rubygems-update 3.5.5 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +107 -0
- data/Manifest.txt +84 -64
- data/POLICIES.md +75 -6
- data/bundler/CHANGELOG.md +75 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli/binstubs.rb +1 -1
- data/bundler/lib/bundler/cli/gem.rb +1 -1
- data/bundler/lib/bundler/cli/lock.rb +5 -4
- data/bundler/lib/bundler/cli/plugin.rb +3 -2
- data/bundler/lib/bundler/cli.rb +7 -24
- data/bundler/lib/bundler/definition.rb +111 -56
- data/bundler/lib/bundler/dependency.rb +2 -1
- data/bundler/lib/bundler/dsl.rb +16 -1
- data/bundler/lib/bundler/environment_preserver.rb +5 -23
- data/bundler/lib/bundler/fetcher/downloader.rb +1 -1
- data/bundler/lib/bundler/fetcher.rb +2 -2
- data/bundler/lib/bundler/gem_version_promoter.rb +42 -38
- data/bundler/lib/bundler/injector.rb +3 -2
- data/bundler/lib/bundler/installer.rb +2 -2
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +3 -1
- data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +1 -3
- data/bundler/lib/bundler/man/bundle-config.1.ronn +0 -3
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +1 -1
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +3 -3
- data/bundler/lib/bundler/man/bundle-install.1.ronn +2 -2
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +7 -4
- data/bundler/lib/bundler/man/bundle-plugin.1.ronn +7 -3
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +3 -3
- data/bundler/lib/bundler/man/gemfile.5.ronn +2 -2
- data/bundler/lib/bundler/mirror.rb +3 -3
- data/bundler/lib/bundler/plugin/api/source.rb +2 -2
- data/bundler/lib/bundler/plugin/installer/path.rb +18 -0
- data/bundler/lib/bundler/plugin/installer.rb +36 -16
- data/bundler/lib/bundler/plugin/source_list.rb +4 -4
- data/bundler/lib/bundler/resolver/candidate.rb +1 -1
- data/bundler/lib/bundler/resolver.rb +54 -24
- data/bundler/lib/bundler/rubygems_ext.rb +12 -0
- data/bundler/lib/bundler/runtime.rb +1 -1
- data/bundler/lib/bundler/self_manager.rb +1 -1
- data/bundler/lib/bundler/settings.rb +14 -12
- data/bundler/lib/bundler/setup.rb +3 -0
- data/bundler/lib/bundler/source/git/git_proxy.rb +1 -1
- data/bundler/lib/bundler/source/git.rb +1 -1
- data/bundler/lib/bundler/source/rubygems/remote.rb +1 -1
- data/bundler/lib/bundler/source/rubygems.rb +7 -20
- data/bundler/lib/bundler/source_list.rb +17 -4
- data/bundler/lib/bundler/spec_set.rb +1 -1
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +4 -3
- data/bundler/lib/bundler/templates/newgem/rubocop.yml.tt +0 -5
- data/bundler/lib/bundler/uri_credentials_filter.rb +2 -2
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +22 -22
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +1 -0
- data/bundler/lib/bundler/vendored_net_http.rb +7 -3
- data/bundler/lib/bundler/vendored_timeout.rb +7 -3
- data/bundler/lib/bundler/vendored_uri.rb +18 -1
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler/yaml_serializer.rb +12 -0
- data/bundler/lib/bundler.rb +23 -2
- data/lib/rubygems/command.rb +1 -1
- data/lib/rubygems/command_manager.rb +2 -1
- data/lib/rubygems/commands/build_command.rb +2 -11
- data/lib/rubygems/commands/help_command.rb +2 -2
- data/lib/rubygems/commands/rdoc_command.rb +1 -8
- data/lib/rubygems/commands/rebuild_command.rb +264 -0
- data/lib/rubygems/commands/sources_command.rb +2 -2
- data/lib/rubygems/commands/update_command.rb +8 -9
- data/lib/rubygems/config_file.rb +20 -8
- data/lib/rubygems/defaults.rb +4 -4
- data/lib/rubygems/dependency.rb +2 -2
- data/lib/rubygems/dependency_list.rb +1 -1
- data/lib/rubygems/deprecate.rb +79 -77
- data/lib/rubygems/ext/cargo_builder.rb +1 -1
- data/lib/rubygems/gemcutter_utilities/webauthn_listener.rb +1 -1
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
- data/lib/rubygems/gemcutter_utilities.rb +40 -23
- data/lib/rubygems/gemspec_helpers.rb +19 -0
- data/lib/rubygems/local_remote_options.rb +6 -6
- data/lib/rubygems/package.rb +13 -7
- data/lib/rubygems/remote_fetcher.rb +3 -3
- data/lib/rubygems/request.rb +5 -5
- data/lib/rubygems/request_set.rb +1 -1
