rubygems-update 3.3.15 → 3.3.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c8251cdf4ded47257679e20301da2396899478015bbf63592a1e0953949761d
-  data.tar.gz: 6db38aaea1698dac8472f55f7a778c511f0d3807441e0de7af1d1d4ac607188f
+  metadata.gz: f28d959e6c80a1a48380837de462a5d37b8c74ab83db7ddb52c33e923088a819
+  data.tar.gz: 8492c0f957c64cc02e779d7f23b2c925f5be4d79451ae52e39105c6a52bbcfd0
 SHA512:
-  metadata.gz: 933a409f4ecba3a01f5141058d3a2796af6920c098a704471ee5400f98df4f9054520e5cd2d0eab88fe8afc010cff4e9d985d05caf84304d17f2e61403b6eb1e
-  data.tar.gz: 35d232187dde951c88c90e856e304b417b4984c40b6e5409a96bc9456a4bffd9650cdc37aac82c4ae40f83eca108a04bde4ba533e8db0bc29276a054bad659f2
+  metadata.gz: c61d093abdc997d0c015c3323de9404e35e309454fe7541cce731f5a9ed6a46bc9f59aed0cefffad780a2f889e2decd43350562af66cc6ae07a8bc443bdb0c56
+  data.tar.gz: 55306fc3437106fb9f97379219449b50c875f22a80309c675202e8fbde767bf2066b3395a0cae88e7b065d90e0eb1b452340b753eefba1f33b410f6ff14e9666

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+# 3.3.16 / 2022-06-15
+
+## Enhancements:
+
+* Auto-fix and warn gem packages including a gemspec with `require_paths`
+  as an array of arrays. Pull request #5615 by deivid-rodriguez
+* Misc cargo builder improvements. Pull request #5459 by ianks
+* Installs bundler 2.3.16 as a default gem.
+
+## Bug fixes:
+
+* Fix incorrect password redaction when there's an error in `gem source
+  -a`. Pull request #5623 by deivid-rodriguez
+* Fix another regression when loading old marshaled specs. Pull request
+  #5610 by deivid-rodriguez
+
 # 3.3.15 / 2022-06-01
 
 ## Enhancements:

data/Manifest.txt

@@ -383,6 +383,7 @@ lib/rubygems/ext.rb
 lib/rubygems/ext/build_error.rb
 lib/rubygems/ext/builder.rb
 lib/rubygems/ext/cargo_builder.rb
+lib/rubygems/ext/cargo_builder/link_flag_converter.rb
 lib/rubygems/ext/cmake_builder.rb
 lib/rubygems/ext/configure_builder.rb
 lib/rubygems/ext/ext_conf_builder.rb
@@ -424,7 +425,6 @@ lib/rubygems/package/tar_writer.rb
 lib/rubygems/package_task.rb
 lib/rubygems/path_support.rb
 lib/rubygems/platform.rb
-lib/rubygems/psych_additions.rb
 lib/rubygems/psych_tree.rb
 lib/rubygems/query_utils.rb
 lib/rubygems/rdoc.rb
@@ -538,11 +538,12 @@ test/rubygems/child_cert.pem
 test/rubygems/child_cert_32.pem
 test/rubygems/child_key.pem
 test/rubygems/client.pem
+test/rubygems/data/excon-0.7.7.gemspec.rz
 test/rubygems/data/gem-private_key.pem
 test/rubygems/data/gem-public_cert.pem
 test/rubygems/data/null-required-ruby-version.gemspec.rz
 test/rubygems/data/null-required-rubygems-version.gemspec.rz
-test/rubygems/data/null-type.gemspec.rz
+test/rubygems/data/pry-0.4.7.gemspec.rz
 test/rubygems/encrypted_private_key.pem
 test/rubygems/expired_cert.pem
 test/rubygems/fake_certlib/openssl.rb
@@ -649,6 +650,8 @@ test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml
 test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/build.rb
 test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/rust_ruby_example.gemspec
 test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/src/lib.rs
+test/rubygems/test_gem_ext_cargo_builder_link_flag_converter.rb
+test/rubygems/test_gem_ext_cargo_builder_unit.rb
 test/rubygems/test_gem_ext_cmake_builder.rb
 test/rubygems/test_gem_ext_configure_builder.rb
 test/rubygems/test_gem_ext_ext_conf_builder.rb

data/bundler/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 2.3.16 (June 15, 2022)
+
+## Performance:
+
+  - Improve performance of installing gems from gem server sources [#5614](https://github.com/rubygems/rubygems/pull/5614)
+
 # 2.3.15 (June 1, 2022)
 
