rubygems-update 2.6.14 → 2.7.0

data/lib/rubygems/installer.rb

@@ -136,8 +136,9 @@ class Gem::Installer
   end
 
   ##
-  # Constructs an Installer instance that will install the gem located at
-  # +gem+.  +options+ is a Hash with the following keys:
+  # Constructs an Installer instance that will install the gem at +package+ which
+  # can either be a path or an instance of Gem::Package.  +options+ is a Hash
+  # with the following keys:
   #
   # :bin_dir:: Where to put a bin wrapper if needed.
   # :development:: Whether or not development dependencies should be installed.
@@ -157,6 +158,7 @@ class Gem::Installer
   # :wrappers:: Install wrappers if true, symlinks if false.
   # :build_args:: An Array of arguments to pass to the extension builder
   #               process. If not set, then Gem::Command.build_args is used
+  # :post_install_message:: Print gem post install message if true
 
   def initialize(package, options={})
     require 'fileutils'
@@ -471,7 +473,7 @@ class Gem::Installer
 
       unless File.exist? bin_path then
         # TODO change this to a more useful warning
-        warn "#{bin_path} maybe `gem pristine #{spec.name}` will fix it?"
+        warn "`#{bin_path}` does not exist, maybe `gem pristine #{spec.name}` will fix it?"
         next
       end
 
@@ -608,7 +610,9 @@ class Gem::Installer
   def ensure_required_ruby_version_met # :nodoc:
     if rrv = spec.required_ruby_version then
       unless rrv.satisfied_by? Gem.ruby_version then
-        raise Gem::InstallError, "#{spec.name} requires Ruby version #{rrv}."
+        ruby_version = Gem.ruby_api_version
+        raise Gem::RuntimeRequirementNotMetError,
+          "#{spec.name} requires Ruby version #{rrv}. The current ruby version is #{ruby_version}."
       end
     end
   end
@@ -616,8 +620,9 @@ class Gem::Installer
   def ensure_required_rubygems_version_met # :nodoc:
     if rrgv = spec.required_rubygems_version then
       unless rrgv.satisfied_by? Gem.rubygems_version then
-        raise Gem::InstallError,
-          "#{spec.name} requires RubyGems version #{rrgv}. " +
+        rg_version = Gem::VERSION
+        raise Gem::RuntimeRequirementNotMetError,
+          "#{spec.name} requires RubyGems version #{rrgv}. The current RubyGems version is #{rg_version}. " +
           "Try 'gem update --system' to update RubyGems itself."
       end
     end
@@ -821,7 +826,7 @@ TEXT
   #
   # Version and dependency checks are skipped if this install is forced.
   #
-  # The dependent check will be skipped this install is ignoring dependencies.
+  # The dependent check will be skipped if the install is ignoring dependencies.
 
   def pre_install_checks
     verify_gem_home options[:unpack]

data/lib/rubygems/installer_test_case.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require 'rubygems/test_case'
 require 'rubygems/installer'
+require 'rubygems/deprecate'
 
 class Gem::Installer
 
@@ -72,7 +73,7 @@ class Gem::InstallerTestCase < Gem::TestCase
   #   a spec named 'a', intended for regular installs
   # @user_spec::
   #   a spec named 'b', intended for user installs
-
+  #
   # @gem::
   #   the path to a built gem from @spec
   # @user_spec::
@@ -107,15 +108,17 @@ class Gem::InstallerTestCase < Gem::TestCase
   end
 
   def util_gem_bindir spec = @spec # :nodoc:
-    # TODO: deprecate
     spec.bin_dir
   end
 
   def util_gem_dir spec = @spec # :nodoc:
-    # TODO: deprecate
     spec.gem_dir
   end
 
+  extend Gem::Deprecate
+  deprecate :util_gem_bindir, "@spec.bin_dir", 2016, 10
+  deprecate :util_gem_dir, "@spec.gem_dir", 2016, 10
+
   ##
   # The path where installed executables live
 

data/lib/rubygems/package/old.rb

@@ -124,7 +124,7 @@ class Gem::Package::Old < Gem::Package
       break unless line
     end
 
-    raise Gem::Exception, "Failed to find end of ruby script while reading gem"
+    raise Gem::Exception, "Failed to find end of Ruby script while reading gem"
   end
 
