bundler 1.7.3 → 1.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 46bd149bdc713f4dbee824a21e2dfe9fb85b134e
-  data.tar.gz: 258468570e8baadd905738b57aa8a0f902419738
+  metadata.gz: 0db99e813ff94da575f3001947d5dcf86a777946
+  data.tar.gz: f649bbd231e496fa19cfbf3c8b629d1570c307c9
 SHA512:
-  metadata.gz: 1a88ee0a1485e450a80fbcbe658c6af25d90fd7d6200265a0bea4aa8ef239893b339755b3abf8c3ea4c3f593dbd8e8049c94696ad437a8b6350a569eb33d32d1
-  data.tar.gz: 8872770af18aff6463c6d047eea3142d405897b898c8cfc8f9e2bf83a2504ead14e68e733f1754398bb2972e4a3d12815bdf3c7c3002a20cd2fb2f62b1376ac0
+  metadata.gz: 2c9cc0716eff3f0ae1564b4bcfaa8a46bbc00f5e2b323bde78ff175f873bba072bb5d8d7ed8da11481b04076fd3732b56c4bd18ee2d013dca1f6ee6a9582629f
+  data.tar.gz: 72490c914b8efb8be01fd067172c549bbf25ed83bf8db52f4009e75ab9c1c6b8b0d548196ee7e924dbaa001407ba2a684833104105b290e327f1987169d37b1a

data/.travis.yml

@@ -76,6 +76,9 @@ matrix:
       env: RGV=v1.3.6
 
     # ALLOWED FAILURES
+    # For no apparent reason, this often goes over the Travis limit
+    - rvm: 1.8.7
+      env: RGV=v2.1.11
     # Ruby 1.9.2 sanity check
     # (but it's just too slow and sometimes goes over the Travis limit)
     - rvm: 1.9.2
@@ -90,7 +93,9 @@ matrix:
     - rvm: rbx
       env: RGV=v2.2.2
   allow_failures:
-    - rvm: ruby-head
+    - rvm: 1.8.7
+      env: RGV=2.1.11
     - rvm: 1.9.2
+    - rvm: ruby-head
     - rvm: jruby
     - rvm: rbx

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 1.7.4 (2014-10-19)
+
+Bugfixes:
+
+  - Allow --deployment after `pack` while using source blocks (#3167, @tmoore)
+  - Use dependency API even when HTTP credentials are in ENV (#3191, @fvaleur)
+  - Silence warnings (including root warning) in --quiet mode (#3186, @indirect)
+  - Stop asking gem servers for gems already found locally (#2909, @dubek)
+
 ## 1.7.3 (2014-09-14)
 
 Bugfixes:
@@ -28,11 +37,11 @@ Security:
 Features:
 
   - Gemfile `source` calls now take a block containing gems from that source (@tmoore)
-  - added the `:source` option to `gem` to specify a source (@tmoore)
+  - Added the `:source` option to `gem` to specify a source (@tmoore)
 
 Bugfixes:
 
-  - warn on ambiguous gems available from more than one source (@tmoore)
+  - Warn on ambiguous gems available from more than one source (@tmoore)
 
 ## 1.6.5 (2014-07-23)
 

data/lib/bundler/cli/install.rb

@@ -6,6 +6,8 @@ module Bundler
     end
 
     def run
+      Bundler.ui.level = "error" if options[:quiet]
+
       warn_if_root
 
       if options[:without]
@@ -66,7 +68,6 @@ module Bundler
       Bundler.settings[:no_prune] = true if options["no-prune"]
       Bundler.settings[:clean]    = options["clean"] if options["clean"]
       Bundler.settings.without    = options[:without]
-      Bundler.ui.level            = "warn" if options[:quiet]
       Bundler::Fetcher.disable_endpoint = options["full-index"]
       Bundler.settings[:disable_shared_gems] = Bundler.settings[:path] ? '1' : nil
 

data/lib/bundler/cli/package.rb

@@ -7,10 +7,12 @@ module Bundler
     end
 
     def run
-      Bundler.ui.level = "warn" if options[:quiet]
+      Bundler.ui.level = "error" if options[:quiet]
       Bundler.settings[:path] = File.expand_path(options[:path]) if options[:path]
+
       setup_cache_all
       install
+
       # TODO: move cache contents here now that all bundles are locked
       custom_path = Pathname.new(options[:path]) if options[:path]
       Bundler.load.cache(custom_path)

data/lib/bundler/cli/update.rb

@@ -7,10 +7,10 @@ module Bundler
     end
 
     def run
+      Bundler.ui.level = "error" if options[:quiet]
 
       sources = Array(options[:source])
       groups  = Array(options[:group]).map(&:to_sym)
-      Bundler.ui.level = "warn" if options[:quiet]
 
       if gems.empty? && sources.empty? && groups.empty?
         # We're doing a full update

