carat 1.9.9.pre1

data/lib/carat/cli/update.rb

@@ -0,0 +1,73 @@
+module Carat
+  class CLI::Update
+    attr_reader :options, :gems
+    def initialize(options, gems)
+      @options = options
+      @gems = gems
+    end
+
+    def run
+      Carat.ui.level = "error" if options[:quiet]
+
+      sources = Array(options[:source])
+      groups  = Array(options[:group]).map(&:to_sym)
+
+      if gems.empty? && sources.empty? && groups.empty?
+        # We're doing a full update
+        Carat.definition(true)
+      else
+        unless Carat.default_lockfile.exist?
+          raise GemfileLockNotFound, "This Bundle hasn't been installed yet. " \
+            "Run `carat install` to update and install the bundled gems."
+        end
+        # cycle through the requested gems, just to make sure they exist
+        names = Carat.locked_gems.specs.map{ |s| s.name }
+        gems.each do |g|
+          next if names.include?(g)
+          require "carat/cli/common"
+          raise GemNotFound, Carat::CLI::Common.gem_not_found_message(g, names)
+        end
+
+        if groups.any?
+          specs = Carat.definition.specs_for groups
+          sources.concat(specs.map(&:name))
+        end
+
+        Carat.definition(:gems => gems, :sources => sources)
+      end
+
+      Carat::Fetcher.disable_endpoint = options["full-index"]
+
+      opts = options.dup
+      opts["update"] = true
+      opts["local"] = options[:local]
+
+      Carat.settings[:jobs] = opts["jobs"] if opts["jobs"]
+
+      # rubygems plugins sometimes hook into the gem install process
+      Gem.load_env_plugins if Gem.respond_to?(:load_env_plugins)
+
+      Carat.definition.validate_ruby!
+      Installer.install Carat.root, Carat.definition, opts
+      Carat.load.cache if Carat.app_cache.exist?
+
+      if Carat.settings[:clean] && Carat.settings[:path]
+        require "carat/cli/clean"
+        Carat::CLI::Clean.new(options).run
+      end
+
+      Carat.ui.confirm "Bundle updated!"
+      without_groups_messages
+    end
+
+  private
+
+    def without_groups_messages
+      if Carat.settings.without.any?
+        require "carat/cli/common"
+        Carat.ui.confirm Carat::CLI::Common.without_groups_message
+      end
+    end
+
+  end
+end

data/lib/carat/cli/viz.rb

@@ -0,0 +1,27 @@
+module Carat
+  class CLI::Viz
+    attr_reader :options, :gem_name
+    def initialize(options)
+      @options = options
+    end
+
+    def run
+      require 'graphviz'
+      output_file = File.expand_path(options[:file])
+      graph = Graph.new(Carat.load, output_file, options[:version], options[:requirements], options[:format], options[:without])
+      graph.viz
+    rescue LoadError => e
+      Carat.ui.error e.inspect
+      Carat.ui.warn "Make sure you have the graphviz ruby gem. You can install it with:"
+      Carat.ui.warn "`gem install ruby-graphviz`"
+    rescue StandardError => e
+      if e.message =~ /GraphViz not installed or dot not in PATH/
+        Carat.ui.error e.message
+        Carat.ui.warn "Please install GraphViz. On a Mac with homebrew, you can run `brew install graphviz`."
+      else
+        raise
+      end
+    end
+
+  end
+end

data/lib/carat/constants.rb

@@ -0,0 +1,5 @@
+module Carat
+  WINDOWS = RbConfig::CONFIG["host_os"] =~ %r!(msdos|mswin|djgpp|mingw)!
+  FREEBSD = RbConfig::CONFIG["host_os"] =~ /bsd/
+  NULL    = WINDOWS ? "NUL" : "/dev/null"
+end

data/lib/carat/current_ruby.rb

@@ -0,0 +1,183 @@
+module Carat
+  # Returns current version of Ruby
+  #
+  # @return [CurrentRuby] Current version of Ruby
+  def self.current_ruby
+    @current_ruby ||= CurrentRuby.new
+  end
+
+  class CurrentRuby
+    def on_18?
