RubyGems - bundler - Versions diffs - 2.4.22 → 2.5.1 - Mend

bundler 2.4.22 → 2.5.1

Files changed (156) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +63 -0
data/bundler.gemspec +4 -2
data/exe/bundle +1 -10
data/lib/bundler/build_metadata.rb +3 -3
data/lib/bundler/capistrano.rb +1 -1
data/lib/bundler/checksum.rb +254 -0
data/lib/bundler/ci_detector.rb +75 -0
data/lib/bundler/cli/add.rb +3 -3
data/lib/bundler/cli/binstubs.rb +4 -4
data/lib/bundler/cli/cache.rb +1 -1
data/lib/bundler/cli/check.rb +1 -1
data/lib/bundler/cli/common.rb +9 -1
data/lib/bundler/cli/config.rb +8 -7
data/lib/bundler/cli/console.rb +3 -2
data/lib/bundler/cli/doctor.rb +2 -2
data/lib/bundler/cli/exec.rb +1 -1
data/lib/bundler/cli/gem.rb +28 -23
data/lib/bundler/cli/info.rb +2 -13
data/lib/bundler/cli/install.rb +5 -4
data/lib/bundler/cli/issue.rb +1 -1
data/lib/bundler/cli/lock.rb +4 -4
data/lib/bundler/cli/open.rb +1 -1
data/lib/bundler/cli/outdated.rb +6 -6
data/lib/bundler/cli/plugin.rb +7 -14
data/lib/bundler/cli/pristine.rb +38 -30
data/lib/bundler/cli/show.rb +2 -2
data/lib/bundler/cli/update.rb +5 -5
data/lib/bundler/cli.rb +215 -263
data/lib/bundler/compact_index_client/cache.rb +29 -9
data/lib/bundler/compact_index_client/cache_file.rb +153 -0
data/lib/bundler/compact_index_client/gem_parser.rb +7 -3
data/lib/bundler/compact_index_client/updater.rb +79 -81
data/lib/bundler/compact_index_client.rb +14 -7
data/lib/bundler/constants.rb +1 -1
data/lib/bundler/current_ruby.rb +5 -21
data/lib/bundler/definition.rb +42 -15
data/lib/bundler/dependency.rb +16 -12
data/lib/bundler/digest.rb +2 -2
data/lib/bundler/dsl.rb +46 -30
data/lib/bundler/endpoint_specification.rb +5 -1
data/lib/bundler/env.rb +1 -3
data/lib/bundler/errors.rb +43 -0
data/lib/bundler/fetcher/base.rb +3 -1
data/lib/bundler/fetcher/compact_index.rb +4 -4
data/lib/bundler/fetcher/downloader.rb +13 -11
data/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
data/lib/bundler/fetcher/index.rb +1 -1
data/lib/bundler/fetcher.rb +28 -25
data/lib/bundler/friendly_errors.rb +5 -5
data/lib/bundler/gem_helper.rb +1 -1
data/lib/bundler/gem_helpers.rb +5 -2
data/lib/bundler/graph.rb +9 -9
data/lib/bundler/index.rb +1 -2
data/lib/bundler/injector.rb +1 -1
data/lib/bundler/inline.rb +3 -3
data/lib/bundler/installer/gem_installer.rb +5 -5
data/lib/bundler/installer/parallel_installer.rb +16 -8
data/lib/bundler/installer/standalone.rb +2 -3
data/lib/bundler/installer.rb +9 -9
data/lib/bundler/lazy_specification.rb +24 -17
data/lib/bundler/lockfile_generator.rb +9 -0
data/lib/bundler/lockfile_parser.rb +81 -10
data/lib/bundler/man/bundle-add.1 +3 -26
data/lib/bundler/man/bundle-binstubs.1 +4 -16
data/lib/bundler/man/bundle-cache.1 +3 -24
data/lib/bundler/man/bundle-check.1 +3 -12
data/lib/bundler/man/bundle-clean.1 +3 -10
data/lib/bundler/man/bundle-config.1 +20 -211
data/lib/bundler/man/bundle-config.1.ronn +6 -0
data/lib/bundler/man/bundle-console.1 +4 -22
data/lib/bundler/man/bundle-doctor.1 +4 -18
data/lib/bundler/man/bundle-exec.1 +12 -73
data/lib/bundler/man/bundle-gem.1 +13 -49
data/lib/bundler/man/bundle-help.1 +3 -7
data/lib/bundler/man/bundle-info.1 +3 -9
data/lib/bundler/man/bundle-init.1 +3 -12
data/lib/bundler/man/bundle-inject.1 +6 -19
data/lib/bundler/man/bundle-install.1 +27 -125
data/lib/bundler/man/bundle-install.1.ronn +1 -0
data/lib/bundler/man/bundle-list.1 +4 -19
