By the time `cached_gem` is called, default gem cache has already been
handled. So no need to try redownload it again, it's enough to check the
cache location directly.
70e10236b6
For backwards compatibility, make sure default gems are still used as a
last resort when materializing, in case no remote, cached, or installed
specs are found.
93788f689f
Even if all gems are properly installed and no resolve is needed, we
recently started always reading all packages in `vendor/cache` and
extracting specifications from them.
This commit fixes the problem by longer making considering cached specs
the default and only enable them when a resolve is actually needed.
edeb2c42bf
If a gem is specified in the Gemfile (or resolved as a transitive
dependency), it's always resolved from remote/installed sources. Default
gems are only used as a fallback for gems not included in the bundle.
I believe this leads to more consistent behavior and more portable apps,
since all gems will be installed to the configured bundle path,
regardless of whether they are default gems or not.
091b4fcf2b
Gem::RemoteFetcher uses Gem::Request, which adds the RubyGems UA.
Gem::RemoteFetcher is used to download gems, as well as the full index.
We would like the bundler UA to be used whenever bundler is making
requests.
This PR also avoids unsafely mutating the headers hash on the shared
`Gem::RemoteFetcher.fetcher` instance, which could cause corruption or
incorrect headers when making parallel requests. Instead, we create one
remote fetcher per rubygems remote, which is similar to the connection
segregation bundler is already doing
f0e8dacdec
Improve error reporting for checksums, raises a new error class.
Solve for multi-source checksum errors.
Add CHECKSUMS to tool/bundler/(dev|standard|rubocop)26_gems.rb
26ceee0e76
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
86c7084e1c
When @allow_cached is true, @allow_local is always true,
therefore, the #installed_specs will always be merged after #cached_specs
is called. This makes starting with installed_specs.dup redundant.
When #cached_specs is called because @allow_remote is true and
@allow_cached is false, then installed_specs will be added after
cached_specs based on @allow_local.
We never need to add installed_specs here, so don't.
49b38f9750
Rename Index#use(override = true) to #merge!
Rename Index @all_specs to @duplicates, it is not actually all specs.
@duplicates only holds specs that would have been overridden during a call to
Index#use or Index#merge!
Reduced dupes in @duplicates by not double adding the new spec to the
index and the @duplicates during #merge!
Reduce Array creation by using specialized methods when the one result
or no results are needed from the search.
47e91125db
If a legacy multi remote Gemfile depends transitively on a default gem,
then in standalone mode we'd fail to fetch the proper version from the
source that includes it, since we were adding it to `specs` (instead of
`remote_specs`), which was already including the default version of the
gem, and thus preventing the remote version from "overwriting that" and
being added to the index. We should add it to the `remote_specs` index
directly instead.
05f4f9dfc0
On legacy Gemfiles with multiple remote sources, where all of them
support the compact index API, we were still falling back to full
indexes.
Fixing this also allows to simplifying the code.
b1357c8e72
It's the only part that needs "root folder resultion" to figure out the
folder for the cache, but it's only needed for some things, so run that
logic lazily when needed.
c7b9eae0bc
If Gemfile has a lot of dependencies, we have an optimization that uses
the full index in that case, assuming it's going to be faster.
I think this is an old optimization that predates compact index API
times, I believe we no longer need it these days.
Also, since a few releases ago we check for circular dependencies when
resolving by looping through all versions of each name and removing
those that have circular dependencies that would trip up the resolver.
This loop becomes actually very slow when full indexes are used because
to find dependencies of a gemspec, we need to explicitly fetch the
marshaled gemspec (`gemspec.rz` endpoint) for it, so the optimization
has the opposite effect of making things very slow.
2f46289bd3
This is a regression from cf749f8ffa. The
funny thing is that we have a spec for this feature, so it was unclear
how we regressed here. It turns out there was a bug in one of our
negative matchers checking that gems ARE NOT included in a bundle.
This commit fixes the bug in the negative matcher and reverts
cf749f8ffa (with a slightly simpler diff).
3f9a4ff32a
Previously we would instantiate two different packages and extract the
specification from the package twice for each gem installed. We can
reuse the installer for this so that we just need to do it once.
e454f850b1
