bundler 2.6.9 → 4.0.11

data/lib/bundler/source/path.rb

@@ -24,7 +24,7 @@ module Bundler
           @path = Pathname.new(options["path"])
           expanded_path = expand(@path)
           @path = if @path.relative?
-            expanded_path.relative_path_from(root_path.expand_path)
+            expanded_path.relative_path_from(File.expand_path(root_path))
           else
             expanded_path
           end
@@ -53,6 +53,8 @@ module Bundler
         "source at `#{@path}`"
       end
 
+      alias_method :identifier, :to_s
+
       alias_method :to_gemfile, :path
 
       def hash
@@ -81,7 +83,7 @@ module Bundler
 
       def cache(spec, custom_path = nil)
         app_cache_path = app_cache_path(custom_path)
-        return unless Bundler.feature_flag.cache_all?
+        return unless Bundler.settings[:cache_all]
         return if expand(@original_path).to_s.index(root_path.to_s + "/") == 0
 
         unless @original_path.exist?
@@ -124,11 +126,7 @@ module Bundler
       end
 
       def expand(somepath)
-        if Bundler.current_ruby.jruby? # TODO: Unify when https://github.com/rubygems/bundler/issues/7598 fixed upstream and all supported jrubies include the fix
-          somepath.expand_path(root_path).expand_path
-        else
-          somepath.expand_path(root_path)
-        end
+        somepath.expand_path(root_path)
       rescue ArgumentError => e
         Bundler.ui.debug(e)
         raise PathError, "There was an error while trying to use the path " \
@@ -167,6 +165,13 @@ module Bundler
             next unless spec = load_gemspec(file)
             spec.source = self
 
+            # The ignore attribute is for ignoring installed gems that don't
+            # have extensions correctly compiled for activation. In the case of
+            # path sources, there's a single version of each gem in the path
+            # source available to Bundler, so we always certainly want to
+            # consider that for activation and never makes sense to ignore it.
+            spec.ignored = false
+
             # Validation causes extension_dir to be calculated, which depends
             # on #source, so we validate here instead of load_gemspec
             validate_spec(spec)

data/lib/bundler/source/rubygems.rb

@@ -8,7 +8,8 @@ module Bundler
       autoload :Remote, File.expand_path("rubygems/remote", __dir__)
 
       # Ask for X gems per API request
-      API_REQUEST_SIZE = 50
+      API_REQUEST_SIZE = 100
+      REQUIRE_MUTEX = Mutex.new
 
       attr_accessor :remotes
 
@@ -21,6 +22,8 @@ module Bundler
         @allow_local = options["allow_local"] || false
         @prefer_local = false
         @checksum_store = Checksum::Store.new
+        @gem_installers = {}
+        @gem_installers_mutex = Mutex.new
 
         Array(options["remotes"]).reverse_each {|r| add_remote(r) }
 
@@ -162,62 +165,51 @@ module Bundler
         end
       end
 
-      def install(spec, options = {})
+      def download(spec, options = {})
         if (spec.default_gem? && !cached_built_in_gem(spec, local: options[:local])) || (installed?(spec) && !options[:force])
-          print_using_message "Using #{version_message(spec, options[:previous_spec])}"
-          return nil # no post-install message
-        end
-
-        if spec.remote
-          # Check for this spec from other sources
-          uris = [spec.remote, *remotes_for_spec(spec)].map(&:anonymized_uri).uniq
-          Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1
+          return true
         end
 
-        path = fetch_gem_if_possible(spec, options[:previous_spec])
-        raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
-
-        return if Bundler.settings[:no_install]
-
-        install_path = rubygems_dir
-        bin_path     = Bundler.system_bindir
-
-        require_relative "../rubygems_gem_installer"
-
-        installer = Bundler::RubyGemsGemInstaller.at(
-          path,
-          security_policy: Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
-          install_dir: install_path.to_s,
-          bin_dir: bin_path.to_s,
-          ignore_dependencies: true,
-          wrappers: true,
-          env_shebang: true,
-          build_args: options[:build_args],
-          bundler_extension_cache_path: extension_cache_path(spec)
-        )
+        installer = rubygems_gem_installer(spec, options)
 