data/lib/bundler/man/bundle-lock.1 +5 -29
data/lib/bundler/man/bundle-open.1 +7 -27
data/lib/bundler/man/bundle-outdated.1 +3 -55
data/lib/bundler/man/bundle-outdated.1.ronn +1 -0
data/lib/bundler/man/bundle-platform.1 +5 -27
data/lib/bundler/man/bundle-plugin.1 +3 -29
data/lib/bundler/man/bundle-pristine.1 +5 -16
data/lib/bundler/man/bundle-remove.1 +4 -14
data/lib/bundler/man/bundle-show.1 +3 -10
data/lib/bundler/man/bundle-update.1 +18 -137
data/lib/bundler/man/bundle-version.1 +3 -16
data/lib/bundler/man/bundle-viz.1 +4 -16
data/lib/bundler/man/bundle.1 +5 -44
data/lib/bundler/man/gemfile.5 +24 -301
data/lib/bundler/man/gemfile.5.ronn +4 -0
data/lib/bundler/match_metadata.rb +4 -0
data/lib/bundler/match_platform.rb +1 -1
data/lib/bundler/plugin/api/source.rb +3 -2
data/lib/bundler/plugin/installer.rb +1 -1
data/lib/bundler/plugin.rb +3 -3
data/lib/bundler/resolver/base.rb +1 -1
data/lib/bundler/resolver/incompatibility.rb +1 -1
data/lib/bundler/resolver/spec_group.rb +1 -4
data/lib/bundler/resolver.rb +16 -16
data/lib/bundler/ruby_dsl.rb +20 -12
data/lib/bundler/ruby_version.rb +1 -1
data/lib/bundler/rubygems_ext.rb +24 -50
data/lib/bundler/rubygems_gem_installer.rb +6 -56
data/lib/bundler/rubygems_integration.rb +25 -94
data/lib/bundler/runtime.rb +2 -2
data/lib/bundler/self_manager.rb +23 -7
data/lib/bundler/settings.rb +27 -7
data/lib/bundler/setup.rb +4 -1
data/lib/bundler/shared_helpers.rb +35 -13
data/lib/bundler/source/git/git_proxy.rb +15 -15
data/lib/bundler/source/git.rb +4 -3
data/lib/bundler/source/metadata.rb +15 -15
data/lib/bundler/source/path.rb +7 -6
data/lib/bundler/source/rubygems.rb +21 -14
data/lib/bundler/source.rb +2 -0
data/lib/bundler/spec_set.rb +38 -10
data/lib/bundler/stub_specification.rb +1 -0
data/lib/bundler/templates/Executable.bundler +1 -1
data/lib/bundler/templates/newgem/README.md.tt +3 -3
data/lib/bundler/templates/newgem/Rakefile.tt +2 -6
data/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +1 -1
data/lib/bundler/templates/newgem/standard.yml.tt +1 -1
data/lib/bundler/ui/shell.rb +1 -1
data/lib/bundler/vendor/connection_pool/.document +1 -0
data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +53 -6
data/lib/bundler/vendor/fileutils/.document +1 -0
data/lib/bundler/vendor/fileutils/lib/fileutils.rb +8 -20
data/lib/bundler/vendor/net-http-persistent/.document +1 -0
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +3 -3
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +2 -2
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +1 -1
data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +34 -34
data/lib/bundler/vendor/pub_grub/.document +1 -0
data/lib/bundler/vendor/thor/.document +1 -0
data/lib/bundler/vendor/tsort/.document +1 -0
data/lib/bundler/vendor/tsort/lib/tsort.rb +3 -0
data/lib/bundler/vendor/uri/.document +1 -0
data/lib/bundler/vendor/uri/lib/uri/common.rb +256 -132
data/lib/bundler/vendor/uri/lib/uri/generic.rb +1 -0
data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +95 -31
data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
data/lib/bundler/vendored_net_http.rb +8 -0
data/lib/bundler/vendored_persistent.rb +0 -4
data/lib/bundler/vendored_timeout.rb +8 -0
data/lib/bundler/version.rb +1 -1
data/lib/bundler/vlad.rb +1 -1
data/lib/bundler/yaml_serializer.rb +3 -3
data/lib/bundler.rb +41 -32
metadata +18 -5

