bundler 2.4.22 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +63 -0
- data/bundler.gemspec +4 -2
- data/exe/bundle +1 -10
- data/lib/bundler/build_metadata.rb +3 -3
- data/lib/bundler/capistrano.rb +1 -1
- data/lib/bundler/checksum.rb +254 -0
- data/lib/bundler/ci_detector.rb +75 -0
- data/lib/bundler/cli/add.rb +3 -3
- data/lib/bundler/cli/binstubs.rb +4 -4
- data/lib/bundler/cli/cache.rb +1 -1
- data/lib/bundler/cli/check.rb +1 -1
- data/lib/bundler/cli/common.rb +9 -1
- data/lib/bundler/cli/config.rb +8 -7
- data/lib/bundler/cli/console.rb +3 -2
- data/lib/bundler/cli/doctor.rb +2 -2
- data/lib/bundler/cli/exec.rb +1 -1
- data/lib/bundler/cli/gem.rb +28 -23
- data/lib/bundler/cli/info.rb +2 -13
- data/lib/bundler/cli/install.rb +5 -4
- data/lib/bundler/cli/issue.rb +1 -1
- data/lib/bundler/cli/lock.rb +4 -4
- data/lib/bundler/cli/open.rb +1 -1
- data/lib/bundler/cli/outdated.rb +6 -6
- data/lib/bundler/cli/plugin.rb +7 -14
- data/lib/bundler/cli/pristine.rb +38 -30
- data/lib/bundler/cli/show.rb +2 -2
- data/lib/bundler/cli/update.rb +5 -5
- data/lib/bundler/cli.rb +215 -263
- data/lib/bundler/compact_index_client/cache.rb +29 -9
- data/lib/bundler/compact_index_client/cache_file.rb +153 -0
- data/lib/bundler/compact_index_client/gem_parser.rb +7 -3
- data/lib/bundler/compact_index_client/updater.rb +79 -81
- data/lib/bundler/compact_index_client.rb +14 -7
- data/lib/bundler/constants.rb +1 -1
- data/lib/bundler/current_ruby.rb +5 -21
- data/lib/bundler/definition.rb +42 -15
- data/lib/bundler/dependency.rb +16 -12
- data/lib/bundler/digest.rb +2 -2
- data/lib/bundler/dsl.rb +46 -30
- data/lib/bundler/endpoint_specification.rb +5 -1
- data/lib/bundler/env.rb +1 -3
- data/lib/bundler/errors.rb +43 -0
- data/lib/bundler/fetcher/base.rb +3 -1
- data/lib/bundler/fetcher/compact_index.rb +4 -4
- data/lib/bundler/fetcher/downloader.rb +13 -11
- data/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
- data/lib/bundler/fetcher/index.rb +1 -1
- data/lib/bundler/fetcher.rb +28 -25
- data/lib/bundler/friendly_errors.rb +5 -5
- data/lib/bundler/gem_helper.rb +1 -1
- data/lib/bundler/gem_helpers.rb +5 -2
- data/lib/bundler/graph.rb +9 -9
- data/lib/bundler/index.rb +1 -2
- data/lib/bundler/injector.rb +1 -1
- data/lib/bundler/inline.rb +3 -3
- data/lib/bundler/installer/gem_installer.rb +5 -5
- data/lib/bundler/installer/parallel_installer.rb +16 -8
- data/lib/bundler/installer/standalone.rb +2 -3
- data/lib/bundler/installer.rb +9 -9
- data/lib/bundler/lazy_specification.rb +24 -17
- data/lib/bundler/lockfile_generator.rb +9 -0
- data/lib/bundler/lockfile_parser.rb +81 -10
- data/lib/bundler/man/bundle-add.1 +3 -26
- data/lib/bundler/man/bundle-binstubs.1 +4 -16
- data/lib/bundler/man/bundle-cache.1 +3 -24
- data/lib/bundler/man/bundle-check.1 +3 -12
- data/lib/bundler/man/bundle-clean.1 +3 -10
- data/lib/bundler/man/bundle-config.1 +20 -211
- data/lib/bundler/man/bundle-config.1.ronn +6 -0
- data/lib/bundler/man/bundle-console.1 +4 -22
- data/lib/bundler/man/bundle-doctor.1 +4 -18
- data/lib/bundler/man/bundle-exec.1 +12 -73
- data/lib/bundler/man/bundle-gem.1 +13 -49
- data/lib/bundler/man/bundle-help.1 +3 -7
- data/lib/bundler/man/bundle-info.1 +3 -9
- data/lib/bundler/man/bundle-init.1 +3 -12
- data/lib/bundler/man/bundle-inject.1 +6 -19