   ##

data/lib/rubygems/request.rb

@@ -83,7 +83,7 @@ class Gem::Request
                  e.message =~ / -- openssl$/
 
     raise Gem::Exception.new(
-            'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources')
+            'Unable to require openssl, install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources')
   end
 
   def self.verify_certificate store_context

data/lib/rubygems/request_set.rb

@@ -163,9 +163,26 @@ class Gem::RequestSet
         end
       end
 
-      spec = req.spec.install options do |installer|
-        yield req, installer if block_given?
-      end
+      spec =
+        begin
+          req.spec.install options do |installer|
+            yield req, installer if block_given?
+          end
+        rescue Gem::RuntimeRequirementNotMetError => e
+          recent_match = req.spec.set.find_all(req.request).sort_by(&:version).reverse_each.find do |s|
+            s = s.spec
+            s.required_ruby_version.satisfied_by?(Gem.ruby_version) && s.required_rubygems_version.satisfied_by?(Gem.rubygems_version)
+          end
+          if recent_match
+            suggestion = "The last version of #{req.request} to support your Ruby & RubyGems was #{recent_match.version}. Try installing it with `gem install #{recent_match.name} -v #{recent_match.version}`"
+            suggestion += " and then running the current command again" unless @always_install.include?(req.spec.spec)
+          else
+            suggestion = "There are no versions of #{req.request} compatible with your Ruby & RubyGems"
+            suggestion += ". Maybe try installing an older version of the gem you're looking for?" unless @always_install.include?(req.spec.spec)
+          end
+          e.suggestion = suggestion
+          raise
+        end
 
       requests << spec
     end

data/lib/rubygems/request_set/gem_dependency_api.rb

@@ -786,7 +786,7 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
     engine_version = options[:engine_version]
 
     raise ArgumentError,
-          'you must specify engine_version along with the ruby engine' if
+          'You must specify engine_version along with the Ruby engine' if
             engine and not engine_version
 
     return true if @installing
@@ -799,7 +799,7 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
     end
 
     if engine and engine != Gem.ruby_engine then
-      message = "Your ruby engine is #{Gem.ruby_engine}, " +
+      message = "Your Ruby engine is #{Gem.ruby_engine}, " +
                 "but your #{gem_deps_file} requires #{engine}"
 
       raise Gem::RubyVersionMismatch, message
@@ -810,7 +810,7 @@ Gem dependencies file #{@path} includes git reference for both ref/branch and ta
 
       if engine_version != my_engine_version then
         message =
-          "Your ruby engine version is #{Gem.ruby_engine} #{my_engine_version}, " +
+          "Your Ruby engine version is #{Gem.ruby_engine} #{my_engine_version}, " +
           "but your #{gem_deps_file} requires #{engine} #{engine_version}"
 
         raise Gem::RubyVersionMismatch, message

data/lib/rubygems/requirement.rb

@@ -51,7 +51,11 @@ class Gem::Requirement
   # If the input is "weird", the default version requirement is
   # returned.
 
-  def self.create input
+  def self.create *inputs
+    return new inputs if inputs.length > 1
+
+    input = inputs.shift
+
     case input
     when Gem::Requirement then
       input

data/lib/rubygems/resolver.rb

@@ -230,8 +230,28 @@ class Gem::Resolver
       exc.errors = @set.errors
       raise exc
     end
-    possibles.sort_by { |s| [s.source, s.version, Gem::Platform.local =~ s.platform ? 1 : 0] }.
-      map { |s| ActivationRequest.new s, dependency, [] }
+
+    sources = []
+
+    groups = Hash.new { |hash, key| hash[key] = [] }
+
+    # create groups & sources in the same loop
+    sources = possibles.map { |spec|
+      source = spec.source
+      groups[source] << spec
+      source
+    }.uniq.reverse
+
+    activation_requests = []
+
+    sources.each do |source|
+      groups[source].
+        sort_by { |spec| [spec.version, Gem::Platform.local =~ spec.platform ? 1 : 0] }.
+        map { |spec| ActivationRequest.new spec, dependency, [] }.
+        each { |activation_request| activation_requests << activation_request }
+    end
+
+    activation_requests
   end
 
   def dependencies_for(specification)
@@ -254,13 +274,14 @@ class Gem::Resolver
   end
 
   def sort_dependencies(dependencies, activated, conflicts)
-    dependencies.sort_by do |dependency|
+    dependencies.sort_by.with_index do |dependency, i|
       name = name_for(dependency)
       [
         activated.vertex_named(name).payload ? 0 : 1,
         amount_constrained(dependency),
         conflicts[name] ? 0 : 1,
         activated.vertex_named(name).payload ? 0 : search_for(dependency).count,
+        i # for stable sort
       ]
     end
   end