data/lib/bundler/man/gemfile.5.ronn CHANGED Viewed

@@ -238,6 +238,10 @@ All operations involving groups ([`bundle install`](bundle-install.1.html), `Bun
 `Bundler.require`) behave exactly the same as if any groups not
 matching the current platform were explicitly excluded.
+The following platform values are deprecated and should be replaced with `windows`:
+  * `mswin`, `mswin64`, `mingw32`, `x64_mingw`
 ### FORCE_RUBY_PLATFORM
 If you always want the pure ruby variant of a gem to be chosen over platform

data/lib/bundler/match_metadata.rb CHANGED Viewed

@@ -2,6 +2,10 @@
 module Bundler
   module MatchMetadata
+    def matches_current_metadata?
+      matches_current_ruby? && matches_current_rubygems?
+    end
     def matches_current_ruby?
       @required_ruby_version.satisfied_by?(Gem.ruby_version)
     end

data/lib/bundler/match_platform.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Bundler
     def self.platforms_match?(gemspec_platform, local_platform)
       return true if gemspec_platform.nil?
-      return true if Gem::Platform::RUBY == gemspec_platform
+      return true if gemspec_platform == Gem::Platform::RUBY
       return true if local_platform == gemspec_platform
       gemspec_platform = Gem::Platform.new(gemspec_platform)
       return true if gemspec_platform === local_platform

data/lib/bundler/plugin/api/source.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module Bundler
       #     is present to be compatible with `Definition` and is used by
       #     rubygems source.
       module Source
-        attr_reader :uri, :options, :name
+        attr_reader :uri, :options, :name, :checksum_store
         attr_accessor :dependency_names
         def initialize(opts)
@@ -48,6 +48,7 @@ module Bundler
           @uri = opts["uri"]
           @type = opts["type"]
           @name = opts["name"] || "#{@type} at #{@uri}"
+          @checksum_store = Checksum::Store.new
         end
         # This is used by the default `spec` method to constructs the
@@ -95,7 +96,7 @@ module Bundler
         #
         # Note: Do not override if you don't know what you are doing.
         def post_install(spec, disable_exts = false)
-          opts = { :env_shebang => false, :disable_extensions => disable_exts }
+          opts = { env_shebang: false, disable_extensions: disable_exts }
           installer = Bundler::Source::Path::Installer.new(spec, opts)
           installer.post_install
         end

data/lib/bundler/plugin/installer.rb CHANGED Viewed

@@ -83,7 +83,7 @@ module Bundler
         Bundler.configure_gem_home_and_path(Plugin.root)
-        Bundler.settings.temporary(:deployment => false, :frozen => false) do
+        Bundler.settings.temporary(deployment: false, frozen: false) do
           definition = Definition.new(nil, deps, source_list, true)
           install_definition(definition)