- data/lib/bundler/man/bundle-install.1 +27 -125
- data/lib/bundler/man/bundle-install.1.ronn +1 -0
- data/lib/bundler/man/bundle-list.1 +4 -19
- data/lib/bundler/man/bundle-lock.1 +5 -29
- data/lib/bundler/man/bundle-open.1 +7 -27
- data/lib/bundler/man/bundle-outdated.1 +3 -55
- data/lib/bundler/man/bundle-outdated.1.ronn +1 -0
- data/lib/bundler/man/bundle-platform.1 +5 -27
- data/lib/bundler/man/bundle-plugin.1 +3 -29
- data/lib/bundler/man/bundle-pristine.1 +5 -16
- data/lib/bundler/man/bundle-remove.1 +4 -14
- data/lib/bundler/man/bundle-show.1 +3 -10
- data/lib/bundler/man/bundle-update.1 +18 -137
- data/lib/bundler/man/bundle-version.1 +3 -16
- data/lib/bundler/man/bundle-viz.1 +4 -16
- data/lib/bundler/man/bundle.1 +5 -44
- data/lib/bundler/man/gemfile.5 +24 -301
- data/lib/bundler/man/gemfile.5.ronn +4 -0
- data/lib/bundler/match_metadata.rb +4 -0
- data/lib/bundler/match_platform.rb +1 -1
- data/lib/bundler/plugin/api/source.rb +3 -2
- data/lib/bundler/plugin/installer.rb +1 -1
- data/lib/bundler/plugin.rb +3 -3
- data/lib/bundler/resolver/base.rb +1 -1
- data/lib/bundler/resolver/incompatibility.rb +1 -1
- data/lib/bundler/resolver/spec_group.rb +1 -4
- data/lib/bundler/resolver.rb +16 -16
- data/lib/bundler/ruby_dsl.rb +20 -12
- data/lib/bundler/ruby_version.rb +1 -1
- data/lib/bundler/rubygems_ext.rb +24 -50
- data/lib/bundler/rubygems_gem_installer.rb +6 -56
- data/lib/bundler/rubygems_integration.rb +25 -94
- data/lib/bundler/runtime.rb +2 -2
- data/lib/bundler/self_manager.rb +23 -7
- data/lib/bundler/settings.rb +27 -7
- data/lib/bundler/setup.rb +4 -1
- data/lib/bundler/shared_helpers.rb +35 -13
- data/lib/bundler/source/git/git_proxy.rb +15 -15
- data/lib/bundler/source/git.rb +4 -3
- data/lib/bundler/source/metadata.rb +15 -15
- data/lib/bundler/source/path.rb +7 -6
- data/lib/bundler/source/rubygems.rb +21 -14
- data/lib/bundler/source.rb +2 -0
- data/lib/bundler/spec_set.rb +38 -10
- data/lib/bundler/stub_specification.rb +1 -0
- data/lib/bundler/templates/Executable.bundler +1 -1
- data/lib/bundler/templates/newgem/README.md.tt +3 -3
- data/lib/bundler/templates/newgem/Rakefile.tt +2 -6
- data/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +1 -1
- data/lib/bundler/templates/newgem/standard.yml.tt +1 -1
- data/lib/bundler/ui/shell.rb +1 -1
- data/lib/bundler/vendor/connection_pool/.document +1 -0
- data/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +1 -1
- data/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +53 -6
- data/lib/bundler/vendor/fileutils/.document +1 -0
- data/lib/bundler/vendor/fileutils/lib/fileutils.rb +8 -20
- data/lib/bundler/vendor/net-http-persistent/.document +1 -0
- data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +3 -3
- data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +2 -2
- data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +1 -1
- data/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +34 -34
- data/lib/bundler/vendor/pub_grub/.document +1 -0
- data/lib/bundler/vendor/thor/.document +1 -0
- data/lib/bundler/vendor/tsort/.document +1 -0
- data/lib/bundler/vendor/tsort/lib/tsort.rb +3 -0
- data/lib/bundler/vendor/uri/.document +1 -0
- data/lib/bundler/vendor/uri/lib/uri/common.rb +256 -132
