1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
|
require "digest/sha1"
module Bundler
class Definition
include GemHelpers
attr_reader :dependencies, :platforms, :sources
def self.build(gemfile, lockfile, unlock)
unlock ||= {}
gemfile = Pathname.new(gemfile).expand_path
unless gemfile.file?
raise GemfileNotFound, "#{gemfile} not found"
end
Dsl.evaluate(gemfile, lockfile, unlock)
end
=begin
How does the new system work?
===
* Load information from Gemfile and Lockfile
* Invalidate stale locked specs
* All specs from stale source are stale
* All specs that are reachable only through a stale
dependency are stale.
* If all fresh dependencies are satisfied by the locked
specs, then we can try to resolve locally.
=end
def initialize(lockfile, dependencies, sources, unlock)
@dependencies, @sources, @unlock = dependencies, sources, unlock
@remote = false
@specs = nil
@lockfile_contents = ""
if lockfile && File.exists?(lockfile)
@lockfile_contents = Bundler.read_file(lockfile)
locked = LockfileParser.new(@lockfile_contents)
@platforms = locked.platforms
if unlock != true
@locked_deps = locked.dependencies
@locked_specs = SpecSet.new(locked.specs)
@locked_sources = locked.sources
else
@unlock = {}
@locked_deps = []
@locked_specs = SpecSet.new([])
@locked_sources = []
end
else
@unlock = {}
@platforms = []
@locked_deps = []
@locked_specs = SpecSet.new([])
@locked_sources = []
end
@unlock[:gems] ||= []
@unlock[:sources] ||= []
current_platform = Gem.platforms.map { |p| generic(p) }.compact.last
@new_platform = !@platforms.include?(current_platform)
@platforms |= [current_platform]
eager_unlock = expand_dependencies(@unlock[:gems])
@unlock[:gems] = @locked_specs.for(eager_unlock).map { |s| s.name }
converge_sources
converge_dependencies
end
def resolve_with_cache!
raise "Specs already loaded" if @specs
@sources.each { |s| s.cached! }
specs
end
def resolve_remotely!
raise "Specs already loaded" if @specs
@remote = true
@sources.each { |s| s.remote! }
specs
end
def specs
@specs ||= begin
specs = resolve.materialize(requested_dependencies)
unless specs["bundler"].any?
local = Bundler.settings[:frozen] ? rubygems_index : index
bundler = local.search(Gem::Dependency.new('bundler', VERSION)).last
specs["bundler"] = bundler if bundler
end
specs
end
end
def new_specs
specs - @locked_specs
end
def removed_specs
@locked_specs - specs
end
def new_platform?
@new_platform
end
def missing_specs
missing = []
resolve.materialize(requested_dependencies, missing)
missing
end
def requested_specs
@requested_specs ||= begin
groups = self.groups - Bundler.settings.without
groups.map! { |g| g.to_sym }
specs_for(groups)
end
end
def current_dependencies
dependencies.reject { |d| !d.should_include? }
end
def specs_for(groups)
deps = dependencies.select { |d| (d.groups & groups).any? }
deps.delete_if { |d| !d.should_include? }
specs.for(expand_dependencies(deps))
end
def resolve
@resolve ||= begin
if Bundler.settings[:frozen]
@locked_specs
else
last_resolve = converge_locked_specs
source_requirements = {}
dependencies.each do |dep|
next unless dep.source
source_requirements[dep.name] = dep.source.specs
end
# Run a resolve against the locally available gems
last_resolve.merge Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve)
end
end
end
def index
@index ||= Index.build do |idx|
@sources.each do |s|
idx.use s.specs(@dependencies)
end
end
end
def rubygems_index
@rubygems_index ||= Index.build do |idx|
@sources.find_all{|s| s.is_a?(Source::Rubygems) }.each do |s|
idx.use s.specs
end
end
end
def no_sources?
@sources.length == 1 && @sources.first.remotes.empty?
end
def groups
dependencies.map { |d| d.groups }.flatten.uniq
end
def lock(file)
contents = to_lock
return if @lockfile_contents == contents
if Bundler.settings[:frozen]
# TODO: Warn here if we got here.
return
end
# Convert to \r\n if the existing lock has them
# i.e., Windows with `git config core.autocrlf=true`
contents.gsub!(/\n/, "\r\n") if @lockfile_contents.match("\r\n")
File.open(file, 'wb'){|f| f.puts(contents) }
end
def to_lock
out = ""
sorted_sources.each do |source|
# Add the source header
out << source.to_lock
# Find all specs for this source
resolve.
select { |s| s.source == source }.