data/lib/bundler/plugin.rb CHANGED Viewed

@@ -101,7 +101,7 @@ module Bundler
     # @param [Pathname] gemfile path
     # @param [Proc] block that can be evaluated for (inline) Gemfile
     def gemfile_install(gemfile = nil, &inline)
-      Bundler.settings.temporary(:frozen => false, :deployment => false) do
+      Bundler.settings.temporary(frozen: false, deployment: false) do
         builder = DSL.new
         if block_given?
           builder.instance_eval(&inline)
@@ -307,7 +307,7 @@ module Bundler
       @hooks_by_event = Hash.new {|h, k| h[k] = [] }
       load_paths = spec.load_paths
-      Bundler.rubygems.add_to_load_path(load_paths)
+      Gem.add_to_load_path(*load_paths)
       path = Pathname.new spec.full_gem_path
       begin
@@ -342,7 +342,7 @@ module Bundler
       # done to avoid conflicts
       path = index.plugin_path(name)
-      Bundler.rubygems.add_to_load_path(index.load_paths(name))
+      Gem.add_to_load_path(*index.load_paths(name))
       load path.join(PLUGIN_FILE_NAME)

data/lib/bundler/resolver/base.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Bundler
           name = dep.name
-          @packages[name] = Package.new(name, dep_platforms, **options.merge(:dependency => dep))
+          @packages[name] = Package.new(name, dep_platforms, **options.merge(dependency: dep))
           dep
         end.compact

data/lib/bundler/resolver/incompatibility.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Bundler
       def initialize(terms, cause:, custom_explanation: nil, extended_explanation: nil)
         @extended_explanation = extended_explanation
-        super(terms, :cause => cause, :custom_explanation => custom_explanation)
+        super(terms, cause: cause, custom_explanation: custom_explanation)
       end
     end
   end

data/lib/bundler/resolver/spec_group.rb CHANGED Viewed

@@ -25,9 +25,8 @@ module Bundler
       def to_specs(force_ruby_platform)
         @specs.map do |s|
-          lazy_spec = LazySpecification.new(name, version, s.platform, source)
+          lazy_spec = LazySpecification.from_spec(s)
           lazy_spec.force_ruby_platform = force_ruby_platform
-          lazy_spec.dependencies.replace s.dependencies
           lazy_spec
         end
       end
@@ -64,8 +63,6 @@ module Bundler
       end
       def metadata_dependencies(spec)
-        return [] if spec.is_a?(LazySpecification)
         [
           metadata_dependency("Ruby", spec.required_ruby_version),
           metadata_dependency("RubyGems", spec.required_rubygems_version),