- data/lib/bundler/vendor/uri/lib/uri/generic.rb +1 -0
- data/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +95 -31
- data/lib/bundler/vendor/uri/lib/uri/version.rb +1 -1
- data/lib/bundler/vendored_net_http.rb +8 -0
- data/lib/bundler/vendored_persistent.rb +0 -4
- data/lib/bundler/vendored_timeout.rb +8 -0
- data/lib/bundler/version.rb +1 -1
- data/lib/bundler/vlad.rb +1 -1
- data/lib/bundler/yaml_serializer.rb +3 -3
- data/lib/bundler.rb +41 -32
- metadata +18 -5
@@ -238,6 +238,10 @@ All operations involving groups ([`bundle install`](bundle-install.1.html), `Bun
|
|
238
238
|
`Bundler.require`) behave exactly the same as if any groups not
|
239
239
|
matching the current platform were explicitly excluded.
|
240
240
|
|
241
|
+
The following platform values are deprecated and should be replaced with `windows`:
|
242
|
+
|
243
|
+
* `mswin`, `mswin64`, `mingw32`, `x64_mingw`
|
244
|
+
|
241
245
|
### FORCE_RUBY_PLATFORM
|
242
246
|
|
243
247
|
If you always want the pure ruby variant of a gem to be chosen over platform
|
@@ -12,7 +12,7 @@ module Bundler
|
|
12
12
|
|
13
13
|
def self.platforms_match?(gemspec_platform, local_platform)
|
14
14
|
return true if gemspec_platform.nil?
|
15
|
-
return true if Gem::Platform::RUBY
|
15
|
+
return true if gemspec_platform == Gem::Platform::RUBY
|
16
16
|
return true if local_platform == gemspec_platform
|
17
17
|
gemspec_platform = Gem::Platform.new(gemspec_platform)
|
18
18
|
return true if gemspec_platform === local_platform
|
@@ -39,7 +39,7 @@ module Bundler
|
|
39
39
|
# is present to be compatible with `Definition` and is used by
|
40
40
|
# rubygems source.
|
41
41
|
module Source
|
42
|
-
attr_reader :uri, :options, :name
|
42
|
+
attr_reader :uri, :options, :name, :checksum_store
|
43
43
|
attr_accessor :dependency_names
|
44
44
|
|
45
45
|
def initialize(opts)
|
@@ -48,6 +48,7 @@ module Bundler
|
|
48
48
|
@uri = opts["uri"]
|
49
49
|
@type = opts["type"]
|
50
50
|
@name = opts["name"] || "#{@type} at #{@uri}"
|
51
|
+
@checksum_store = Checksum::Store.new
|
51
52
|
end
|
52
53
|
|
53
54
|
# This is used by the default `spec` method to constructs the
|
@@ -95,7 +96,7 @@ module Bundler
|
|
95
96
|
#
|
96
97
|
# Note: Do not override if you don't know what you are doing.
|
97
98
|
def post_install(spec, disable_exts = false)
|
98
|
-
opts = { :
|
99
|
+
opts = { env_shebang: false, disable_extensions: disable_exts }
|
99
100
|
installer = Bundler::Source::Path::Installer.new(spec, opts)
|
100
101
|
installer.post_install
|
101
102
|
end
|
@@ -83,7 +83,7 @@ module Bundler
|
|
83
83
|
|
84
84
|
Bundler.configure_gem_home_and_path(Plugin.root)
|
85
85
|
|
86
|
-
Bundler.settings.temporary(:
|
86
|
+
Bundler.settings.temporary(deployment: false, frozen: false) do
|
87
87
|
definition = Definition.new(nil, deps, source_list, true)
|
88
88
|
|
89
89
|
install_definition(definition)
|
data/lib/bundler/plugin.rb
CHANGED
@@ -101,7 +101,7 @@ module Bundler
|
|
101
101
|
# @param [Pathname] gemfile path
|
102
102
|
# @param [Proc] block that can be evaluated for (inline) Gemfile
|
103
103
|
def gemfile_install(gemfile = nil, &inline)
|
104
|
-
Bundler.settings.temporary(:
|
104
|
+
Bundler.settings.temporary(frozen: false, deployment: false) do
|
105
105
|
builder = DSL.new
|
106
106
|
if block_given?