         if spec.remote
           s = begin
             installer.spec
           rescue Gem::Package::FormatError
-            Bundler.rm_rf(path)
+            Bundler.rm_rf(installer.gem)
             raise
           rescue Gem::Security::Exception => e
             raise SecurityError,
-             "The gem #{File.basename(path, ".gem")} can't be installed because " \
+             "The gem #{installer.gem} can't be installed because " \
              "the security policy didn't allow it, with the message: #{e.message}"
           end
 
           spec.__swap__(s)
         end
 
+        spec
+      end
+
+      def install(spec, options = {})
+        if (spec.default_gem? && !cached_built_in_gem(spec, local: options[:local])) || (installed?(spec) && !options[:force])
+          print_using_message "Using #{version_message(spec, options[:previous_spec])}"
+          return nil # no post-install message
+        end
+
+        return if Bundler.settings[:no_install]
+
+        installer = rubygems_gem_installer(spec, options)
         spec.source.checksum_store.register(spec, installer.gem_checksum)
 
         message = "Installing #{version_message(spec, options[:previous_spec])}"
         message += " with native extensions" if spec.extensions.any?
         Bundler.ui.confirm message
 
-        installed_spec = installer.install
+        installed_spec = nil
+
+        Gem.time("Installed #{spec.name} in", 0, true) do
+          installed_spec = installer.install
+        end
 
         spec.full_gem_path = installed_spec.full_gem_path
         spec.loaded_from = installed_spec.loaded_from
@@ -332,13 +324,6 @@ module Bundler
         remotes.map(&method(:remove_auth))
       end
 
-      def remotes_for_spec(spec)
-        specs.search_all(spec.name).inject([]) do |uris, s|
-          uris << s.remote if s.remote
-          uris
-        end
-      end
-
       def cached_gem(spec)
         global_cache_path = download_cache_path(spec)
         caches << global_cache_path if global_cache_path
@@ -491,7 +476,10 @@ module Bundler
         uri = spec.remote.uri
         Bundler.ui.confirm("Fetching #{version_message(spec, previous_spec)}")
         gem_remote_fetcher = remote_fetchers.fetch(spec.remote).gem_remote_fetcher
-        Bundler.rubygems.download_gem(spec, uri, download_cache_path, gem_remote_fetcher)
+
+        Gem.time("Downloaded #{spec.name} in", 0, true) do
+          Bundler.rubygems.download_gem(spec, uri, download_cache_path, gem_remote_fetcher)
+        end
       end
 
       # Returns the global cache path of the calling Rubygems::Source object.
@@ -506,7 +494,7 @@ module Bundler
       # @return [Pathname] The global cache path.
       #
       def download_cache_path(spec)
-        return unless Bundler.feature_flag.global_gem_cache?
+        return unless Bundler.settings[:global_gem_cache]
         return unless remote = spec.remote
         return unless cache_slug = remote.cache_slug
 
@@ -517,6 +505,34 @@ module Bundler
         return unless remote = spec.remote
         remote.cache_slug
       end
+
+      # We are using a mutex to reaed and write from/to the hash.
+      # The reason this double synchronization was added is for performance
+      # and to lock the mutex for the shortest possible amount of time. Otherwise,
+      # all threads are fighting over this mutex and when it gets acquired it gets locked
+      # until a threads finishes downloading a gem, leaving the other threads waiting
+      # doing nothing.
+      def rubygems_gem_installer(spec, options)
+        @gem_installers_mutex.synchronize { @gem_installers[spec.name] } || begin
+          path = fetch_gem_if_possible(spec, options[:previous_spec])
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
+
+          REQUIRE_MUTEX.synchronize { require_relative "../rubygems_gem_installer" }
+
+          installer = Bundler::RubyGemsGemInstaller.at(
+            path,
+            security_policy: Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
+            install_dir: rubygems_dir.to_s,
+            bin_dir: Bundler.system_bindir.to_s,
+            ignore_dependencies: true,
+            wrappers: true,
+            env_shebang: true,
+            build_args: options[:build_args],
+            bundler_extension_cache_path: extension_cache_path(spec)
+          )
+          @gem_installers_mutex.synchronize { @gem_installers[spec.name] ||= installer }
+        end
+      end
     end
   end
 end

data/lib/bundler/source/rubygems_aggregate.rb

@@ -5,9 +5,10 @@ module Bundler
     class RubygemsAggregate
       attr_reader :source_map, :sources
 