data/lib/bundler/resolver.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module Bundler
       Bundler.ui.info "Resolving dependencies...", true
-      solve_versions(:root => root, :logger => logger)
+      solve_versions(root: root, logger: logger)
     end
     def setup_solver
@@ -77,7 +77,7 @@ module Bundler
     end
     def solve_versions(root:, logger:)
-      solver = PubGrub::VersionSolver.new(:source => self, :root => root, :logger => logger)
+      solver = PubGrub::VersionSolver.new(source: self, root: root, logger: logger)
       result = solver.solve
       result.map {|package, version| version.to_specs(package) }.flatten.uniq
     rescue PubGrub::SolveFailure => e
@@ -152,7 +152,7 @@ module Bundler
         requirement_to_range(dependency)
       end
-      PubGrub::VersionConstraint.new(package, :range => range)
+      PubGrub::VersionConstraint.new(package, range: range)
     end
     def versions_for(package, range=VersionRange.any)
@@ -181,7 +181,7 @@ module Bundler
         extended_explanation = other_specs_matching_message(specs_matching_other_platforms, label) if specs_matching_other_platforms.any?
       end
-      Incompatibility.new([unsatisfied_term], :cause => cause, :custom_explanation => custom_explanation, :extended_explanation => extended_explanation)
+      Incompatibility.new([unsatisfied_term], cause: cause, custom_explanation: custom_explanation, extended_explanation: extended_explanation)
     end
     def debug?
@@ -220,9 +220,9 @@ module Bundler
             sorted_versions[high]
           end
-        range = PubGrub::VersionRange.new(:min => low, :max => high, :include_min => true)
+        range = PubGrub::VersionRange.new(min: low, max: high, include_min: true)
-        self_constraint = PubGrub::VersionConstraint.new(package, :range => range)
+        self_constraint = PubGrub::VersionConstraint.new(package, range: range)
         dep_term = PubGrub::Term.new(dep_constraint, false)
         self_term = PubGrub::Term.new(self_constraint, true)
@@ -231,7 +231,7 @@ module Bundler
           "current #{dep_package} version is #{dep_constraint.constraint_string}"
         end
-        PubGrub::Incompatibility.new([self_term, dep_term], :cause => :dependency, :custom_explanation => custom_explanation)
+        PubGrub::Incompatibility.new([self_term, dep_term], cause: :dependency, custom_explanation: custom_explanation)
       end
     end
@@ -266,11 +266,11 @@ module Bundler
         platform_specs.flatten!
         ruby_specs = select_best_platform_match(specs, Gem::Platform::RUBY)
-        groups << Resolver::Candidate.new(version, :specs => ruby_specs) if ruby_specs.any?
+        groups << Resolver::Candidate.new(version, specs: ruby_specs) if ruby_specs.any?
         next groups if platform_specs == ruby_specs || package.force_ruby_platform?
-        groups << Resolver::Candidate.new(version, :specs => platform_specs)
+        groups << Resolver::Candidate.new(version, specs: platform_specs)
         groups
       end
@@ -408,19 +408,19 @@ module Bundler
         when "~>"
           name = "~> #{ver}"
           bump = Resolver::Candidate.new(version.bump.to_s + ".A")
-          PubGrub::VersionRange.new(:name => name, :min => ver, :max => bump, :include_min => true)
+          PubGrub::VersionRange.new(name: name, min: ver, max: bump, include_min: true)
         when ">"
-          PubGrub::VersionRange.new(:min => platform_ver)
+          PubGrub::VersionRange.new(min: platform_ver)
         when ">="
-          PubGrub::VersionRange.new(:min => ver, :include_min => true)
+          PubGrub::VersionRange.new(min: ver, include_min: true)
         when "<"
-          PubGrub::VersionRange.new(:max => ver)
+          PubGrub::VersionRange.new(max: ver)
         when "<="
-          PubGrub::VersionRange.new(:max => platform_ver, :include_max => true)
+          PubGrub::VersionRange.new(max: platform_ver, include_max: true)
         when "="
-          PubGrub::VersionRange.new(:min => ver, :max => platform_ver, :include_min => true, :include_max => true)
+          PubGrub::VersionRange.new(min: ver, max: platform_ver, include_min: true, include_max: true)
         when "!="
-          PubGrub::VersionRange.new(:min => ver, :max => platform_ver, :include_min => true, :include_max => true).invert
+          PubGrub::VersionRange.new(min: ver, max: platform_ver, include_min: true, include_max: true).invert
         else
           raise "bad version specifier: #{op}"
         end

data/lib/bundler/ruby_dsl.rb CHANGED Viewed

@@ -3,22 +3,28 @@
 module Bundler
   module RubyDsl
     def ruby(*ruby_version)
-      options = ruby_version.last.is_a?(Hash) ? ruby_version.pop : {}
+      options = ruby_version.pop if ruby_version.last.is_a?(Hash)
       ruby_version.flatten!
-      raise GemfileError, "Please define :engine_version" if options[:engine] && options[:engine_version].nil?
-      raise GemfileError, "Please define :engine" if options[:engine_version] && options[:engine].nil?
+      if options
+        patchlevel = options[:patchlevel]
+        engine = options[:engine]
+        engine_version = options[:engine_version]
-      if options[:file]
-        raise GemfileError, "Do not pass version argument when using :file option" unless ruby_version.empty?
-        ruby_version << normalize_ruby_file(options[:file])
-      end
+        raise GemfileError, "Please define :engine_version" if engine && engine_version.nil?
+        raise GemfileError, "Please define :engine" if engine_version && engine.nil?
+        if options[:file]
+          raise GemfileError, "Do not pass version argument when using :file option" unless ruby_version.empty?
+          ruby_version << normalize_ruby_file(options[:file])
+        end
-      if options[:engine] == "ruby" && options[:engine_version] &&
-         ruby_version != Array(options[:engine_version])
-        raise GemfileEvalError, "ruby_version must match the :engine_version for MRI"
+        if engine == "ruby" && engine_version && ruby_version != Array(engine_version)
+          raise GemfileEvalError, "ruby_version must match the :engine_version for MRI"
+        end
       end
-      @ruby_version = RubyVersion.new(ruby_version, options[:patchlevel], options[:engine], options[:engine_version])
+      @ruby_version = RubyVersion.new(ruby_version, patchlevel, engine, engine_version)
     end
     # Support the various file formats found in .ruby-version files.
@@ -32,8 +38,10 @@ module Bundler
     #     ruby   2.5.1# close comment and extra spaces doesn't confuse
     #
     # Intentionally does not support `3.2.1@gemset` since rvm recommends using .ruby-gemset instead
+    #
+    # Loads the file relative to the dirname of the Gemfile itself.
     def normalize_ruby_file(filename)
-      file_content = Bundler.read_file(Bundler.root.join(filename))
+      file_content = Bundler.read_file(gemfile.dirname.join(filename))
       # match "ruby-3.2.2" or "ruby   3.2.2" capturing version string up to the first space or comment
       if /^ruby(-|\s+)([^\s#]+)/.match(file_content)
         $2