- data/lib/rubygems/requirement.rb +5 -0
- data/lib/rubygems/resolver/api_set.rb +1 -1
- data/lib/rubygems/resolver/best_set.rb +1 -1
- data/lib/rubygems/resolver/spec_specification.rb +7 -0
- data/lib/rubygems/resolver.rb +5 -5
- data/lib/rubygems/s3_uri_signer.rb +3 -3
- data/lib/rubygems/safe_yaml.rb +10 -1
- data/lib/rubygems/security.rb +1 -1
- data/lib/rubygems/source/git.rb +2 -2
- data/lib/rubygems/source_list.rb +1 -1
- data/lib/rubygems/specification.rb +6 -6
- data/lib/rubygems/specification_policy.rb +15 -7
- data/lib/rubygems/uri.rb +6 -6
- data/lib/rubygems/util/licenses.rb +43 -0
- data/lib/rubygems/util.rb +1 -1
- data/lib/rubygems/vendor/molinillo/lib/molinillo/delegates/resolution_state.rb +57 -0
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/delegates/specification_provider.rb +11 -11
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/action.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/log.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/set_payload.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/tag.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph/vertex.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/dependency_graph.rb +2 -2
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/errors.rb +1 -1
- data/lib/rubygems/vendor/molinillo/lib/molinillo/gem_metadata.rb +6 -0
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/modules/specification_provider.rb +2 -2
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/modules/ui.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/resolution.rb +3 -3
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/resolver.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo/state.rb +1 -1
- data/lib/rubygems/{resolver → vendor}/molinillo/lib/molinillo.rb +2 -2
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/generic_request.rb +9 -9
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/header.rb +2 -2
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/request.rb +3 -3
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/requests.rb +30 -30
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/response.rb +2 -2
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/responses.rb +6 -6
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/status.rb +1 -1
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http.rb +15 -15
- data/lib/rubygems/{net-http → vendor/net-http}/lib/net/https.rb +1 -1
- data/lib/rubygems/vendor/optparse/lib/optparse/uri.rb +7 -0
- data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse.rb +11 -11
- data/lib/rubygems/{timeout → vendor/timeout}/lib/timeout.rb +1 -1
- data/lib/rubygems/{tsort → vendor/tsort}/lib/tsort.rb +2 -2
- data/lib/rubygems/vendor/uri/.document +1 -0
- data/lib/rubygems/vendor/uri/LICENSE.txt +22 -0
- data/lib/rubygems/vendor/uri/lib/uri/common.rb +853 -0
- data/lib/rubygems/vendor/uri/lib/uri/file.rb +100 -0
- data/lib/rubygems/vendor/uri/lib/uri/ftp.rb +267 -0
- data/lib/rubygems/vendor/uri/lib/uri/generic.rb +1588 -0
- data/lib/rubygems/vendor/uri/lib/uri/http.rb +125 -0
- data/lib/rubygems/vendor/uri/lib/uri/https.rb +23 -0
- data/lib/rubygems/vendor/uri/lib/uri/ldap.rb +261 -0
- data/lib/rubygems/vendor/uri/lib/uri/ldaps.rb +22 -0
- data/lib/rubygems/vendor/uri/lib/uri/mailto.rb +293 -0
- data/lib/rubygems/vendor/uri/lib/uri/rfc2396_parser.rb +539 -0
- data/lib/rubygems/vendor/uri/lib/uri/rfc3986_parser.rb +183 -0
- data/lib/rubygems/vendor/uri/lib/uri/version.rb +6 -0
- data/lib/rubygems/vendor/uri/lib/uri/ws.rb +83 -0
- data/lib/rubygems/vendor/uri/lib/uri/wss.rb +23 -0
- data/lib/rubygems/vendor/uri/lib/uri.rb +104 -0
- data/lib/rubygems/vendored_molinillo.rb +3 -0
- data/lib/rubygems/vendored_net_http.rb +5 -0
- data/lib/rubygems/vendored_optparse.rb +3 -0
- data/lib/rubygems/vendored_timeout.rb +5 -0
- data/lib/rubygems/vendored_tsort.rb +3 -0
- data/lib/rubygems/yaml_serializer.rb +12 -0
- data/lib/rubygems.rb +2 -2
- data/rubygems-update.gemspec +7 -2
- metadata +90 -67