 ## Enhancements:

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2022-06-01".freeze
-    @git_commit_sha = "e7e41afd92".freeze
+    @built_at = "2022-06-15".freeze
+    @git_commit_sha = "324ee6e542".freeze
     @release = true
     # end ivars
 

data/bundler/lib/bundler/cli/cache.rb

@@ -14,7 +14,7 @@ module Bundler
       Bundler.settings.set_command_option_if_given :cache_path, options["cache-path"]
 
       setup_cache_all
-      install
+      install unless Bundler.settings[:no_install]
 
       # TODO: move cache contents here now that all bundles are locked
       custom_path = Bundler.settings[:path] if options[:path]

data/bundler/lib/bundler/cli/install.rb

@@ -161,8 +161,6 @@ module Bundler
 
       Bundler.settings.set_command_option_if_given :no_prune, options["no-prune"]
 
-      Bundler.settings.set_command_option_if_given :no_install, options["no-install"]
-
       Bundler.settings.set_command_option_if_given :clean, options["clean"]
 
       normalize_groups if options[:without] || options[:with]

data/bundler/lib/bundler/cli.rb

@@ -251,9 +251,7 @@ module Bundler
       remembered_negative_flag_deprecation("no-deployment")
 
       require_relative "cli/install"
-      Bundler.settings.temporary(:no_install => false) do
-        Install.new(options.dup).run
-      end
+      Install.new(options.dup).run
     end
 
     map aliases_for("install")
@@ -299,9 +297,7 @@ module Bundler
     def update(*gems)
       SharedHelpers.major_deprecation(2, "The `--force` option has been renamed to `--redownload`") if ARGV.include?("--force")
       require_relative "cli/update"
-      Bundler.settings.temporary(:no_install => false) do
-        Update.new(options, gems).run
-      end
+      Update.new(options, gems).run
     end
 
     desc "show GEM [OPTIONS]", "Shows all gems that are part of the bundle, or the path to a given gem"

data/bundler/lib/bundler/definition.rb

@@ -255,20 +255,18 @@ module Bundler
     #
     # @return [SpecSet] resolved dependencies
     def resolve
-      @resolve ||= begin
-        if Bundler.frozen_bundle?
-          Bundler.ui.debug "Frozen, using resolution from the lockfile"
-          @locked_specs
-        elsif !unlocking? && nothing_changed?
-          Bundler.ui.debug("Found no changes, using resolution from the lockfile")
-          SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? }))
-        else
-          last_resolve = converge_locked_specs
-          # Run a resolve against the locally available gems
-          Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
-          expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true)
-          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
-        end
+      @resolve ||= if Bundler.frozen_bundle?
+        Bundler.ui.debug "Frozen, using resolution from the lockfile"
+        @locked_specs
+      elsif !unlocking? && nothing_changed?
+        Bundler.ui.debug("Found no changes, using resolution from the lockfile")
+        SpecSet.new(filter_specs(@locked_specs, @dependencies.select {|dep| @locked_specs[dep].any? }))
+      else
+        last_resolve = converge_locked_specs
+        # Run a resolve against the locally available gems
+        Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
+        expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, true)
+        Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
       end
     end
 
@@ -735,12 +733,10 @@ module Bundler
     end
 
     def metadata_dependencies
-      @metadata_dependencies ||= begin
-        [
-          Dependency.new("Ruby\0", RubyVersion.system.gem_version),
-          Dependency.new("RubyGems\0", Gem::VERSION),
-        ]
-      end
+      @metadata_dependencies ||= [
+        Dependency.new("Ruby\0", RubyVersion.system.gem_version),
+        Dependency.new("RubyGems\0", Gem::VERSION),
+      ]
     end
 
     def expand_dependencies(dependencies, remote = false)

data/bundler/lib/bundler/dependency.rb

@@ -9,6 +9,7 @@ module Bundler
     attr_reader :autorequire
     attr_reader :groups, :platforms, :gemfile, :git, :github, :branch, :ref
 