+      RUBY_VERSION =~ /^1\.8/
+    end
+
+    def on_19?
+      RUBY_VERSION =~ /^1\.9/
+    end
+
+    def on_20?
+      RUBY_VERSION =~ /^2\.0/
+    end
+
+    def on_21?
+      RUBY_VERSION =~ /^2\.1/
+    end
+
+    def on_22?
+      RUBY_VERSION =~ /^2\.2/
+    end
+
+    def ruby?
+      !mswin? && (!defined?(RUBY_ENGINE) || RUBY_ENGINE == "ruby" || RUBY_ENGINE == "rbx" || RUBY_ENGINE == "maglev")
+    end
+
+    def ruby_18?
+      ruby? && on_18?
+    end
+
+    def ruby_19?
+      ruby? && on_19?
+    end
+
+    def ruby_20?
+      ruby? && on_20?
+    end
+
+    def ruby_21?
+      ruby? && on_21?
+    end
+
+    def ruby_22?
+      ruby? && on_22?
+    end
+
+    def mri?
+      !mswin? && (!defined?(RUBY_ENGINE) || RUBY_ENGINE == "ruby")
+    end
+
+    def mri_18?
+      mri? && on_18?
+    end
+
+    def mri_19?
+      mri? && on_19?
+    end
+
+    def mri_20?
+      mri? && on_20?
+    end
+
+    def mri_21?
+      mri? && on_21?
+    end
+
+    def mri_22?
+      mri? && on_22?
+    end
+
+    def rbx?
+      ruby? && defined?(RUBY_ENGINE) && RUBY_ENGINE == "rbx"
+    end
+
+    def jruby?
+      defined?(RUBY_ENGINE) && RUBY_ENGINE == "jruby"
+    end
+
+    def jruby_18?
+      jruby? && on_18?
+    end
+
+    def jruby_19?
+      jruby? && on_19?
+    end
+
+    def maglev?
+      defined?(RUBY_ENGINE) && RUBY_ENGINE == "maglev"
+    end
+
+    def mswin?
+      Carat::WINDOWS
+    end
+
+    def mswin_18?
+      mswin? && on_18?
+    end
+
+    def mswin_19?
+      mswin? && on_19?
+    end
+
+    def mswin_20?
+      mswin? && on_20?
+    end
+
+    def mswin_21?
+      mswin? && on_21?
+    end
+
+    def mswin_22?
+      mswin? && on_22?
+    end
+
+    def mswin64?
+      Carat::WINDOWS && Gem::Platform.local.os == "mswin64" && Gem::Platform.local.cpu == 'x64'
+    end
+
+    def mswin64_19?
+      mswin64? && on_19?
+    end
+
+    def mswin64_20?
+      mswin64? && on_20?
+    end
+
+    def mswin64_21?
+      mswin64? && on_21?
+    end
+
+    def mswin64_22?
+      mswin64? && on_22?
+    end
+
+    def mingw?
+      Carat::WINDOWS && Gem::Platform.local.os == "mingw32" && Gem::Platform.local.cpu != 'x64'
+    end
+
+    def mingw_18?
+      mingw? && on_18?
+    end
+
+    def mingw_19?
+      mingw? && on_19?
+    end
+
+    def mingw_20?
+      mingw? && on_20?
+    end
+
+    def mingw_21?
+      mingw? && on_21?
+    end
+
+    def mingw_22?
+      mingw? && on_22?
+    end
+
+    def x64_mingw?
+      Carat::WINDOWS && Gem::Platform.local.os == "mingw32" && Gem::Platform.local.cpu == 'x64'
+    end
+
+    def x64_mingw_20?
+      x64_mingw? && on_20?
+    end
+
+    def x64_mingw_21?
+      x64_mingw? && on_21?
+    end
+
+    def x64_mingw_22?
+      x64_mingw? && on_22?
