diff options
author | Andre Arko <andre@arko.net> | 2014-11-10 20:24:58 -0800 |
---|---|---|
committer | Andre Arko <andre@arko.net> | 2014-11-10 20:24:58 -0800 |
commit | 6ba537fc069a75d473080ba3f724ac2aa06346e4 (patch) | |
tree | 5766e11fef32b62974fe8c58d8cded2433122967 | |
parent | 00a795c763d7a67d40ca868e4ad2a7386d712d3e (diff) | |
parent | 28b3808c7d9c8331f497fc865569c1ab716f58f1 (diff) | |
download | bundler-6ba537fc069a75d473080ba3f724ac2aa06346e4.tar.gz |
Merge tag 'v1.7.5'
Version 1.7.5
Conflicts:
.travis.yml
CHANGELOG.md
lib/bundler/fetcher.rb
lib/bundler/source_list.rb
man/gemfile.5.ronn
spec/bundler/source_list_spec.rb
-rw-r--r-- | CHANGELOG.md | 27 | ||||
-rw-r--r-- | lib/bundler/cli/install.rb | 3 | ||||
-rw-r--r-- | lib/bundler/cli/package.rb | 4 | ||||
-rw-r--r-- | lib/bundler/cli/update.rb | 2 | ||||
-rw-r--r-- | lib/bundler/definition.rb | 58 | ||||
-rw-r--r-- | lib/bundler/fetcher.rb | 11 | ||||
-rw-r--r-- | lib/bundler/source/rubygems.rb | 6 | ||||
-rw-r--r-- | lib/bundler/source_list.rb | 24 | ||||
-rw-r--r-- | lib/bundler/ssl_certs/AddTrustExternalCARoot.pem | 32 | ||||
-rw-r--r-- | lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem | 35 | ||||
-rw-r--r-- | lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem | 31 | ||||
-rw-r--r-- | lib/bundler/ssl_certs/certificate_manager.rb | 6 | ||||
-rw-r--r-- | lib/bundler/version.rb | 2 | ||||
-rw-r--r-- | man/gemfile.5.ronn | 17 | ||||
-rw-r--r-- | spec/bundler/source_list_spec.rb | 12 | ||||
-rw-r--r-- | spec/install/deploy_spec.rb | 13 | ||||
-rw-r--r-- | spec/install/gemfile/path_spec.rb | 20 | ||||
-rw-r--r-- | spec/install/gems/dependency_api_spec.rb | 2 | ||||
-rw-r--r-- | spec/install/gems/simple_case_spec.rb | 17 | ||||
-rw-r--r-- | spec/install/gems/sources_spec.rb | 13 |
20 files changed, 252 insertions, 83 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ada7d5c89..e2ce2019d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,29 @@ Features: - generates a `.consolerc` file with new gems and tries to load it on `bundle console` (@andremedeiros) - tries to find `gems.rb` and it's new counterpart, `gems.locked` (@andremedeiros) +## 1.7.5 (2014-11-10) + +Bugfixes: + + - Fix --deployment with source blocks and non-alphabetical gems (#3224, @tmoore) + - Vendor CA chain to validate new rubygems.org HTTPS certificate (@indirect) + +## 1.7.4 (2014-10-19) + +Bugfixes: + + - Allow --deployment after `pack` while using source blocks (#3167, @tmoore) + - Use dependency API even when HTTP credentials are in ENV (#3191, @fvaleur) + - Silence warnings (including root warning) in --quiet mode (#3186, @indirect) + - Stop asking gem servers for gems already found locally (#2909, @dubek) + +## 1.7.3 (2014-09-14) + +Bugfixes: + + - `extconf.rb` is now generated with the right path for `create_makefile` (@andremedeiros) + - Fix various Ruby warnings (@piotrsanarki, @indirect) + ## 1.7.2 (2014-08-23) Bugfixes: @@ -35,11 +58,11 @@ Security: Features: - Gemfile `source` calls now take a block containing gems from that source (@tmoore) - - added the `:source` option to `gem` to specify a source (@tmoore) + - Added the `:source` option to `gem` to specify a source (@tmoore) Bugfixes: - - warn on ambiguous gems available from more than one source (@tmoore) + - Warn on ambiguous gems available from more than one source (@tmoore) ## 1.6.7 (2014-10-19) diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb index bd80805573..13bf45ad74 100644 --- a/lib/bundler/cli/install.rb +++ b/lib/bundler/cli/install.rb @@ -6,6 +6,8 @@ module Bundler end def run + Bundler.ui.level = "error" if options[:quiet] + warn_if_root if options[:without] @@ -67,7 +69,6 @@ module Bundler Bundler.settings[:no_install] = true if options["no-install"] Bundler.settings[:clean] = options["clean"] if options["clean"] Bundler.settings.without = options[:without] - Bundler.ui.level = "warn" if options[:quiet] Bundler::Fetcher.disable_endpoint = options["full-index"] Bundler.settings[:disable_shared_gems] = Bundler.settings[:path] ? '1' : nil diff --git a/lib/bundler/cli/package.rb b/lib/bundler/cli/package.rb index b2946038c3..5adad44c35 100644 --- a/lib/bundler/cli/package.rb +++ b/lib/bundler/cli/package.rb @@ -7,10 +7,12 @@ module Bundler end def run - Bundler.ui.level = "warn" if options[:quiet] + Bundler.ui.level = "error" if