data/lib/bundler/ruby_version.rb CHANGED Viewed

@@ -49,7 +49,7 @@ module Bundler
       (\d+\.\d+\.\d+(?:\.\S+)?) # ruby version
       (?:p(-?\d+))? # optional patchlevel
       (?:\s\((\S+)\s(.+)\))? # optional engine info
-    /xo.freeze
+    /xo
     # Returns a RubyVersion from the given string.
     # @param [String] the version string to match.

data/lib/bundler/rubygems_ext.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 require "pathname"
+require "rubygems" unless defined?(Gem)
 require "rubygems/specification"
 # We can't let `Gem::Source` be autoloaded in the `Gem::Specification#source`
@@ -46,7 +48,7 @@ module Gem
     def full_gem_path
       if source.respond_to?(:root)
-        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s.tap {|x| x.untaint if RUBY_VERSION < "2.7" }
+        Pathname.new(loaded_from).dirname.expand_path(source.root).to_s
       else
         rg_full_gem_path
       end
@@ -76,7 +78,7 @@ module Gem
       end
     end
-    remove_method :gem_dir if instance_methods(false).include?(:gem_dir)
+    remove_method :gem_dir
     def gem_dir
       full_gem_path
     end
@@ -117,17 +119,6 @@ module Gem
       gemfile
     end
-    # Backfill missing YAML require when not defined. Fixed since 3.1.0.pre1.
-    module YamlBackfiller
-      def to_yaml(opts = {})
-        Gem.load_yaml unless defined?(::YAML)
-        super(opts)
-      end
-    end
-    prepend YamlBackfiller
     def nondevelopment_dependencies
       dependencies - development_dependencies
     end
@@ -188,37 +179,7 @@ module Gem
     end
   end
-  # comparison is done order independently since rubygems 3.2.0.rc.2
-  unless Gem::Requirement.new("> 1", "< 2") == Gem::Requirement.new("< 2", "> 1")
-    class Requirement
-      module OrderIndependentComparison
-        def ==(other)
-          return unless Gem::Requirement === other
-          if _requirements_sorted? && other._requirements_sorted?
-            super
-          else
-            _with_sorted_requirements == other._with_sorted_requirements
-          end
-        end
-        protected
-        def _requirements_sorted?
-          return @_requirements_sorted if defined?(@_requirements_sorted)
-          strings = as_list
-          @_requirements_sorted = strings == strings.sort
-        end
-        def _with_sorted_requirements
-          @_with_sorted_requirements ||= _requirements_sorted? ? self : self.class.new(as_list.sort)
-        end
-      end
-      prepend OrderIndependentComparison
-    end
-  end
+  # Requirements using lambda operator differentiate trailing zeros since rubygems 3.2.6
   if Gem::Requirement.new("~> 2.0").hash == Gem::Requirement.new("~> 2.0.0").hash
     class Requirement
       module CorrectHashForLambdaOperator
@@ -340,15 +301,28 @@ module Gem
     end
   end
-  require "rubygems/util"
+  require "rubygems/name_tuple"
+  class NameTuple
+    # Versions of RubyGems before about 3.5.0 don't to_s the platform.
+    unless Gem::NameTuple.new("a", Gem::Version.new("1"), Gem::Platform.new("x86_64-linux")).platform.is_a?(String)
+      alias_method :initialize_with_platform, :initialize
-  Util.singleton_class.module_eval do
-    if Util.singleton_methods.include?(:glob_files_in_dir) # since 3.0.0.beta.2
-      remove_method :glob_files_in_dir
+      def initialize(name, version, platform=Gem::Platform::RUBY)
+        if Gem::Platform === platform
+          initialize_with_platform(name, version, platform.to_s)
+        else
+          initialize_with_platform(name, version, platform)
+        end
+      end
     end
-    def glob_files_in_dir(glob, base_path)
-      Dir.glob(glob, :base => base_path).map! {|f| File.expand_path(f, base_path) }
+    def lock_name
+      if platform == Gem::Platform::RUBY
+        "#{name} (#{version})"
+      else
+        "#{name} (#{version}-#{platform})"
+      end
     end
   end
 end

