rubygems-update 2.6.14 → 2.7.0

data/bundler/lib/bundler/source/rubygems/remote.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Bundler
   class Source
     class Rubygems
@@ -20,16 +21,22 @@ module Bundler
         #
         def cache_slug
           @cache_slug ||= begin
+            return nil unless SharedHelpers.md5_available?
+
             cache_uri = original_uri || uri
 
             uri_parts = [cache_uri.host, cache_uri.user, cache_uri.port, cache_uri.path]
-            uri_digest = Digest::MD5.hexdigest(uri_parts.compact.join("."))
+            uri_digest = SharedHelpers.digest(:MD5).hexdigest(uri_parts.compact.join("."))
 
             uri_parts[-1] = uri_digest
             uri_parts.compact.join(".")
           end
         end
 
+        def to_s
+          "rubygems remote at #{anonymized_uri}"
+        end
+
       private
 
         def apply_auth(uri, auth)

data/bundler/lib/bundler/source_list.rb

@@ -1,16 +1,21 @@
 # frozen_string_literal: true
+
 module Bundler
   class SourceList
     attr_reader :path_sources,
       :git_sources,
-      :plugin_sources
+      :plugin_sources,
+      :global_rubygems_source,
+      :metadata_source
 
     def initialize
-      @path_sources       = []
-      @git_sources        = []
-      @plugin_sources     = []
-      @rubygems_aggregate = Source::Rubygems.new
-      @rubygems_sources   = []
+      @path_sources           = []
+      @git_sources            = []
+      @plugin_sources         = []
+      @global_rubygems_source = nil
+      @rubygems_aggregate     = rubygems_aggregate_class.new
+      @rubygems_sources       = []
+      @metadata_source        = Source::Metadata.new
     end
 
     def add_path_source(options = {})
@@ -35,13 +40,28 @@ module Bundler
       add_source_to_list Plugin.source(source).new(options), @plugin_sources
     end
 
+    def global_rubygems_source=(uri)
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        @global_rubygems_source ||= rubygems_aggregate_class.new("remotes" => uri)
+      end
+      add_rubygems_remote(uri)
+    end
+
     def add_rubygems_remote(uri)
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        return if Bundler.feature_flag.disable_multisource?
+        raise InvalidOption, "`lockfile_uses_separate_rubygems_sources` cannot be set without `disable_multisource` being set"
+      end
       @rubygems_aggregate.add_remote(uri)
       @rubygems_aggregate
     end
 
+    def default_source
+      global_rubygems_source || @rubygems_aggregate
+    end
+
     def rubygems_sources
-      @rubygems_sources + [@rubygems_aggregate]
+      @rubygems_sources + [default_source]
     end
 
     def rubygems_remotes
@@ -49,18 +69,25 @@ module Bundler
     end
 
     def all_sources
-      path_sources + git_sources + plugin_sources + rubygems_sources
+      path_sources + git_sources + plugin_sources + rubygems_sources + [metadata_source]
     end
 
     def get(source)
-      source_list_for(source).find {|s| source == s }
+      source_list_for(source).find {|s| equal_source?(source, s) || equivalent_source?(source, s) }
     end
 
     def lock_sources
-      lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
-      lock_sources << combine_rubygems_sources
+      if Bundler.feature_flag.lockfile_uses_separate_rubygems_sources?
+        [[default_source], @rubygems_sources, git_sources, path_sources, plugin_sources].map do |sources|
+          sources.sort_by(&:to_s)
+        end.flatten(1)
+      else
+        lock_sources = (path_sources + git_sources + plugin_sources).sort_by(&:to_s)
+        lock_sources << combine_rubygems_sources
+      end
     end
 
+    # Returns true if there are changes
     def replace_sources!(replacement_sources)
       return true if replacement_sources.empty?
 