options[:quiet] Bundler.settings[:path] = File.expand_path(options[:path]) if options[:path] + setup_cache_all install + # TODO: move cache contents here now that all bundles are locked custom_path = Pathname.new(options[:path]) if options[:path] Bundler.load.cache(custom_path) diff --git a/lib/bundler/cli/update.rb b/lib/bundler/cli/update.rb index 920221f7d9..dd15de9936 100644 --- a/lib/bundler/cli/update.rb +++ b/lib/bundler/cli/update.rb @@ -7,10 +7,10 @@ module Bundler end def run + Bundler.ui.level = "error" if options[:quiet] sources = Array(options[:source]) groups = Array(options[:group]).map(&:to_sym) - Bundler.ui.level = "warn" if options[:quiet] if gems.empty? && sources.empty? && groups.empty? # We're doing a full update diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index e5b6b24364..3afb53ba9e 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -197,12 +197,12 @@ module Bundler def index @index ||= Index.build do |idx| - dependency_names = @dependencies.dup || [] - dependency_names.map! {|d| d.name } + dependency_names = @dependencies.map { |d| d.name } sources.all_sources.each do |s| - s.dependency_names = dependency_names + s.dependency_names = dependency_names.dup idx.add_source s.specs + s.specs.each { |spec| dependency_names.delete(spec.name) } dependency_names.push(*s.unmet_deps).uniq! end end @@ -298,8 +298,6 @@ module Bundler end def ensure_equivalent_gemfile_and_lockfile(explicit_flag = false) - changes = false - msg = "You are trying to install in deployment mode after changing\n" \ "your Gemfile. Run `bundle install` elsewhere and add the\n" \ "updated Gemfile.lock to version control." @@ -313,7 +311,7 @@ module Bundler deleted = [] changed = [] - gemfile_sources = sources.all_sources + gemfile_sources = sources.lock_sources if @locked_sources != gemfile_sources new_sources = gemfile_sources - @locked_sources deleted_sources = @locked_sources - gemfile_sources @@ -325,32 +323,29 @@ module Bundler if deleted_sources.any? deleted.concat deleted_sources.map { |source| "* source: #{source}" } end - - changes = true end - both_sources = Hash.new { |h,k| h[k] = ["no specified source", "no specified source"] } - @dependencies.each { |d| both_sources[d.name][0] = d.source if d.source } - @locked_deps.each { |d| both_sources[d.name][1] = d.source if d.source } - both_sources.delete_if { |k,v| v[0] == v[1] } + new_deps = @dependencies - @locked_deps + deleted_deps = @locked_deps - @dependencies - if @dependencies != @locked_deps - new_deps = @dependencies - @locked_deps - deleted_deps = @locked_deps - @dependencies + if new_deps.any? + added.concat new_deps.map { |d| "* #{pretty_dep(d)}" } + end - if new_deps.any? - added.concat new_deps.map { |d| "* #{pretty_dep(d)}" } - end + if deleted_deps.any? + deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" } + end - if deleted_deps.any? - deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" } - end + both_sources = Hash.new { |h,k| h[k] = [] } + @dependencies.each { |d| both_sources[d.name][0] = d } + @locked_deps.each { |d| both_sources[d.name][1] = d.source } - both_sources.each do |name, sources| - changed << "* #{name} from `#{sources[0]}` to `#{sources[1]}`" + both_sources.each do |name, (dep, lock_source)| + if (dep.nil? && !lock_source.nil?) || (!dep.nil? && !lock_source.nil? && !lock_source.can_lock?(dep)) + gemfile_source_name = (dep && dep.source) || 'no specified source' + lockfile_source_name = lock_source || 'no specified source' + changed << "* #{name} from `#{gemfile_source_name}` to `#{lockfile_source_name}`" end - - changes = true end msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any? @@ -451,12 +446,11 @@ module Bundler # Get the Rubygems sources from the Gemfile.lock locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) } - # Get the Rubygems sources from the Gemfile - actual_gem_sources = @sources.rubygems_sources + # Get the Rubygems remotes from the Gemfile + actual_remotes = sources.rubygems_remotes # If there is a Rubygems source in both - unless locked_gem_sources.empty? && actual_gem_sources.empty? - actual_remotes = actual_gem_sources.map(&:remotes).flatten.uniq + if !locked_gem_sources.empty? && !actual_remotes.empty? locked_gem_sources.each do |locked_gem| # Merge the remotes from the Gemfile into the Gemfile.lock changes = changes | locked_gem.replace_remotes(actual_remotes) @@ -466,11 +460,9 @@ module Bundler # Replace the sources from the Gemfile with the sources from the Gemfile.lock, # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent # source in the Gemfile.lock, use the one from the Gemfile. - sources.replace_sources!