+    # rubocop:disable Naming/VariableNumber
     PLATFORM_MAP = {
       :ruby     => Gem::Platform::RUBY,
       :ruby_18  => Gem::Platform::RUBY,
@@ -91,6 +92,7 @@ module Bundler
       :x64_mingw_30 => Gem::Platform::X64_MINGW,
       :x64_mingw_31 => Gem::Platform::X64_MINGW,
     }.freeze
+    # rubocop:enable Naming/VariableNumber
 
     def initialize(name, version, options = {}, &blk)
       type = options["type"] || :runtime

data/bundler/lib/bundler/dsl.rb

@@ -511,9 +511,7 @@ module Bundler
       #         be raised.
       #
       def contents
-        @contents ||= begin
-          dsl_path && File.exist?(dsl_path) && File.read(dsl_path)
-        end
+        @contents ||= dsl_path && File.exist?(dsl_path) && File.read(dsl_path)
       end
 
       # The message of the exception reports the content of podspec for the

data/bundler/lib/bundler/errors.rb

@@ -41,12 +41,14 @@ module Bundler
   class GemspecError < BundlerError; status_code(14); end
   class InvalidOption < BundlerError; status_code(15); end
   class ProductionError < BundlerError; status_code(16); end
+
   class HTTPError < BundlerError
     status_code(17)
     def filter_uri(uri)
       URICredentialsFilter.credential_filtered_uri(uri)
     end
   end
+
   class RubyVersionMismatch < BundlerError; status_code(18); end
   class SecurityError < BundlerError; status_code(19); end
   class LockfileError < BundlerError; status_code(20); end

data/bundler/lib/bundler/fetcher/base.rb

@@ -19,14 +19,12 @@ module Bundler
       end
 
       def fetch_uri
-        @fetch_uri ||= begin
-          if remote_uri.host == "rubygems.org"
-            uri = remote_uri.dup
-            uri.host = "index.rubygems.org"
-            uri
-          else
-            remote_uri
-          end
+        @fetch_uri ||= if remote_uri.host == "rubygems.org"
+          uri = remote_uri.dup
+          uri.host = "index.rubygems.org"
+          uri
+        else
+          remote_uri
         end
       end
 

data/bundler/lib/bundler/fetcher.rb

@@ -20,6 +20,7 @@ module Bundler
     class TooManyRequestsError < HTTPError; end
     # This error is raised if the API returns a 413 (only printed in verbose)
     class FallbackError < HTTPError; end
+
     # This is the error raised if OpenSSL fails the cert verification
     class CertificateFailureError < HTTPError
       def initialize(remote_uri)
@@ -33,6 +34,7 @@ module Bundler
           " sources and change 'https' to 'http'."
       end
     end
+
     # This is the error raised when a source is HTTPS and OpenSSL didn't load
     class SSLError < HTTPError
       def initialize(msg = nil)
@@ -42,6 +44,7 @@ module Bundler
             "using RVM are available at rvm.io/packages/openssl."
       end
     end
+
     # This error is raised if HTTP authentication is required, but not provided.
     class AuthenticationRequiredError < HTTPError
       def initialize(remote_uri)
@@ -52,6 +55,7 @@ module Bundler
           "or by storing the credentials in the `#{Settings.key_for(remote_uri)}` environment variable"
       end
     end
+
     # This error is raised if HTTP authentication is provided, but incorrect.
     class BadAuthenticationError < HTTPError
       def initialize(remote_uri)

data/bundler/lib/bundler/plugin/api/source.rb

@@ -258,7 +258,7 @@ module Bundler
           @dependencies |= Array(names)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def can_lock?(spec)
           spec.source == self
         end
@@ -285,7 +285,7 @@ module Bundler
         end
         alias_method :identifier, :to_s
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def include?(other)
           other == self
         end
@@ -294,7 +294,7 @@ module Bundler
           SharedHelpers.digest(:SHA1).hexdigest(uri)
         end
 