- data/lib/rubygems/net/http.rb +0 -3
- data/lib/rubygems/optparse/lib/optparse/uri.rb +0 -7
- data/lib/rubygems/optparse.rb +0 -3
- data/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/resolution_state.rb +0 -57
- data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +0 -6
- data/lib/rubygems/resolver/molinillo.rb +0 -3
- data/lib/rubygems/timeout.rb +0 -3
- data/lib/rubygems/tsort.rb +0 -3
- /data/lib/rubygems/{net-http → vendor/molinillo}/.document +0 -0
- /data/lib/rubygems/{resolver → vendor}/molinillo/LICENSE +0 -0
- /data/lib/rubygems/{net-protocol → vendor/net-http}/.document +0 -0
- /data/lib/rubygems/{net-http → vendor/net-http}/LICENSE.txt +0 -0
- /data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/backward.rb +0 -0
- /data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/exceptions.rb +0 -0
- /data/lib/rubygems/{net-http → vendor/net-http}/lib/net/http/proxy_delta.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/net-protocol}/.document +0 -0
- /data/lib/rubygems/{net-protocol → vendor/net-protocol}/LICENSE.txt +0 -0
- /data/lib/rubygems/{net-protocol → vendor/net-protocol}/lib/net/protocol.rb +0 -0
- /data/lib/rubygems/{resolv → vendor/optparse}/.document +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/COPYING +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optionparser.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/ac.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/date.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/kwargs.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/shellwords.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/time.rb +0 -0
- /data/lib/rubygems/{optparse → vendor/optparse}/lib/optparse/version.rb +0 -0
- /data/lib/rubygems/{resolver/molinillo → vendor/resolv}/.document +0 -0
- /data/lib/rubygems/{resolv → vendor/resolv}/LICENSE.txt +0 -0
- /data/lib/rubygems/{resolv → vendor/resolv}/lib/resolv.rb +0 -0
- /data/lib/rubygems/{timeout → vendor/timeout}/.document +0 -0
- /data/lib/rubygems/{timeout → vendor/timeout}/LICENSE.txt +0 -0
- /data/lib/rubygems/{tsort → vendor/tsort}/.document +0 -0
- /data/lib/rubygems/{tsort → vendor/tsort}/LICENSE.txt +0 -0
data/lib/rubygems/deprecate.rb
CHANGED
@@ -69,99 +69,101 @@
|
|
69
69
|
# end
|
70
70
|
# end
|
71
71
|
|
72
|
-
module Gem
|
73
|
-
|
74
|
-
|
75
|
-
|
72
|
+
module Gem
|
73
|
+
module Deprecate
|
74
|
+
def self.skip # :nodoc:
|
75
|
+
@skip ||= false
|
76
|
+
end
|
76
77
|
|
77
|
-
|
78
|
-
|
79
|
-
|
78
|
+
def self.skip=(v) # :nodoc:
|
79
|
+
@skip = v
|
80
|
+
end
|
80
81
|
|
81
|
-
|
82
|
-
|
82
|
+
##
|
83
|
+
# Temporarily turn off warnings. Intended for tests only.
|
83
84
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
85
|
+
def skip_during
|
86
|
+
original = Gem::Deprecate.skip
|
87
|
+
Gem::Deprecate.skip = true
|
88
|
+
yield
|
89
|
+
ensure
|
90
|
+
Gem::Deprecate.skip = original
|
91
|
+
end
|
91
92
|
|
92
|
-
|
93
|
-
|
94
|
-
|
93
|
+
def self.next_rubygems_major_version # :nodoc:
|
94
|
+
Gem::Version.new(Gem.rubygems_version.segments.first).bump
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
97
|
+
##
|
98
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
99
|
+
# in a dummy method. It warns on each call to the dummy method
|
100
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
101
|
+
# year/month that it is planned to go away.
|
101
102
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
103
|
+
def deprecate(name, repl, year, month)
|
104
|
+
class_eval do
|
105
|
+
old = "_deprecated_#{name}"
|
106
|
+
alias_method old, name
|
107
|
+
define_method name do |*args, &block|
|
108
|
+
klass = is_a? Module
|
109
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
110
|
+
msg = [
|
111
|
+
"NOTE: #{target}#{name} is deprecated",
|
112
|
+
repl == :none ? " with no replacement" : "; use #{repl} instead",
|
113
|
+
format(". It will be removed on or after %4d-%02d.", year, month),
|
114
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
115
|
+
]