-      def initialize(sources, source_map)
+      def initialize(sources, source_map, excluded_sources = [])
         @sources = sources
         @source_map = source_map
+        @excluded_sources = excluded_sources
 
         @index = build_index
       end
@@ -31,6 +32,8 @@ module Bundler
           dependency_names = source_map.pinned_spec_names
 
           sources.all_sources.each do |source|
+            next if @excluded_sources.include?(source)
+
             source.dependency_names = dependency_names - source_map.pinned_spec_names(source)
             idx.add_source source.specs
             dependency_names.concat(source.unmet_deps).uniq!

data/lib/bundler/source.rb

@@ -31,6 +31,8 @@ module Bundler
       message
     end
 
+    def download(*); end
+
     def can_lock?(spec)
       spec.source == self
     end
@@ -79,7 +81,7 @@ module Bundler
     end
 
     def extension_cache_path(spec)
-      return unless Bundler.feature_flag.global_gem_cache?
+      return unless Bundler.settings[:global_gem_cache]
       return unless source_slug = extension_cache_slug(spec)
       Bundler.user_cache.join(
         "extensions", Gem::Platform.local.to_s, Bundler.ruby_scope,

data/lib/bundler/source_list.rb

@@ -9,7 +9,7 @@ module Bundler
       :metadata_source
 
     def global_rubygems_source
-      @global_rubygems_source ||= rubygems_aggregate_class.new("allow_local" => true)
+      @global_rubygems_source ||= source_class.new("allow_local" => true)
     end
 
     def initialize
@@ -21,19 +21,9 @@ module Bundler
       @rubygems_sources       = []
       @metadata_source        = Source::Metadata.new
 
-      @merged_gem_lockfile_sections = false
       @local_mode = true
     end
 
-    def merged_gem_lockfile_sections?
-      @merged_gem_lockfile_sections
-    end
-
-    def merged_gem_lockfile_sections!(replacement_source)
-      @merged_gem_lockfile_sections = true
-      @global_rubygems_source = replacement_source
-    end
-
     def aggregate_global_source?
       global_rubygems_source.multiple_remotes?
     end
@@ -90,10 +80,6 @@ module Bundler
       @rubygems_sources
     end
 
-    def rubygems_remotes
-      rubygems_sources.flat_map(&:remotes).uniq
-    end
-
     def all_sources
       path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source]
     end
@@ -103,7 +89,7 @@ module Bundler
     end
 
     def get(source)
-      source_list_for(source).find {|s| equivalent_source?(source, s) }
+      source_list_for(source).find {|s| s.include?(source) }
     end
 
     def lock_sources
@@ -115,11 +101,7 @@ module Bundler
     end
 
     def lock_rubygems_sources
-      if merged_gem_lockfile_sections?
-        [combine_rubygems_sources]
-      else
-        rubygems_sources.sort_by(&:identifier)
-      end
+      rubygems_sources.sort_by(&:identifier)
     end
 
     # Returns true if there are changes
@@ -129,16 +111,7 @@ module Bundler
       @rubygems_sources, @path_sources, @git_sources, @plugin_sources = map_sources(replacement_sources)
       @global_rubygems_source = global_replacement_source(replacement_sources)
 
-      different_sources?(lock_sources, replacement_sources)
-    end
-
-    # Returns true if there are changes
-    def expired_sources?(replacement_sources)
-      return false if replacement_sources.empty?
-
-      lock_sources = dup_with_replaced_sources(replacement_sources).lock_sources
-
-      different_sources?(lock_sources, replacement_sources)
+      !equivalent_sources?(lock_sources, replacement_sources)
     end
 
     def prefer_local!
@@ -165,12 +138,6 @@ module Bundler
 
     private
 
-    def dup_with_replaced_sources(replacement_sources)
-      new_source_list = dup
-      new_source_list.replace_sources!(replacement_sources)
-      new_source_list
-    end
-
     def map_sources(replacement_sources)
       rubygems = @rubygems_sources.map do |source|
         replace_rubygems_source(replacement_sources, source)
@@ -224,11 +191,7 @@ module Bundler
       end
     end
 
