bundler 1.7.11 → 1.7.12

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of bundler might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 304138ac8170f3f0cfded026f152c769c4bb82d3
4
- data.tar.gz: 642559dbb36236fbfb914c040d50474b79e7740a
3
+ metadata.gz: f78506794e1236e20baeec03409bf31851b62ae8
4
+ data.tar.gz: 6235c60a7baa56c9d99ea70f5a86854c0cd37ffa
5
5
  SHA512:
6
- metadata.gz: da5051ee98ba734e1d648979b5f873ba14a76861708bccd39338efd9c46292db9895eec567d585175b739af6056aa3f09dfa3202fd395fa7e1d9588343bf040f
7
- data.tar.gz: 630ced150f60a3dc4851341215306114195c11aff3b0d1b275a81249d942920f823458c3e0308afd8447ed948ae0a30825b33e51ca45c2dbdcb7a25a0d5d10ed
6
+ metadata.gz: 5f23150e0c391c85c40af0e6e9c11aa372ccbdc3c7dc671b7258bbc622a721a6ce6de4700da3b817e5625ac30409c9e5265a4902a7f5240c07be3cb2f9ffee49
7
+ data.tar.gz: 1c906be004088ce34030dec90bc4aeebb48387b92386659c73125d3a670c75a2f0578b88a583555e7c0aa0b707259a112bf8bf52ade4838ec4740a347aab38d2
@@ -1,3 +1,9 @@
1
+ ## 1.7.12 (2015-01-08)
2
+
3
+ Bugfixes:
4
+
5
+ - Always send credentials for sources, fixing private Gemfury gems (#3342, @TimMoore)
6
+
1
7
  ## 1.7.11 (2015-01-04)
2
8
 
3
9
  Bugfixes:
@@ -95,8 +95,7 @@ module Bundler
95
95
  @api_timeout = 10 # How long to wait for each API call
96
96
  @max_retries = 3 # How many retries for the API call
97
97
 
98
- @remote_uri = Bundler::Source.mirror_for(remote_uri)
99
- @anonymizable_uri = AnonymizableURI.new(@remote_uri.dup) unless @remote_uri.nil?
98
+ @anonymizable_uri = resolve_remote_uri(remote_uri)
100
99
 
101
100
  Socket.do_not_reverse_lookup = true
102
101
  connection # create persistent connection
@@ -104,14 +103,14 @@ module Bundler
104
103
 
105
104
  def connection
106
105
  @connection ||= begin
107
- needs_ssl = @remote_uri.scheme == "https" ||
106
+ needs_ssl = remote_uri.scheme == "https" ||
108
107
  Bundler.settings[:ssl_verify_mode] ||
109
108
  Bundler.settings[:ssl_client_cert]
110
109
  raise SSLError if needs_ssl && !defined?(OpenSSL::SSL)
111
110
 
112
111
  con = Net::HTTP::Persistent.new 'bundler', :ENV
113
112
 
114
- if @remote_uri.scheme == "https"
113
+ if remote_uri.scheme == "https"
115
114
  con.verify_mode = (Bundler.settings[:ssl_verify_mode] ||
116
115
  OpenSSL::SSL::VERIFY_PEER)
117
116
  con.cert_store = bundler_cert_store
@@ -130,7 +129,7 @@ module Bundler
130
129
  end
131
130
 
132
131
  def uri
133
- @anonymizable_uri.without_credentials unless @anonymizable_uri.nil?
132
+ @anonymizable_uri.without_credentials
134
133
  end
135
134
 
136
135
  # fetch a gem specification
@@ -138,7 +137,7 @@ module Bundler
138
137
  spec = spec - [nil, 'ruby', '']
139
138
  spec_file_name = "#{spec.join '-'}.gemspec"
140
139
 
141
- uri = URI.parse("#{@remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
140
+ uri = URI.parse("#{remote_uri}#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}.rz")
142
141
  if uri.scheme == 'file'
143
142
  Bundler.load_marshal Gem.inflate(Gem.read_binary(uri.path))
144
143
  elsif cached_spec_path = gemspec_cached_path(spec_file_name)
@@ -176,7 +175,7 @@ module Bundler
176
175
  end
177
176
  end
178
177
 