|
116
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
117
|
+
send old, *args, &block
|
118
|
+
end
|
119
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
117
120
|
end
|
118
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
119
121
|
end
|
120
|
-
end
|
121
122
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
123
|
+
##
|
124
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
125
|
+
# in a dummy method. It warns on each call to the dummy method
|
126
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
127
|
+
# Rubygems version that it is planned to go away.
|
127
128
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
129
|
+
def rubygems_deprecate(name, replacement=:none)
|
130
|
+
class_eval do
|
131
|
+
old = "_deprecated_#{name}"
|
132
|
+
alias_method old, name
|
133
|
+
define_method name do |*args, &block|
|
134
|
+
klass = is_a? Module
|
135
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
136
|
+
msg = [
|
137
|
+
"NOTE: #{target}#{name} is deprecated",
|
138
|
+
replacement == :none ? " with no replacement" : "; use #{replacement} instead",
|
139
|
+
". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
|
140
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
141
|
+
]
|
142
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
143
|
+
send old, *args, &block
|
144
|
+
end
|
145
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
143
146
|
end
|
144
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
145
147
|
end
|
146
|
-
end
|
147
148
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
149
|
+
# Deprecation method to deprecate Rubygems commands
|
150
|
+
def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
|
151
|
+
class_eval do
|
152
|
+
define_method "deprecated?" do
|
153
|
+
true
|
154
|
+
end
|
154
155
|
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
156
|
+
define_method "deprecation_warning" do
|
157
|
+
msg = [
|
158
|
+
"#{command} command is deprecated",
|
159
|
+
". It will be removed in Rubygems #{version}.\n",
|
160
|
+
]
|
160
161
|
|
161
|
-
|
162
|
+
alert_warning msg.join.to_s unless Gem::Deprecate.skip
|
163
|
+
end
|
162
164
|
end
|
163
165
|
end
|
164
|
-
end
|
165
166
|
|
166
|
-
|
167
|
+
module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
|
168
|
+
end
|
167
169
|
end
|
@@ -293,7 +293,7 @@ EOF
|
|
293
293
|
|
294
294
|
case var_name
|
295
295
|
# On windows, it is assumed that mkmf has setup an exports file for the
|
296
|
-
# extension, so we have to
|
296
|
+
# extension, so we have to create one ourselves.
|
297
297
|
when "DEFFILE"
|
298
298
|
write_deffile(dest_dir, crate_name)
|
299
299
|
else
|
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
|
|
69
69
|
rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
|
70
70
|
if credentials.empty?
|
71
71
|
request.add_field "Authorization", api_key
|
72
|
+
elsif credentials[:identifier] && credentials[:password]
|
73
|
+
request.basic_auth credentials[:identifier], credentials[:password]
|
72
74
|
else
|
73
|
-
|
75
|
+
raise Gem::WebauthnVerificationError, "Provided missing credentials"
|
74
76
|
end
|
75
77
|
end
|
76
78
|
end
|
@@ -10,7 +10,8 @@ require_relative "gemcutter_utilities/webauthn_poller"
|
|
10
10
|
|
11
11
|
module Gem::GemcutterUtilities
|
12
12
|
ERROR_CODE = 1
|
13
|
-
API_SCOPES = [:index_rubygems, :push_rubygem, :yank_rubygem, :add_owner, :remove_owner, :access_webhooks
|
13
|
+
API_SCOPES = [:index_rubygems, :push_rubygem, :yank_rubygem, :add_owner, :remove_owner, :access_webhooks].freeze
|
14
|
+
EXCLUSIVELY_API_SCOPES = [:show_dashboard].freeze
|
14
15
|
|
15
16
|
include Gem::Text
|
16
17
|
|
@@ -84,7 +85,7 @@ module Gem::GemcutterUtilities
|
|
84
85
|
# If +allowed_push_host+ metadata is present, then it will only allow that host.
|
85
86
|
|
86
87
|
def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block)
|
87
|
-
require_relative "
|
88
|
+
require_relative "vendored_net_http"
|
88
89
|
|
89
90
|
self.host = host if host
|
90
91
|
unless self.host
|
@@ -93,8 +94,8 @@ module Gem::GemcutterUtilities
|
|
93
94
|
end
|
94
95
|
|
95
96
|
if allowed_push_host
|
96
|
-
allowed_host_uri = URI.parse(allowed_push_host)
|
97
|
-
host_uri = URI.parse(self.host)
|
97
|
+
allowed_host_uri = Gem::URI.parse(allowed_push_host)
|
98
|
+
host_uri = Gem::URI.parse(self.host)
|
98
99
|
|
99
100
|
unless (host_uri.scheme == allowed_host_uri.scheme) && (host_uri.host == allowed_host_uri.host)
|
100
101
|
alert_error "#{self.host.inspect} is not allowed by the gemspec, which only allows #{allowed_push_host.inspect}"
|
@@ -102,7 +103,7 @@ module Gem::GemcutterUtilities
|
|
102
103
|
end
|
103
104
|
end
|
104
105
|
|
105
|
-
uri = URI.parse "#{self.host}/#{path}"
|
106
|
+
uri = Gem::URI.parse "#{self.host}/#{path}"
|
106
107
|
response = request_with_otp(method, uri, &block)
|
107
108
|
|
108
109
|
if mfa_unauthorized?(response)
|
@@ -129,14 +130,14 @@ module Gem::GemcutterUtilities
|
|
129
130
|
|
130
131
|
say "The existing key doesn't have access of #{scope} on #{pretty_host}. Please sign in to update access."