data/lib/bundler/definition.rb

@@ -197,12 +197,12 @@ module Bundler
 
     def index
       @index ||= Index.build do |idx|
-        dependency_names = @dependencies.dup || []
-        dependency_names.map! {|d| d.name }
+        dependency_names = @dependencies.map { |d| d.name }
 
         sources.all_sources.each do |s|
-          s.dependency_names = dependency_names
+          s.dependency_names = dependency_names.dup
           idx.add_source s.specs
+          s.specs.each { |spec| dependency_names.delete(spec.name) }
           dependency_names.push(*s.unmet_deps).uniq!
         end
       end
@@ -313,7 +313,7 @@ module Bundler
       deleted = []
       changed = []
 
-      gemfile_sources = sources.all_sources
+      gemfile_sources = sources.lock_sources
       if @locked_sources != gemfile_sources
         new_sources = gemfile_sources - @locked_sources
         deleted_sources = @locked_sources - gemfile_sources
@@ -451,12 +451,11 @@ module Bundler
 
       # Get the Rubygems sources from the Gemfile.lock
       locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) }
-      # Get the Rubygems sources from the Gemfile
-      actual_gem_sources = @sources.rubygems_sources
+      # Get the Rubygems remotes from the Gemfile
+      actual_remotes = sources.rubygems_remotes
 
       # If there is a Rubygems source in both
-      unless locked_gem_sources.empty? && actual_gem_sources.empty?
-        actual_remotes = actual_gem_sources.map(&:remotes).flatten.uniq
+      if !locked_gem_sources.empty? && !actual_remotes.empty?
         locked_gem_sources.each do |locked_gem|
           # Merge the remotes from the Gemfile into the Gemfile.lock
           changes = changes | locked_gem.replace_remotes(actual_remotes)
@@ -466,11 +465,9 @@ module Bundler
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
       # source in the Gemfile.lock, use the one from the Gemfile.
-      sources.replace_sources!(@locked_sources)
-      gemfile_sources = sources.all_sources
-      changes = changes | (Set.new(gemfile_sources) != Set.new(@locked_sources))
+      changes = changes | sources.replace_sources!(@locked_sources)
 
-      gemfile_sources.each do |source|
+      sources.all_sources.each do |source|
         # If the source is unlockable and the current command allows an unlock of
         # the source (for example, you are doing a `bundle update <foo>` of a git-pinned
         # gem), unlock it. For git sources, this means to unlock the revision, which

data/lib/bundler/fetcher.rb

@@ -226,6 +226,12 @@ module Bundler
     end
 
     def use_api
+      _use_api(true)
+    rescue AuthenticationRequiredError
+      retry_with_auth{_use_api(false)}
+    end
+
+    def _use_api(reraise_auth_error = false)
       return @use_api if defined?(@use_api)
 
       if @remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint
@@ -233,6 +239,9 @@ module Bundler
       elsif fetch(dependency_api_uri)
         @use_api = true
       end
+    rescue AuthenticationRequiredError => e
+      raise e if reraise_auth_error
+      false
     rescue HTTPError
       @use_api = false
     end
@@ -268,6 +277,8 @@ module Bundler
         response.body
       when Net::HTTPRequestEntityTooLarge
         raise FallbackError, response.body
+      when Net::HTTPUnauthorized
+        raise AuthenticationRequiredError, "#{response.class}: #{response.body}"
       else
         raise HTTPError, "#{response.class}: #{response.body}"
       end
@@ -282,8 +293,6 @@ module Bundler
         req.basic_auth(user, password)
       end
       connection.request(uri, req)
-    rescue Net::HTTPUnauthorized, Net::HTTPForbidden
-      retry_with_auth { request(uri) }
     rescue OpenSSL::SSL::SSLError
       raise CertificateFailureError.new(uri)
     rescue *HTTP_ERRORS => e

data/lib/bundler/source/rubygems.rb

@@ -52,9 +52,9 @@ module Bundler
 
       def to_lock
         out = "GEM\n"
-        out << remotes.map { |remote|
-          "  remote: #{suppress_configured_credentials remote}\n"
-        }.join
+        remotes.reverse_each do |remote|
+          out << "  remote: #{suppress_configured_credentials remote}\n"
+        end
         out << "  specs:\n"
       end
 

data/lib/bundler/source_list.rb

@@ -1,14 +1,13 @@
 module Bundler
   class SourceList
     attr_reader :path_sources,
-                :git_sources,
-                :rubygems_sources
+                :git_sources
 
     def initialize
       @path_sources       = []
       @git_sources        = []
       @rubygems_aggregate = Source::Rubygems.new
-      @rubygems_sources   = [@rubygems_aggregate]
+      @rubygems_sources   = []
     end
 
     def add_path_source(options = {})
@@ -28,6 +27,14 @@ module Bundler
       @rubygems_aggregate
     end
 