|
107
107
|
builder.instance_eval(&inline)
|
@@ -307,7 +307,7 @@ module Bundler
|
|
307
307
|
@hooks_by_event = Hash.new {|h, k| h[k] = [] }
|
308
308
|
|
309
309
|
load_paths = spec.load_paths
|
310
|
-
|
310
|
+
Gem.add_to_load_path(*load_paths)
|
311
311
|
path = Pathname.new spec.full_gem_path
|
312
312
|
|
313
313
|
begin
|
@@ -342,7 +342,7 @@ module Bundler
|
|
342
342
|
# done to avoid conflicts
|
343
343
|
path = index.plugin_path(name)
|
344
344
|
|
345
|
-
|
345
|
+
Gem.add_to_load_path(*index.load_paths(name))
|
346
346
|
|
347
347
|
load path.join(PLUGIN_FILE_NAME)
|
348
348
|
|
@@ -8,7 +8,7 @@ module Bundler
|
|
8
8
|
def initialize(terms, cause:, custom_explanation: nil, extended_explanation: nil)
|
9
9
|
@extended_explanation = extended_explanation
|
10
10
|
|
11
|
-
super(terms, :
|
11
|
+
super(terms, cause: cause, custom_explanation: custom_explanation)
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
@@ -25,9 +25,8 @@ module Bundler
|
|
25
25
|
|
26
26
|
def to_specs(force_ruby_platform)
|
27
27
|
@specs.map do |s|
|
28
|
-
lazy_spec = LazySpecification.
|
28
|
+
lazy_spec = LazySpecification.from_spec(s)
|
29
29
|
lazy_spec.force_ruby_platform = force_ruby_platform
|
30
|
-
lazy_spec.dependencies.replace s.dependencies
|
31
30
|
lazy_spec
|
32
31
|
end
|
33
32
|
end
|
@@ -64,8 +63,6 @@ module Bundler
|
|
64
63
|
end
|
65
64
|
|
66
65
|
def metadata_dependencies(spec)
|
67
|
-
return [] if spec.is_a?(LazySpecification)
|
68
|
-
|
69
66
|
[
|
70
67
|
metadata_dependency("Ruby", spec.required_ruby_version),
|
71
68
|
metadata_dependency("RubyGems", spec.required_rubygems_version),
|
data/lib/bundler/resolver.rb
CHANGED
@@ -29,7 +29,7 @@ module Bundler
|
|
29
29
|
|
30
30
|
Bundler.ui.info "Resolving dependencies...", true
|
31
31
|
|
32
|
-
solve_versions(:
|
32
|
+
solve_versions(root: root, logger: logger)
|
33
33
|
end
|
34
34
|
|
35
35
|
def setup_solver
|
@@ -77,7 +77,7 @@ module Bundler
|
|
77
77
|
end
|
78
78
|
|
79
79
|
def solve_versions(root:, logger:)
|
80
|
-
solver = PubGrub::VersionSolver.new(:
|
80
|
+
solver = PubGrub::VersionSolver.new(source: self, root: root, logger: logger)
|
81
81
|
result = solver.solve
|
82
82
|
result.map {|package, version| version.to_specs(package) }.flatten.uniq
|
83
83
|
rescue PubGrub::SolveFailure => e
|
@@ -152,7 +152,7 @@ module Bundler
|
|
152
152
|
requirement_to_range(dependency)
|
153
153
|
end
|
154
154
|
|
155
|
-
PubGrub::VersionConstraint.new(package, :
|
155
|
+
PubGrub::VersionConstraint.new(package, range: range)
|
156
156
|
end
|
157
157
|
|
158
158
|
def versions_for(package, range=VersionRange.any)
|
@@ -181,7 +181,7 @@ module Bundler
|
|
181
181
|
extended_explanation = other_specs_matching_message(specs_matching_other_platforms, label) if specs_matching_other_platforms.any?