|
131
132
|
|
132
|
-
|
133
|
-
password
|
133
|
+
identifier = ask "Username/email: "
|
134
|
+
password = ask_for_password " Password: "
|
134
135
|
|
135
136
|
response = rubygems_api_request(:put, "api/v1/api_key",
|
136
137
|
sign_in_host, scope: scope) do |request|
|
137
|
-
request.basic_auth
|
138
|
+
request.basic_auth identifier, password
|
138
139
|
request["OTP"] = otp if otp
|
139
|
-
request.body = URI.encode_www_form({ api_key: api_key }.merge(update_scope_params))
|
140
|
+
request.body = Gem::URI.encode_www_form({ api_key: api_key }.merge(update_scope_params))
|
140
141
|
end
|
141
142
|
|
142
143
|
with_response response do |_resp|
|
@@ -158,25 +159,25 @@ module Gem::GemcutterUtilities
|
|
158
159
|
say "Don't have an account yet? " \
|
159
160
|
"Create one at #{sign_in_host}/sign_up"
|
160
161
|
|
161
|
-
|
162
|
-
password
|
162
|
+
identifier = ask "Username/email: "
|
163
|
+
password = ask_for_password " Password: "
|
163
164
|
say "\n"
|
164
165
|
|
165
166
|
key_name = get_key_name(scope)
|
166
167
|
scope_params = get_scope_params(scope)
|
167
|
-
profile = get_user_profile(
|
168
|
+
profile = get_user_profile(identifier, password)
|
168
169
|
mfa_params = get_mfa_params(profile)
|
169
170
|
all_params = scope_params.merge(mfa_params)
|
170
171
|
warning = profile["warning"]
|
171
|
-
credentials = {
|
172
|
+
credentials = { identifier: identifier, password: password }
|
172
173
|
|
173
174
|
say "#{warning}\n" if warning
|
174
175
|
|
175
176
|
response = rubygems_api_request(:post, "api/v1/api_key",
|
176
177
|
sign_in_host, credentials: credentials, scope: scope) do |request|
|
177
|
-
request.basic_auth
|
178
|
+
request.basic_auth identifier, password
|
178
179
|
request["OTP"] = otp if otp
|
179
|
-
request.body = URI.encode_www_form({ name: key_name }.merge(all_params))
|
180
|
+
request.body = Gem::URI.encode_www_form({ name: key_name }.merge(all_params))
|
180
181
|
end
|
181
182
|
|
182
183
|
with_response response do |resp|
|
@@ -294,7 +295,7 @@ module Gem::GemcutterUtilities
|
|
294
295
|
if credentials.empty?
|
295
296
|
request.add_field "Authorization", api_key
|
296
297
|
else
|
297
|
-
request.basic_auth credentials[:
|
298
|
+
request.basic_auth credentials[:identifier], credentials[:password]
|
298
299
|
end
|
299
300
|
end
|
300
301
|
response.is_a?(Gem::Net::HTTPSuccess) ? response.body : nil
|
@@ -309,15 +310,31 @@ module Gem::GemcutterUtilities
|
|
309
310
|
end
|
310
311
|
|
311
312
|
def get_scope_params(scope)
|
312
|
-
scope_params = {}
|
313
|
+
scope_params = { index_rubygems: true }
|
313
314
|
|
314
315
|
if scope
|
315
316
|
scope_params = { scope => true }
|
316
317
|
else
|
317
|
-
say "
|
318
|
-
|
319
|
-
|
320
|
-
|
318
|
+
say "The default access scope is:"
|
319
|
+
scope_params.each do |k, _v|
|
320
|
+
say " #{k}: y"
|
321
|
+
end
|
322
|
+
say "\n"
|
323
|
+
customise = ask_yes_no("Do you want to customise scopes?", false)
|
324
|
+
if customise
|
325
|
+
EXCLUSIVELY_API_SCOPES.each do |excl_scope|
|
326
|
+
selected = ask_yes_no("#{excl_scope} (exclusive scope, answering yes will not prompt for other scopes)", false)
|
327
|
+
next unless selected
|
328
|
+
|
329
|
+
return { excl_scope => true }
|
330
|
+
end
|
331
|
+
|
332
|
+
scope_params = {}
|
333
|
+
|
334
|
+
API_SCOPES.each do |s|
|
335
|
+
selected = ask_yes_no(s.to_s, false)
|
336
|
+
scope_params[s] = true if selected
|
337
|
+
end
|
321
338
|
end
|
322
339
|
say "\n"
|
323
340
|
end
|
@@ -329,11 +346,11 @@ module Gem::GemcutterUtilities
|
|
329
346
|
host == Gem::DEFAULT_HOST
|
330
347
|
end
|
331
348
|
|
332
|
-
def get_user_profile(
|
349
|
+
def get_user_profile(identifier, password)
|
333
350
|
return {} unless default_host?
