rubygems-update 2.6.7 → 2.6.8

data/bundler/man/bundle-binstubs.ronn

@@ -0,0 +1,29 @@
+bundle-binstubs(1) -- Install the binstubs of the listed gems
+=============================================================
+
+## SYNOPSIS
+
+`bundle binstubs` <GEM_NAME> [--force] [--path PATH] [--standalone]
+
+## DESCRIPTION
+
+This command generates binstubs for executables in `GEM_NAME`.
+Binstubs are put into `bin`, or the `--path` directory if one has been set.
+Calling binstubs with [GEM [GEM]] will create binstubs for all given gems.
+
+## OPTIONS
+
+* `--force`:
+  Overwrite existing binstubs if they exist.
+
+* `--path`:
+  The location to install the specified binstubs to. This defaults to `bin`.
+
+* `--standalone`:
+  Makes binstubs that can work without depending on Rubygems or Bundler at
+  runtime.
+
+## BUNDLE INSTALL --BINSTUBS
+
+To create binstubs for all the gems in the bundle you can use the `--binstubs`
+flag in [bundle install(1)][bundle-install].

data/bundler/man/bundle-config.ronn

@@ -39,6 +39,38 @@ Executing `bundle config disable_multisource true` upgrades the warning about
 the Gemfile containing multiple primary sources to an error. Executing `bundle
 config --delete disable_multisource` downgrades this error to a warning.
 
+## REMEMBERING OPTIONS
+
+Flags passed to `bundle install` or the Bundler runtime,
+such as `--path foo` or `--without production`, are not remembered between commands.
+If these options must be remembered,they must be set using `bundle config`
+(e.g., `bundle config path foo`).
+
+The options that can be configured are:
+
+* `binstubs`:
+  Creates a directory (defaults to `~/bin`) and place any executables from the
+  gem there. These executables run in Bundler's context. If used, you might add
+  this directory to your environment's `PATH` variable. For instance, if the
+  `rails` gem comes with a `rails` executable, this flag will create a
+  `bin/rails` executable that ensures that all referred dependencies will be
+  resolved using the bundled gems.
+
+* `deployment`:
+  In deployment mode, Bundler will 'roll-out' the bundle for
+  `production` use. Please check carefully if you want to have this option
+  enabled in `development` or `test` environments.
+
+* `path`:
+  The location to install the specified gems to. This defaults to Rubygems'
+  setting. Bundler shares this location with Rubygems, `gem install ...` will
+  have gem installed there, too. Therefore, gems installed without a
+  `--path ...` setting will show up by calling `gem list`. Accodingly, gems
+  installed to other locations will not get listed.
+
+* `without`:
+  A space-separated list of groups referencing gems to skip during installation.
+
 ## BUILD OPTIONS
 
 You can use `bundle config` to give bundler the flags to pass to the gem
@@ -110,7 +142,7 @@ learn more about their operation in [bundle install(1)][bundle-install].
   and key in PEM format.
 * `cache_path` (`BUNDLE_CACHE_PATH`): The directory that bundler will place
   cached gems in when running <code>bundle package</code>, and that bundler
-  will look in when installing gems.
+  will look in when installing gems. Defaults to `vendor/bundle`.
 * `disable_multisource` (`BUNDLE_DISABLE_MULTISOURCE`): When set, Gemfiles
   containing multiple sources will produce errors instead of warnings. Use
   `bundle config --delete disable_multisource` to unset.

data/bundler/man/bundle-exec.ronn

@@ -63,6 +63,15 @@ It also modifies Rubygems:
   making system executables work
 * Add all gems in the bundle into Gem.loaded_specs
 
+### Loading
+
+By default, when attempting to `bundle exec` to a file with a ruby shebang,
+Bundler will `Kernel.load` that file instead of using `Kernel.exec`. For the
+vast majority of cases, this is a performance improvement. In a rare few cases,
+this could cause some subtle side-effects (such as dependence on the exact
+contents of `$0` or `__FILE__`) and the optimization can be disabled by enabling
+the `disable_exec_load` setting.
+
 ### Shelling out
 
 Any Ruby code that opens a subshell (like `system`, backticks, or `%x{}`) will

data/bundler/man/bundle-install.ronn

@@ -43,6 +43,9 @@ update process below under [CONSERVATIVE UPDATING][].
 