(@locked_sources) - gemfile_sources = sources.all_sources - changes = changes | (Set.new(gemfile_sources) != Set.new(@locked_sources)) + changes = changes | sources.replace_sources!(@locked_sources) - gemfile_sources.each do |source| + sources.all_sources.each do |source| # If the source is unlockable and the current command allows an unlock of # the source (for example, you are doing a `bundle update <foo>` of a git-pinned # gem), unlock it. For git sources, this means to unlock the revision, which diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb index a35ea13517..09e954cd0e 100644 --- a/lib/bundler/fetcher.rb +++ b/lib/bundler/fetcher.rb @@ -236,6 +236,12 @@ module Bundler end def use_api + _use_api(true) + rescue AuthenticationRequiredError + retry_with_auth{_use_api(false)} + end + + def _use_api(reraise_auth_error = false) return @use_api if defined?(@use_api) if @remote_uri.scheme == "file" || Bundler::Fetcher.disable_endpoint @@ -245,6 +251,9 @@ module Bundler end rescue NetworkDownError => e raise HTTPError, e.message + rescue AuthenticationRequiredError => e + raise e if reraise_auth_error + false rescue HTTPError @use_api = false end @@ -289,6 +298,8 @@ module Bundler response.body when Net::HTTPRequestEntityTooLarge raise FallbackError, response.body + when Net::HTTPUnauthorized + raise AuthenticationRequiredError, "#{response.class}: #{response.body}" else raise HTTPError, "#{response.class}: #{response.body}" end diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 28f4cb1a25..532fecba1e 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -53,9 +53,9 @@ module Bundler def to_lock out = "GEM\n" - out << remotes.map { |remote| - " remote: #{suppress_configured_credentials remote}\n" - }.join + remotes.reverse_each do |remote| + out << " remote: #{suppress_configured_credentials remote}\n" + end out << " specs:\n" end diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index e7529f27fa..1b7a20c21a 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -10,7 +10,7 @@ module Bundler @git_sources = [] @svn_sources = [] @rubygems_aggregate = Source::Rubygems.new - @rubygems_sources = [@rubygems_aggregate] + @rubygems_sources = [] end def add_path_source(options = {}) @@ -34,6 +34,14 @@ module Bundler @rubygems_aggregate end + def rubygems_sources + @rubygems_sources + [@rubygems_aggregate] + end + + def rubygems_remotes + rubygems_sources.map(&:remotes).flatten.uniq + end + def all_sources path_sources + git_sources + svn_sources + rubygems_sources end @@ -48,11 +56,21 @@ module Bundler end def replace_sources!(replacement_sources) - [path_sources, git_sources, svn_sources, rubygems_sources].each do |source_list| + return true if replacement_sources.empty? + + [path_sources, git_sources, svn_sources].each do |source_list| source_list.map! do |source| replacement_sources.find { |s| s == source } || source end end + + replacement_rubygems = + replacement_sources.detect { |s| s.is_a?(Source::Rubygems) } + @rubygems_aggregate = replacement_rubygems + + # Return true if there were changes + all_sources.to_set != replacement_sources.to_set || + rubygems_remotes.to_set != replacement_rubygems.remotes.to_set end def cached! @@ -81,7 +99,7 @@ module Bundler end def combine_rubygems_sources - Source::Rubygems.new("remotes" => rubygems_sources.map(&:remotes).flatten.uniq.reverse) + Source::Rubygems.new("remotes" => rubygems_remotes) end end end diff --git a/lib/bundler/ssl_certs/AddTrustExternalCARoot.pem b/lib/bundler/ssl_certs/AddTrustExternalCARoot.pem new file mode 100644 index 0000000000..6fbdf52b17 --- /dev/null +++ b/lib/bundler/ssl_certs/AddTrustExternalCARoot.