|
182
182
|
end
|
183
183
|
|
184
|
-
Incompatibility.new([unsatisfied_term], :
|
184
|
+
Incompatibility.new([unsatisfied_term], cause: cause, custom_explanation: custom_explanation, extended_explanation: extended_explanation)
|
185
185
|
end
|
186
186
|
|
187
187
|
def debug?
|
@@ -220,9 +220,9 @@ module Bundler
|
|
220
220
|
sorted_versions[high]
|
221
221
|
end
|
222
222
|
|
223
|
-
range = PubGrub::VersionRange.new(:
|
223
|
+
range = PubGrub::VersionRange.new(min: low, max: high, include_min: true)
|
224
224
|
|
225
|
-
self_constraint = PubGrub::VersionConstraint.new(package, :
|
225
|
+
self_constraint = PubGrub::VersionConstraint.new(package, range: range)
|
226
226
|
|
227
227
|
dep_term = PubGrub::Term.new(dep_constraint, false)
|
228
228
|
self_term = PubGrub::Term.new(self_constraint, true)
|
@@ -231,7 +231,7 @@ module Bundler
|
|
231
231
|
"current #{dep_package} version is #{dep_constraint.constraint_string}"
|
232
232
|
end
|
233
233
|
|
234
|
-
PubGrub::Incompatibility.new([self_term, dep_term], :
|
234
|
+
PubGrub::Incompatibility.new([self_term, dep_term], cause: :dependency, custom_explanation: custom_explanation)
|
235
235
|
end
|
236
236
|
end
|
237
237
|
|
@@ -266,11 +266,11 @@ module Bundler
|
|
266
266
|
platform_specs.flatten!
|
267
267
|
|
268
268
|
ruby_specs = select_best_platform_match(specs, Gem::Platform::RUBY)
|
269
|
-
groups << Resolver::Candidate.new(version, :
|
269
|
+
groups << Resolver::Candidate.new(version, specs: ruby_specs) if ruby_specs.any?
|
270
270
|
|
271
271
|
next groups if platform_specs == ruby_specs || package.force_ruby_platform?
|
272
272
|
|
273
|
-
groups << Resolver::Candidate.new(version, :
|
273
|
+
groups << Resolver::Candidate.new(version, specs: platform_specs)
|
274
274
|
|
275
275
|
groups
|
276
276
|
end
|
@@ -408,19 +408,19 @@ module Bundler
|
|
408
408
|
when "~>"
|
409
409
|
name = "~> #{ver}"
|
410
410
|
bump = Resolver::Candidate.new(version.bump.to_s + ".A")
|
411
|
-
PubGrub::VersionRange.new(:
|
411
|
+
PubGrub::VersionRange.new(name: name, min: ver, max: bump, include_min: true)
|
412
412
|
when ">"
|
413
|
-
PubGrub::VersionRange.new(:
|
413
|
+
PubGrub::VersionRange.new(min: platform_ver)
|
414
414
|
when ">="
|
415
|
-
PubGrub::VersionRange.new(:
|
415
|
+
PubGrub::VersionRange.new(min: ver, include_min: true)
|
416
416
|
when "<"
|
417
|
-
PubGrub::VersionRange.new(:
|
417
|
+
PubGrub::VersionRange.new(max: ver)
|
418
418
|
when "<="
|
419
|
-
PubGrub::VersionRange.new(:
|
419
|
+
PubGrub::VersionRange.new(max: platform_ver, include_max: true)
|
420
420
|
when "="
|
421
|
-
PubGrub::VersionRange.new(:
|
421
|
+
PubGrub::VersionRange.new(min: ver, max: platform_ver, include_min: true, include_max: true)
|
422
422
|
when "!="
|
423
|
-
PubGrub::VersionRange.new(:
|
423
|
+
PubGrub::VersionRange.new(min: ver, max: platform_ver, include_min: true, include_max: true).invert
|
424
424
|
else
|
425
425
|
raise "bad version specifier: #{op}"
|
426
426
|
end
|
data/lib/bundler/ruby_dsl.rb
CHANGED
@@ -3,22 +3,28 @@
|
|
3
3
|
module Bundler
|
4
4
|
module RubyDsl
|
5
5
|
def ruby(*ruby_version)
|
6
|
-
options = ruby_version.last.is_a?(Hash)
|
6
|
+
options = ruby_version.pop if ruby_version.last.is_a?(Hash)
|
7
7
|
ruby_version.flatten!