|
334
351
|
|
335
352
|
response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
|
336
|
-
request.basic_auth
|
353
|
+
request.basic_auth identifier, password
|
337
354
|
end
|
338
355
|
|
339
356
|
with_response response do |resp|
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "../rubygems"
|
4
|
+
|
5
|
+
##
|
6
|
+
# Mixin methods for commands that work with gemspecs.
|
7
|
+
|
8
|
+
module Gem::GemspecHelpers
|
9
|
+
def find_gemspec(glob = "*.gemspec")
|
10
|
+
gemspecs = Dir.glob(glob).sort
|
11
|
+
|
12
|
+
if gemspecs.size > 1
|
13
|
+
alert_error "Multiple gemspecs found: #{gemspecs}, please specify one"
|
14
|
+
terminate_interaction(1)
|
15
|
+
end
|
16
|
+
|
17
|
+
gemspecs.first
|
18
|
+
end
|
19
|
+
end
|
@@ -6,7 +6,7 @@
|
|
6
6
|
# See LICENSE.txt for permissions.
|
7
7
|
#++
|
8
8
|
|
9
|
-
|
9
|
+
require_relative "vendor/uri/lib/uri"
|
10
10
|
require_relative "../rubygems"
|
11
11
|
|
12
12
|
##
|
@@ -17,10 +17,10 @@ module Gem::LocalRemoteOptions
|
|
17
17
|
# Allows Gem::OptionParser to handle HTTP URIs.
|
18
18
|
|
19
19
|
def accept_uri_http
|
20
|
-
Gem::OptionParser.accept URI::HTTP do |value|
|
20
|
+
Gem::OptionParser.accept Gem::URI::HTTP do |value|
|
21
21
|
begin
|
22
|
-
uri = URI.parse value
|
23
|
-
rescue URI::InvalidURIError
|
22
|
+
uri = Gem::URI.parse value
|
23
|
+
rescue Gem::URI::InvalidURIError
|
24
24
|
raise Gem::OptionParser::InvalidArgument, value
|
25
25
|
end
|
26
26
|
|
@@ -88,7 +88,7 @@ module Gem::LocalRemoteOptions
|
|
88
88
|
def add_proxy_option
|
89
89
|
accept_uri_http
|
90
90
|
|
91
|
-
add_option(:"Local/Remote", "-p", "--[no-]http-proxy [URL]", URI::HTTP,
|
91
|
+
add_option(:"Local/Remote", "-p", "--[no-]http-proxy [URL]", Gem::URI::HTTP,
|
92
92
|
"Use HTTP proxy for remote operations") do |value, options|
|
93
93
|
options[:http_proxy] = value == false ? :no_proxy : value
|
94
94
|
Gem.configuration[:http_proxy] = options[:http_proxy]
|
@@ -101,7 +101,7 @@ module Gem::LocalRemoteOptions
|
|
101
101
|
def add_source_option
|
102
102
|
accept_uri_http
|
103
103
|
|
104
|
-
add_option(:"Local/Remote", "-s", "--source URL", URI::HTTP,
|
104
|
+
add_option(:"Local/Remote", "-s", "--source URL", Gem::URI::HTTP,
|
105
105
|
"Append URL to list of remote gem sources") do |source, options|
|
106
106
|
source << "/" unless source.end_with?("/")
|
107
107
|
|
data/lib/rubygems/package.rb
CHANGED
@@ -7,7 +7,6 @@
|
|
7
7
|
|
8
8
|
# rubocop:enable Style/AsciiComments
|
9
9
|
|
10
|
-
require_relative "../rubygems"
|
11
10
|
require_relative "security"
|
12
11
|
require_relative "user_interaction"
|
13
12
|
|
@@ -59,7 +58,7 @@ class Gem::Package
|
|
59
58
|
|
60
59
|
def initialize(message, source = nil)
|
61
60
|
if source
|
62
|
-
@path = source.path
|
61
|
+
@path = source.is_a?(String) ? source : source.path
|
63
62
|
|
64
63
|
message += " in #{path}" if path
|
65
64
|
end
|
@@ -454,7 +453,7 @@ EOM
|
|
454
453
|
|
455
454
|
if entry.file?