179
- specs[@remote_uri].each do |name, version, platform, dependencies|
178
+ specs[remote_uri].each do |name, version, platform, dependencies|
180
179
  next if name == 'bundler'
181
180
  spec = nil
182
181
  if dependencies
@@ -208,7 +207,7 @@ module Bundler
208
207
  Bundler.ui.info ".", false
209
208
  end
210
209
 
211
- return {@remote_uri => last_spec_list} if query_list.empty?
210
+ return {remote_uri => last_spec_list} if query_list.empty?
212
211
 
213
212
  remote_specs = Bundler::Retry.new("dependency api", AUTH_ERRORS).attempts do
214
213
  fetch_dependency_remote_specs(query_list)
@@ -225,22 +224,16 @@ module Bundler
225
224
  end
226
225
 
227
226
  def use_api
228
- _use_api(true)
229
- rescue AuthenticationRequiredError
230
- retry_with_auth{_use_api(false)}
231
- end
232
-
233
- def _use_api(reraise_auth_error = false)
234
227
  return @use_api if defined?(@use_api)
235
228
 
236
- if @remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
229
+ if remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
237
230
  @use_api = false
238
231
  elsif fetch(dependency_api_uri)
239
232
  @use_api = true
240
233
  end
241
- rescue AuthenticationRequiredError => e
242
- raise e if reraise_auth_error
243
- false
234
+ rescue AuthenticationRequiredError
235
+ # We got a 401 from the server. Don't fall back to the full index, just fail.
236
+ raise
244
237
  rescue HTTPError
245
238
  @use_api = false
246
239
  end
@@ -276,8 +269,8 @@ module Bundler
276
269
  response.body
277
270
  when Net::HTTPRequestEntityTooLarge
278
271
  raise FallbackError, response.body
279
- when Net::HTTPUnauthorized, Net::HTTPForbidden
280
- raise AuthenticationRequiredError, "#{response.class}: #{response.body}"
272
+ when Net::HTTPUnauthorized
273
+ raise AuthenticationRequiredError, remote_uri
281
274
  else
282
275
  raise HTTPError, "#{response.class}: #{response.body}"
283
276
  end
@@ -328,16 +321,20 @@ module Bundler
328
321
  # fetch from modern index: specs.4.8.gz
329
322
  def fetch_all_remote_specs
330
323
  old_sources = Bundler.rubygems.sources
331
- Bundler.rubygems.sources = [@remote_uri.to_s]
324
+ Bundler.rubygems.sources = [remote_uri.to_s]
332
325
  Bundler.rubygems.fetch_all_remote_specs
333
326
  rescue Gem::RemoteFetcher::FetchError, OpenSSL::SSL::SSLError => e
334
327
  case e.message
335
328
  when /certificate verify failed/
336
329
  raise CertificateFailureError.new(uri)
337
- when /401|403/
338
- # Gemfury uses a 403 for unauthenticated requests instead of a 401, so retry auth
339
- # on both.
340
- retry_with_auth { fetch_all_remote_specs }
330
+ when /401/
331
+ raise AuthenticationRequiredError, remote_uri
332
+ when /403/
333
+ if remote_uri.userinfo
334
+ raise BadAuthenticationError, remote_uri
335
+ else
336
+ raise AuthenticationRequiredError, remote_uri
337
+ end
341
338
  else
342
339
  Bundler.ui.trace e
343
340
  raise HTTPError, "Could not fetch specs from #{uri}"
@@ -374,35 +371,35 @@ module Bundler
374
371
  store
375
372
  end
376
373
 
377
- # Attempt to retry with HTTP authentication, if it's appropriate to do so. Yields to a block;
378
- # the caller should use this to re-attempt the failing request with the altered `@remote_uri`.
379
- def retry_with_auth
380
- # Authentication has already been attempted and failed.
381
- raise BadAuthenticationError.new(uri) if @remote_uri.user
382
-
383
- auth = Bundler.settings[@remote_uri.to_s]
384
-
385
- # Authentication isn't provided at all, by "bundle config" or in the URI.
386
- raise AuthenticationRequiredError.new(uri) if auth.nil?
374
+ private
387
375
 
