diff options
author | Andre Arko <andre@arko.net> | 2015-01-26 18:17:26 -0800 |
---|---|---|
committer | Andre Arko <andre@arko.net> | 2015-01-26 18:17:26 -0800 |
commit | cf87c3196e8373e1883cdbd27c67382ff44be5a2 (patch) | |
tree | c37691829a028cf8b8f7e094849eafff0b6d53e8 | |
parent | a9e047270adcbe7c0399e5553bb3be48b27f8e64 (diff) | |
download | bundler-cf87c3196e8373e1883cdbd27c67382ff44be5a2.tar.gz |
warn or error on multiple primary sources
-rw-r--r-- | lib/bundler/cli/install.rb | 2 | ||||
-rw-r--r-- | lib/bundler/dsl.rb | 20 | ||||
-rw-r--r-- | lib/bundler/source_list.rb | 4 | ||||
-rw-r--r-- | spec/install/gems/sources_spec.rb | 12 |
4 files changed, 36 insertions, 2 deletions
diff --git a/lib/bundler/cli/install.rb b/lib/bundler/cli/install.rb index 43dd40a500..ba712a09d6 100644 --- a/lib/bundler/cli/install.rb +++ b/lib/bundler/cli/install.rb @@ -104,7 +104,7 @@ module Bundler Bundler.ui.error "You should add a source requirement to restrict this gem to your preferred source." Bundler.ui.error "For example:" Bundler.ui.error " gem '#{name}', :source => '#{installed_from_uri}'" - Bundler.ui.error "Then uninstall the gem '#{name}' (or delete all bundled gems) and then install again." + Bundler.ui.error "Then uninstall the gem '#{name}' (or delete all bundled gems) and install again." end if Bundler.settings[:clean] && Bundler.settings[:path] diff --git a/lib/bundler/dsl.rb b/lib/bundler/dsl.rb index e2853e0813..0440a8c949 100644 --- a/lib/bundler/dsl.rb +++ b/lib/bundler/dsl.rb @@ -112,6 +112,7 @@ module Bundler if block_given? with_source(@sources.add_rubygems_source("remotes" => source), &blk) else + check_primary_source_safety(@sources) @sources.add_rubygems_remote(source) end end @@ -303,5 +304,24 @@ module Bundler raise GemfileError, "Unknown source '#{source}'" end end + + def check_primary_source_safety(source) + return unless source.rubygems_primary_remotes.any? + + if Bundler.settings[:disable_multisource] + raise GemspecError, "Warning: this Gemfile contains multiple primary sources. " \ + "Each source after the first must include a block to indicate which gems " \ + "should come from that source. To downgrade this error to a warning, run " \ + "`bundle config --delete disable_multisource`." + else + Bundler.ui.warn "Warning: this Gemfile contains multiple primary sources. " \ + "Using `source` more than once without a block is a security risk, and " \ + "may result in installing unexpected gems. To resolve this warning, use " \ + "a block to indicate which gems should come from the secondary source. " \ + "To upgrade this warning to an error, run `bundle config " \ + "disable_multisource true`." + end + end + end end diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index 49a976ba6a..49efbf7a8e 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -74,6 +74,10 @@ module Bundler all_sources.each(&:remote!) end + def rubygems_primary_remotes + @rubygems_aggregate.remotes + end + private def add_source_to_list(source, list) diff --git a/spec/install/gems/sources_spec.rb b/spec/install/gems/sources_spec.rb index 68f3fd3713..45a742a87f 100644 --- a/spec/install/gems/sources_spec.rb +++ b/spec/install/gems/sources_spec.rb @@ -15,7 +15,7 @@ describe "bundle install with gems on multiple sources" do end end - context "when the same version of the same gem is in multiple sources" do + context "with multiple toplevel sources" do let(:repo3_rack_version) { "1.0.0" } before do @@ -30,10 +30,18 @@ describe "bundle install with gems on multiple sources" do it "warns about ambiguous gems, but installs anyway, prioritizing sources last to first" do bundle :install + expect(out).to include("Warning: this Gemfile contains multiple primary sources.") expect(out).to include("Warning: the gem 'rack' was found in multiple sources.") expect(out).to include("Installed from: file:#{gem_repo1}") should_be_installed("rack-obama 1.0.0", "rack 1.0.0") end + + it "errors when disable_multisource is set" do + bundle "config disable_multisource true" + bundle :install + expect(out).to include("Each source after the first must include a block") + expect(exitstatus).to eq(14) if exitstatus + end end context "when different versions of the same gem are in multiple sources" do @@ -51,6 +59,7 @@ describe "bundle install with gems on multiple sources" do it "warns about ambiguous gems, but installs anyway" do bundle :install + expect(out).to include("Warning: this Gemfile contains multiple primary sources.") expect(out).to include("Warning: the gem 'rack' was found in multiple sources.") expect(out).to include("Installed from: file:#{gem_repo1}") should_be_installed("rack-obama 1.0.0", "rack 1.0.0") @@ -214,6 +223,7 @@ describe "bundle install with gems on multiple sources" do it "installs from the other source and warns about ambiguous gems" do bundle :install + expect(out).to include("Warning: this Gemfile contains multiple primary sources.") expect(out).to include("Warning: the gem 'rack' was found in multiple sources.") expect(out).to include("Installed from: file:#{gem_repo2}") should_be_installed("depends_on_rack 1.0.1", "rack 1.0.0") |