|
456
455
|
File.open(destination, "wb") {|out| copy_stream(entry, out) }
|
457
|
-
FileUtils.chmod file_mode(entry.header.mode), destination
|
456
|
+
FileUtils.chmod file_mode(entry.header.mode) & ~File.umask, destination
|
458
457
|
end
|
459
458
|
|
460
459
|
verbose destination
|
@@ -528,12 +527,13 @@ EOM
|
|
528
527
|
# Loads a Gem::Specification from the TarEntry +entry+
|
529
528
|
|
530
529
|
def load_spec(entry) # :nodoc:
|
530
|
+
limit = 10 * 1024 * 1024
|
531
531
|
case entry.full_name
|
532
532
|
when "metadata" then
|
533
|
-
@spec = Gem::Specification.from_yaml entry
|
533
|
+
@spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
|
534
534
|
when "metadata.gz" then
|
535
535
|
Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
|
536
|
-
@spec = Gem::Specification.from_yaml gzio.
|
536
|
+
@spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
|
537
537
|
end
|
538
538
|
end
|
539
539
|
end
|
@@ -557,7 +557,7 @@ EOM
|
|
557
557
|
|
558
558
|
@checksums = gem.seek "checksums.yaml.gz" do |entry|
|
559
559
|
Zlib::GzipReader.wrap entry do |gz_io|
|
560
|
-
Gem::SafeYAML.safe_load gz_io.
|
560
|
+
Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
|
561
561
|
end
|
562
562
|
end
|
563
563
|
end
|
@@ -664,7 +664,7 @@ EOM
|
|
664
664
|
|
665
665
|
case file_name
|
666
666
|
when /\.sig$/ then
|
667
|
-
@signatures[$`] = entry
|
667
|
+
@signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
|
668
668
|
return
|
669
669
|
else
|
670
670
|
digest entry
|
@@ -724,6 +724,12 @@ EOM
|
|
724
724
|
IO.copy_stream(src, dst)
|
725
725
|
end
|
726
726
|
end
|
727
|
+
|
728
|
+
def limit_read(io, name, limit)
|
729
|
+
bytes = io.read(limit + 1)
|
730
|
+
raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
|
731
|
+
bytes
|
732
|
+
end
|
727
733
|
end
|
728
734
|
|
729
735
|
require_relative "package/digest_io"
|
@@ -74,9 +74,9 @@ class Gem::RemoteFetcher
|
|
74
74
|
|
75
75
|
def initialize(proxy=nil, dns=nil, headers={})
|
76
76
|
require_relative "core_ext/tcpsocket_init" if Gem.configuration.ipv4_fallback_enabled
|
77
|
-
require_relative "
|
77
|
+
require_relative "vendored_net_http"
|
78
78
|
require "stringio"
|
79
|
-
|
79
|
+
require_relative "vendor/uri/lib/uri"
|
80
80
|
|
81
81
|
Socket.do_not_reverse_lookup = true
|
82
82
|
|
@@ -135,7 +135,7 @@ class Gem::RemoteFetcher
|
|
135
135
|
|
136
136
|
scheme = source_uri.scheme
|
137
137
|
|
138
|
-
# URI.parse gets confused by MS Windows paths with forward slashes.
|
138
|
+
# Gem::URI.parse gets confused by MS Windows paths with forward slashes.
|
139
139
|
scheme = nil if /^[a-z]$/i.match?(scheme)
|
140
140
|
|
141
141
|
# REFACTOR: split this up and dispatch on scheme (eg download_http)
|
data/lib/rubygems/request.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative "
|
3
|
+
require_relative "vendored_net_http"
|
4
4
|
require_relative "user_interaction"
|
5
5
|
|
6
6
|
class Gem::Request
|
@@ -18,11 +18,11 @@ class Gem::Request
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def self.proxy_uri(proxy) # :nodoc:
|
21
|
-
|
21
|
+
require_relative "vendor/uri/lib/uri"
|
22
22
|
case proxy
|
23
23
|
when :no_proxy then nil
|
24
|
-
when URI::HTTP then proxy
|
25
|
-
else URI.parse(proxy)
|
24
|
+
when Gem::URI::HTTP then proxy
|
25
|
+
else Gem::URI.parse(proxy)
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
@@ -176,7 +176,7 @@ class Gem::Request
|
|
176
176
|
end
|
177
177
|
|
178
178
|
require "uri"
|
179
|
-
uri = URI(Gem::UriFormatter.new(env_proxy).normalize)
|
179
|
+
uri = Gem::URI(Gem::UriFormatter.new(env_proxy).normalize)
|
180
180
|
|
181
181
|
if uri && uri.user.nil? && uri.password.nil?