+    end
+
+  end
+end

data/lib/carat/definition.rb

@@ -0,0 +1,628 @@
+require "digest/sha1"
+require "set"
+
+module Carat
+  class Definition
+    include GemHelpers
+
+    attr_reader :dependencies, :platforms, :ruby_version, :locked_deps
+
+    # Given a gemfile and lockfile creates a Carat definition
+    #
+    # @param gemfile [Pathname] Path to Gemfile
+    # @param lockfile [Pathname,nil] Path to Gemfile.lock
+    # @param unlock [Hash, Boolean, nil] Gems that have been requested
+    #   to be updated or true if all gems should be updated
+    # @return [Carat::Definition]
+    def self.build(gemfile, lockfile, unlock)
+      unlock ||= {}
+      gemfile = Pathname.new(gemfile).expand_path
+
+      unless gemfile.file?
+        raise GemfileNotFound, "#{gemfile} not found"
+      end
+
+      Dsl.evaluate(gemfile, lockfile, unlock)
+    end
+
+
+    #
+    # How does the new system work?
+    #
+    # * Load information from Gemfile and Lockfile
+    # * Invalidate stale locked specs
+    #  * All specs from stale source are stale
+    #  * All specs that are reachable only through a stale
+    #    dependency are stale.
+    # * If all fresh dependencies are satisfied by the locked
+    #  specs, then we can try to resolve locally.
+    #
+    # @param lockfile [Pathname] Path to Gemfile.lock
+    # @param dependencies [Array(Carat::Dependency)] array of dependencies from Gemfile
+    # @param sources [Carat::SourceList]
+    # @param unlock [Hash, Boolean, nil] Gems that have been requested
+    #   to be updated or true if all gems should be updated
+    # @param ruby_version [Carat::RubyVersion, nil] Requested Ruby Version
+    def initialize(lockfile, dependencies, sources, unlock, ruby_version = nil)
+      @unlocking = unlock == true || !unlock.empty?
+
+      @dependencies, @sources, @unlock = dependencies, sources, unlock
+      @remote            = false
+      @specs             = nil
+      @lockfile_contents = ""
+      @ruby_version      = ruby_version
+
+      if lockfile && File.exist?(lockfile)
+        @lockfile_contents = Carat.read_file(lockfile)
+        locked = LockfileParser.new(@lockfile_contents)
+        @platforms      = locked.platforms
+
+        if unlock != true
+          @locked_deps    = locked.dependencies
+          @locked_specs   = SpecSet.new(locked.specs)
+          @locked_sources = locked.sources
+        else
+          @unlock         = {}
+          @locked_deps    = []
+          @locked_specs   = SpecSet.new([])
+          @locked_sources = []
+        end
+      else
+        @unlock         = {}
+        @platforms      = []
+        @locked_deps    = []
+        @locked_specs   = SpecSet.new([])
+        @locked_sources = []
+      end
+
+      @unlock[:gems] ||= []
+      @unlock[:sources] ||= []
+
+      current_platform = Carat.rubygems.platforms.map { |p| generic(p) }.compact.last
+      @new_platform = !@platforms.include?(current_platform)
+      @platforms |= [current_platform]
+
+      @path_changes = converge_paths
+      eager_unlock = expand_dependencies(@unlock[:gems])
+      @unlock[:gems] = @locked_specs.for(eager_unlock).map { |s| s.name }
+
+      @source_changes = converge_sources
+      @dependency_changes = converge_dependencies
+      @local_changes = converge_locals
+
+      fixup_dependency_types!
+    end
+
+    def fixup_dependency_types!
+      # XXX This is a temporary workaround for a bug when using rubygems 1.8.15
+      # where Gem::Dependency#== matches Gem::Dependency#type. As the lockfile
+      # doesn't carry a notion of the dependency type, if you use
+      # add_development_dependency in a gemspec that's loaded with the gemspec
+      # directive, the lockfile dependencies and resolved dependencies end up
+      # with a mismatch on #type.
+      # Test coverage to catch a regression on this is in gemspec_spec.rb
+      @dependencies.each do |d|
+        if ld = @locked_deps.find { |l| l.name == d.name }
+          ld.instance_variable_set(:@type, d.type)
+        end
+      end
+    end
+
+    def resolve_with_cache!
+      raise "Specs already loaded" if @specs
+      sources.cached!