# This needs to be sorted by full name so that
# gems with the same name, but different platform
# are ordered consistantly
sort_by { |s| s.full_name }.
each do |spec|
next if spec.name == 'bundler'
out << spec.to_lock
end
out << "\n"
end
out << "PLATFORMS\n"
platforms.map { |p| p.to_s }.sort.each do |p|
out << " #{p}\n"
end
out << "\n"
out << "DEPENDENCIES\n"
handled = []
dependencies.
sort_by { |d| d.name }.
each do |dep|
next if handled.include?(dep.name)
out << dep.to_lock
handled << dep.name
end
out
end
def ensure_equivalent_gemfile_and_lockfile
changes = false
msg = "You have modified your Gemfile in development but did not check\n" \
"the resulting snapshot (Gemfile.lock) into version control"
added = []
deleted = []
changed = []
if @locked_sources != @sources
new_sources = @sources - @locked_sources
deleted_sources = @locked_sources - @sources
if new_sources.any?
added.concat new_sources.map { |source| "* source: #{source}" }
end
if deleted_sources.any?
deleted.concat deleted_sources.map { |source| "* source: #{source}" }
end
changes = true
end
both_sources = Hash.new { |h,k| h[k] = ["no specified source", "no specified source"] }
@dependencies.each { |d| both_sources[d.name][0] = d.source if d.source }
@locked_deps.each { |d| both_sources[d.name][1] = d.source if d.source }
both_sources.delete_if { |k,v| v[0] == v[1] }
if @dependencies != @locked_deps
new_deps = @dependencies - @locked_deps
deleted_deps = @locked_deps - @dependencies
if new_deps.any?
added.concat new_deps.map { |d| "* #{pretty_dep(d)}" }
end
if deleted_deps.any?
deleted.concat deleted_deps.map { |d| "* #{pretty_dep(d)}" }
end
both_sources.each do |name, sources|
changed << "* #{name} from `#{sources[0]}` to `#{sources[1]}`"
end
changes = true
end
msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
raise ProductionError, msg if added.any? || deleted.any? || changed.any?
end
private
def pretty_dep(dep, source = false)
msg = "#{dep.name}"
msg << " (#{dep.requirement})" unless dep.requirement == Gem::Requirement.default
msg << " from the `#{dep.source}` source" if source && dep.source
msg
end
def converge_sources
locked_gem = @locked_sources.find { |s| Source::Rubygems === s }
actual_gem = @sources.find { |s| Source::Rubygems === s }
if locked_gem && actual_gem
locked_gem.merge_remotes actual_gem
end
@sources.map! do |source|
@locked_sources.find { |s| s == source } || source
end
@sources.each do |source|
source.unlock! if source.respond_to?(:unlock!) && @unlock[:sources].include?(source.name)
end
end
def converge_dependencies
(@dependencies + @locked_deps).each do |dep|
if dep.source
dep.source = @sources.find { |s| dep.source == s }
end
end
end
# Remove elements from the locked specs that are expired. This will most
# commonly happen if the Gemfile has changed since the lockfile was last
# generated
def converge_locked_specs
deps = []
# Build a list of dependencies that are the same in the Gemfile
# and Gemfile.lock. If the Gemfile modified a dependency, but
# the gem in the Gemfile.lock still satisfies it, this is fine
# too.
@dependencies.each do |dep|
locked_dep = @locked_deps.find { |d| dep == d }
if in_locked_deps?(dep, locked_dep) || satisfies_locked_spec?(dep)
deps << dep
elsif dep.source.is_a?(Source::Path) && dep.current_platform? && (!locked_dep || dep.source != locked_dep.source)
@locked_specs.each do |s|
@unlock[:gems] << s.name if s.source == dep.source
end
dep.source.unlock! if dep.source.respond_to?(:unlock!)
dep.source.specs.each { |s| @unlock[:gems] << s.name }
end
end
converged = []
@locked_specs.each do |s|
s.source = @sources.find { |src| s.source == src }
# Don't add a spec to the list if its source is expired. For example,
# if you change a Git gem to Rubygems.
next if s.source.nil? || @unlock[:sources].include?(s.name)
# If the spec is from a path source and it doesn't exist anymore
# then we just unlock it.
# Path sources have special logic
if s.source.instance_of?(Source::Path)
other = s.source.specs[s].first
# If the spec is no longer in the path source, unlock it. This
# commonly happens if the version changed in the gemspec
next unless other
# If the dependencies of the path source have changed, unlock it
next unless s.dependencies.sort == other.dependencies.sort
end
converged << s
end
resolve = SpecSet.new(converged)
resolve = resolve.for(expand_dependencies(deps, true), @unlock[:gems])
diff = @locked_specs.to_a - resolve.to_a
# Now, we unlock any sources that do not have anymore gems pinned to it
@sources.each do |source|
next unless source.respond_to?(:unlock!)
unless resolve.any? { |s| s.source == source }
source.unlock! if !diff.empty? && diff.any? { |s| s.source == source }
end
end
resolve
end
def in_locked_deps?(dep, d)
d && dep.source == d.source
end
def satisfies_locked_spec?(dep)
@locked_specs.any? { |s| s.satisfies?(dep) && (!dep.source || s.source == dep.source) }
end
def expanded_dependencies
@expanded_dependencies ||= expand_dependencies(dependencies, @remote)
end
def expand_dependencies(dependencies, remote = false)
deps = []
dependencies.each do |dep|
dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name)
dep.gem_platforms(@platforms).each do |p|
deps << DepProxy.new(dep, p) if remote || p == generic(Gem::Platform.local)
end
end
deps
end
def sorted_sources
@sources.sort_by do |s|
# Place GEM at the top
[ s.is_a?(Source::Rubygems) ? 1 : 0, s.to_s ]
end
end
def requested_dependencies
groups = self.groups - Bundler.settings.without
groups.map! { |g| g.to_sym }
dependencies.reject { |d| !d.should_include? || (d.groups & groups).empty? }
end
end
end
|