@@ -70,13 +97,14 @@ module Bundler
         end
       end
 
-      replacement_rubygems =
+      replacement_rubygems = !Bundler.feature_flag.lockfile_uses_separate_rubygems_sources? &&
         replacement_sources.detect {|s| s.is_a?(Source::Rubygems) }
       @rubygems_aggregate = replacement_rubygems if replacement_rubygems
 
-      # Return true if there were changes
-      lock_sources.to_set != replacement_sources.to_set ||
-        rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
+      return true if !equal_sources?(lock_sources, replacement_sources) && !equivalent_sources?(lock_sources, replacement_sources)
+      return true if replacement_rubygems && rubygems_remotes.to_set != replacement_rubygems.remotes.to_set
+
+      false
     end
 
     def cached!
@@ -93,6 +121,10 @@ module Bundler
 
   private
 
+    def rubygems_aggregate_class
+      Source::Rubygems
+    end
+
     def add_source_to_list(source, list)
       list.unshift(source).uniq!
       source
@@ -122,5 +154,33 @@ module Bundler
           "protocol to keep your data secure."
       end
     end
+
+    def equal_sources?(lock_sources, replacement_sources)
+      lock_sources.to_set == replacement_sources.to_set
+    end
+
+    def equal_source?(source, other_source)
+      source == other_source
+    end
+
+    def equivalent_source?(source, other_source)
+      return false unless Bundler.settings[:allow_deployment_source_credential_changes] && source.is_a?(Source::Rubygems)
+
+      equivalent_rubygems_sources?([source], [other_source])
+    end
+
+    def equivalent_sources?(lock_sources, replacement_sources)
+      return false unless Bundler.settings[:allow_deployment_source_credential_changes]
+
+      lock_rubygems_sources, lock_other_sources = lock_sources.partition {|s| s.is_a?(Source::Rubygems) }
+      replacement_rubygems_sources, replacement_other_sources = replacement_sources.partition {|s| s.is_a?(Source::Rubygems) }
+
+      equivalent_rubygems_sources?(lock_rubygems_sources, replacement_rubygems_sources) && equal_sources?(lock_other_sources, replacement_other_sources)
+    end
+
+    def equivalent_rubygems_sources?(lock_sources, replacement_sources)
+      actual_remotes = replacement_sources.map(&:remotes).flatten.uniq
+      lock_sources.all? {|s| s.equivalent_remotes?(actual_remotes) }
+    end
   end
 end

data/bundler/lib/bundler/spec_set.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
+
 require "tsort"
 require "forwardable"
+require "set"
 
 module Bundler
   class SpecSet
@@ -11,20 +13,18 @@ module Bundler
     def_delegators :sorted, :each
 
     def initialize(specs)
-      @specs = specs.sort_by(&:name)
+      @specs = specs
     end
 
-    def for(dependencies, skip = [], check = false, match_current_platform = false)
-      handled = {}
+    def for(dependencies, skip = [], check = false, match_current_platform = false, raise_on_missing = true)
+      handled = Set.new
       deps = dependencies.dup
       specs = []
       skip += ["bundler"]
 
-      until deps.empty?
-        dep = deps.shift
-        next if handled[dep] || skip.include?(dep.name)
-
-        handled[dep] = true
+      loop do
+        break unless dep = deps.shift
+        next if !handled.add?(dep) || skip.include?(dep.name)
 
         if spec = spec_for_dependency(dep, match_current_platform)
           specs << spec
@@ -36,6 +36,8 @@ module Bundler
           end
         elsif check
           return false
+        elsif raise_on_missing
+          raise "Unable to find a spec satisfying #{dep} in the set. Perhaps the lockfile is corrupted?"
         end
       end
 
@@ -75,20 +77,21 @@ module Bundler
     end
 
     def materialize(deps, missing_specs = nil)
-      materialized = self.for(deps, [], false, true).to_a
+      materialized = self.for(deps, [], false, true, !missing_specs).to_a
       deps = materialized.map(&:name).uniq
       materialized.map! do |s|
         next s unless s.is_a?(LazySpecification)
         s.source.dependency_names = deps if s.source.respond_to?(:dependency_names=)
         spec = s.__materialize__
-        if missing_specs
-          missing_specs << s unless spec
-        else
-          raise GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
+        unless spec
+          unless missing_specs
+            raise GemNotFound, "Could not find #{s.full_name} in any of the sources"
+          end
+          missing_specs << s
         end
-        spec if spec
+        spec
       end
-      SpecSet.new(materialized.compact)
+      SpecSet.new(missing_specs ? materialized.compact : materialized)
     end
 