|
8
8
|
|
9
|
-
|
10
|
-
|
9
|
+
if options
|
10
|
+
patchlevel = options[:patchlevel]
|
11
|
+
engine = options[:engine]
|
12
|
+
engine_version = options[:engine_version]
|
11
13
|
|
12
|
-
|
13
|
-
raise GemfileError, "
|
14
|
-
|
15
|
-
|
14
|
+
raise GemfileError, "Please define :engine_version" if engine && engine_version.nil?
|
15
|
+
raise GemfileError, "Please define :engine" if engine_version && engine.nil?
|
16
|
+
|
17
|
+
if options[:file]
|
18
|
+
raise GemfileError, "Do not pass version argument when using :file option" unless ruby_version.empty?
|
19
|
+
ruby_version << normalize_ruby_file(options[:file])
|
20
|
+
end
|
16
21
|
|
17
|
-
|
18
|
-
|
19
|
-
|
22
|
+
if engine == "ruby" && engine_version && ruby_version != Array(engine_version)
|
23
|
+
raise GemfileEvalError, "ruby_version must match the :engine_version for MRI"
|
24
|
+
end
|
20
25
|
end
|
21
|
-
|
26
|
+
|
27
|
+
@ruby_version = RubyVersion.new(ruby_version, patchlevel, engine, engine_version)
|
22
28
|
end
|
23
29
|
|
24
30
|
# Support the various file formats found in .ruby-version files.
|
@@ -32,8 +38,10 @@ module Bundler
|
|
32
38
|
# ruby 2.5.1# close comment and extra spaces doesn't confuse
|
33
39
|
#
|
34
40
|
# Intentionally does not support `3.2.1@gemset` since rvm recommends using .ruby-gemset instead
|
41
|
+
#
|
42
|
+
# Loads the file relative to the dirname of the Gemfile itself.
|
35
43
|
def normalize_ruby_file(filename)
|
36
|
-
file_content = Bundler.read_file(
|
44
|
+
file_content = Bundler.read_file(gemfile.dirname.join(filename))
|
37
45
|
# match "ruby-3.2.2" or "ruby 3.2.2" capturing version string up to the first space or comment
|
38
46
|
if /^ruby(-|\s+)([^\s#]+)/.match(file_content)
|
39
47
|
$2
|
data/lib/bundler/ruby_version.rb
CHANGED
@@ -49,7 +49,7 @@ module Bundler
|
|
49
49
|
(\d+\.\d+\.\d+(?:\.\S+)?) # ruby version
|
50
50
|
(?:p(-?\d+))? # optional patchlevel
|
51
51
|
(?:\s\((\S+)\s(.+)\))? # optional engine info
|
52
|
-
/xo
|
52
|
+
/xo
|
53
53
|
|
54
54
|
# Returns a RubyVersion from the given string.
|
55
55
|
# @param [String] the version string to match.
|
data/lib/bundler/rubygems_ext.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
require "pathname"
|
4
4
|
|
5
|
+
require "rubygems" unless defined?(Gem)
|
6
|
+
|
5
7
|
require "rubygems/specification"
|
6
8
|
|
7
9
|
# We can't let `Gem::Source` be autoloaded in the `Gem::Specification#source`
|
@@ -46,7 +48,7 @@ module Gem
|
|
46
48
|
|
47
49
|
def full_gem_path
|
48
50
|
if source.respond_to?(:root)