 ## OPTIONS
 
+To apply any of `--deployment`, `--path`, `--binstubs`, or `--without` every
+time `bundle install` is run, use `bundle config` (see bundle-config(1)).
+
 * `--binstubs[=<directory>]`:
   Creates a directory (defaults to `~/bin`) and place any executables from the
   gem there. These executables run in Bundler's context. If used, you might add
@@ -93,7 +96,7 @@ update process below under [CONSERVATIVE UPDATING][].
 
 * `--system`:
   Installs the gems specified in the bundle to the system's Rubygems location.
-  This overrides any previous [remembered][REMEMBERED OPTIONS] use of `--path`.
+  This overrides any previous configuration of `--path`.
 
 * `--no-cache`:
   Do not update the cache in `vendor/cache` with the newly bundled gems. This
@@ -108,8 +111,7 @@ update process below under [CONSERVATIVE UPDATING][].
   setting. Bundler shares this location with Rubygems, `gem install ...` will
   have gem installed there, too. Therefore, gems installed without a
   `--path ...` setting will show up by calling `gem list`. Accodingly, gems
-  installed to other locations will not get listed. This setting is a
-  [remembered option][REMEMBERED OPTIONS].
+  installed to other locations will not get listed.
 
 * `--quiet`:
   Do not print progress information to the standard output. Instead, Bundler
@@ -142,14 +144,12 @@ update process below under [CONSERVATIVE UPDATING][].
   A space-separated list of groups referencing gems to skip during installation.
   If a group is given that is in the remembered list of groups given
   to --with, it is removed from that list.
-  This is a [remembered option][REMEMBERED OPTIONS].
 
 * `--with=<list>`:
   A space-separated list of groups referencing gems to install. If an
   optional group is given it is installed. If a group is given that is
   in the remembered list of groups given to --without, it is removed
-  from that list. This is a [remembered option][REMEMBERED OPTIONS].
-
+  from that list.
 
 ## DEPLOYMENT MODE
 
@@ -274,41 +274,6 @@ the vagaries of the dependency resolution process, this usually
 affects more than the gems you list in your Gemfile(5), and can
 (surprisingly) radically change the gems you are using.
 
-## REMEMBERED OPTIONS
-
-Some options (marked above in the [OPTIONS][] section) are remembered
-between calls to `bundle install`, and by the Bundler runtime.
-
-For instance, if you run `bundle install --without test`, a subsequent
-call to `bundle install` that does not include a `--without` flag will
-remember your previous choice.
-
-In addition, a call to `Bundler.setup` will not attempt to make the
-gems in those groups available on the Ruby load path, as they were
-not installed.
-
-The settings that are remembered are:
-
-* `--deployment`:
-  At runtime, this remembered setting will also result in Bundler
-  raising an exception if the `Gemfile.lock` is out of date.
-
-* `--path`:
-  Subsequent calls to `bundle install` will install gems to the
-  directory originally passed to `--path`. The Bundler runtime
-  will look for gems in that location. You can revert this
-  option by running `bundle install --system`.
-
-* `--binstubs`:
-  Bundler will update the executables every subsequent call to
-  `bundle install`.
-
-* `--without`:
-  As described above, Bundler will skip the gems specified by
-  `--without` in subsequent calls to `bundle install`. The
-  Bundler runtime will also not try to make the gems in the
-  skipped groups available.
-
 ## THE GEMFILE.LOCK
 
 When you run `bundle install`, Bundler will persist the full names

data/bundler/man/bundle-package.ronn

@@ -27,7 +27,7 @@ in your local bundler configuration.
 
 ## REMOTE FETCHING
 
-By default, if you simply run [bundle install(1)][bundle-install] after running
+By default, if you run [bundle install(1)][bundle-install] after running
 [bundle package(1)][bundle-package], bundler will still connect to `rubygems.org`
 to check whether a platform-specific gem exists for any of the gems
 in `vendor/cache`.

data/bundler/man/bundle.ronn

@@ -27,20 +27,20 @@ We divide `bundle` subcommands into primary commands and utilities.
 