     # Materialize for all the specs in the spec set, regardless of what platform they're for
@@ -107,9 +110,10 @@ module Bundler
 
     def merge(set)
       arr = sorted.dup
-      set.each do |s|
-        next if arr.any? {|s2| s2.name == s.name && s2.version == s.version && s2.platform == s.platform }
-        arr << s
+      set.each do |set_spec|
+        full_name = set_spec.full_name
+        next if arr.any? {|spec| spec.full_name == full_name }
+        arr << set_spec
       end
       SpecSet.new(arr)
     end
@@ -118,6 +122,13 @@ module Bundler
       @specs.detect {|spec| spec.name == name && spec.match_platform(platform) }
     end
 
+    def what_required(spec)
+      unless req = find {|s| s.dependencies.any? {|d| d.type == :runtime && d.name == spec.name } }
+        return [spec]
+      end
+      what_required(req) << spec
+    end
+
   private
 
     def sorted
@@ -151,18 +162,20 @@ module Bundler
     end
 
     def tsort_each_node
-      @specs.each {|s| yield s }
+      # MUST sort by name for backwards compatibility
+      @specs.sort_by(&:name).each {|s| yield s }
     end
 
     def spec_for_dependency(dep, match_current_platform)
+      specs_for_platforms = lookup[dep.name]
       if match_current_platform
         Bundler.rubygems.platforms.reverse_each do |pl|
-          match = GemHelpers.select_best_platform_match(lookup[dep.name], pl)
+          match = GemHelpers.select_best_platform_match(specs_for_platforms, pl)
           return match if match
         end
         nil
       else
-        GemHelpers.select_best_platform_match(lookup[dep.name], dep.__platform)
+        GemHelpers.select_best_platform_match(specs_for_platforms, dep.__platform)
       end
     end
 

data/bundler/lib/bundler/ssl_certs/certificate_manager.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-require "fileutils"
+
+require "bundler/vendored_fileutils"
 require "net/https"
 require "openssl"
 

data/bundler/lib/bundler/stub_specification.rb

@@ -1,24 +1,108 @@
 # frozen_string_literal: true
+
 require "bundler/remote_specification"
 
 module Bundler
   class StubSpecification < RemoteSpecification
     def self.from_stub(stub)
+      return stub if stub.is_a?(Bundler::StubSpecification)
       spec = new(stub.name, stub.version, stub.platform, nil)
       spec.stub = stub
       spec
     end
 
-    attr_accessor :stub
+    attr_accessor :stub, :ignored
+
+    # Pre 2.2.0 did not include extension_dir
+    # https://github.com/rubygems/rubygems/commit/9485ca2d101b82a946d6f327f4bdcdea6d4946ea
+    if Bundler.rubygems.provides?(">= 2.2.0")
+      def source=(source)
+        super
+        # Stub has no concept of source, which means that extension_dir may be wrong
+        # This is the case for git-based gems. So, instead manually assign the extension dir
+        return unless source.respond_to?(:extension_dir_name)
+        path = File.join(stub.extensions_dir, source.extension_dir_name)
+        stub.extension_dir = File.expand_path(path)
+      end
+    end
 
     def to_yaml
       _remote_specification.to_yaml
     end
 
+    # @!group Stub Delegates
+
+    if Bundler.rubygems.provides?(">= 2.3")
+      # This is defined directly to avoid having to load every installed spec
+      def missing_extensions?
+        stub.missing_extensions?
+      end
+    end
+
+    def activated
+      stub.activated
+    end
+
+    def activated=(activated)
+      stub.instance_variable_set(:@activated, activated)
+    end
+
+    def default_gem
+      stub.default_gem
+    end
+
+    def full_gem_path
+      # deleted gems can have their stubs return nil, so in that case grab the
+      # expired path from the full spec
+      stub.full_gem_path || method_missing(:full_gem_path)
+    end
+
+    if Bundler.rubygems.provides?(">= 2.2.0")
+      def full_require_paths
+        stub.full_require_paths
+      end
+
+      # This is what we do in bundler/rubygems_ext
+      # full_require_paths is always implemented in >= 2.2.0
+      def load_paths
+        full_require_paths
+      end
+    end
+
+    def loaded_from
+      stub.loaded_from
+    end
+
+    if Bundler.rubygems.stubs_provide_full_functionality?
+      def matches_for_glob(glob)
+        stub.matches_for_glob(glob)
+      end
+    end
+
+    def raw_require_paths
+      stub.raw_require_paths
+    end
+
   private
 
