Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.
This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users. [Feature #9758]
The rationale is that:
* The change has caused realworld issues. See for example
https://github.com/ruby/did_you_mean/issues/117 and specifically [this
comment](https://github.com/ruby/did_you_mean/issues/117#issuecomment-482733159)
for a great explanation of the issue it caused for `did_you_mean`.
* The change also causes problems for our development workflows. For
example, because of it, our `bundler` specs cannot currently be run with
`bin/rake` and we have to use `bin/rspec` or `bin/parallel_spec`
directly. The explanation for this is:
- Our specs install test dependencies to `tmp` before running specs.
- `rake` is one of these test dependencies.
- Before installing each test dependency, we check whether it has
matching installed specs: 2bbcdcde08/bundler/spec/support/rubygems_ext.rb (L109-L114).
- Normally, if `rake` has not yet been installed to `tmp`, this check
fails and `rake` is installed, but since the loaded specs are now
added to `Gem::Specification.stubs` and `rake`'s specification _is_
loaded because we're running through `bin/rake`, the check incorrectly
assumes that `rake` is already installed to `tmp` and skips
installation.
- At a later point the specs check whether `rake` is actually
installed and fail if it's not: 2bbcdcde08/bundler/spec/support/builders.rb (L372-L383)
Essentially, both of the issues are the same. If at runtime we change
the location of gems, we'll _want_ to not consider loaded specifications
when dealing with the new gem location, because the loaded
specifications have not been loaded from there. Loaded specifications is
something different from installed stub specifications and those should
not be mixed.
The PR still seemed to have fixed an issue, so I did my archaeology job
and investigated the original issue to double check if reverting is ok.
The logs for the original error can be found here:
https://ci.appveyor.com/project/rubygems/rubygems/build/1172/job/ogubyucpljcv22ux.
So I installed ruby 2.4.4, checked out the commit reference before the
offending PR, and the exact error reproduced. 🎉
```
$ rake test
/home/deivid/Code/rubygems/lib/rubygems/resolver.rb:231:in `search_for': Unable to resolve dependency: user requested 'bundler (= 1.16.2)' (Gem::UnsatisfiableDependencyError)
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:283:in `block in sort_dependencies'
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:277:in `each'
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:277:in `sort_by'
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:277:in `with_index'
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:277:in `sort_dependencies'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/specification_provider.rb:52:in `block in sort_dependencies'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/specification_provider.rb:69:in `with_no_such_dependency_error_handling'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/specification_provider.rb:51:in `sort_dependencies'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb:165:in `initial_state'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb:106:in `start_resolution'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb:64:in `resolve'
from /home/deivid/Code/rubygems/lib/rubygems/resolver/molinillo/lib/molinillo/resolver.rb:42:in `resolve'
from /home/deivid/Code/rubygems/lib/rubygems/resolver.rb:188:in `resolve'
from /home/deivid/Code/rubygems/lib/rubygems/request_set.rb:396:in `resolve'
from /home/deivid/Code/rubygems/lib/rubygems/request_set.rb:408:in `resolve_current'
from /home/deivid/Code/rubygems/lib/rubygems.rb:243:in `finish_resolve'
from /home/deivid/Code/rubygems/lib/rubygems/rdoc.rb:13:in `<top (required)>'
from /home/deivid/Code/rubygems/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /home/deivid/Code/rubygems/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /home/deivid/Code/rubygems/lib/rubygems/test_case.rb:1563:in `<top (required)>'
from /home/deivid/Code/rubygems/test/rubygems/test_bundled_ca.rb:2:in `require'
from /home/deivid/Code/rubygems/test/rubygems/test_bundled_ca.rb:2:in `<top (required)>'
from /home/deivid/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/rake-12.0.0/lib/rake/rake_test_loader.rb:15:in `require'
from /home/deivid/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/rake-12.0.0/lib/rake/rake_test_loader.rb:15:in `block in <main>'
from /home/deivid/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/rake-12.0.0/lib/rake/rake_test_loader.rb:4:in `select'
from /home/deivid/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/rake-12.0.0/lib/rake/rake_test_loader.rb:4:in `<main>'
rake aborted!
