From bbf74cfd9ea5f92365fef93d22f245f2e5c3dfdf Mon Sep 17 00:00:00 2001 From: Jeff Taggart Date: Sat, 12 Jul 2014 15:14:09 -0600 Subject: Fix unknown constant error When the binstubs command loads, cli/common is not loaded which causes it to error out when a gem is not present --- lib/bundler/cli/binstubs.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/bundler/cli/binstubs.rb b/lib/bundler/cli/binstubs.rb index 05cad4d1..d5ff5b68 100644 --- a/lib/bundler/cli/binstubs.rb +++ b/lib/bundler/cli/binstubs.rb @@ -1,3 +1,5 @@ +require "bundler/cli/common" + module Bundler class CLI::Binstubs attr_reader :options, :gems -- cgit v1.2.3 From fd314d49916e74d49715c1a8d490c8ce894a585f Mon Sep 17 00:00:00 2001 From: Yorick Peterse Date: Tue, 1 Apr 2014 20:18:27 +0200 Subject: Use ThreadWorker on Rubinius. Rubinius doesn't have a GIL and has proper support for threading. As such Bundler can use the ThreadWorker class instead of the UnixWorker class. --- lib/bundler/parallel_workers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/bundler/parallel_workers.rb b/lib/bundler/parallel_workers.rb index 3071b49a..b28f6304 100644 --- a/lib/bundler/parallel_workers.rb +++ b/lib/bundler/parallel_workers.rb @@ -8,7 +8,7 @@ module Bundler autoload :ThreadWorker, "bundler/parallel_workers/thread_worker" def self.worker_pool(size, job) - if Bundler.current_ruby.mswin? || Bundler.current_ruby.jruby? + if Bundler.current_ruby.mswin? || Bundler.current_ruby.jruby? || Bundler.current_ruby.rbx? ThreadWorker.new(size, job) else UnixWorker.new(size, job) -- cgit v1.2.3 From 579d78d3e953a49e3bbfd12c8ead6809508b4a42 Mon Sep 17 00:00:00 2001 From: Lars Haugseth Date: Wed, 28 May 2014 13:06:18 +0200 Subject: Don't include configured source credentials in lockfile. Conflicts: CHANGELOG.md --- CHANGELOG.md | 1 + lib/bundler/source/rubygems.rb | 13 ++++++++++++- spec/lock/lockfile_spec.rb | 25 +++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/CHANGELOG.md b/CHANGELOG.md index fc4376ee..89f32c86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ Bugfixes: - fix undefined constant error when can't find gem during binstubs (#3095, @jetaggart) + - don't store configured source credentials in Gemfile.lock (#3045, @lhz) ## 1.6.3 (2014-06-16) diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 5ca35c83..238804be 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -50,7 +50,9 @@ module Bundler def to_lock out = "GEM\n" - out << remotes.map {|r| " remote: #{r}\n" }.join + out << remotes.map { |remote| + " remote: #{suppress_configured_credentials remote}\n" + }.join out << " specs:\n" end @@ -183,6 +185,15 @@ module Bundler uri end + def suppress_configured_credentials(remote) + remote_nouser = remote.tap { |uri| uri.user = uri.password = nil }.to_s + if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser] + remote_nouser + else + remote + end + end + def fetch_specs # remote_specs usually generates a way larger Index than the other # sources, and large_idx.use small_idx is way faster than diff --git a/spec/lock/lockfile_spec.rb b/spec/lock/lockfile_spec.rb index 779fd1c6..ef016c2c 100644 --- a/spec/lock/lockfile_spec.rb +++ b/spec/lock/lockfile_spec.rb @@ -70,6 +70,31 @@ describe "the lockfile format" do G end + it "generates a lockfile wihout credentials for a configured source" do + bundle "config http://localgemserver.test/ user:pass" + + install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true) + source "http://localgemserver.test/" + + gem "rack-obama", ">= 1.0" + G + + lockfile_should_be <<-G + GEM + remote: http://localgemserver.test/ + specs: + rack (1.0.0) + rack-obama (1.0) + rack + + PLATFORMS + #{generic(Gem::Platform.local)} + + DEPENDENCIES + rack-obama (>= 1.0) + G + end + it "generates lockfiles with multiple requirements" do install_gemfile <<-G source "file://#{gem_repo1}" -- cgit v1.2.3 From 8ee4d86d9c43155ed83b7778e6b5bd34e08921a1 Mon Sep 17 00:00:00 2001 From: James Harton Date: Tue, 13 May 2014 11:34:17 +1200 Subject: Stop @parndt from getting so many contributions in his graph. The lovely and brilliant @parndt goes around sending PR's to enable syntax highlighting for this line of the README. I'm heading him off at the pass. :heart: --- lib/bundler/templates/newgem/README.md.tt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/bundler/templates/newgem/README.md.tt b/lib/bundler/templates/newgem/README.md.tt index 65ee3fe5..8a65988c 100644 --- a/lib/bundler/templates/newgem/README.md.tt +++ b/lib/bundler/templates/newgem/README.md.tt @@ -6,7 +6,9 @@ TODO: Write a gem description Add this line to your application's Gemfile: - gem '<%=config[:name]%>' +```ruby +gem '<%=config[:name]%>' +``` And then execute: -- cgit v1.2.3 From 70c4ecd9d90286278fa10ed34a93a486699b277c Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Mon, 5 May 2014 08:39:56 -0700 Subject: depend on rake 10.x, semantically makes rubygems happy --- lib/bundler/templates/newgem/newgem.gemspec.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/bundler/templates/newgem/newgem.gemspec.tt b/lib/bundler/templates/newgem/newgem.gemspec.tt index cc5109b1..74d253ec 100644 --- a/lib/bundler/templates/newgem/newgem.gemspec.tt +++ b/lib/bundler/templates/newgem/newgem.gemspec.tt @@ -22,7 +22,7 @@ Gem::Specification.new do |spec| spec.require_paths = ["lib"] spec.add_development_dependency "bundler", "~> <%= Bundler::VERSION.split(".")[0..1].join(".") %>" - spec.add_development_dependency "rake" + spec.add_development_dependency "rake", "~> 10.0" <% if config[:ext] -%> spec.add_development_dependency "rake-compiler" <% end -%> -- cgit v1.2.3 From b4a39e8cc408aca7669bdb7bd86600df4ae47122 Mon Sep 17 00:00:00 2001 From: Matijs van Zuijlen Date: Sun, 20 Apr 2014 11:19:52 +0200 Subject: Skip non-local dependencies more rigourously --- lib/bundler/definition.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index d843c00b..527c021d 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -580,6 +580,7 @@ module Bundler deps = [] dependencies.each do |dep| dep = Dependency.new(dep, ">= 0") unless dep.respond_to?(:name) + next unless remote || dep.current_platform? dep.gem_platforms(@platforms).each do |p| deps << DepProxy.new(dep, p) if remote || p == generic(Gem::Platform.local) end -- cgit v1.2.3 From 23cdaeb4c0e3133cce881ab4b5ed9e7a7a5635cf Mon Sep 17 00:00:00 2001 From: tiredpixel Date: Sat, 10 May 2014 14:34:37 +0100 Subject: Slashify .gitignore template. Without the initial `/` all such matches within the repo get ignored, and without the trailing slash files as well as directories of that name get ignored. e.g. Specifying `tmp` as well as `test/tmp` without slashes is redundant, as `tmp` already ignores `test/tmp`, as well as every other `tmp` and `tmp/`. --- lib/bundler/templates/newgem/gitignore.tt | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/bundler/templates/newgem/gitignore.tt b/lib/bundler/templates/newgem/gitignore.tt index 31cafb5d..f4ef65f8 100644 --- a/lib/bundler/templates/newgem/gitignore.tt +++ b/lib/bundler/templates/newgem/gitignore.tt @@ -1,20 +1,20 @@ *.gem *.rbc -.bundle -.config -.yardoc -Gemfile.lock -InstalledFiles -_yardoc -coverage -doc/ -lib/bundler/man -pkg -rdoc -spec/reports -test/tmp -test/version_tmp -tmp +/.bundle/ +/.config +/.yardoc/ +/Gemfile.lock +/InstalledFiles +/_yardoc/ +/coverage/ +/doc/ +/lib/bundler/man/ +/pkg/ +/rdoc/ +/spec/reports/ +/test/tmp/ +/test/version_tmp/ +/tmp/ *.bundle *.so *.o -- cgit v1.2.3 From 27f4c77e1de8ca8b51a472d709d1f92b1e3c662b Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sat, 10 May 2014 14:33:20 -0700 Subject: yardoc is a config file --- lib/bundler/templates/newgem/gitignore.