|
182
182
|
user = ENV["#{downcase_scheme}_proxy_user"] || ENV["#{upcase_scheme}_PROXY_USER"]
|
data/lib/rubygems/request_set.rb
CHANGED
data/lib/rubygems/requirement.rb
CHANGED
@@ -284,6 +284,11 @@ class Gem::Requirement
|
|
284
284
|
def _tilde_requirements
|
285
285
|
@_tilde_requirements ||= _sorted_requirements.select {|r| r.first == "~>" }
|
286
286
|
end
|
287
|
+
|
288
|
+
def initialize_copy(other) # :nodoc:
|
289
|
+
@requirements = other.requirements.dup
|
290
|
+
super
|
291
|
+
end
|
287
292
|
end
|
288
293
|
|
289
294
|
class Gem::Version
|
@@ -30,7 +30,7 @@ class Gem::Resolver::APISet < Gem::Resolver::Set
|
|
30
30
|
def initialize(dep_uri = "https://index.rubygems.org/info/")
|
31
31
|
super()
|
32
32
|
|
33
|
-
dep_uri = URI dep_uri unless URI === dep_uri
|
33
|
+
dep_uri = Gem::URI dep_uri unless Gem::URI === dep_uri
|
34
34
|
|
35
35
|
@dep_uri = dep_uri
|
36
36
|
@uri = dep_uri + ".."
|
@@ -60,7 +60,7 @@ class Gem::Resolver::BestSet < Gem::Resolver::ComposedSet
|
|
60
60
|
|
61
61
|
def replace_failed_api_set(error) # :nodoc:
|
62
62
|
uri = error.original_uri
|
63
|
-
uri = URI uri unless URI === uri
|
63
|
+
uri = Gem::URI uri unless Gem::URI === uri
|
64
64
|
uri += "."
|
65
65
|
|
66
66
|
raise error unless api_set = @sets.find do |set|
|
data/lib/rubygems/resolver.rb
CHANGED
@@ -11,7 +11,7 @@ require_relative "util/list"
|
|
11
11
|
# all the requirements.
|
12
12
|
|
13
13
|
class Gem::Resolver
|
14
|
-
require_relative "
|
14
|
+
require_relative "vendored_molinillo"
|
15
15
|
|
16
16
|
##
|
17
17
|
# If the DEBUG_RESOLVER environment variable is set then debugging mode is
|
@@ -167,7 +167,7 @@ class Gem::Resolver
|
|
167
167
|
reqs
|
168
168
|
end
|
169
169
|
|
170
|
-
include Molinillo::UI
|
170
|
+
include Gem::Molinillo::UI
|
171
171
|
|
172
172
|
def output
|
173
173
|
@output ||= debug? ? $stdout : File.open(IO::NULL, "w")
|
@@ -177,14 +177,14 @@ class Gem::Resolver
|
|
177
177
|
DEBUG_RESOLVER
|
178
178
|
end
|
179
179
|
|
180
|
-
include Molinillo::SpecificationProvider
|
180
|
+
include Gem::Molinillo::SpecificationProvider
|
181
181
|
|
182
182
|
##
|
183
183
|
# Proceed with resolution! Returns an array of ActivationRequest objects.
|
184
184
|
|
185
185
|
def resolve
|
186
|
-
Molinillo::Resolver.new(self, self).resolve(@needed.map {|d| DependencyRequest.new d, nil }).tsort.map(&:payload).compact
|
187
|
-
rescue Molinillo::VersionConflict => e
|
186
|
+
Gem::Molinillo::Resolver.new(self, self).resolve(@needed.map {|d| DependencyRequest.new d, nil }).tsort.map(&:payload).compact
|
187
|
+
rescue Gem::Molinillo::VersionConflict => e
|
188
188
|
conflict = e.conflicts.values.first
|
189
189
|
raise Gem::DependencyResolutionError, Conflict.new(conflict.requirement_trees.first.first, conflict.existing, conflict.requirement)
|
190
190
|
ensure
|
@@ -49,7 +49,7 @@ class Gem::S3URISigner
|
|
49
49
|
string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
|
50
50
|
signature = generate_signature(s3_config, date, string_to_sign)
|
51
51
|
|
52
|
-
URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
|
52
|
+
Gem::URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
|
53
53
|
end
|
54
54
|
|
55
55
|
private
|
@@ -140,7 +140,7 @@ class Gem::S3URISigner
|
|
140
140
|
end
|
141
141
|
|
142
142
|
def ec2_metadata_credentials_json
|
143
|
-
require_relative "
|
143
|
+
require_relative "vendored_net_http"
|
144
144
|
require_relative "request"
|
145
145
|
require_relative "request/connection_pools"
|
146
146
|
require "json"
|
@@ -152,7 +152,7 @@ class Gem::S3URISigner
|
|
152
152
|
end
|
153
153
|
|
154
154
|
def ec2_metadata_request(url)
|
155
|
-
uri = URI(url)
|
155
|
+
uri = Gem::URI(url)
|
156
156
|
@request_pool ||= create_request_pool(uri)
|
157
157
|
request = Gem::Request.new(uri, Gem::Net::HTTP::Get, nil, @request_pool)
|
158
158
|
response = request.fetch
|