|
49
|
-
Pathname.new(loaded_from).dirname.expand_path(source.root).to_s
|
51
|
+
Pathname.new(loaded_from).dirname.expand_path(source.root).to_s
|
50
52
|
else
|
51
53
|
rg_full_gem_path
|
52
54
|
end
|
@@ -76,7 +78,7 @@ module Gem
|
|
76
78
|
end
|
77
79
|
end
|
78
80
|
|
79
|
-
remove_method :gem_dir
|
81
|
+
remove_method :gem_dir
|
80
82
|
def gem_dir
|
81
83
|
full_gem_path
|
82
84
|
end
|
@@ -117,17 +119,6 @@ module Gem
|
|
117
119
|
gemfile
|
118
120
|
end
|
119
121
|
|
120
|
-
# Backfill missing YAML require when not defined. Fixed since 3.1.0.pre1.
|
121
|
-
module YamlBackfiller
|
122
|
-
def to_yaml(opts = {})
|
123
|
-
Gem.load_yaml unless defined?(::YAML)
|
124
|
-
|
125
|
-
super(opts)
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
prepend YamlBackfiller
|
130
|
-
|
131
122
|
def nondevelopment_dependencies
|
132
123
|
dependencies - development_dependencies
|
133
124
|
end
|
@@ -188,37 +179,7 @@ module Gem
|
|
188
179
|
end
|
189
180
|
end
|
190
181
|
|
191
|
-
#
|
192
|
-
unless Gem::Requirement.new("> 1", "< 2") == Gem::Requirement.new("< 2", "> 1")
|
193
|
-
class Requirement
|
194
|
-
module OrderIndependentComparison
|
195
|
-
def ==(other)
|
196
|
-
return unless Gem::Requirement === other
|
197
|
-
|
198
|
-
if _requirements_sorted? && other._requirements_sorted?
|
199
|
-
super
|
200
|
-
else
|
201
|
-
_with_sorted_requirements == other._with_sorted_requirements
|
202
|
-
end
|
203
|
-
end
|
204
|
-
|
205
|
-
protected
|
206
|
-
|
207
|
-
def _requirements_sorted?
|
208
|
-
return @_requirements_sorted if defined?(@_requirements_sorted)
|
209
|
-
strings = as_list
|
210
|
-
@_requirements_sorted = strings == strings.sort
|
211
|
-
end
|
212
|
-
|
213
|
-
def _with_sorted_requirements
|
214
|
-
@_with_sorted_requirements ||= _requirements_sorted? ? self : self.class.new(as_list.sort)
|
215
|
-
end
|
216
|
-
end
|
217
|
-
|
218
|
-
prepend OrderIndependentComparison
|
219
|
-
end
|
220
|
-
end
|
221
|
-
|
182
|
+
# Requirements using lambda operator differentiate trailing zeros since rubygems 3.2.6
|
222
183
|
if Gem::Requirement.new("~> 2.0").hash == Gem::Requirement.new("~> 2.0.0").hash
|
223
184
|
class Requirement
|
224
185
|
module CorrectHashForLambdaOperator
|
@@ -340,15 +301,28 @@ module Gem
|
|
340
301
|
end
|
341
302
|
end
|
342
303
|
|
343
|
-
require "rubygems/
|
304
|
+
require "rubygems/name_tuple"
|
305
|
+
|
306
|
+
class NameTuple
|
307
|
+
# Versions of RubyGems before about 3.5.0 don't to_s the platform.
|
308
|
+
unless Gem::NameTuple.new("a", Gem::Version.new("1"), Gem::Platform.new("x86_64-linux")).platform.is_a?(String)
|
309
|
+
alias_method :initialize_with_platform, :initialize
|
344
310
|
|
345
|
-
|
346
|
-
|
347
|
-
|
311
|
+
def initialize(name, version, platform=Gem::Platform::RUBY)
|
312
|
+
if Gem::Platform === platform
|
313
|
+
initialize_with_platform(name, version, platform.to_s)
|
314
|
+
else
|
315
|
+
initialize_with_platform(name, version, platform)
|
316
|
+
end
|
317
|
+
end
|
348
318
|
end
|
349
319
|
|
350
|
-
def
|
351
|
-
|
320
|
+
def lock_name
|
321
|
+
if platform == Gem::Platform::RUBY
|
322
|
+
"#{name} (#{version})"
|
323
|
+
else
|
324
|
+
"#{name} (#{version}-#{platform})"
|
325
|
+
end
|
352
326
|
end
|
353
327
|
end
|
354
328
|
end
|
@@ -20,7 +20,7 @@ module Bundler
|
|
20
20
|
strict_rm_rf spec.extension_dir
|
21
21
|
|
22
22
|
SharedHelpers.filesystem_access(gem_dir, :create) do
|
23
|
-
FileUtils.mkdir_p gem_dir, :