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow +gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD +VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw +AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 +2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr +ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt +4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq +m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ +vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT +8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE +IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO +KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO +GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ +s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g +JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD +AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 +MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy +bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 +Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ +zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj +Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY +Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 +B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx +PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR +pu/xO28QOG8= +-----END CERTIFICATE----- diff --git a/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem b/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem new file mode 100644 index 0000000000..d81d72a264 --- /dev/null +++ b/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy +MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh +bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh +bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0 +Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6 +ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51 +UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n +c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY +MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz +30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG +BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv +bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB +AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E +T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v +ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p +mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/ +e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps +P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY +dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc +2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG +V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4 +HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX +j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII +0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap +lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf ++AZxAeKCINT+b72x +-----END CERTIFICATE----- diff --git a/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem b/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem new file mode 100644 index 0000000000..178a558bcd --- /dev/null +++ b/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFUzCCBDugAwIBAgIRAPLaUGqN5nvAm5oy7tfh3dEwDQYJKoZIhvcNAQELBQAw +gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD +VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg +Q0EwHhcNMTQxMDE2MDAwMDAwWhcNMTUxMDE2MjM1OTU5WjBcMSEwHwYDVQQLExhE +b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHjAcBgNVBAsTFUVzc2VudGlhbFNTTCBX +aWxkY2FyZDEXMBUGA1UEAxQOKi5ydWJ5Z2Vtcy5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCmL7NyiM3y61Up2cjNJq5ETt7+qKtoiBKVJpYQ8cB/ +jk4tQuZwKF59dq1gAyU6SFf/iUFRYnvfEa/V+FpuyBL7b/jEzI809hVtkSQM+6vR +9Vz9rey4wcBpgEX7vSRimtH7RUCitNF3OZkHc59Ny07q9FgW+rRlvWnL970QlgiT +0o0m3SoJRzqu8zn2ZLtbDARzF3a767Ms6fPm/88cqakNQ9d26aW0yB6Ndgxn7crM +e6LhlrSZo6Ta1WJs+l5umKDhMdJBGMumxkFlnlqZdZxNGBErOlPSFfQGHYfrWzsR +EFf+jPe0+OEHB80JU3yQiNs+nBUxzdHDkKAkcO9p4bKzAgMBAAGjggHZMIIB1TAf +BgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUJiRNFFXU +9am4rs9kxMj9FY98/N4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGy +MQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9D +UFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2Rv +Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j +cmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21v +ZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB +LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1Ud +EQQgMB6CDioucnVieWdlbXMub3JnggxydWJ5Z2Vtcy5vcmcwDQYJKoZIhvcNAQEL +BQADggEBAFFnezsXS+fBqJDiFdwbPkT9Hdn+cc2OqrJTP5GaPH3hnGc1tn5v5QVB ++s0Uuoil/RiLRs4PzRlZiVZN86iY6GLxd8fkoeNMfdaH0i7i0lXJDz/qIdboPfxc +2T0oTBJufxvLCeNOFgl5aKus5HD/mnKoD1hGEOBJjulUwn09n8PMFnXmAnDVZ3Tv +6PltYiH4OadktplNR8oBB55Kn0ffYgIfofL9Mr2iCJlTvxMEpIRAe6NIs2r8InEJ +CnoNbAXUBuqOjgiiYNLvDrv3usj15Yv8xRMn9pyxA14i6HSyf5LwrLWPWhhV3YJ7 +R+n4EAYack3mCZb2TZ8FwoS05OKhbw8= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/lib/bundler/ssl_certs/certificate_manager.rb b/lib/bundler/ssl_certs/certificate_manager.rb index dea184ddc6..1f6a7b093e 100644 --- a/lib/bundler/ssl_certs/certificate_manager.rb +++ b/lib/bundler/ssl_certs/certificate_manager.rb @@ -18,8 +18,10 @@ module Bundler end def up_to_date? - bundler_certs.zip(rubygems_certs).all? do |bc, rc| - File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc) + rubygems_certs.all? do |rc| + bundler_certs.find do |bc| + File.basename(bc) == File.basename(rc) && FileUtils.compare_file(bc, rc) + end end end diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 8374d4110d..5f4f12d8ba 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -2,5 +2,5 @@ module Bundler # We're doing this because we might write tests that deal # with other versions of bundler and we are unsure how to # handle this better. - VERSION = "1.7.2" unless defined?(::Bundler::VERSION) + VERSION = "1.7.5" unless defined?(::Bundler::VERSION) end diff --git a/man/gemfile.5.ronn b/man/gemfile.5.ronn index f56c306da1..7353b5ed4a 100644 --- a/man/gemfile.5.ronn +++ b/man/gemfile.5.ronn @@ -50,23 +50,6 @@ include the credentials in the Gemfile as part of the source URL. Credentials in the source URL will take precedence over credentials set using `config`. -### CREDENTIALS (#credentials) - -Some gem sources require a username and password. Use `bundle config` to set -the username and password for any sources that need it. The command must be run -once on each computer that will install the Gemfile, but this keeps the -credentials from being stored in plain text in version control. - - bundle config https://gems.example.com/ user:password - -For some sources, like a company Gemfury account, it may be easier to simply -include the credentials in the Gemfile as part of the source URL. - - source "https://user:password@gems.example.com" - -Credentials in the source URL will take precedence over credentials set using -`config`. - ## RUBY (#ruby) If your application requires a specific Ruby version or engine, specify your diff --git a/spec/bundler/source_list_spec.rb b/spec/bundler/source_list_spec.rb index dce84c65de..7c422d3dae 100644 --- a/spec/bundler/source_list_spec.rb +++ b/spec/bundler/source_list_spec.rb @@ -335,18 +335,18 @@ describe Bundler::SourceList do end describe "#lock_sources" do - it "combines the rubygems sources into a single instance, removing duplicate remotes from the front" do + it "combines the rubygems sources into a single instance, removing duplicate remotes from the end" do source_list.add_svn_source('uri' => 'svn://second-svn.org/path') source_list.add_git_source('uri' => 'git://third-git.org/path.git') - source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org']) # intentional duplicate + source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org']) source_list.add_path_source('path' => '/third/path/to/gem') - source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org']) + source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org']) source_list.add_path_source('path' => '/second/path/to/gem') source_list.add_rubygems_source('remotes' => ['https://second-rubygems.org']) source_list.add_git_source('uri' => 'git://second-git.org/path.git') - source_list.add_rubygems_source('remotes' => ['https://third-rubygems.org']) + source_list.add_rubygems_source('remotes' => ['https://first-rubygems.org']) source_list.add_path_source('path' => '/first/path/to/gem') - source_list.add_rubygems_source('remotes' => ['https://fourth-rubygems.org']) + source_list.add_rubygems_source('remotes' => ['https://duplicate-rubygems.org']) source_list.add_git_source('uri' => 'git://first-git.org/path.git') source_list.add_svn_source('uri' => 'svn://first-svn.org/path') @@ -360,10 +360,10 @@ describe Bundler::SourceList do Bundler::Source::SVN.new('uri' => 'svn://first-svn.org/path'), Bundler::Source::SVN.new('uri' => 'svn://second-svn.org/path'), Bundler::Source::Rubygems.new('remotes' => [ + 'https://duplicate-rubygems.org', 'https://first-rubygems.org', 'https://second-rubygems.org', 'https://third-rubygems.org', - 