+    def rubygems_sources
+      @rubygems_sources + [@rubygems_aggregate]
+    end
+
+    def rubygems_remotes
+      rubygems_sources.map(&:remotes).flatten.uniq
+    end
+
     def all_sources
       path_sources + git_sources + rubygems_sources
     end
@@ -42,11 +49,21 @@ module Bundler
     end
 
     def replace_sources!(replacement_sources)
-      [path_sources, git_sources, rubygems_sources].each do |source_list|
+      return true if replacement_sources.empty?
+
+      [path_sources, git_sources].each do |source_list|
         source_list.map! do |source|
           replacement_sources.find { |s| s == source } || source
         end
       end
+
+      replacement_rubygems =
+        replacement_sources.detect { |s| s.is_a?(Source::Rubygems) }
+      @rubygems_aggregate = replacement_rubygems
+
+      # Return true if there were changes
+      all_sources.to_set != replacement_sources.to_set ||
+        rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
     end
 
     def cached!
@@ -74,7 +91,7 @@ module Bundler
     end
 
     def combine_rubygems_sources
-      Source::Rubygems.new("remotes" => rubygems_sources.map(&:remotes).flatten.uniq.reverse)
+      Source::Rubygems.new("remotes" => rubygems_remotes)
     end
   end
 end

data/lib/bundler/version.rb

@@ -2,5 +2,5 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.7.3" unless defined?(::Bundler::VERSION)
+  VERSION = "1.7.4" unless defined?(::Bundler::VERSION)
 end

data/man/bundle-config.ronn

@@ -145,11 +145,26 @@ Finally, Bundler also ensures that the current revision in the
 `Gemfile.lock` exists in the local git repository. By doing this, Bundler
 forces you to fetch the latest changes in the remotes.
 
-## MIRRORS OF GEM REPOSITORIES
+## MIRRORS OF GEM SOURCES
 
 Bundler supports overriding gem sources with mirrors. This allows you to
 configure rubygems.org as the gem source in your Gemfile while still using your
 mirror to fetch gems.
 
+    bundle config mirror.SOURCE_URL MIRROR_URL
+
+For example, to use a mirror of rubygems.org hosted at
+
     bundle config mirror.http://rubygems.org http://rubygems-mirror.org
 
+## CREDENTIALS FOR GEM SOURCES
+
+Bundler allows you to configure credentials for any gem source, which allows
+you to avoid putting secrets into your Gemfile.
+
+    bundle config SOURCE_URL USERNAME:PASSWORD
+
+For example, to save the credentials of user `claudette` for the gem source at
+`gems.longerous.com`, you would run:
+
+    bundle config https://gems.longerous.com/ claudette:s00pers3krit

data/man/gemfile.5.ronn

@@ -33,6 +33,23 @@ be selected for gems that need to use a non-standard repository, suppressing
 this warning, by using the [`:source` option](#SOURCE-source-) or a
 [`source` block](#BLOCK-FORM-OF-SOURCE-GIT-PATH-GROUP-and-PLATFORMS).
 
+### CREDENTIALS (#credentials)
+
+Some gem sources require a username and password. Use `bundle config` to set
+the username and password for any sources that need it. The command must be run
+once on each computer that will install the Gemfile, but this keeps the
+credentials from being stored in plain text in version control.
+
+    bundle config https://gems.example.com/ user:password
+
+For some sources, like a company Gemfury account, it may be easier to simply
+include the credentials in the Gemfile as part of the source URL.
+
+    source "https://user:password@gems.example.com"
+
+Credentials in the source URL will take precedence over credentials set using
+`config`.
+
 ## RUBY (#ruby)
 
 If your application requires a specific Ruby version or engine, specify your

data/spec/bundler/source_list_spec.rb

@@ -277,17 +277,17 @@ describe Bundler::SourceList do
   end
 
   describe "#lock_sources" do
-    it "combines the rubygems sources into a single instance, removing duplicate remotes from the front" do
+    it "combines the rubygems sources into a single instance, removing duplicate remotes from the end" do
       source_list.add_git_source('uri' => 'git://third-git.org/path.git')
-      source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org']) # intentional duplicate
+      source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org'])
       source_list.add_path_source('path' => '/third/path/to/gem')
-      source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org'])
+      source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org'])
       source_list.add_path_source('path' => '/second/path/to/gem')
       source_list.add_rubygems_source('remotes' => ['https://second-rubygems.org'])
       source_list.add_git_source('uri' => 'git://second-git.org/path.git')
-      source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org'])
+      source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org'])
       source_list.add_path_source('path' => '/first/path/to/gem')
-      source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org'])
+      source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org'])
       source_list.add_git_source('uri' => 'git://first-git.org/path.git')
 
       expect(source_list.lock_sources).to eq [
@@ -298,10 +298,10 @@ describe Bundler::SourceList do
         Bundler::Source::Path.new('path' => '/second/path/to/gem'),
         Bundler::Source::Path.new('path' => '/third/path/to/gem'),
         Bundler::Source::Rubygems.new('remotes' => [
+          'https://duplicate-rubygems.org',
           'https://first-rubygems.org',
           'https://second-rubygems.org',
           'https://third-rubygems.org',
-          'https://fourth-rubygems.org',
         ]),
       ]
     end

data/spec/install/deploy_spec.rb

@@ -79,6 +79,19 @@ describe "install with --deployment or --frozen" do
     expect(exitstatus).to eq(0)
   end
 