-    def different_sources?(lock_sources, replacement_sources)
-      !equivalent_sources?(lock_sources, replacement_sources)
-    end
-
-    def rubygems_aggregate_class
+    def source_class
       Source::Rubygems
     end
 
@@ -247,10 +210,6 @@ module Bundler
       end
     end
 
-    def combine_rubygems_sources
-      Source::Rubygems.new("remotes" => rubygems_remotes)
-    end
-
     def warn_on_git_protocol(source)
       return if Bundler.settings["git.allow_insecure"]
 
@@ -265,9 +224,5 @@ module Bundler
     def equivalent_sources?(lock_sources, replacement_sources)
       lock_sources.sort_by(&:identifier) == replacement_sources.sort_by(&:identifier)
     end
-
-    def equivalent_source?(source, other_source)
-      source == other_source
-    end
   end
 end

data/lib/bundler/source_map.rb

@@ -14,24 +14,25 @@ module Bundler
       direct_requirements.reject {|_, source| source == skip }.keys
     end
 
-    def all_requirements
+    def all_requirements(excluded_sources = [])
       requirements = direct_requirements.dup
 
-      unmet_deps = sources.non_default_explicit_sources.map do |source|
+      explicit_sources = sources.non_default_explicit_sources.reject do |source|
+        excluded_sources.include?(source)
+      end
+
+      unmet_deps = explicit_sources.map do |source|
         (source.spec_names - pinned_spec_names).each do |indirect_dependency_name|
           previous_source = requirements[indirect_dependency_name]
           if previous_source.nil?
             requirements[indirect_dependency_name] = source
           else
-            no_ambiguous_sources = Bundler.feature_flag.bundler_3_mode?
-
             msg = ["The gem '#{indirect_dependency_name}' was found in multiple relevant sources."]
             msg.concat [previous_source, source].map {|s| "  * #{s}" }.sort
-            msg << "You #{no_ambiguous_sources ? :must : :should} add this gem to the source block for the source you wish it to be installed from."
+            msg << "You must add this gem to the source block for the source you wish it to be installed from."
             msg = msg.join("\n")
 
-            raise SecurityError, msg if no_ambiguous_sources
-            Bundler.ui.warn "Warning: #{msg}"
+            raise SecurityError, msg
           end
         end
 

data/lib/bundler/spec_set.rb

@@ -11,16 +11,11 @@ module Bundler
       @specs = specs
     end
 
-    def for(dependencies, platforms_or_legacy_check = [nil], legacy_platforms = [nil], skips: [])
-      platforms = if [true, false].include?(platforms_or_legacy_check)
-        Bundler::SharedHelpers.major_deprecation 2,
+    def for(dependencies, platforms = [nil], legacy_platforms = [nil], skips: [])
+      if [true, false].include?(platforms)
+        Bundler::SharedHelpers.feature_removed! \
           "SpecSet#for received a `check` parameter, but that's no longer used and deprecated. " \
-          "SpecSet#for always implicitly performs validation. Please remove this parameter",
-          print_caller_location: true
-
-        legacy_platforms
-      else
-        platforms_or_legacy_check
+          "SpecSet#for always implicitly performs validation. Please remove this parameter"
       end
 
       materialize_dependencies(dependencies, platforms, skips: skips)
@@ -76,7 +71,7 @@ module Bundler
 
       new_platforms = all_platforms.select do |platform|
         next if platforms.include?(platform)
-        next unless GemHelpers.generic(platform) == Gem::Platform::RUBY
+        next unless Gem::Platform.generic(platform) == Gem::Platform::RUBY
 
         complete_platform(platform)
       end
@@ -179,11 +174,11 @@ module Bundler
     end
 
     def -(other)
-      SpecSet.new(to_a - other.to_a)
+      SharedHelpers.feature_removed! "SpecSet#- has been removed with no replacement"
     end
 