-        # Note: Do not override if you don't know what you are doing.
+        # NOTE: Do not override if you don't know what you are doing.
         def gem_install_dir
           Bundler.install_path
         end

data/bundler/lib/bundler/resolver.rb

@@ -233,19 +233,17 @@ module Bundler
     # before dependencies that are unconstrained
     def amount_constrained(dependency)
       @amount_constrained ||= {}
-      @amount_constrained[dependency.name] ||= begin
-        if (base = @base[dependency.name]) && !base.empty?
-          dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
-        else
-          all = index_for(dependency).search(dependency.name).size
+      @amount_constrained[dependency.name] ||= if (base = @base[dependency.name]) && !base.empty?
+        dependency.requirement.satisfied_by?(base.first.version) ? 0 : 1
+      else
+        all = index_for(dependency).search(dependency.name).size
 
-          if all <= 1
-            all - 1_000_000
-          else
-            search = search_for(dependency)
-            search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
-            search - all
-          end
+        if all <= 1
+          all - 1_000_000
+        else
+          search = search_for(dependency)
+          search = @prerelease_specified[dependency.name] ? search.count : search.count {|s| !s.version.prerelease? }
+          search - all
         end
       end
     end

data/bundler/lib/bundler/rubygems_gem_installer.rb

@@ -90,6 +90,14 @@ module Bundler
       end
     end
 
+    def spec
+      if Bundler.rubygems.provides?("< 3.3.12") # RubyGems implementation rescues and re-raises errors before 3.3.12 and we don't want that
+        @package.spec
+      else
+        super
+      end
+    end
+
     private
 
     def strict_rm_rf(dir)

data/bundler/lib/bundler/rubygems_integration.rb

@@ -203,20 +203,9 @@ module Bundler
       EXT_LOCK
     end
 
-    def spec_from_gem(path, policy = nil)
-      require "rubygems/security"
-      require "psych"
-      gem_from_path(path, security_policies[policy]).spec
-    rescue Exception, Gem::Exception, Gem::Security::Exception => e # rubocop:disable Lint/RescueException
-      if e.is_a?(Gem::Security::Exception) ||
-          e.message =~ /unknown trust policy|unsigned gem/i ||
-          e.message =~ /couldn't verify (meta)?data signature/i
-        raise SecurityError,
-          "The gem #{File.basename(path, ".gem")} can't be installed because " \
-          "the security policy didn't allow it, with the message: #{e.message}"
-      else
-        raise e
-      end
+    def spec_from_gem(path)
+      require "rubygems/package"
+      Gem::Package.new(path).spec
     end
 
     def build_gem(gem_dir, spec)
@@ -514,13 +503,6 @@ module Bundler
       Gem::RemoteFetcher.new(proxy)
     end
 
-    def gem_from_path(path, policy = nil)
-      require "rubygems/package"
-      p = Gem::Package.new(path)
-      p.security_policy = policy if policy
-      p
-    end
-
     def build(spec, skip_validation = false)
       require "rubygems/package"
       Gem::Package.build(spec, skip_validation)

data/bundler/lib/bundler/source/git.rb

@@ -219,13 +219,11 @@ module Bundler
       # across different projects, this cache will be shared.
       # When using local git repos, this is set to the local repo.
       def cache_path
-        @cache_path ||= begin
-          if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
-            Bundler.user_cache
-          else
-            Bundler.bundle_path.join("cache", "bundler")
-          end.join("git", git_scope)
-        end
+        @cache_path ||= if Bundler.requires_sudo? || Bundler.feature_flag.global_gem_cache?
+          Bundler.user_cache
+        else
+          Bundler.bundle_path.join("cache", "bundler")
+        end.join("git", git_scope)
       end
 
       def app_cache_dirname

data/bundler/lib/bundler/source/rubygems.rb

@@ -139,13 +139,9 @@ module Bundler
         force = options[:force]
         ensure_builtin_gems_cached = options[:ensure_builtin_gems_cached]
 
-        if ensure_builtin_gems_cached && spec.default_gem?
-          if !cached_path(spec)
-            cached_built_in_gem(spec) unless spec.remote
-            force = true
-          else
-            spec.loaded_from = loaded_from(spec)
-          end
+        if ensure_builtin_gems_cached && spec.default_gem? && !cached_path(spec)
+          cached_built_in_gem(spec) unless spec.remote
+          force = true
         end
 
         if installed?(spec) && !force
@@ -153,84 +149,90 @@ module Bundler
           return nil # no post-install message
         end
 