 ## PRIMARY COMMANDS
 
-* [bundle install(1)][bundle-install]:
+* [`bundle install(1)`][bundle-install]:
   Install the gems specified by the `Gemfile` or `Gemfile.lock`
 
-* [bundle update(1)][bundle-update]:
+* [`bundle update(1)`][bundle-update]:
   Update dependencies to their latest versions
 
-* [bundle package(1)][bundle-package]:
+* [`bundle package(1)`][bundle-package]:
   Package the .gem files required by your application into the
   `vendor/cache` directory
 
-* [bundle exec(1)][bundle-exec]:
+* [`bundle exec(1)`][bundle-exec]:
   Execute a script in the context of the current bundle
 
-* [bundle config(1)][bundle-config]:
+* [`bundle config(1)`][bundle-config]:
   Specify and read configuration options for bundler
 
 * `bundle help(1)`:
@@ -52,9 +52,6 @@ We divide `bundle` subcommands into primary commands and utilities.
   Determine whether the requirements for your application are installed
   and available to bundler
 
-* `bundle list(1)`:
-  Show all of the gems in the current bundle
-
 * `bundle show(1)`:
   Show the source location of a particular gem in the bundle
 
@@ -85,6 +82,9 @@ We divide `bundle` subcommands into primary commands and utilities.
 * `bundle clean(1)`:
   Clean up unused gems in your bundler directory
 
+* `bundle doctor(1)`:
+  Display warnings about common potential problems
+
 ## PLUGINS
 
 When running a command that isn't listed in PRIMARY COMMANDS or UTILITIES,
@@ -96,3 +96,4 @@ and execute it, passing down any extra arguments to it.
 These commands are obsolete and should no longer be used
 
 * `bundle cache(1)`
+* `bundle list(1)`

data/bundler/man/gemfile.5.ronn

@@ -42,7 +42,7 @@ credentials from being stored in plain text in version control.
 
     bundle config gems.example.com user:password
 
-For some sources, like a company Gemfury account, it may be easier to simply
+For some sources, like a company Gemfury account, it may be easier to
 include the credentials in the Gemfile as part of the source URL.
 
     source "https://user:password@gems.example.com"

data/lib/rubygems.rb

@@ -10,7 +10,7 @@ require 'rbconfig'
 require 'thread'
 
 module Gem
-  VERSION = '2.6.7'
+  VERSION = '2.6.8'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/dependency.rb

@@ -317,13 +317,16 @@ class Gem::Dependency
   end
 
   def to_spec
-    matches = self.to_specs
-
-    active = matches.find { |spec| spec && spec.activated? }
+    matches = self.to_specs.compact
 
+    active = matches.find { |spec| spec.activated? }
     return active if active
 
-    matches.delete_if { |spec| spec.nil? || spec.version.prerelease? } unless prerelease?
+    return matches.first if prerelease?
+
+    # Move prereleases to the end of the list for >= 0 requirements
+    pre, matches = matches.partition { |spec| spec.version.prerelease? }
+    matches += pre if requirement == Gem::Requirement.default
 
     matches.first
   end

data/lib/rubygems/request.rb

@@ -6,6 +6,7 @@ require 'rubygems/user_interaction'
 
 class Gem::Request
 
+  extend Gem::UserInteraction
   include Gem::UserInteraction
 
   ###
@@ -69,6 +70,13 @@ class Gem::Request
       end
     end
     connection.cert_store = store
+
+    connection.verify_callback = proc do |preverify_ok, store_context|
+      verify_certificate store_context unless preverify_ok
+
+      preverify_ok
+    end
+
     connection
   rescue LoadError => e
     raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
@@ -78,6 +86,44 @@ class Gem::Request
             'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources')
   end
 
