end
+
       def credless_remotes
-        remotes.map(&method(:suppress_configured_credentials))
+        if Bundler.settings[:allow_deployment_source_credential_changes]
+          remotes.map(&method(:remove_auth))
+        else
+          remotes.map(&method(:suppress_configured_credentials))
+        end
       end
 
       def remotes_for_spec(spec)
@@ -309,14 +353,17 @@ module Bundler
       end
 
       def cached_gem(spec)
-        cached_gem = cached_path(spec)
-        unless cached_gem
-          raise Bundler::GemNotFound, "Could not find #{spec.file_name} for installation"
+        if spec.default_gem?
+          cached_built_in_gem(spec)
+        else
+          cached_path(spec)
         end
-        cached_gem
       end
 
       def cached_path(spec)
+        global_cache_path = download_cache_path(spec)
+        @caches << global_cache_path if global_cache_path
+
         possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" }
         possibilities.find {|p| File.exist?(p) }
       end
@@ -351,7 +398,6 @@ module Bundler
       def installed_specs
         @installed_specs ||= Index.build do |idx|
           Bundler.rubygems.all_specs.reverse_each do |spec|
-            next if spec.name == "bundler"
             spec.source = self
             if Bundler.rubygems.spec_missing_extensions?(spec, false)
               Bundler.ui.debug "Source #{self} is ignoring #{spec} because it is missing extensions"
@@ -364,16 +410,12 @@ module Bundler
 
       def cached_specs
         @cached_specs ||= begin
-          idx = installed_specs.dup
+          idx = @allow_local ? installed_specs.dup : Index.new
 
           Dir["#{cache_path}/*.gem"].each do |gemfile|
             next if gemfile =~ /^bundler\-[\d\.]+?\.gem/
             s ||= Bundler.rubygems.spec_from_gem(gemfile)
             s.source = self
-            if Bundler.rubygems.spec_missing_extensions?(s, false)
-              Bundler.ui.debug "Source #{self} is ignoring #{s} because it is missing extensions"
-              next
-            end
             idx << s
           end
 
@@ -406,11 +448,11 @@ module Bundler
       def fetch_names(fetchers, dependency_names, index, override_dupes)
         fetchers.each do |f|
           if dependency_names
-            Bundler.ui.info "Fetching gem metadata from #{f.uri}", Bundler.ui.debug?
+            Bundler.ui.info "Fetching gem metadata from #{URICredentialsFilter.credential_filtered_uri(f.uri)}", Bundler.ui.debug?
             index.use f.specs_with_retry(dependency_names, self), override_dupes
             Bundler.ui.info "" unless Bundler.ui.debug? # new line now that the dots are over
           else
-            Bundler.ui.info "Fetching source index from #{f.uri}"
+            Bundler.ui.info "Fetching source index from #{URICredentialsFilter.credential_filtered_uri(f.uri)}"
             index.use f.specs_with_retry(nil, self), override_dupes
           end
         end
@@ -421,19 +463,26 @@ module Bundler
 
         spec.fetch_platform
 
-        download_path = requires_sudo? ? Bundler.tmp(spec.full_name) : rubygems_dir
-        gem_path = "#{rubygems_dir}/cache/#{spec.full_name}.gem"
+        cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir)
+        gem_path = "#{cache_path}/#{spec.file_name}"
+
+        if requires_sudo?
+          download_path = Bundler.tmp(spec.full_name)
+          download_cache_path = default_cache_path_for(download_path)
+        else
+          download_cache_path = cache_path
+        end
 
-        SharedHelpers.filesystem_access("#{download_path}/cache") do |p|
+        SharedHelpers.filesystem_access(download_cache_path) do |p|
           FileUtils.mkdir_p(p)
         end
-        download_gem(spec, download_path)
+        download_gem(spec, download_cache_path)
 
         if requires_sudo?
-          SharedHelpers.filesystem_access("#{rubygems_dir}/cache") do |p|
+          SharedHelpers.filesystem_access(cache_path) do |p|
             Bundler.mkdir_p(p)
           end
-          Bundler.sudo "mv #{download_path}/cache/#{spec.full_name}.gem #{gem_path}"
+          Bundler.sudo "mv #{download_cache_path}/#{spec.file_name} #{gem_path}"
         end
 
         gem_path
@@ -441,16 +490,8 @@ module Bundler
         Bundler.rm_rf(download_path) if requires_sudo?
       end
 
-      def builtin_gem?(spec)
-        # Ruby 2.1, where all included gems have this summary
-        return true if spec.summary =~ /is bundled with Ruby/
-
-        # Ruby 2.0, where gemspecs are stored in specifications/default/
-        spec.loaded_from && spec.loaded_from.include?("specifications/default/")
-      end
-
       def installed?(spec)
-        installed_specs[spec].any?
+        installed_specs[spec].any? && !spec.deleted_gem?
       end
 
       def requires_sudo?
@@ -461,6 +502,10 @@ module Bundler
         Bundler.rubygems.gem_dir
       end
 