-        # Download the gem to get the spec, because some specs that are returned
-        # by rubygems.org are broken and wrong.
         if spec.remote
           # Check for this spec from other sources
-          uris = [spec.remote.anonymized_uri]
-          uris += remotes_for_spec(spec).map(&:anonymized_uri)
-          uris.uniq!
+          uris = [spec.remote, *remotes_for_spec(spec)].map(&:anonymized_uri).uniq
           Installer.ambiguous_gems << [spec.name, *uris] if uris.length > 1
 
           path = fetch_gem(spec, options[:previous_spec])
-          begin
-            s = Bundler.rubygems.spec_from_gem(path, Bundler.settings["trust-policy"])
-            spec.__swap__(s)
+        else
+          path = cached_gem(spec)
+          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
+        end
+
+        if requires_sudo?
+          install_path = Bundler.tmp(spec.full_name)
+          bin_path     = install_path.join("bin")
+        else
+          install_path = rubygems_dir
+          bin_path     = Bundler.system_bindir
+        end
+
+        Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
+
+        require_relative "../rubygems_gem_installer"
+
+        installer = Bundler::RubyGemsGemInstaller.at(
+          path,
+          :security_policy     => Bundler.rubygems.security_policies[Bundler.settings["trust-policy"]],
+          :install_dir         => install_path.to_s,
+          :bin_dir             => bin_path.to_s,
+          :ignore_dependencies => true,
+          :wrappers            => true,
+          :env_shebang         => true,
+          :build_args          => options[:build_args],
+          :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
+          :bundler_extension_cache_path => extension_cache_path(spec)
+        )
+
+        if spec.remote
+          s = begin
+            installer.spec
           rescue Gem::Package::FormatError
             Bundler.rm_rf(path)
             raise
+          rescue Gem::Security::Exception => e
+            raise SecurityError,
+             "The gem #{File.basename(path, ".gem")} can't be installed because " \
+             "the security policy didn't allow it, with the message: #{e.message}"
           end
+
+          spec.__swap__(s)
         end
 
-        unless Bundler.settings[:no_install]
-          message = "Installing #{version_message(spec, options[:previous_spec])}"
-          message += " with native extensions" if spec.extensions.any?
-          Bundler.ui.confirm message
+        message = "Installing #{version_message(spec, options[:previous_spec])}"
+        message += " with native extensions" if spec.extensions.any?
+        Bundler.ui.confirm message
 
-          path = cached_gem(spec)
-          raise GemNotFound, "Could not find #{spec.file_name} for installation" unless path
-          if requires_sudo?
-            install_path = Bundler.tmp(spec.full_name)
-            bin_path     = install_path.join("bin")
-          else
-            install_path = rubygems_dir
-            bin_path     = Bundler.system_bindir
-          end
+        installed_spec = installer.install
+
+        spec.full_gem_path = installed_spec.full_gem_path
+        spec.loaded_from = installed_spec.loaded_from
 