|
23
|
+
FileUtils.mkdir_p gem_dir, mode: 0o755
|
24
24
|
end
|
25
25
|
|
26
26
|
extract_files
|
@@ -46,7 +46,7 @@ module Bundler
|
|
46
46
|
end
|
47
47
|
|
48
48
|
def pre_install_checks
|
49
|
-
super
|
49
|
+
super
|
50
50
|
rescue Gem::FilePermissionError
|
51
51
|
# Ignore permission checks in RubyGems. Instead, go on, and try to write
|
52
52
|
# for real. We properly handle permission errors when they happen.
|
@@ -102,6 +102,10 @@ module Bundler
|
|
102
102
|
end
|
103
103
|
end
|
104
104
|
|
105
|
+
def gem_checksum
|
106
|
+
Checksum.from_gem_package(@package)
|
107
|
+
end
|
108
|
+
|
105
109
|
private
|
106
110
|
|
107
111
|
def prepare_extension_build(extension_dir)
|
@@ -129,59 +133,5 @@ module Bundler
|
|
129
133
|
raise DirectoryRemovalError.new(e, "Could not delete previous installation of `#{dir}`")
|
130
134
|
end
|
131
135
|
end
|
132
|
-
|
133
|
-
def validate_bundler_checksum(checksum)
|
134
|
-
return true if Bundler.settings[:disable_checksum_validation]
|
135
|
-
return true unless checksum
|
136
|
-
return true unless source = @package.instance_variable_get(:@gem)
|
137
|
-
return true unless source.respond_to?(:with_read_io)
|
138
|
-
digest = source.with_read_io do |io|
|
139
|
-
digest = SharedHelpers.digest(:SHA256).new
|
140
|
-
digest << io.read(16_384) until io.eof?
|
141
|
-
io.rewind
|
142
|
-
send(checksum_type(checksum), digest)
|
143
|
-
end
|
144
|
-
unless digest == checksum
|
145
|
-
raise SecurityError, <<-MESSAGE
|
146
|
-
Bundler cannot continue installing #{spec.name} (#{spec.version}).
|
147
|
-
The checksum for the downloaded `#{spec.full_name}.gem` does not match \
|
148
|
-
the checksum given by the server. This means the contents of the downloaded \
|
149
|
-
gem is different from what was uploaded to the server, and could be a potential security issue.
|
150
|
-
|
151
|
-
To resolve this issue:
|
152
|
-
1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`
|
153
|
-
2. run `bundle install`
|
154
|
-
|
155
|
-
If you wish to continue installing the downloaded gem, and are certain it does not pose a \
|
156
|
-
security issue despite the mismatching checksum, do the following:
|
157
|
-
1. run `bundle config set --local disable_checksum_validation true` to turn off checksum verification
|
158
|
-
2. run `bundle install`
|
159
|
-
|
160
|
-
(More info: The expected SHA256 checksum was #{checksum.inspect}, but the \
|
161
|
-
checksum for the downloaded gem was #{digest.inspect}.)
|
162
|
-
MESSAGE
|
163
|
-
end
|
164
|
-
true
|
165
|
-
end
|
166
|
-
|
167
|
-
def checksum_type(checksum)
|
168
|
-
case checksum.length
|
169
|
-
when 64 then :hexdigest!
|
170
|
-
when 44 then :base64digest!
|
171
|
-
else raise InstallError, "The given checksum for #{spec.full_name} (#{checksum.inspect}) is not a valid SHA256 hexdigest nor base64digest"
|
172
|
-
end
|
173
|
-
end
|
174
|
-
|
175
|
-
def hexdigest!(digest)
|
176
|
-
digest.hexdigest!
|
177
|
-
end
|
178
|
-
|
179
|
-
def base64digest!(digest)
|
180
|
-
if digest.respond_to?(:base64digest!)
|
181
|
-
digest.base64digest!
|
182
|
-
else
|
183
|
-
[digest.digest!].pack("m0")
|
184
|
-
end
|
185
|
-
end
|
186
136
|
end
|
187
137
|
end
|