+  def self.verify_certificate store_context
+    depth  = store_context.error_depth
+    error  = store_context.error_string
+    number = store_context.error
+    cert   = store_context.current_cert
+
+    ui.alert_error "SSL verification error at depth #{depth}: #{error} (#{number})"
+
+    extra_message = verify_certificate_message number, cert
+
+    ui.alert_error extra_message if extra_message
+  end
+
+  def self.verify_certificate_message error_number, cert
+    return unless cert
+    case error_number
+    when OpenSSL::X509::V_ERR_CERT_HAS_EXPIRED then
+      "Certificate #{cert.subject} expired at #{cert.not_after.iso8601}"
+    when OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID then
+      "Certificate #{cert.subject} not valid until #{cert.not_before.iso8601}"
+    when OpenSSL::X509::V_ERR_CERT_REJECTED then
+      "Certificate #{cert.subject} is rejected"
+    when OpenSSL::X509::V_ERR_CERT_UNTRUSTED then
+      "Certificate #{cert.subject} is not trusted"
+    when OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT then
+      "Certificate #{cert.issuer} is not trusted"
+    when OpenSSL::X509::V_ERR_INVALID_CA then
+      "Certificate #{cert.subject} is an invalid CA certificate"
+    when OpenSSL::X509::V_ERR_INVALID_PURPOSE then
+      "Certificate #{cert.subject} has an invalid purpose"
+    when OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN then
+      "Root certificate is not trusted (#{cert.subject})"
+    when OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+      OpenSSL::X509::V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE then
+      "You must add #{cert.issuer} to your local trusted store"
+    end
+  end
+
   ##
   # Creates or an HTTP connection based on +uri+, or retrieves an existing
   # connection, using a proxy if needed.

data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb

@@ -182,6 +182,13 @@ module Gem::Resolver::Molinillo
       add_edge_no_circular(origin, destination, requirement)
     end
 
+    # Deletes an {Edge} from the dependency graph
+    # @param [Edge] edge
+    # @return [Void]
+    def delete_edge(edge)
+      log.delete_edge(self, edge.origin.name, edge.destination.name, edge.requirement)
+    end
+
     # Sets the payload of the vertex with the given name
     # @param [String] name the name of the vertex
     # @param [Object] payload the payload

data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb

@@ -7,7 +7,7 @@ module Gem::Resolver::Molinillo
       # rubocop:disable Lint/UnusedMethodArgument
 
       # @return [Symbol] The name of the action.
-      def self.name
+      def self.action_name
         raise 'Abstract'
       end
 

data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb

@@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo
     class AddEdgeNoCircular < Action
       # @!group Action
 
-      # (see Action.name)
-      def self.name
+      # (see Action.action_name)
+      def self.action_name
         :add_vertex
       end
 

data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb

@@ -7,8 +7,8 @@ module Gem::Resolver::Molinillo
     class AddVertex < Action # :nodoc:
       # @!group Action
 
-      # (see Action.name)
-      def self.name
+      # (see Action.action_name)
+      def self.action_name
         :add_vertex
       end
 

data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require 'rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action'
+module Gem::Resolver::Molinillo
+  class DependencyGraph
+    # @!visibility private
+    # (see DependencyGraph#delete_edge)
+    class DeleteEdge < Action
+      # @!group Action
+
+      # (see Action.action_name)
+      def self.action_name
+        :delete_edge
+      end
+
+      # (see Action#up)
+      def up(graph)
+        edge = make_edge(graph)
+        edge.origin.outgoing_edges.delete(edge)
+        edge.destination.incoming_edges.delete(edge)
+      end
+
+      # (see Action#down)
+      def down(graph)
+        edge = make_edge(graph)
+        edge.origin.outgoing_edges << edge
+        edge.destination.incoming_edges << edge
+        edge
+      end
+
+      # @!group DeleteEdge
+
+      # @return [String] the name of the origin of the edge
+      attr_reader :origin_name
+
+      # @return [String] the name of the destination of the edge
+      attr_reader :destination_name
+
+      # @return [Object] the requirement that the edge represents
+      attr_reader :requirement
+
+      # @param  [DependencyGraph] graph the graph to find vertices from
+      # @return [Edge] The edge this action adds
+      def make_edge(graph)
+        Edge.new(
+          graph.vertex_named(origin_name),
+          graph.vertex_named(destination_name),
+          requirement
+        )
+      end
+
+      # Initialize an action to add an edge to a dependency graph
+      # @param [String] origin_name the name of the origin of the edge
+      # @param [String] destination_name the name of the destination of the edge
+      # @param [Object] requirement the requirement that the edge represents
+      def initialize(origin_name, destination_name, requirement)
+        @origin_name = origin_name
+        @destination_name = destination_name
+        @requirement = requirement
+      end
+    end
+  end
+end