-          Bundler.mkdir_p bin_path, :no_sudo => true unless spec.executables.empty? || Bundler.rubygems.provides?(">= 2.7.5")
-
-          require_relative "../rubygems_gem_installer"
-
-          installed_spec = Bundler::RubyGemsGemInstaller.at(
-            path,
-            :install_dir         => install_path.to_s,
-            :bin_dir             => bin_path.to_s,
-            :ignore_dependencies => true,
-            :wrappers            => true,
-            :env_shebang         => true,
-            :build_args          => options[:build_args],
-            :bundler_expected_checksum => spec.respond_to?(:checksum) && spec.checksum,
-            :bundler_extension_cache_path => extension_cache_path(spec)
-          ).install
-          spec.full_gem_path = installed_spec.full_gem_path
-
-          # SUDO HAX
-          if requires_sudo?
-            Bundler.rubygems.repository_subdirectories.each do |name|
-              src = File.join(install_path, name, "*")
-              dst = File.join(rubygems_dir, name)
-              if name == "extensions" && Dir.glob(src).any?
-                src = File.join(src, "*/*")
-                ext_src = Dir.glob(src).first
-                ext_src.gsub!(src[0..-6], "")
-                dst = File.dirname(File.join(dst, ext_src))
-              end
-              SharedHelpers.filesystem_access(dst) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+        # SUDO HAX
+        if requires_sudo?
+          Bundler.rubygems.repository_subdirectories.each do |name|
+            src = File.join(install_path, name, "*")
+            dst = File.join(rubygems_dir, name)
+            if name == "extensions" && Dir.glob(src).any?
+              src = File.join(src, "*/*")
+              ext_src = Dir.glob(src).first
+              ext_src.gsub!(src[0..-6], "")
+              dst = File.dirname(File.join(dst, ext_src))
             end
+            SharedHelpers.filesystem_access(dst) do |p|
+              Bundler.mkdir_p(p)
+            end
+            Bundler.sudo "cp -R #{src} #{dst}" if Dir[src].any?
+          end
 
-            spec.executables.each do |exe|
-              SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
-                Bundler.mkdir_p(p)
-              end
-              Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
+          spec.executables.each do |exe|
+            SharedHelpers.filesystem_access(Bundler.system_bindir) do |p|
+              Bundler.mkdir_p(p)
             end
+            Bundler.sudo "cp -R #{install_path}/bin/#{exe} #{Bundler.system_bindir}/"
           end
-          installed_spec.loaded_from = loaded_from(spec)
         end
-        spec.loaded_from = loaded_from(spec)
 
         spec.post_install_message
       ensure
@@ -348,10 +350,6 @@ module Bundler
         end
       end
 
-      def loaded_from(spec)
-        "#{rubygems_dir}/specifications/#{spec.full_name}.gemspec"
-      end
-
       def cached_gem(spec)
         if spec.default_gem?
           cached_built_in_gem(spec)
@@ -364,10 +362,14 @@ module Bundler
         global_cache_path = download_cache_path(spec)
         @caches << global_cache_path if global_cache_path
 
-        possibilities = @caches.map {|p| "#{p}/#{spec.file_name}" }
+        possibilities = @caches.map {|p| package_path(p, spec) }
         possibilities.find {|p| File.exist?(p) }
       end
 
+      def package_path(cache_path, spec)
+        "#{cache_path}/#{spec.file_name}"
+      end
+
       def normalize_uri(uri)
         uri = uri.to_s
         uri = "#{uri}/" unless uri =~ %r{/$}
@@ -459,12 +461,11 @@ module Bundler
       end
 
       def fetch_gem(spec, previous_spec = nil)
-        return false unless spec.remote
-
         spec.fetch_platform
 
         cache_path = download_cache_path(spec) || default_cache_path_for(rubygems_dir)
-        gem_path = "#{cache_path}/#{spec.file_name}"
+        gem_path = package_path(cache_path, spec)
+        return gem_path if File.exist?(gem_path)
 
         if requires_sudo?
           download_path = Bundler.tmp(spec.full_name)
@@ -482,7 +483,7 @@ module Bundler
           SharedHelpers.filesystem_access(cache_path) do |p|
             Bundler.mkdir_p(p)
           end
-          Bundler.sudo "mv #{download_cache_path}/#{spec.file_name} #{gem_path}"
+          Bundler.sudo "mv #{package_path(download_cache_path, spec)} #{gem_path}"
         end
 
         gem_path

data/bundler/lib/bundler/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: false
 
 module Bundler
-  VERSION = "2.3.15".freeze
+  VERSION = "2.3.16".freeze
 
   def self.bundler_major_version
     @bundler_major_version ||= VERSION.split(".").first.to_i

data/lib/rubygems/commands/install_command.rb

@@ -261,7 +261,7 @@ You can use `i` command instead of `install`.
       return unless Gem::SourceFetchProblem === x
 
       require_relative "../uri"
-      msg = "Unable to pull data from '#{Gem::Uri.new(x.source.uri).redacted}': #{x.error.message}"
+      msg = "Unable to pull data from '#{Gem::Uri.redact(x.source.uri)}': #{x.error.message}"
 
       alert_warning msg
     end