     def find_by_name_and_platform(name, platform)
-      @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
+      @specs.detect {|spec| spec.name == name && spec.installable_on_platform?(platform) }
     end
 
     def specs_with_additional_variants_from(other)
@@ -210,7 +205,7 @@ module Bundler
     end
 
     def <<(spec)
-      @specs << spec
+      SharedHelpers.feature_removed! "SpecSet#<< has been removed with no replacement"
     end
 
     def length
@@ -280,7 +275,7 @@ module Bundler
       valid_platform = lookup.all? do |_, specs|
         spec = specs.first
         matching_specs = spec.source.specs.search([spec.name, spec.version])
-        platform_spec = GemHelpers.select_best_platform_match(matching_specs, platform).find do |s|
+        platform_spec = MatchPlatform.select_best_platform_match(matching_specs, platform).find do |s|
           valid?(s)
         end
 

data/lib/bundler/stub_specification.rb

@@ -52,6 +52,7 @@ module Bundler
 
     # This is defined directly to avoid having to loading the full spec
     def missing_extensions?
+      return false if RUBY_ENGINE == "jruby"
       return false if default_gem?
       return false if extensions.empty?
       return false if File.exist? gem_build_complete_path

data/lib/bundler/templates/Executable

@@ -10,17 +10,6 @@
 
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("<%= relative_gemfile_path %>", __dir__)
 
-bundle_binstub = File.expand_path("bundle", __dir__)
-
-if File.file?(bundle_binstub)
-  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
-    load(bundle_binstub)
-  else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
-  end
-end
-
 require "rubygems"
 require "bundler/setup"
 

data/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt

@@ -1,132 +1,10 @@
-# Contributor Covenant Code of Conduct
+# Code of Conduct
 
-## Our Pledge
+<%= config[:name].inspect %> follows [The Ruby Community Conduct Guideline](https://www.ruby-lang.org/en/conduct) in all "collaborative space", which is defined as community communications channels (such as mailing lists, submitted patches, commit comments, etc.):
 
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
+* Participants will be tolerant of opposing views.
+* Participants must ensure that their language and actions are free of personal attacks and disparaging personal remarks.
+* When interpreting the words and actions of others, participants should always assume good intentions.
+* Behaviour which can be reasonably considered harassment will not be tolerated.
 
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the overall
-  community
-
-Examples of unacceptable behavior include:
-
-* The use of sexualized language or imagery, and sexual attention or advances of
-  any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email address,
-  without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official email address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
-All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of
-actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the
-community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.1, available at
-[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
-
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
-
-For answers to common questions about this code of conduct, see the FAQ at
-[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
-[https://www.contributor-covenant.org/translations][translations].
-
-[homepage]: https://www.contributor-covenant.org
-[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
-[Mozilla CoC]: https://github.com/mozilla/diversity
-[FAQ]: https://www.contributor-covenant.org/faq
-[translations]: https://www.contributor-covenant.org/translations
+If you have any concerns about behaviour within this project, please contact us at [<%= config[:email].inspect %>](mailto:<%= config[:email].inspect %>).

data/lib/bundler/templates/newgem/Cargo.toml.tt

@@ -5,3 +5,9 @@
 [workspace]
 members = ["./ext/<%= config[:name] %>"]
 resolver = "2"
+
+[profile.release]
+# By default, debug symbols are stripped from the final binary which makes it
+# harder to debug if something goes wrong. It's recommended to keep debug
+# symbols in the release build so that you can debug the final binary if needed.
+debug = true

data/lib/bundler/templates/newgem/Rakefile.tt

@@ -59,6 +59,11 @@ Rake::ExtensionTask.new("<%= config[:underscored_name] %>", GEMSPEC) do |ext|
 end
 <% end -%>
 
+<% if config[:ext] == "go" -%>
+require "go_gem/rake_task"
+
+GoGem::RakeTask.new("<%= config[:underscored_name] %>")
+<% end -%>
 <% end -%>
 <% if default_task_names.size == 1 -%>
 task default: <%= default_task_names.first.inspect %>