     def _remote_specification
-      stub.to_spec
+      @_remote_specification ||= begin
+        rs = stub.to_spec
+        if rs.equal?(self) # happens when to_spec gets the spec from Gem.loaded_specs
+          rs = Gem::Specification.load(loaded_from)
+          Bundler.rubygems.stub_set_spec(stub, rs)
+        end
+
+        unless rs
+          raise GemspecError, "The gemspec for #{full_name} at #{loaded_from}" \
+            " was missing or broken. Try running `gem pristine #{name} -v #{version}`" \
+            " to fix the cached spec."
+        end
+
+        rs.source = source
+
+        rs
+      end
     end
   end
 end

data/bundler/lib/bundler/templates/Executable

@@ -1,5 +1,6 @@
-#!/usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG['ruby_install_name'] %>
+#!/usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG["ruby_install_name"] %>
 # frozen_string_literal: true
+
 #
 # This file was generated by Bundler.
 #
@@ -7,6 +8,9 @@
 # this file is here to facilitate running it.
 #
 
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+load(bundle_binstub) if File.file?(bundle_binstub)
+
 require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../<%= relative_gemfile_path %>",
   Pathname.new(__FILE__).realpath)

data/bundler/lib/bundler/templates/Executable.bundler

@@ -0,0 +1,105 @@
+#!/usr/bin/env <%= Bundler.settings[:shebang] || RbConfig::CONFIG["ruby_install_name"] %>
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application '<%= executable %>' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "rubygems"
+
+m = Module.new do
+    module_function
+
+  def invoked_as_script?
+    File.expand_path($0) == File.expand_path(__FILE__)
+  end
+
+  def env_var_version
+    ENV["BUNDLER_VERSION"]
+  end
+
+  def cli_arg_version
+    return unless invoked_as_script? # don't want to hijack other binstubs
+    return unless "update".start_with?(ARGV.first || " ") # must be running `bundle update`
+    bundler_version = nil
+    update_index = nil
+    ARGV.each_with_index do |a, i|
+      if update_index && update_index.succ == i && a =~ Gem::Version::ANCHORED_VERSION_PATTERN
+        bundler_version = a
+      end
+      next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/
+      bundler_version = $1 || ">= 0.a"
+      update_index = i
+    end
+    bundler_version
+  end
+
+  def gemfile
+    gemfile = ENV["BUNDLE_GEMFILE"]
+    return gemfile if gemfile && !gemfile.empty?
+
+    File.expand_path("../<%= relative_gemfile_path %>", __FILE__)
+  end
+
+  def lockfile
+    lockfile =
+      case File.basename(gemfile)
+      when "gems.rb" then gemfile.sub(/\.rb$/, gemfile)
+      else "#{gemfile}.lock"
+      end
+    File.expand_path(lockfile)
+  end
+
+  def lockfile_version
+    return unless File.file?(lockfile)
+    lockfile_contents = File.read(lockfile)
+    return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/
+    Regexp.last_match(1)
+  end
+
+  def bundler_version
+    @bundler_version ||= begin
+      env_var_version || cli_arg_version ||
+        lockfile_version || "#{Gem::Requirement.default}.a"
+    end
+  end
+
+  def load_bundler!
+    ENV["BUNDLE_GEMFILE"] ||= gemfile
+
+    # must dup string for RG < 1.8 compatibility
+    activate_bundler(bundler_version.dup)
+  end
+
+  def activate_bundler(bundler_version)
+    if Gem::Version.correct?(bundler_version) && Gem::Version.new(bundler_version).release < Gem::Version.new("2.0")
+      bundler_version = "< 2"
+    end
+    gem_error = activation_error_handling do
+      gem "bundler", bundler_version
+    end
+    return if gem_error.nil?
+    require_error = activation_error_handling do
+      require "bundler/version"
+    end
+    return if require_error.nil? && Gem::Requirement.new(bundler_version).satisfied_by?(Gem::Version.new(Bundler::VERSION))
+    warn "Activating bundler (#{bundler_version}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_version}'`"
+    exit 42
+  end
+
+  def activation_error_handling
+    yield
+    nil
+  rescue StandardError, LoadError => e
+    e
+  end
+end
+
+m.load_bundler!
+
+if m.invoked_as_script?
+  load Gem.bin_path("<%= spec.name %>", "<%= executable %>")
+end