data/lib/rubygems/resolver/installer_set.rb

@@ -41,6 +41,7 @@ class Gem::Resolver::InstallerSet < Gem::Resolver::Set
     @ignore_dependencies = false
     @ignore_installed    = false
     @local               = {}
+    @local_source        = Gem::Source::Local.new
     @remote_set          = Gem::Resolver::BestSet.new
     @specs               = {}
   end
@@ -136,13 +137,11 @@ class Gem::Resolver::InstallerSet < Gem::Resolver::Set
 
       res.concat matching_local
 
-      local_source = Gem::Source::Local.new
-
       begin
-        if local_spec = local_source.find_gem(name, dep.requirement) then
+        if local_spec = @local_source.find_gem(name, dep.requirement) then
           res << Gem::Resolver::IndexSpecification.new(
             self, local_spec.name, local_spec.version,
-            local_source, local_spec.platform)
+            @local_source, local_spec.platform)
         end
       rescue Gem::Package::FormatError
         # ignore
@@ -194,7 +193,7 @@ class Gem::Resolver::InstallerSet < Gem::Resolver::Set
   # Has a local gem for +dep_name+ been added to this set?
 
   def local? dep_name # :nodoc:
-    spec, = @local[dep_name]
+    spec, _ = @local[dep_name]
 
     spec
   end
@@ -226,4 +225,3 @@ class Gem::Resolver::InstallerSet < Gem::Resolver::Set
   end
 
 end
-

data/lib/rubygems/safe_yaml.rb

@@ -35,7 +35,10 @@ module Gem
         ::YAML.safe_load(input, [::Symbol])
       end
     else
-      warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+      unless Gem::Deprecate.skip
+        warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+      end
+
       def self.safe_load input, *args
         ::YAML.load input
       end

data/lib/rubygems/security.rb

@@ -340,7 +340,9 @@ module Gem::Security
   # Digest algorithm used to sign gems
 
   DIGEST_ALGORITHM =
-    if defined?(OpenSSL::Digest::SHA1) then
+    if defined?(OpenSSL::Digest::SHA256) then
+      OpenSSL::Digest::SHA256
+    elsif defined?(OpenSSL::Digest::SHA1) then
       OpenSSL::Digest::SHA1
     end
 
@@ -363,7 +365,7 @@ module Gem::Security
   ##
   # Length of keys created by KEY_ALGORITHM
 
-  KEY_LENGTH = 2048
+  KEY_LENGTH = 3072
 
   ##
   # Cipher used to encrypt the key pair used to sign gems.
@@ -371,10 +373,15 @@ module Gem::Security
 
   KEY_CIPHER = OpenSSL::Cipher.new('AES-256-CBC') if defined?(OpenSSL::Cipher)
 
+  ##
+  # One day in seconds
+
+  ONE_DAY = 86400
+
   ##
   # One year in seconds
 
-  ONE_YEAR = 86400 * 365
+  ONE_YEAR = ONE_DAY * 365
 
   ##
   # The default set of extensions are:

data/lib/rubygems/security_option.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+#--
+# Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
+# All rights reserved.
+# See LICENSE.txt for permissions.
+#++
+
+require 'rubygems'
+
+# forward-declare
+
+module Gem::Security # :nodoc:
+  class Policy # :nodoc:
+  end
+end
+
+##
+# Mixin methods for security option for Gem::Commands
+
+module Gem::SecurityOption
+  def add_security_option
+    # TODO: use @parser.accept
+    OptionParser.accept Gem::Security::Policy do |value|
+      require 'rubygems/security'
+
+      raise OptionParser::InvalidArgument, 'OpenSSL not installed' unless
+        defined?(Gem::Security::HighSecurity)
+
+      policy = Gem::Security::Policies[value]
+      unless policy
+        valid = Gem::Security::Policies.keys.sort
+        raise OptionParser::InvalidArgument, "#{value} (#{valid.join ', '} are valid)"
+      end
+      policy
+    end
+
+    add_option(:"Install/Update", '-P', '--trust-policy POLICY',
+               Gem::Security::Policy,
+               'Specify gem trust policy') do |value, options|
+      options[:security_policy] = value
+    end
+  end
+end

data/lib/rubygems/server.rb

@@ -573,19 +573,11 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     add_date res
 
     case req.request_uri.path
-    when %r|^/quick/(Marshal.#{Regexp.escape Gem.marshal_version}/)?(.*?)-([0-9.]+[^-]*?)(-.*?)?\.gemspec\.rz$| then
-      marshal_format, name, version, platform = $1, $2, $3, $4
-      specs = Gem::Specification.find_all_by_name name, version
+    when %r|^/quick/(Marshal.#{Regexp.escape Gem.marshal_version}/)?(.*?)\.gemspec\.rz$| then
+      marshal_format, full_name = $1, $2
+      specs = Gem::Specification.find_all_by_full_name(full_name)
 
