rubygems-update 3.0.3 → 3.0.9

data/lib/rubygems/commands/owner_command.rb

@@ -63,6 +63,8 @@ permission to.
   end
 
   def show_owners(name)
+    Gem.load_yaml
+
     response = rubygems_api_request :get, "api/v1/gems/#{name}/owners.yaml" do |request|
       request.add_field "Authorization", api_key
     end

data/lib/rubygems/commands/push_command.rb

@@ -15,6 +15,8 @@ https://rubygems.org) and adds it to the index.
 
 The gem can be removed from the index and deleted from the server using the yank
 command.  For further discussion see the help for the yank command.
+
+The push command will use ~/.gem/credentials to authenticate to a server, but you can use the RubyGems environment variable GEM_HOST_API_KEY to set the api key to authenticate.
     EOF
   end
 

data/lib/rubygems/commands/setup_command.rb

@@ -128,7 +128,7 @@ By default, this RubyGems will install gem as:
   end
 
   module MakeDirs
-    def mkdir_p(path, *opts)
+    def mkdir_p(path, **opts)
       super
       (@mkdirs ||= []) << path
     end
@@ -164,7 +164,7 @@ By default, this RubyGems will install gem as:
 
     remove_old_lib_files lib_dir
 
-    install_default_bundler_gem
+    install_default_bundler_gem bin_dir
 
     if mode = options[:dir_mode]
       @mkdirs.uniq!
@@ -240,14 +240,13 @@ By default, this RubyGems will install gem as:
     prog_mode = options[:prog_mode] || 0755
 
     executables = { 'gem' => 'bin' }
-    executables['bundler'] = 'bundler/exe' if Gem::USE_BUNDLER_FOR_GEMDEPS
     executables.each do |tool, path|
       say "Installing #{tool} executable" if @verbose
 
       Dir.chdir path do
         bin_files = Dir['*']
 
-        bin_files -= %w[update_rubygems bundler bundle_ruby]
+        bin_files -= %w[update_rubygems]
 
         bin_files.each do |bin_file|
           bin_file_formatted = if options[:format_executable]
@@ -382,7 +381,7 @@ By default, this RubyGems will install gem as:
     return false
   end
 
-  def install_default_bundler_gem
+  def install_default_bundler_gem(bin_dir)
     return unless Gem::USE_BUNDLER_FOR_GEMDEPS
 
     specs_dir = Gem::Specification.default_specifications_dir
@@ -427,13 +426,12 @@ By default, this RubyGems will install gem as:
       cp File.join("bundler", bundler_spec.bindir, e), File.join(bundler_bin_dir, e)
     end
 
-    if Gem.win_platform?
-      require 'rubygems/installer'
+    require 'rubygems/installer'
 
-      installer = Gem::Installer.for_spec bundler_spec
-      bundler_spec.executables.each do |e|
-        installer.generate_windows_script e, bundler_spec.bin_dir
-      end
+    Dir.chdir("bundler") do
+      built_gem = Gem::Package.build(bundler_spec)
+      installer = Gem::Installer.at(built_gem, env_shebang: options[:env_shebang], install_as_default: true, bin_dir: bin_dir, wrappers: true)
+      installer.install
     end
 
     say "Bundler #{bundler_spec.version} installed"

data/lib/rubygems/commands/uninstall_command.rb

@@ -148,10 +148,13 @@ that is a dependency of an existing gem.  You can use the
 
   def uninstall_specific
     deplist = Gem::DependencyList.new
+    original_gem_version = {}
 
     get_all_gem_names_and_versions.each do |name, version|
-      requirement = Array(version || options[:version])
-      gem_specs = Gem::Specification.find_all_by_name(name, *requirement)
+      original_gem_version[name] = version || options[:version]
+
+      gem_specs = Gem::Specification.find_all_by_name(name, original_gem_version[name])
+
       say("Gem '#{name}' is not installed") if gem_specs.empty?
       gem_specs.each do |spec|
         deplist.add spec
@@ -160,16 +163,23 @@ that is a dependency of an existing gem.  You can use the
 
     deps = deplist.strongly_connected_components.flatten.reverse
 
+    gems_to_uninstall = {}
+
     deps.each do |dep|
-      options[:version] = dep.version
-      uninstall_gem(dep.name)
+      unless gems_to_uninstall[dep.name]
+        gems_to_uninstall[dep.name] = true
+
+        unless original_gem_version[dep.name] == Gem::Requirement.default
+          options[:version] = dep.version
+        end
+
+        uninstall_gem(dep.name)
+      end
     end
   end
 
   def uninstall_gem(gem_name)
     uninstall(gem_name)
-  rescue Gem::InstallError
-    nil
   rescue Gem::GemNotInHomeException => e
     spec = e.spec
     alert("In order to remove #{spec.name}, please execute:\n" +

data/lib/rubygems/commands/which_command.rb

@@ -52,13 +52,11 @@ requiring to see why it does not behave as you expect.
         end
       end
 