data/lib/bundler/rubygems_gem_installer.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Bundler
       strict_rm_rf spec.extension_dir
       SharedHelpers.filesystem_access(gem_dir, :create) do
-        FileUtils.mkdir_p gem_dir, :mode => 0o755
+        FileUtils.mkdir_p gem_dir, mode: 0o755
       end
       extract_files
@@ -46,7 +46,7 @@ module Bundler
     end
     def pre_install_checks
-      super && validate_bundler_checksum(options[:bundler_expected_checksum])
+      super
     rescue Gem::FilePermissionError
       # Ignore permission checks in RubyGems. Instead, go on, and try to write
       # for real. We properly handle permission errors when they happen.
@@ -102,6 +102,10 @@ module Bundler
       end
     end
+    def gem_checksum
+      Checksum.from_gem_package(@package)
+    end
     private
     def prepare_extension_build(extension_dir)
@@ -129,59 +133,5 @@ module Bundler
         raise DirectoryRemovalError.new(e, "Could not delete previous installation of `#{dir}`")
       end
     end
-    def validate_bundler_checksum(checksum)
-      return true if Bundler.settings[:disable_checksum_validation]
-      return true unless checksum
-      return true unless source = @package.instance_variable_get(:@gem)
-      return true unless source.respond_to?(:with_read_io)
-      digest = source.with_read_io do |io|
-        digest = SharedHelpers.digest(:SHA256).new
-        digest << io.read(16_384) until io.eof?
-        io.rewind
-        send(checksum_type(checksum), digest)
-      end
-      unless digest == checksum
-        raise SecurityError, <<-MESSAGE
-          Bundler cannot continue installing #{spec.name} (#{spec.version}).
-          The checksum for the downloaded `#{spec.full_name}.gem` does not match \
-          the checksum given by the server. This means the contents of the downloaded \
-          gem is different from what was uploaded to the server, and could be a potential security issue.
-          To resolve this issue:
-          1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`
-          2. run `bundle install`
-          If you wish to continue installing the downloaded gem, and are certain it does not pose a \
-          security issue despite the mismatching checksum, do the following:
-          1. run `bundle config set --local disable_checksum_validation true` to turn off checksum verification
-          2. run `bundle install`
-          (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \
-          checksum for the downloaded gem was #{digest.inspect}.)
-          MESSAGE
-      end
-      true
-    end
-    def checksum_type(checksum)
-      case checksum.length
-      when 64 then :hexdigest!
-      when 44 then :base64digest!
-      else raise InstallError, "The given checksum for #{spec.full_name} (#{checksum.inspect}) is not a valid SHA256 hexdigest nor base64digest"
-      end
-    end
-    def hexdigest!(digest)
-      digest.hexdigest!
-    end
-    def base64digest!(digest)
-      if digest.respond_to?(:base64digest!)
-        digest.base64digest!
-      else
-        [digest.digest!].pack("m0")
-      end
-    end
   end
 end