+      specs
+    end
+
+    def resolve_remotely!
+      raise "Specs already loaded" if @specs
+      @remote = true
+      sources.remote!
+      specs
+    end
+
+    # For given dependency list returns a SpecSet with Gemspec of all the required
+    # dependencies.
+    #  1. The method first resolves the dependencies specified in Gemfile
+    #  2. After that it tries and fetches gemspec of resolved dependencies
+    #
+    # @return [Carat::SpecSet]
+    def specs
+      @specs ||= begin
+        specs = resolve.materialize(Carat.settings[:cache_all_platforms] ? dependencies : requested_dependencies)
+
+        unless specs["carat"].any?
+          local = Carat.settings[:frozen] ? rubygems_index : index
+          carat = local.search(Gem::Dependency.new('carat', VERSION)).last
+          specs["carat"] = carat if carat
+        end
+
+        specs
+      end
+    end
+
+    def new_specs
+      specs - @locked_specs
+    end
+
+    def removed_specs
+      @locked_specs - specs
+    end
+
+    def new_platform?
+      @new_platform
+    end
+
+    def missing_specs
+      missing = []
+      resolve.materialize(requested_dependencies, missing)
+      missing
+    end
+
+    def requested_specs
+      @requested_specs ||= begin
+        groups = self.groups - Carat.settings.without
+        groups.map! { |g| g.to_sym }
+        specs_for(groups)
+      end
+    end
+
+    def current_dependencies
+      dependencies.reject { |d| !d.should_include? }
+    end
+
+    def specs_for(groups)
+      deps = dependencies.select { |d| (d.groups & groups).any? }
+      deps.delete_if { |d| !d.should_include? }
+      specs.for(expand_dependencies(deps))
+    end
+
+    # Resolve all the dependencies specified in Gemfile. It ensures that
+    # dependencies that have been already resolved via locked file and are fresh
+    # are reused when resolving dependencies
+    #
+    # @return [SpecSet] resolved dependencies
+    def resolve
+      @resolve ||= begin
+        last_resolve = converge_locked_specs
+        if Carat.settings[:frozen] || (!@unlocking && nothing_changed?)
+          last_resolve
+        else
+          # Run a resolve against the locally available gems
+          last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve)
+        end
+      end
+    end
+
+    def index
+      @index ||= Index.build do |idx|
+        dependency_names = @dependencies.map { |d| d.name }
+
+        sources.all_sources.each do |source|
+          source.dependency_names = dependency_names.dup
+          idx.add_source source.specs
+          dependency_names -= pinned_spec_names(source.specs)
+          dependency_names.push(*source.unmet_deps).uniq!
+        end
+      end
+    end
+
+    # used when frozen is enabled so we can find the carat
+    # spec, even if (say) a git gem is not checked out.
+    def rubygems_index
+      @rubygems_index ||= Index.build do |idx|
+        sources.rubygems_sources.each do |rubygems|
+          idx.add_source rubygems.specs
+        end
+      end
+    end
+
+    def has_rubygems_remotes?
+      sources.rubygems_sources.any? {|s| s.remotes.any? }
+    end
+
+    def has_local_dependencies?
+      !sources.path_sources.empty? || !sources.git_sources.empty?
+    end
+
+    def spec_git_paths
+      sources.git_sources.map {|s| s.path.to_s }
+    end
+
+    def groups
+      dependencies.map { |d| d.groups }.flatten.uniq
+    end
+
+    def lock(file)
+      contents = to_lock
+
+      # Convert to \r\n if the existing lock has them
+      # i.e., Windows with `git config core.autocrlf=true`
+      contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match("\r\n")
+
+      return if @lockfile_contents == contents
+
+      if Carat.settings[:frozen]
+        Carat.ui.error "Cannot write a changed lockfile while frozen."
+        return
+      end
+
+      File.open(file, 'wb'){|f| f.puts(contents) }
+    rescue Errno::EACCES
+      raise Carat::InstallError,
+        "There was an error while trying to write to Gemfile.lock. It is likely that \n" \
+        "you need to allow write permissions for the file at path: \n" \
+        "#{File.expand_path(file)}"
+    end
+
+    def to_lock
+      out = ""
+
+      sources.lock_sources.each do |source|
+        # Add the source header
+        out << source.to_lock
+        # Find all specs for this source
+        resolve.