-      # TODO: this is totally redundant and stupid
       paths = find_paths arg, dirs
 
       if paths.empty?
         alert_error "Can't find Ruby library file or shared library #{arg}"
-
-        found &&= false
+        found = false
       else
         say paths
       end

data/lib/rubygems/defaults.rb

@@ -122,15 +122,8 @@ module Gem
     end
   end
 
-  ##
-  # A wrapper around RUBY_ENGINE const that may not be defined
-
   def self.ruby_engine
-    if defined? RUBY_ENGINE
-      RUBY_ENGINE
-    else
-      'ruby'
-    end
+    RUBY_ENGINE
   end
 
   ##

data/lib/rubygems/dependency.rb

@@ -281,7 +281,7 @@ class Gem::Dependency
       requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
     }.map(&:to_spec)
 
-    Gem::BundlerVersionFinder.filter!(matches) if name == "bundler".freeze
+    Gem::BundlerVersionFinder.filter!(matches) if name == "bundler".freeze && !requirement.specific?
 
     if platform_only
       matches.reject! { |spec|

data/lib/rubygems/dependency_installer.rb

@@ -213,9 +213,8 @@ class Gem::DependencyInstaller
 
     if consider_remote?
       begin
-        # TODO this is pulled from #spec_for_dependency to allow
+        # This is pulled from #spec_for_dependency to allow
         # us to filter tuples before fetching specs.
-        #
         tuples, errors = Gem::SpecFetcher.fetcher.search_for_dependency dep
 
         if best_only && !tuples.empty?

data/lib/rubygems/dependency_list.rb

@@ -134,7 +134,7 @@ class Gem::DependencyList
   end
 
   ##
-  # Is is ok to remove a gemspec from the dependency list?
+  # It is ok to remove a gemspec from the dependency list?
   #
   # If removing the gemspec creates breaks a currently ok dependency, then it
   # is NOT ok to remove the gemspec.

data/lib/rubygems/exceptions.rb

@@ -1,8 +1,4 @@
 # frozen_string_literal: true
-# TODO: the documentation in here is terrible.
-#
-# Each exception needs a brief description and the scenarios where it is
-# likely to be raised
 
 require 'rubygems/deprecate'
 

data/lib/rubygems/gemcutter_utilities.rb

@@ -7,6 +7,8 @@ require 'rubygems/text'
 
 module Gem::GemcutterUtilities
 
+  ERROR_CODE = 1
+
   include Gem::Text
 
   # TODO: move to Gem::Command
@@ -41,7 +43,9 @@ module Gem::GemcutterUtilities
   # The API key from the command options or from the user's configuration.
 
   def api_key
-    if options[:key]
+    if ENV["GEM_HOST_API_KEY"]
+      ENV["GEM_HOST_API_KEY"]
+    elsif options[:key]
       verify_api_key options[:key]
     elsif Gem.configuration.api_keys.key?(host)
       Gem.configuration.api_keys[host]
@@ -79,7 +83,7 @@ module Gem::GemcutterUtilities
     self.host = host if host
     unless self.host
       alert_error "You must specify a gem server"
-      terminate_interaction 1 # TODO: question this
+      terminate_interaction(ERROR_CODE)
     end
 
     if allowed_push_host
@@ -88,7 +92,7 @@ module Gem::GemcutterUtilities
 
       unless (host_uri.scheme == allowed_host_uri.scheme) && (host_uri.host == allowed_host_uri.host)
         alert_error "#{self.host.inspect} is not allowed by the gemspec, which only allows #{allowed_push_host.inspect}"
-        terminate_interaction 1
+        terminate_interaction(ERROR_CODE)
       end
     end
 
@@ -148,7 +152,7 @@ module Gem::GemcutterUtilities
       Gem.configuration.api_keys[key]
     else
       alert_error "No such API key. Please add it to your configuration (done automatically on initial `gem push`)."
-      terminate_interaction 1 # TODO: question this
+      terminate_interaction(ERROR_CODE)
     end
   end
 