Command failed with status (1)
Tasks: TOP => test
```
Now the explanation of the error:
* Rubygems base `TestCase` class requires `bundler` because some tests
use `bundler`:
2bbcdcde08/lib/rubygems/test_case.rb (L26)
* That `require` (our custom rubygems require) would activate the
default bundler spec (1.16.1 for ruby 2.4.4) but then overwrite it with
a 1.16.2 version (the locally provided bundler those days) due to [this
old
hack](9f7bf0ac3a/lib/bundler/version.rb (L7-L23)).
* Rubygems base `TestCase` class requires `rubygems/rdoc`:
2bbcdcde08/lib/rubygems/test_case.rb (L1536)
* And that file ends up calling `Gem.finish_resolve`:
2bbcdcde08/lib/rubygems/rdoc.rb (L13)
* `Gem.finish_resolve` adds the currently loaded specs to the
resolution:
2bbcdcde08/lib/rubygems.rb (L235)
* That means it would try to resolve bundler 1.16.2, but no
specification for that version was installed since the default was
1.16.1. That explains why upgrading to rubygems 2.7.7 fixed the issue,
since it provided bundler 1.16.2 by default so there was not bundler
version discrepancy.
After understanding the error, I conclude that:
* Only this part of the original patch was actually needed to resolve
the error, not any of the changes in `Gem::Specification.stubs` and
`Gem::Specification.stubs_for`:
```diff
diff --git a/lib/rubygems/test_case.rb b/lib/rubygems/test_case.rb
index f1cd3d274c..92c848e870 100644
--- a/lib/rubygems/test_case.rb
+++ b/lib/rubygems/test_case.rb
@@ -13,6 +13,15 @@ else
require 'rubygems'
end
+# If bundler gemspec exists, add to stubs
+bundler_gemspec = File.expand_path("../../../bundler/bundler.gemspec", __FILE__)
+if File.exist?(bundler_gemspec)
+ Gem::Specification.dirs.unshift File.dirname(bundler_gemspec)
+ Gem::Specification.class_variable_set :@@stubs, nil
+ Gem::Specification.stubs
+ Gem::Specification.dirs.shift
+end
+
begin
gem 'minitest'
rescue Gem::LoadError
```
So, I propose to revert adding loaded specification to
`Gem::Specification.stubs` and `Gem::Specification.stubs_for` because I
think it's safe, it fixes the issues caused by their addition, and it
simplifies `Gem::Specification` code, which is already complicated
enough.
https://github.com/rubygems/rubygems/commit/5269cd617c
Originally, the call to `.stubs_for` allowed to incrementally populate
the `@@stubs_by_name` (especially see the `"#{name}-*.gemspec"` pattern
in 4fa03bb7aac9f25f44394e818433fdda9962ae8d). Now it looks like it
expects that all stubs are loaded, but the `.stubs_for` still matches
the .gemspec files by the `name` pattern:
6d45e0f7ac/lib/rubygems/specification.rb (L845)
I think this was done by mistake incrementally by PR #1239 and
4cee8ca9199ac7b3ab8647e0b78615f55d3eb02b. I think the best option is to
get back to the original implementation, to let RubyGems incrementally
populate the array. Other option would be to replace the logic in
`.stub_for` by call to `.stubs`, but the means the performance
improvement from the original commit was lost.
https://github.com/rubygems/rubygems/commit/4d0e18185a
By default, the `Zlib::GzipFile::Error` does not include the actual data
that was not in gzip format that caused the error.
However, its `#inspect` method includes it.
I think this can be helpful to troubleshoot errors.
https://github.com/rubygems/rubygems/commit/11c8717133
This is a default gem on jruby, which ships with a rubygems plugin,
which prints warnings all over the place during our tests.
This plugin is unnecessary from our tests, so I disable it through the
`JARS_SKIP` environment variable provided by this gem.
https://github.com/rubygems/rubygems/commit/0aabbcf269
This requirement was introduced 14 years ago in
7ce7039b390440754954df5efea619e9f57ef823, and I don't think it's
necessary anymore. I made several tests introducing UTF-8 characters in
gemspec files and generating indexes out of them, and couldn't find any
issues. Gemspecs are read with UTF-8 encoding these days.
To make tests more deterministic, since `Dir.tmpdir` sometimes will
return the current directory dependending on the writability of other
paths, and in that case since the current directory is changed by our
tests, tests can fail.