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/bundler/templates/newgem/gitignore.tt b/lib/bundler/templates/newgem/gitignore.tt index f4ef65f8..e9d4e167 100644 --- a/lib/bundler/templates/newgem/gitignore.tt +++ b/lib/bundler/templates/newgem/gitignore.tt @@ -2,7 +2,7 @@ *.rbc /.bundle/ /.config -/.yardoc/ +/.yardoc /Gemfile.lock /InstalledFiles /_yardoc/ -- cgit v1.2.3 From d195fd18619eea7dedbaf24652fa74bd3706eab6 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sat, 10 May 2014 14:34:10 -0700 Subject: stop ignoring overly-specific things if you need to ignore these things, you should either put them in your user-wide ignore (like .rbc), or you need to add them to your particular gem, but not to every gem that exists --- lib/bundler/templates/newgem/gitignore.tt | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lib') diff --git a/lib/bundler/templates/newgem/gitignore.tt b/lib/bundler/templates/newgem/gitignore.tt index e9d4e167..ae3fdc29 100644 --- a/lib/bundler/templates/newgem/gitignore.tt +++ b/lib/bundler/templates/newgem/gitignore.tt @@ -1,19 +1,11 @@ -*.gem -*.rbc /.bundle/ -/.config /.yardoc /Gemfile.lock -/InstalledFiles /_yardoc/ /coverage/ /doc/ -/lib/bundler/man/ /pkg/ -/rdoc/ /spec/reports/ -/test/tmp/ -/test/version_tmp/ /tmp/ *.bundle *.so -- cgit v1.2.3 From 5e3a3eaeb847b6b9dcf3ab6d09e6c907c276a38d Mon Sep 17 00:00:00 2001 From: Andre Medeiros Date: Tue, 13 May 2014 21:10:52 +0100 Subject: Hardcode the list of options for `bundle install --trust-policy` The reasoning behind this is that OpenSSL gets loaded up in a situation where we just want to show the help banner for the install command. Seen as the security policies on the rubygems repo haven't been changed in over two years, it's safe to just hardcode the values, thus generally speeding up Bundler commands, most notably in JRuby. Closes #2950 Conflicts: lib/bundler/cli.rb --- lib/bundler/cli.rb | 3 +-- lib/bundler/rubygems_integration.rb | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/bundler/cli.rb b/lib/bundler/cli.rb index df54c47f..c3e5d8b4 100644 --- a/lib/bundler/cli.rb +++ b/lib/bundler/cli.rb @@ -136,8 +136,7 @@ module Bundler "Run bundle clean automatically after install" method_option "trust-policy", :alias => "P", :type => :string, :banner => "Gem trust policy (like gem install -P). Must be one of " + - Bundler.rubygems.security_policies.keys.join('|') unless - Bundler.rubygems.security_policies.empty? + Bundler.rubygems.security_policy_keys.join('|') method_option "jobs", :aliases => "-j", :type => :numeric, :banner => "Specify the number of jobs to run in parallel" diff --git a/lib/bundler/rubygems_integration.rb b/lib/bundler/rubygems_integration.rb index b994f2bf..04e6f4ee 100644 --- a/lib/bundler/rubygems_integration.rb +++ b/lib/bundler/rubygems_integration.rb @@ -202,6 +202,10 @@ module Bundler fetcher.download(spec, uri, path) end + def security_policy_keys + %w{High Medium Low No}.map { |level| "#{level}Security" } + end + def security_policies @security_policies ||= begin require 'rubygems/security' -- cgit v1.2.3 From fa9faf2983f0bf21908f6344977f9e163738f63c Mon Sep 17 00:00:00 2001 From: Andre Medeiros Date: Tue, 13 May 2014 21:24:42 +0100 Subject: Add AlmostNoSecurity to trust-policy and fix doc links to Rubygems. --- lib/bundler/rubygems_integration.rb | 2 +- man/bundle-install.ronn | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/bundler/rubygems_integration.rb b/lib/bundler/rubygems_integration.rb index 04e6f4ee..e73c2020 100644 --- a/lib/bundler/rubygems_integration.rb +++ b/lib/bundler/rubygems_integration.rb @@ -203,7 +203,7 @@ module Bundler end def security_policy_keys - %w{High Medium Low No}.map { |level| "#{level}Security" } + %w{High Medium Low AlmostNo No}.map { |level| "#{level}Security" } end def security_policies diff --git a/man/bundle-install.ronn b/man/bundle-install.ronn index 87a4d668..a4448333 100644 --- a/man/bundle-install.ronn +++ b/man/bundle-install.ronn @@ -91,8 +91,9 @@ update process below under [CONSERVATIVE UPDATING][]. * `--trust-policy=[]`: Apply the Rubygems security policy named , where policy is one of - HighSecurity, MediumSecurity, LowSecurity, or NoSecurity. For more detail, - see the Rubygems signing documentation, linked below in [SEE ALSO][]. + HighSecurity, MediumSecurity, LowSecurity, AlmostNoSecurity, or NoSecurity. + For more detail, see the Rubygems signing documentation, linked below in + [SEE ALSO][]. * `--jobs=[]`: Install gems parallely by starting number of parallel workers. @@ -367,5 +368,5 @@ does not work, run [bundle update(1)][bundle-update]. ## SEE ALSO -* Gem install docs: http://docs.rubygems.org/read/chapter/2 -* Rubygems signing docs: http://docs.rubygems.org/read/chapter/21 +* Gem install docs: http://guides.rubygems.org/rubygems-basics/#installing-gems +* Rubygems signing docs: http://guides.rubygems.org/security/ -- cgit v1.2.3 From bc40de3f76ca8a1139ca8e07ff842a0226dcdd9d Mon Sep 17 00:00:00 2001 From: Patrick Mahoney Date: Mon, 14 Jul 2014 12:52:49 -0500 Subject: Support read-only git gems (fixes #3092) --- lib/bundler/source/git.rb | 5 +++-- spec/runtime/setup_spec.rb | 8 ++++++++ spec/support/helpers.rb | 14 ++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/bundler/source/git.rb b/lib/bundler/source/git.rb index ee435b8a..1f720f53 100644 --- a/lib/bundler/source/git.rb +++ b/lib/bundler/source/git.rb @@ -79,11 +79,12 @@ module Bundler def install_path @install_path ||= begin git_scope = "#{base_name}-#{shortref_for_path(revision)}" + path = Bundler.install_path.join(git_scope) - if Bundler.requires_sudo? + if !path.exist? && Bundler.requires_sudo? Bundler.user_bundle_path.join(Bundler.ruby_scope).join(git_scope) else - Bundler.install_path.join(git_scope) + path end end end diff --git a/spec/runtime/setup_spec.rb b/spec/runtime/setup_spec.rb index 2d355a32..4b10cf57 100644 --- a/spec/runtime/setup_spec.rb +++ b/spec/runtime/setup_spec.rb @@ -385,6 +385,14 @@ describe "Bundler.setup" do end end end + + it "finds git gem when default bundle path becomes read only" do + bundle "install" + + with_read_only("#{Bundler.bundle_path}/**/*") do + should_be_installed "rack 1.0.0" + end + end end describe "when specifying local override" do diff --git a/spec/support/helpers.rb b/spec/support/helpers.rb index 9c157838..db1a785e 100644 --- a/spec/support/helpers.rb +++ b/spec/support/helpers.rb @@ -341,5 +341,19 @@ module Spec ensure $stdout = actual_stdout end + + def with_read_only(pattern) + chmod = lambda do |dirmode, filemode| + lambda do |f| + mode = File.directory?(f) ? dirmode : filemode + File.chmod(mode, f) + end + end + + Dir[pattern].each(&chmod[0555, 0444]) + yield + ensure + Dir[pattern].each(&chmod[0755, 0644]) + end end end -- cgit v1.2.3 From 7fce490d0b1b1ea92c1a94cfac55c88dc678a485 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Thu, 17 Jul 2014 22:42:33 -0700 Subject: Version 1.6.4 with changelog --- CHANGELOG.md | 7 ++++++- lib/bundler/version.rb | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f32c86..bfedb0e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,14 @@ -## 1.6.4 +## 1.6.4 (2014-07-17) Bugfixes: - fix undefined constant error when can't find gem during binstubs (#3095, @jetaggart) + - work when installed git gems are not writable (#3092, @pmahoney) - don't store configured source credentials in Gemfile.lock (#3045, @lhz) + - don't include config source credentials in the lockfile (Lars Haugseth) + - use threads for jobs on Rubinius (@YorickPeterse) + - skip dependencies from other platforms (@mvz) + - work when Rubygems was built without SSL (@andremedeiros) ## 1.6.3 (2014-06-16) diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 398a6629..fc8e643d 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -2,5 +2,5 @@ module Bundler # We're doing this because we might write tests that deal # with other versions of bundler and we are unsure how to # handle this better. - VERSION = "1.6.3" unless defined?(::Bundler::VERSION) + VERSION = "1.6.4" unless defined?(::Bundler::VERSION) end -- cgit v1.2.3