+          select { |s| source.can_lock?(s) }.
+          # This needs to be sorted by full name so that
+          # gems with the same name, but different platform
+          # are ordered consistently
+          sort_by { |s| s.full_name }.
+          each do |spec|
+            next if spec.name == 'carat'
+            out << spec.to_lock
+          end
+        out << "\n"
+      end
+
+      out << "PLATFORMS\n"
+
+      platforms.map { |p| p.to_s }.sort.each do |p|
+        out << "  #{p}\n"
+      end
+
+      out << "\n"
+      out << "DEPENDENCIES\n"
+
+      handled = []
+      dependencies.
+        sort_by { |d| d.to_s }.
+        each do |dep|
+          next if handled.include?(dep.name)
+          out << dep.to_lock
+          handled << dep.name
+      end
+
+      out
+    end
+
+    def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false)
+      msg = "You are trying to install in deployment mode after changing\n" \
+            "your Gemfile. Run `carat install` elsewhere and add the\n" \
+            "updated Gemfile.lock to version control."
+
+      unless explicit_flag
+        msg += "\n\nIf this is a development machine, remove the Gemfile " \
+               "freeze \nby running `carat install --no-deployment`."
+      end
+
+      added =   []
+      deleted = []
+      changed = []
+
+      gemfile_sources = sources.lock_sources
+      if @locked_sources != gemfile_sources
+        new_sources = gemfile_sources - @locked_sources
+        deleted_sources = @locked_sources - gemfile_sources
+
+        if new_sources.any?
+          added.concat new_sources.map { |source| "* source: #{source}" }
+        end
+
+        if deleted_sources.any?
+          deleted.concat deleted_sources.map { |source| "* source: #{source}" }
+        end
+      end
+
+      new_deps = @dependencies - @locked_deps
+      deleted_deps = @locked_deps - @dependencies
+
+      if new_deps.any?
+        added.concat new_deps.map { |d| "* #{pretty_dep(d)}" }
+      end
+
+      if deleted_deps.any?
+        deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" }
+      end
+
+      both_sources = Hash.new { |h,k| h[k] = [] }
+      @dependencies.each { |d| both_sources[d.name][0] = d }
+      @locked_deps.each  { |d| both_sources[d.name][1] = d.source }
+
+      both_sources.each do |name, (dep, lock_source)|
+        if (dep.nil? && !lock_source.nil?) || (!dep.nil? && !lock_source.nil? && !lock_source.can_lock?(dep))
+          gemfile_source_name = (dep && dep.source) || 'no specified source'
+          lockfile_source_name = lock_source || 'no specified source'
+          changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`"
+        end
+      end
+
+      msg << "\n\nYou have added to the Gemfile:\n"     << added.join("\n") if added.any?
+      msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
+      msg << "\n\nYou have changed in the Gemfile:\n"   << changed.join("\n") if changed.any?
+      msg << "\n"
+
+      raise ProductionError, msg if added.any? || deleted.any? || changed.any?
+    end
+
+    def validate_ruby!
+      return unless ruby_version
+
+      if diff = ruby_version.diff(Carat.ruby_version)
+        problem, expected, actual = diff
+
+        msg = case problem
+        when :engine
+          "Your Ruby engine is #{actual}, but your Gemfile specified #{expected}"
+        when :version
+          "Your Ruby version is #{actual}, but your Gemfile specified #{expected}"
+        when :engine_version
+          "Your #{Carat.ruby_version.engine} version is #{actual}, but your Gemfile specified #{ruby_version.engine} #{expected}"
+        when :patchlevel
+          if !expected.is_a?(String)
+            "The Ruby patchlevel in your Gemfile must be a string"
+          else
+            "Your Ruby patchlevel is #{actual}, but your Gemfile specified #{expected}"
+          end
+        end
+
+        raise RubyVersionMismatch, msg
+      end
+    end
+
+    attr_reader :sources
+    private     :sources
+
+  private
+
+    def nothing_changed?
