diff options
| -rw-r--r-- | lib/bundler/fetcher/downloader.rb | 11 | ||||
| -rw-r--r-- | lib/bundler/rubygems_ext.rb | 10 | ||||
| -rw-r--r-- | lib/bundler/vendor/compact_index_client/lib/compact_index_client.rb | 29 | ||||
| -rw-r--r-- | lib/bundler/vendor/compact_index_client/lib/compact_index_client/updater.rb | 2 | ||||
| -rw-r--r-- | spec/install/gems/compact_index_spec.rb | 11 |
5 files changed, 59 insertions, 4 deletions
diff --git a/lib/bundler/fetcher/downloader.rb b/lib/bundler/fetcher/downloader.rb index c8d714c05a..ee1aa1a972 100644 --- a/lib/bundler/fetcher/downloader.rb +++ b/lib/bundler/fetcher/downloader.rb @@ -38,6 +38,8 @@ module Bundler end def request(uri, options) + validate_uri_scheme!(uri) + Bundler.ui.debug "HTTP GET #{uri}" req = Net::HTTP::Get.new uri.request_uri, options if uri.user @@ -61,6 +63,15 @@ module Bundler raise HTTPError, "Network error while fetching #{URICredentialsFilter.credential_filtered_uri(uri)}" end end + + private + + def validate_uri_scheme!(uri) + return if uri.scheme =~ /\Ahttps?\z/ + raise InvalidOption, + "The request uri `#{uri}` has an invalid scheme (`#{uri.scheme}`). " \ + "Did you mean `http` or `https`?" + end end end end diff --git a/lib/bundler/rubygems_ext.rb b/lib/bundler/rubygems_ext.rb index 7cd83e631e..53a153e560 100644 --- a/lib/bundler/rubygems_ext.rb +++ b/lib/bundler/rubygems_ext.rb @@ -8,6 +8,16 @@ end require "rubygems" require "rubygems/specification" + +begin + # Possible use in Gem::Specification#source below and require + # shouldn't be deferred. + require "rubygems/source" +rescue LoadError + # Not available before Rubygems 2.0.0, ignore + nil +end + require "bundler/match_platform" module Gem diff --git a/lib/bundler/vendor/compact_index_client/lib/compact_index_client.rb b/lib/bundler/vendor/compact_index_client/lib/compact_index_client.rb index 9ab2722f18..c063c6b4dc 100644 --- a/lib/bundler/vendor/compact_index_client/lib/compact_index_client.rb +++ b/lib/bundler/vendor/compact_index_client/lib/compact_index_client.rb @@ -3,6 +3,12 @@ require "pathname" require "set" class Bundler::CompactIndexClient + DEBUG_MUTEX = Mutex.new + def self.debug + return unless ENV["DEBUG_COMPACT_INDEX"] + DEBUG_MUTEX.synchronize { warn("[#{self}] #{yield}") } + end + class Error < StandardError; end require "bundler/vendor/compact_index_client/lib/compact_index_client/cache" @@ -28,17 +34,20 @@ class Bundler::CompactIndexClient end def names + Bundler::CompactIndexClient.debug { "/names" } update(@cache.names_path, "names") @cache.names end def versions + Bundler::CompactIndexClient.debug { "/versions" } update(@cache.versions_path, "versions") versions, @info_checksums_by_name = @cache.versions versions end def dependencies(names) + Bundler::CompactIndexClient.debug { "dependencies(#{names})" } in_parallel.call(names) do |name| update_info(name) @cache.dependencies(name).map {|d| d.unshift(name) } @@ -46,11 +55,13 @@ class Bundler::CompactIndexClient end def spec(name, version, platform = nil) + Bundler::CompactIndexClient.debug { "spec(name = #{name}, version = #{version}, platform = #{platform})" } update_info(name) @cache.specific_dependency(name, version, platform) end def update_and_parse_checksums! + Bundler::CompactIndexClient.debug { "update_and_parse_checksums!" } return @info_checksums_by_name if @parsed_checksums update(@cache.versions_path, "versions") @info_checksums_by_name = @cache.checksums @@ -60,15 +71,27 @@ class Bundler::CompactIndexClient private def update(local_path, remote_path) - return unless @endpoints.add?(remote_path) + Bundler::CompactIndexClient.debug { "update(#{local_path}, #{remote_path})" } + unless @endpoints.add?(remote_path) + Bundler::CompactIndexClient.debug { "already fetched #{remote_path}" } + return + end @updater.update(local_path, url(remote_path)) end def update_info(name) + Bundler::CompactIndexClient.debug { "update_info(#{name})" } path = @cache.info_path(name) checksum = @updater.checksum_for_file(path) - return unless existing = @info_checksums_by_name[name] - return if checksum == existing + unless existing = @info_checksums_by_name[name] + Bundler::CompactIndexClient.debug { "skipping updating info for #{name} since it is missing from versions" } + return + end + if checksum == existing + Bundler::CompactIndexClient.debug { "skipping updating info for #{name} since the versions checksum matches the local checksum" } + return + end + Bundler::CompactIndexClient.debug { "updating info for #{name} since the versions checksum #{existing} != the local checksum #{checksum}" } update(path, "info/#{name}") end diff --git a/lib/bundler/vendor/compact_index_client/lib/compact_index_client/updater.rb b/lib/bundler/vendor/compact_index_client/lib/compact_index_client/updater.rb index 5c5ba41434..a410dd423c 100644 --- a/lib/bundler/vendor/compact_index_client/lib/compact_index_client/updater.rb +++ b/lib/bundler/vendor/compact_index_client/lib/compact_index_client/updater.rb @@ -50,7 +50,7 @@ class Bundler::CompactIndexClient mode = response.is_a?(Net::HTTPPartialContent) ? "a" : "w" local_temp_path.open(mode) {|f| f << content } - response_etag = response["ETag"] + response_etag = response["ETag"].gsub(%r{\AW/}, "") if etag_for(local_temp_path) == response_etag FileUtils.mv(local_temp_path, local_path) return diff --git a/spec/install/gems/compact_index_spec.rb b/spec/install/gems/compact_index_spec.rb index a800a6ad7b..228d8ddcc9 100644 --- a/spec/install/gems/compact_index_spec.rb +++ b/spec/install/gems/compact_index_spec.rb @@ -696,6 +696,17 @@ The checksum of /versions does not match the checksum provided by the server! So expect(the_bundle).to include_gems "rack 1.0.0" end + it "fails gracefully when the source URI has an invalid scheme" do + install_gemfile <<-G + source "htps://rubygems.org" + gem "rack" + G + expect(exitstatus).to eq(15) if exitstatus + expect(out).to end_with(<<-E.strip) + The request uri `htps://index.rubygems.org/versions` has an invalid scheme (`htps`). Did you mean `http` or `https`? + E + end + describe "checksum validation", :rubygems => ">= 2.3.0" do it "raises when the checksum does not match" do install_gemfile <<-G, :artifice => "compact_index_wrong_gem_checksum" |