-      selector = [name, version, platform].map(&:inspect).join ' '
-
-      platform = if platform then
-                   Gem::Platform.new platform.sub(/^-/, '')
-                 else
-                   Gem::Platform::RUBY
-                 end
-
-      specs = specs.select { |s| s.platform == platform }
+      selector = full_name.inspect
 
       if specs.empty? then
         res.status = 404

data/lib/rubygems/source.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'uri'
-require 'fileutils'
+autoload :FileUtils, 'fileutils'
+autoload :URI, 'uri'
 
 ##
 # A Source knows how to list and fetch gems from a RubyGems marshal index.
@@ -67,7 +67,11 @@ class Gem::Source
 
       return -1 if !other.uri
 
-      @uri.to_s <=> other.uri.to_s
+      # Returning 1 here ensures that when sorting a list of sources, the
+      # original ordering of sources supplied by the user is preserved.
+      return 1 unless @uri.to_s == other.uri.to_s
+
+      0
     else
       nil
     end
@@ -232,4 +236,3 @@ require 'rubygems/source/specific_file'
 require 'rubygems/source/local'
 require 'rubygems/source/lock'
 require 'rubygems/source/vendor'
-

data/lib/rubygems/source/git.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-require 'digest'
 require 'rubygems/util'
 
 ##
@@ -226,6 +225,8 @@ class Gem::Source::Git < Gem::Source
   # A hash for the git gem based on the git repository URI.
 
   def uri_hash # :nodoc:
+    require 'digest' # required here to avoid deadlocking in Gem.activate_bin_path (because digest is a gem on 2.5+)
+
     normalized =
       if @repository =~ %r%^\w+://(\w+@)?% then
         uri = URI(@repository).normalize.to_s.sub %r%/$%,''

data/lib/rubygems/source/local.rb

@@ -9,6 +9,7 @@ class Gem::Source::Local < Gem::Source
     @specs   = nil
     @api_uri = nil
     @uri     = nil
+    @load_specs_names = {}
   end
 
   ##
@@ -34,45 +35,47 @@ class Gem::Source::Local < Gem::Source
   end
 
   def load_specs type # :nodoc:
-    names = []
-
-    @specs = {}
-
-    Dir["*.gem"].each do |file|
-      begin
-        pkg = Gem::Package.new(file)
-      rescue SystemCallError, Gem::Package::FormatError
-        # ignore
-      else
-        tup = pkg.spec.name_tuple
-        @specs[tup] = [File.expand_path(file), pkg]
-
-        case type
-        when :released
-          unless pkg.spec.version.prerelease?
-            names << pkg.spec.name_tuple
-          end
-        when :prerelease
-          if pkg.spec.version.prerelease?
-            names << pkg.spec.name_tuple
-          end
-        when :latest
-          tup = pkg.spec.name_tuple
+    @load_specs_names[type] ||= begin
+      names = []
 
-          cur = names.find { |x| x.name == tup.name }
-          if !cur
-            names << tup
-          elsif cur.version < tup.version
-            names.delete cur
-            names << tup
-          end
+      @specs = {}
+
+      Dir["*.gem"].each do |file|
+        begin
+          pkg = Gem::Package.new(file)
+        rescue SystemCallError, Gem::Package::FormatError
+          # ignore
         else
-          names << pkg.spec.name_tuple
+          tup = pkg.spec.name_tuple
+          @specs[tup] = [File.expand_path(file), pkg]
+
+          case type
+          when :released
+            unless pkg.spec.version.prerelease?
+              names << pkg.spec.name_tuple
+            end
+          when :prerelease
+            if pkg.spec.version.prerelease?
+              names << pkg.spec.name_tuple
+            end
+          when :latest
+            tup = pkg.spec.name_tuple
+
+            cur = names.find { |x| x.name == tup.name }
+            if !cur
+              names << tup
+            elsif cur.version < tup.version
+              names.delete cur
+              names << tup
+            end
+          else
+            names << pkg.spec.name_tuple
+          end
         end
       end
-    end
 
-    names
+      names
+    end
   end
 
   def find_gem gem_name, version = Gem::Requirement.default, # :nodoc:
@@ -88,7 +91,7 @@ class Gem::Source::Local < Gem::Source
         if version.satisfied_by?(s.version)
           if prerelease
             found << s
-          elsif !s.version.prerelease?
+          elsif !s.version.prerelease? || version.prerelease?
             found << s
           end
         end