+      !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes
+    end
+
+    def pretty_dep(dep, source = false)
+      msg  = "#{dep.name}"
+      msg << " (#{dep.requirement})" unless dep.requirement == Gem::Requirement.default
+      msg << " from the `#{dep.source}` source" if source && dep.source
+      msg
+    end
+
+    # Check if the specs of the given source changed
+    # according to the locked source. A block should be
+    # in order to specify how the locked version of
+    # the source should be found.
+    def specs_changed?(source, &block)
+      locked = @locked_sources.find(&block)
+
+      if locked
+        unlocking = @locked_specs.any? do |locked_spec|
+          locked_spec.source.class == locked.class && locked_spec.source != locked
+        end
+      end
+
+      !locked || unlocking || dependencies_for_source_changed?(locked) || source.specs != locked.specs
+    end
+
+    def dependencies_for_source_changed?(source)
+      deps_for_source = @dependencies.select { |s| s.source == source }
+      locked_deps_for_source = @locked_deps.select { |s| s.source == source }
+
+      deps_for_source != locked_deps_for_source
+    end
+
+    # Get all locals and override their matching sources.
+    # Return true if any of the locals changed (for example,
+    # they point to a new revision) or depend on new specs.
+    def converge_locals
+      locals = []
+
+      Carat.settings.local_overrides.map do |k,v|
+        spec   = @dependencies.find { |s| s.name == k }
+        source = spec && spec.source
+        if source && source.respond_to?(:local_override!)
+          source.unlock! if @unlock[:gems].include?(spec.name)
+          locals << [ source, source.local_override!(v) ]
+        end
+      end
+
+      locals.any? do |source, changed|
+        changed || specs_changed?(source) { |o| source.class == o.class && source.uri == o.uri }
+      end
+    end
+
+    def converge_paths
+      sources.path_sources.any? do |source|
+        specs_changed?(source) do |ls|
+          ls.class == source.class && ls.path == source.path
+        end
+      end
+    end
+
+    def converge_sources
+      changes = false
+
+      # Get the Rubygems sources from the Gemfile.lock
+      locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) }
+      # Get the Rubygems remotes from the Gemfile
+      actual_remotes = sources.rubygems_remotes
+
+      # If there is a Rubygems source in both
+      if !locked_gem_sources.empty? && !actual_remotes.empty?
+        locked_gem_sources.each do |locked_gem|
+          # Merge the remotes from the Gemfile into the Gemfile.lock
+          changes = changes | locked_gem.replace_remotes(actual_remotes)
+        end
+      end
+
+      # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
+      # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
+      # source in the Gemfile.lock, use the one from the Gemfile.
+      changes = changes | sources.replace_sources!(@locked_sources)
+
+      sources.all_sources.each do |source|
+        # If the source is unlockable and the current command allows an unlock of
+        # the source (for example, you are doing a `carat update <foo>` of a git-pinned
+        # gem), unlock it. For git sources, this means to unlock the revision, which
+        # will cause the `ref` used to be the most recent for the branch (or master) if
+        # an explicit `ref` is not used.
+        if source.respond_to?(:unlock!) && @unlock[:sources].include?(source.name)
+          source.unlock!
+          changes = true
+        end
+      end
+
+      changes
+    end
+
+    def converge_dependencies
+      (@dependencies + @locked_deps).each do |dep|
+        if dep.source
+          dep.source = sources.get(dep.source)
+        end
+      end
+      Set.new(@dependencies) != Set.new(@locked_deps)
+    end
+
+    # Remove elements from the locked specs that are expired. This will most
+    # commonly happen if the Gemfile has changed since the lockfile was last
+    # generated
+    def converge_locked_specs
+      deps = []
+
+      # Build a list of dependencies that are the same in the Gemfile
+      # and Gemfile.lock. If the Gemfile modified a dependency, but
+      # the gem in the Gemfile.lock still satisfies it, this is fine
+      # too.