388
- @remote_uri.user, @remote_uri.password = *auth.split(":", 2)
389
- @anonymizable_uri = AnonymizableURI.new(@remote_uri.dup)
390
- yield
376
+ def resolve_remote_uri(uri)
377
+ add_configured_credentials(Bundler::Source.mirror_for(uri))
391
378
  end
392
379
 
393
- private
380
+ def add_configured_credentials(uri)
381
+ auth = Bundler.settings[uri.to_s]
382
+ if auth
383
+ uri = uri.dup
384
+ uri.user, uri.password = *auth.split(":", 2)
385
+ end
386
+ AnonymizableURI.new(uri)
387
+ end
394
388
 
395
389
  def fetch_uri
396
390
  @fetch_uri ||= begin
397
- if @remote_uri.host == "rubygems.org"
398
- uri = @remote_uri.dup
391
+ if remote_uri.host == "rubygems.org"
392
+ uri = remote_uri.dup
399
393
  uri.host = "bundler.rubygems.org"
400
394
  uri
401
395
  else
402
- @remote_uri
396
+ remote_uri
403
397
  end
404
398
  end
405
399
  end
406
400
 
401
+ def remote_uri
402
+ @anonymizable_uri.original_uri
403
+ end
407
404
  end
408
405
  end
@@ -2,5 +2,5 @@ module Bundler
2
2
  # We're doing this because we might write tests that deal
3
3
  # with other versions of bundler and we are unsure how to
4
4
  # handle this better.
5
- VERSION = "1.7.11" unless defined?(::Bundler::VERSION)
5
+ VERSION = "1.7.12" unless defined?(::Bundler::VERSION)
6
6
  end
@@ -162,6 +162,17 @@ describe "gemcutter's dependency API" do
162
162
  should_be_installed "rack 1.0.0"
163
163
  end
164
164
 
165
+ it "falls back when the API URL returns 403 Forbidden" do
166
+ gemfile <<-G
167
+ source "#{source_uri}"
168
+ gem "rack"
169
+ G
170
+
171
+ bundle :install, :verbose => true, :artifice => "endpoint_api_forbidden"
172
+ expect(out).to include("Fetching source index from #{source_uri}")
173
+ should_be_installed "rack 1.0.0"
174
+ end
175
+
165
176
  it "handles host redirects" do
166
177
  gemfile <<-G
167
178
  source "#{source_uri}"
@@ -0,0 +1,11 @@
1
+ require File.expand_path("../endpoint", __FILE__)
2
+
3
+ Artifice.deactivate
4
+
5
+ class EndpointApiForbidden < Endpoint
6
+ get "/api/v1/dependencies" do
7
+ halt 403
8
+ end
9
+ end
10
+
11
+ Artifice.activate_with(EndpointApiForbidden)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.11
4
+ version: 1.7.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - André Arko
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2015-01-05 00:00:00.000000000 Z
14
+ date: 2015-01-12 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: mustache
@@ -346,6 +346,7 @@ files:
346
346
  - spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
347
347
  - spec/support/artifice/endpoint.rb
348
348
  - spec/support/artifice/endpoint_500.rb
349
+ - spec/support/artifice/endpoint_api_forbidden.rb
349
350
  - spec/support/artifice/endpoint_api_missing.rb
350
351
  - spec/support/artifice/endpoint_basic_authentication.rb
351
352
  - spec/support/artifice/endpoint_creds_diff_host.rb
@@ -394,7 +395,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
394
395
  version: 1.3.6
395
396
  requirements: []
396
397
  rubyforge_project:
397
- rubygems_version: 2.2.2
398
+ rubygems_version: 2.4.5
398
399
  signing_key:
399
400
  specification_version: 4
400
401
  summary: The best way to manage your application's dependencies
@@ -480,6 +481,7 @@ test_files:
480
481
  - spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
481
482
  - spec/support/artifice/endpoint.rb
482
483
  - spec/support/artifice/endpoint_500.rb
484
+ - spec/support/artifice/endpoint_api_forbidden.rb
483
485
  - spec/support/artifice/endpoint_api_missing.rb
484
486
  - spec/support/artifice/endpoint_basic_authentication.rb
485
487
  - spec/support/artifice/endpoint_creds_diff_host.rb