Force a local tmp folder instead, which will always be writable.
https://github.com/rubygems/rubygems/commit/3e522bac65
In ruby 2.7.0, there's a slight change in bundler's default gemspec file
where the executable folder of the bundler gem is `libexec` instead of
`exe`. I made that change in https://github.com/ruby/ruby/pull/2380 to
try to simplify the integration of the `bundler` gem with upstream,
minimizing the number of changes that need to be made to the gemspec to
adapt to the structure of ruby-core.
That worked ok, expected for this issue. The new name of the folder
including the executable files uncovered a bug in rubygems, which is the
following:
* In order to be able to use newer versions of default gems, `rubygems`
ships with a customized `require` that has knowledge about which files
belong to which default gem. If one of these files is required,
`rubygems` will detect that and activate its gem mechanism to choose the
newest version of the corresponding default gem present in the system
(unless a different version has already been activated). It's this part
of the custom require:
ea3e6f194d/lib/rubygems/core_ext/kernel_require.rb (L77-L85)
* In order to do that, `rubygems` registers a map of default gems and
their files when it is first required:
ea3e6f194d/lib/rubygems.rb (L1247-L1276)
As explained in the method's header, two types of default gem
specifications are supported. One of the formats is the style used by
some ruby-core gemspec files, where paths inside the `spec.files` array
don't include the `spec.require_paths` part. So in this "old style", if
a gem ships with a `lib/bundler.rb` file, it will be registered in this
array as `spec.files = ["bundler.rb"]`, not as `spec.files =
["lib/bundler.rb"]`. The `Gem.register_default_spec` method "detects"
this style by making sure that none of the files in the `spec.files`
array start with any of the `spec.require_paths`.
* Since in ruby 2.7 the default specification file of the `bundler` gem
includes a `libexec/bundle` file, this check would no longer work
correctly, because even though the specification file is still "old
style", it has one registered file which starts with "lib", one of the
"require paths" of the gem.
* This means that the gem is incorrectly detected as "new style", but
since none of the paths start with "lib/", no files are actually
registered, so the gem is not being considered a default gem, and thus
the default version is always used with no possibility of being
"upgraded".
The fix of the problem is simple: check that no files start with `lib/`
(or any other require paths), instead of with "lib" which doesn't
exclude other potential "non requirable folder" starting with lib, like
in the `bundler` case.
https://github.com/rubygems/rubygems/commit/94df740c2b
This is not detected by the `Performance/StringReplacement` cop, I guess
because of using constants. But still seems like a good change.
Co-authored-by: MSP-Greg <MSP-Greg@users.noreply.github.com>
https://github.com/rubygems/rubygems/commit/f862103133
Currently `gem uninstall --all` shows the following incorrect message
after completion:
```
INFO: Uninstalled all gems in
```
Now it shows something that actually makes sense like:
```
INFO: Uninstalled all gems in /home/deivid/Code/rubygems/tmp/test_rubygems_6986/gemhome
```
https://github.com/rubygems/rubygems/commit/8fa05e8f8c
`@host` _could_ be `nil` at this point, but only if all the conditions
above for setting `@host` were `nil`. In that case, it is guaranteed
to `default_gem_server` metadata is `nil` since it's one of the
branches in that condition. So this code would just be setting an
already `nil` variable to `nil`. Hence, not needed.
https://github.com/rubygems/rubygems/commit/e3ccff3c5c
This block was a branch and variable heavy way of saying use the
user-provided host if available, or fall-back to the default host if
none of the other options match. IMO the resultant single-if condition
is clearer in intentions
https://github.com/rubygems/rubygems/commit/42dbb71cfa
When installing in parallel, bundler creates several `Gem::Installer`
instances that run in parallel. These installers access the `@@all` class
variable of `Gem::Specification` concurrently.
If a concurrent thread calls `Gem::Specification.reset` (resetting
`@all` to `nil`) while another thread is running
`Gem::Specification._all` or another method that expects `@@all` to be
loaded and not `nil`, that can result in `Enumerable` methods being
called on `nil`, resulting in crashes.
I fix it by protecting the other concurrent access to the `@all`
variable.
https://github.com/rubygems/rubygems/commit/58b343c530
aycabta
Hiroshi SHIBATA
Nobuyoshi Nakada
Kazuhiro NISHIYAMA
Stephen Touset
Yuki Nishijima
David Rodríguez
Vít Ondruch
Samuel Williams
bronzdoc
Thomas McDonald
Josef Šimánek
Dmytro Shyrshov