+      locked_deps_hash = @locked_deps.inject({}) { |hsh, dep| hsh[dep] = dep; hsh }
+      @dependencies.each do |dep|
+        locked_dep = locked_deps_hash[dep]
+
+        if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
+          deps << dep
+        elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
+          @locked_specs.each do |s|
+            @unlock[:gems] << s.name if s.source == dep.source
+          end
+
+          dep.source.unlock! if dep.source.respond_to?(:unlock!)
+          dep.source.specs.each { |s| @unlock[:gems] << s.name }
+        end
+      end
+
+      converged = []
+      @locked_specs.each do |s|
+        # Replace the locked dependency's source with the equivalent source from the Gemfile
+        dep = @dependencies.find { |d| s.satisfies?(d) }
+        s.source = (dep && dep.source) || sources.get(s.source)
+
+        # Don't add a spec to the list if its source is expired. For example,
+        # if you change a Git gem to Rubygems.
+        next if s.source.nil? || @unlock[:sources].include?(s.name)
+        # If the spec is from a path source and it doesn't exist anymore
+        # then we just unlock it.
+
+        # Path sources have special logic
+        if s.source.instance_of?(Source::Path)
+          other = s.source.specs[s].first
+
+          # If the spec is no longer in the path source, unlock it. This
+          # commonly happens if the version changed in the gemspec
+          next unless other
+
+          deps2 = other.dependencies.select { |d| d.type != :development }
+          # If the dependencies of the path source have changed, unlock it
+          next unless s.dependencies.sort == deps2.sort
+        end
+
+        converged << s
+      end
+
+      resolve = SpecSet.new(converged)
+      resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems])
+      diff    = @locked_specs.to_a - resolve.to_a
+
+      # Now, we unlock any sources that do not have anymore gems pinned to it
+      sources.all_sources.each do |source|
+        next unless source.respond_to?(:unlock!)
+
+        unless resolve.any? { |s| s.source == source }
+          source.unlock! if !diff.empty? && diff.any? { |s| s.source == source }
+        end
+      end
+
+      resolve
+    end
+
+    def in_locked_deps?(dep, locked_dep)
+      # Because the lockfile can't link a dep to a specific remote, we need to
+      # treat sources as equivalent anytime the locked dep has all the remotes
+      # that the Gemfile dep does.
+      locked_dep && locked_dep.source && dep.source && locked_dep.source.include?(dep.source)
+    end
+
+    def satisfies_locked_spec?(dep)
+      @locked_specs.any? { |s| s.satisfies?(dep) && (!dep.source || s.source.include?(dep.source)) }
+    end
+
+    def expanded_dependencies
+      @expanded_dependencies ||= expand_dependencies(dependencies, @remote)
+    end
+
+    def expand_dependencies(dependencies, remote = false)
+      deps = []
+      dependencies.each do |dep|
+        dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name)
+        next unless remote || dep.current_platform?
+        dep.gem_platforms(@platforms).each do |p|
+          deps << DepProxy.new(dep, p) if remote || p == generic(Gem::Platform.local)
+        end
+      end
+      deps
+    end
+
+    def requested_dependencies
+      groups = self.groups - Carat.settings.without
+      groups.map! { |g| g.to_sym }
+      dependencies.reject { |d| !d.should_include? || (d.groups & groups).empty? }
+    end
+
+    def source_requirements
+      # Load all specs from remote sources
+      index
+
+      # Record the specs available in each gem's source, so that those
+      # specs will be available later when the resolver knows where to
+      # look for that gemspec (or its dependencies)
+      source_requirements = {}
+      dependencies.each do |dep|
+        next unless dep.source
+        source_requirements[dep.name] = dep.source.specs
+      end
+      source_requirements
+    end
+
+    def pinned_spec_names(specs)
+      names = []
+      specs.each do |s|
+        # TODO when two sources without blocks is an error, we can change
+        # this check to !s.source.is_a?(Source::LocalRubygems). For now,
+        # we need to ask every Rubygems for every gem name.
+        if s.source.is_a?(Source::Git) || s.source.is_a?(Source::Path)
+          names << s.name
+        end
+      end
+      names.uniq!
+      names
+    end
+
+  end
+end