'https://fourth-rubygems.org', ]), ] end diff --git a/spec/install/deploy_spec.rb b/spec/install/deploy_spec.rb index 9116a34777..f1e9146093 100644 --- a/spec/install/deploy_spec.rb +++ b/spec/install/deploy_spec.rb @@ -91,6 +91,19 @@ describe "install with --deployment or --frozen" do expect(exitstatus).to eq(0) end + it "works with sources given by a block" do + install_gemfile <<-G + source "file://#{gem_repo1}" do + gem "rack" + end + G + + bundle "install --deployment", :exitstatus => true + + expect(exitstatus).to eq(0) + should_be_installed "rack 1.0" + end + describe "with an existing lockfile" do before do bundle "install" diff --git a/spec/install/gemfile/path_spec.rb b/spec/install/gemfile/path_spec.rb index f36f383877..f88b6aa2a3 100644 --- a/spec/install/gemfile/path_spec.rb +++ b/spec/install/gemfile/path_spec.rb @@ -415,6 +415,26 @@ describe "bundle install with explicit source paths" do end end + describe "when there are both a gemspec and remote gems" do + it "doesn't query rubygems for local gemspec name" do + build_lib "private_lib", "2.2", :path => lib_path("private_lib") + gemfile = <<-G + source "http://localgemserver.test" + gemspec + gem 'rack' + G + File.open(lib_path("private_lib/Gemfile"), "w") {|f| f.puts gemfile } + + Dir.chdir(lib_path("private_lib")) do + bundle :install, :env => {"DEBUG" => 1}, :artifice => "endpoint" + expect(out).to match(/^HTTP GET http:\/\/localgemserver\.test\/api\/v1\/dependencies\?gems=rack$/) + expect(out).not_to match(/^HTTP GET.*private_lib/) + should_be_installed "private_lib 2.2" + should_be_installed "rack 1.0" + end + end + end + describe "gem install hooks" do it "runs pre-install hooks" do build_git "foo" diff --git a/spec/install/gems/dependency_api_spec.rb b/spec/install/gems/dependency_api_spec.rb index 863fb142f9..dc9e01093e 100644 --- a/spec/install/gems/dependency_api_spec.rb +++ b/spec/install/gems/dependency_api_spec.rb @@ -467,6 +467,8 @@ describe "gemcutter's dependency API" do bundle "config #{source_uri}/ #{user}:#{password}" bundle :install, :artifice => "endpoint_strict_basic_authentication" + + expect(out).to include("Fetching gem metadata from #{source_uri}") should_be_installed "rack 1.0.0" end diff --git a/spec/install/gems/simple_case_spec.rb b/spec/install/gems/simple_case_spec.rb index 7fbd9e0e6c..aac70db6cf 100644 --- a/spec/install/gems/simple_case_spec.rb +++ b/spec/install/gems/simple_case_spec.rb @@ -291,7 +291,7 @@ describe "bundle install with gem sources" do G bundle :install, :expect_err => true - expect(out).to match(/Your Gemfile has no gem server sources/i) + expect(out).to include("Your Gemfile has no gem server sources") end it "creates a Gemfile.lock on a blank Gemfile" do @@ -363,23 +363,14 @@ describe "bundle install with gem sources" do end describe "when requesting a quiet install via --quiet" do - it "should be quiet if there are no warnings" do - gemfile <<-G - source "file://#{gem_repo1}" - gem 'rack' - G - - bundle :install, :quiet => true - expect(out).to eq("") - end - - it "should still display warnings" do + it "should be quiet" do gemfile <<-G gem 'rack' G bundle :install, :quiet => true - expect(out).to match(/Your Gemfile has no gem server sources/) + expect(out).to include("Could not find gem 'rack (>= 0) ruby'") + expect(out).to_not include("Your Gemfile has no gem server sources") end end diff --git a/spec/install/gems/sources_spec.rb b/spec/install/gems/sources_spec.rb index d45e25c754..e3ab84c0aa 100644 --- a/spec/install/gems/sources_spec.rb +++ b/spec/install/gems/sources_spec.rb @@ -72,6 +72,7 @@ describe "bundle install with gems on multiple sources" do gemfile <<-G source "file://#{gem_repo3}" source "file://#{gem_repo1}" do + gem "thin" # comes first to test name sorting gem "rack" end gem "rack-obama" # shoud come from repo3! @@ -83,6 +84,18 @@ describe "bundle install with gems on multiple sources" do expect(out).not_to include("Warning") should_be_installed("rack-obama 1.0.0", "rack 1.0.0") end + + it "can cache and deploy" do + bundle :package + + expect(bundled_app("vendor/cache/rack-1.0.0.gem")).to exist + expect(bundled_app("vendor/cache/rack-obama-1.0.gem")).to exist + + bundle "install --deployment", :exitstatus => true + + expect(exitstatus).to eq(0) + should_be_installed("rack-obama 1.0.0", "rack 1.0.0") + end end context "with sources set by an option" do |