@@ -172,7 +176,7 @@ module Gem::GemcutterUtilities
       message = "#{error_prefix}: #{message}" if error_prefix
 
       say clean_text(message)
-      terminate_interaction 1 # TODO: question this
+      terminate_interaction(ERROR_CODE)
     end
   end
 

data/lib/rubygems/installer.rb

@@ -320,8 +320,11 @@ class Gem::Installer
       build_extensions
       write_build_info_file
       run_post_build_hooks
+    end
+
+    generate_bin
 
-      generate_bin
+    unless @options[:install_as_default]
       write_spec
       write_cache_file
     end
@@ -799,7 +802,7 @@ TEXT
       # stub & ruby.exe withing same folder.  Portable
       <<-TEXT
 @ECHO OFF
-@"%~dp0ruby.exe" "%~dpn0" %*
+@"%~dp0#{ruby_exe}" "%~dpn0" %*
       TEXT
     elsif bindir.downcase.start_with? rb_topdir.downcase
       # stub within ruby folder, but not standard bin.  Portable
@@ -809,14 +812,14 @@ TEXT
       rel  = to.relative_path_from from
       <<-TEXT
 @ECHO OFF
-@"%~dp0#{rel}/ruby.exe" "%~dpn0" %*
+@"%~dp0#{rel}/#{ruby_exe}" "%~dpn0" %*
       TEXT
     else
       # outside ruby folder, maybe -user-install or bundler.  Portable, but ruby
       # is dependent on PATH
       <<-TEXT
 @ECHO OFF
-@ruby.exe "%~dpn0" %*
+@#{ruby_exe} "%~dpn0" %*
       TEXT
     end
   end
@@ -857,7 +860,7 @@ TEXT
   # without the full gem installed.
 
   def extract_bin
-    @package.extract_files gem_dir, "bin/*"
+    @package.extract_files gem_dir, "#{spec.bindir}/*"
   end
 
   ##

data/lib/rubygems/installer_test_case.rb

@@ -119,9 +119,9 @@ class Gem::InstallerTestCase < Gem::TestCase
   # The executable is also written to the bin dir in @tmpdir and the installed
   # gem directory for +spec+.
 
-  def util_make_exec(spec = @spec, shebang = "#!/usr/bin/ruby")
+  def util_make_exec(spec = @spec, shebang = "#!/usr/bin/ruby", bindir = "bin")
     spec.executables = %w[executable]
-    spec.files << 'bin/executable'
+    spec.bindir = bindir
 
     exec_path = spec.bin_file "executable"
     write_file exec_path do |io|

data/lib/rubygems/package/tar_header.rb

@@ -107,8 +107,8 @@ class Gem::Package::TarHeader
 
     new :name     => fields.shift,
         :mode     => strict_oct(fields.shift),
-        :uid      => strict_oct(fields.shift),
-        :gid      => strict_oct(fields.shift),
+        :uid      => oct_or_256based(fields.shift),
+        :gid      => oct_or_256based(fields.shift),
         :size     => strict_oct(fields.shift),
         :mtime    => strict_oct(fields.shift),
         :checksum => strict_oct(fields.shift),
@@ -130,6 +130,15 @@ class Gem::Package::TarHeader
     raise ArgumentError, "#{str.inspect} is not an octal string"
   end
 
+  def self.oct_or_256based(str)
+    # \x80 flags a positive 256-based number
+    # \ff flags a negative 256-based number
+    # In case we have a match, parse it as a signed binary value
+    # in big-endian order, except that the high-order bit is ignored.
+    return str.unpack('N2').last if str =~ /\A[\x80\xff]/n
+    strict_oct(str)
+  end
+
   ##
   # Creates a new TarHeader using +vals+
 

data/lib/rubygems/rdoc.rb

@@ -18,7 +18,7 @@ begin
   module Gem
     RDoc = ::RDoc::RubygemsHook
   end
+
+  Gem.done_installing(&Gem::RDoc.method(:generation_hook))
 rescue LoadError
 end
-
-Gem.done_installing(&Gem::RDoc.method(:generation_hook))

data/lib/rubygems/remote_fetcher.rb

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 require 'rubygems'
 require 'rubygems/request'
+require 'rubygems/request/connection_pools'
+require 'rubygems/s3_uri_signer'
 require 'rubygems/uri_formatter'
 require 'rubygems/user_interaction'
-require 'rubygems/request/connection_pools'
 require 'resolv'
 