+      def default_cache_path_for(dir)
+        "#{dir}/cache"
+      end
+
       def cache_path
         Bundler.app_cache
       end
@@ -473,45 +518,13 @@ module Bundler
       # @param  [Specification] spec
       #         the spec we want to download or retrieve from the cache.
       #
-      # @param  [String] download_path
+      # @param  [String] download_cache_path
       #         the local directory the .gem will end up in.
       #
-      def download_gem(spec, download_path)
-        local_path = File.join(download_path, "cache/#{spec.full_name}.gem")
-
-        if (cache_path = download_cache_path(spec)) && cache_path.file?
-          SharedHelpers.filesystem_access(local_path) do
-            FileUtils.cp(cache_path, local_path)
-          end
-        else
-          uri = spec.remote.uri
-          Bundler.ui.confirm("Fetching #{version_message(spec)}")
-          rubygems_local_path = Bundler.rubygems.download_gem(spec, uri, download_path)
-          if rubygems_local_path != local_path
-            FileUtils.mv(rubygems_local_path, local_path)
-          end
-          cache_globally(spec, local_path)
-        end
-      end
-
-      # Checks if the requested spec exists in the global cache. If it does
-      # not, we create the relevant global cache subdirectory if it does not
-      # exist and copy the spec from the local cache to the global cache.
-      #
-      # @param  [Specification] spec
-      #         the spec we want to copy to the global cache.
-      #
-      # @param  [String] local_cache_path
-      #         the local directory from which we want to copy the .gem.
-      #
-      def cache_globally(spec, local_cache_path)
-        return unless cache_path = download_cache_path(spec)
-        return if cache_path.exist?
-
-        SharedHelpers.filesystem_access(cache_path.dirname, &:mkpath)
-        SharedHelpers.filesystem_access(cache_path) do
-          FileUtils.cp(local_cache_path, cache_path)
-        end
+      def download_gem(spec, download_cache_path)
+        uri = spec.remote.uri
+        Bundler.ui.confirm("Fetching #{version_message(spec)}")
+        Bundler.rubygems.download_gem(spec, uri, download_cache_path)
       end
 
       # Returns the global cache path of the calling Rubygems::Source object.
@@ -530,7 +543,7 @@ module Bundler
         return unless remote = spec.remote
         return unless cache_slug = remote.cache_slug
 
-        Bundler.user_cache.join("gems", cache_slug, spec.file_name)
+        Bundler.user_cache.join("gems", cache_slug)
       end
 
       def extension_cache_slug(spec)

data/lib/bundler/source/rubygems_aggregate.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Bundler
+  class Source
+    class RubygemsAggregate
+      attr_reader :source_map, :sources
+
+      def initialize(sources, source_map)
+        @sources = sources
+        @source_map = source_map
+
+        @index = build_index
+      end
+
+      def specs
+        @index
+      end
+
+      def identifier
+        to_s
+      end
+
+      def to_s
+        "any of the sources"
+      end
+
+      private
+
+      def build_index
+        Index.build do |idx|
+          dependency_names = source_map.pinned_spec_names
+
+          sources.all_sources.each do |source|
+            source.dependency_names = dependency_names - source_map.pinned_spec_names(source)
+            idx.add_source source.specs
+            dependency_names.concat(source.unmet_deps).uniq!
+          end
+
+          double_check_for_index(idx, dependency_names)
+        end
+      end
+
+      # Suppose the gem Foo depends on the gem Bar.  Foo exists in Source A.  Bar has some versions that exist in both
+      # sources A and B.  At this point, the API request will have found all the versions of Bar in source A,
+      # but will not have found any versions of Bar from source B, which is a problem if the requested version
+      # of Foo specifically depends on a version of Bar that is only found in source B. This ensures that for
+      # each spec we found, we add all possible versions from all sources to the index.
+      def double_check_for_index(idx, dependency_names)
+        pinned_names = source_map.pinned_spec_names
+
+        names = :names # do this so we only have to traverse to get dependency_names from the index once
+        unmet_dependency_names = lambda do
+          return names unless names == :names
+          new_names = sources.all_sources.map(&:dependency_names_to_double_check)
+          return names = nil if new_names.compact!
+          names = new_names.flatten(1).concat(dependency_names)
+          names.uniq!
+          names -= pinned_names
+          names
+        end
+
+        sources.all_sources.each do |source|
+          source.double_check_for(unmet_dependency_names)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/source.rb

@@ -7,6 +7,7 @@ module Bundler
     autoload :Metadata, File.expand_path("source/metadata", __dir__)
     autoload :Path,     File.expand_path("source/path", __dir__)
     autoload :Rubygems, File.expand_path("source/rubygems", __dir__)
+    autoload :RubygemsAggregate, File.expand_path("source/rubygems_aggregate", __dir__)
 
     attr_accessor :dependency_names
 
@@ -33,6 +34,18 @@ module Bundler
       spec.source == self
     end
 
+    def local!; end
+
+    def local_only!; end
+
+    def cached!; end
+
+    def remote!; end
+
+    def add_dependency_names(names)
+      @dependency_names = Array(dependency_names) | Array(names)
+    end
+
     # it's possible that gems from one source depend on gems from some
     # other source, so now we download gemspecs and iterate over those
     # dependencies, looking for gems we don't have info on yet.
@@ -42,6 +55,10 @@ module Bundler
       specs.dependency_names
     end
 
+    def spec_names
+      specs.spec_names
+    end
+
     def include?(other)
       other == self
     end
@@ -50,6 +67,10 @@ module Bundler
       "#<#{self.class}:0x#{object_id} #{self}>"
     end
 
+    def identifier
+      to_s
+    end
+
     def path?
       instance_of?(Bundler::Source::Path)
     end