+  it "works with sources given by a block" do
+    install_gemfile <<-G
+      source "file://#{gem_repo1}" do
+        gem "rack"
+      end
+    G
+
+    bundle "install --deployment", :exitstatus => true
+
+    expect(exitstatus).to eq(0)
+    should_be_installed "rack 1.0"
+  end
+
   describe "with an existing lockfile" do
     before do
       bundle "install"

data/spec/install/gemfile/path_spec.rb

@@ -415,6 +415,26 @@ describe "bundle install with explicit source paths" do
     end
   end
 
+  describe "when there are both a gemspec and remote gems" do
+    it "doesn't query rubygems for local gemspec name" do
+      build_lib "private_lib", "2.2", :path => lib_path("private_lib")
+      gemfile = <<-G
+        source "http://localgemserver.test"
+        gemspec
+        gem 'rack'
+      G
+      File.open(lib_path("private_lib/Gemfile"), "w") {|f| f.puts gemfile }
+
+      Dir.chdir(lib_path("private_lib")) do
+        bundle :install, :env => {"DEBUG" => 1}, :artifice => "endpoint"
+        expect(out).to match(/^HTTP GET http:\/\/localgemserver\.test\/api\/v1\/dependencies\?gems=rack$/)
+        expect(out).not_to match(/^HTTP GET.*private_lib/)
+        should_be_installed "private_lib 2.2"
+        should_be_installed "rack 1.0"
+      end
+    end
+  end
+
   describe "gem install hooks" do
     it "runs pre-install hooks" do
       build_git "foo"

data/spec/install/gems/dependency_api_spec.rb

@@ -467,6 +467,8 @@ describe "gemcutter's dependency API" do
         bundle "config #{source_uri}/ #{user}:#{password}"
 
         bundle :install, :artifice => "endpoint_strict_basic_authentication"
+
+        expect(out).to include("Fetching gem metadata from #{source_uri}")
         should_be_installed "rack 1.0.0"
       end
 

data/spec/install/gems/simple_case_spec.rb

@@ -291,7 +291,7 @@ describe "bundle install with gem sources" do
       G
 
       bundle :install, :expect_err => true
-      expect(out).to match(/Your Gemfile has no gem server sources/i)
+      expect(out).to include("Your Gemfile has no gem server sources")
     end
 
     it "creates a Gemfile.lock on a blank Gemfile" do
@@ -363,23 +363,14 @@ describe "bundle install with gem sources" do
   end
 
   describe "when requesting a quiet install via --quiet" do
-    it "should be quiet if there are no warnings" do
-      gemfile <<-G
-        source "file://#{gem_repo1}"
-        gem 'rack'
-      G
-
-      bundle :install, :quiet => true
-      expect(out).to eq("")
-    end
-
-    it "should still display warnings" do
+    it "should be quiet" do
       gemfile <<-G
         gem 'rack'
       G
 
       bundle :install, :quiet => true
-      expect(out).to match(/Your Gemfile has no gem server sources/)
+      expect(out).to include("Could not find gem 'rack (>= 0) ruby'")
+      expect(out).to_not include("Your Gemfile has no gem server sources")
     end
   end
 

data/spec/install/gems/sources_spec.rb

@@ -83,6 +83,18 @@ describe "bundle install with gems on multiple sources" do
         expect(out).not_to include("Warning")
         should_be_installed("rack-obama 1.0.0", "rack 1.0.0")
       end
+
+      it "can cache and deploy" do
+        bundle :package
+
+        expect(bundled_app("vendor/cache/rack-1.0.0.gem")).to exist
+        expect(bundled_app("vendor/cache/rack-obama-1.0.gem")).to exist
+
+        bundle "install --deployment", :exitstatus => true
+
+        expect(exitstatus).to eq(0)
+        should_be_installed("rack-obama 1.0.0", "rack 1.0.0")
+      end
     end
 
     context "with sources set by an option" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler
 version: !ruby/object:Gem::Version
-  version: 1.7.3
+  version: 1.7.4
 platform: ruby
 authors:
 - André Arko
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-14 00:00:00.000000000 Z
+date: 2014-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rdiscount