 ##
@@ -173,7 +174,7 @@ class Gem::RemoteFetcher
         path = source_uri.path
         path = File.dirname(path) if File.extname(path) == '.gem'
 
-        remote_gem_path = correct_for_windows_path(File.join(path, 'gems', gem_file_name))
+        remote_gem_path = Gem::Util.correct_for_windows_path(File.join(path, 'gems', gem_file_name))
 
         FileUtils.cp(remote_gem_path, local_gem_path)
       rescue Errno::EACCES
@@ -210,7 +211,7 @@ class Gem::RemoteFetcher
   # File Fetcher. Dispatched by +fetch_path+. Use it instead.
 
   def fetch_file(uri, *_)
-    Gem.read_binary correct_for_windows_path uri.path
+    Gem.read_binary Gem::Util.correct_for_windows_path uri.path
   end
 
   ##
@@ -275,7 +276,7 @@ class Gem::RemoteFetcher
   rescue Timeout::Error
     raise UnknownHostError.new('timed out', uri.to_s)
   rescue IOError, SocketError, SystemCallError,
-    *(OpenSSL::SSL::SSLError if defined?(OpenSSL)) => e
+         *(OpenSSL::SSL::SSLError if defined?(OpenSSL)) => e
     if e.message =~ /getaddrinfo/
       raise UnknownHostError.new('no such name', uri.to_s)
     else
@@ -284,10 +285,19 @@ class Gem::RemoteFetcher
   end
 
   def fetch_s3(uri, mtime = nil, head = false)
-    public_uri = sign_s3_url(uri)
+    begin
+      public_uri = s3_uri_signer(uri).sign
+    rescue Gem::S3URISigner::ConfigurationError, Gem::S3URISigner::InstanceProfileError => e
+      raise FetchError.new(e.message, "s3://#{uri.host}")
+    end
     fetch_https public_uri, mtime, head
   end
 
+  # we have our own signing code here to avoid a dependency on the aws-sdk gem
+  def s3_uri_signer(uri)
+    Gem::S3URISigner.new(uri)
+  end
+
   ##
   # Downloads +uri+ to +path+ if necessary. If no path is given, it just
   # passes the data.
@@ -317,14 +327,6 @@ class Gem::RemoteFetcher
     response['content-length'].to_i
   end
 
-  def correct_for_windows_path(path)
-    if path[0].chr == '/' && path[1].chr =~ /[a-z]/i && path[2].chr == ':'
-      path[1..-1]
-    else
-      path
-    end
-  end
-
   ##
   # Performs a Net::HTTP request of type +request_class+ on +uri+ returning
   # a Net::HTTP response object.  request maintains a table of persistent
@@ -349,31 +351,6 @@ class Gem::RemoteFetcher
     @pools.each_value {|pool| pool.close_all}
   end
 
-  protected
-
-  # we have our own signing code here to avoid a dependency on the aws-sdk gem
-  # fortunately, a simple GET request isn't too complex to sign properly
-  def sign_s3_url(uri, expiration = nil)
-    require 'base64'
-    require 'openssl'
-
-    id, secret = s3_source_auth uri
-
-    expiration ||= s3_expiration
-    canonical_path = "/#{uri.host}#{uri.path}"
-    payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
-    digest = OpenSSL::HMAC.digest('sha1', secret, payload)
-    # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
-    signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
-    URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{id}&Expires=#{expiration}&Signature=#{signature}")
-  end
-
-  def s3_expiration
-    (Time.now + 3600).to_i # one hour from now
-  end
-
-  BASE64_URI_TRANSLATE = { '+' => '%2B', '/' => '%2F', '=' => '%3D' }.freeze
-
   private
 
   def proxy_for(proxy, uri)
@@ -386,20 +363,4 @@ class Gem::RemoteFetcher
     end
   end
 
-  def s3_source_auth(uri)
-    return [uri.user, uri.password] if uri.user && uri.password
-
-    s3_source = Gem.configuration[:s3_source] || Gem.configuration['s3_source']
-    host = uri.host
-    raise FetchError.new("no s3_source key exists in .gemrc", "s3://#{host}") unless s3_source
-
-    auth = s3_source[host] || s3_source[host.to_sym]
-    raise FetchError.new("no key for host #{host} in s3_source in .gemrc", "s3://#{host}") unless auth
-
-    id = auth[:id] || auth['id']
-    secret = auth[:secret] || auth['secret']
-    raise FetchError.new("s3_source for #{host} missing id or secret", "s3://#{host}") unless id and secret
-
-    [id, secret]
-  end
 end