ruby-changes:39720
From: hsbt <ko1@a...>
Date: Wed, 9 Sep 2015 07:47:00 +0900 (JST)
Subject: [ruby-changes:39720] hsbt:r51801 (trunk): * lib/rubygems: Update to RubyGems HEAD(fe61e4c112).
hsbt 2015-09-09 07:46:43 +0900 (Wed, 09 Sep 2015) New Revision: 51801 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51801 Log: * lib/rubygems: Update to RubyGems HEAD(fe61e4c112). this version contains new feature that warn invalid SPDX license identifiers. https://github.com/rubygems/rubygems/pull/1249 and #1032, #1023, #1332, #1328, #1306, #1321, #1324 * test/rubygems: ditto. Added files: trunk/lib/rubygems/util/licenses.rb Modified files: trunk/ChangeLog trunk/lib/rubygems/commands/sources_command.rb trunk/lib/rubygems/commands/update_command.rb trunk/lib/rubygems/remote_fetcher.rb trunk/lib/rubygems/request_set/gem_dependency_api.rb trunk/lib/rubygems/request_set/lockfile/parser.rb trunk/lib/rubygems/request_set/lockfile/tokenizer.rb trunk/lib/rubygems/specification.rb trunk/lib/rubygems/test_case.rb trunk/lib/rubygems.rb trunk/test/rubygems/test_config.rb trunk/test/rubygems/test_gem.rb trunk/test/rubygems/test_gem_remote_fetcher.rb trunk/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb trunk/test/rubygems/test_gem_specification.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 51800) +++ ChangeLog (revision 51801) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Sep 9 07:46:32 2015 SHIBATA Hiroshi <hsbt@r...> + + * lib/rubygems: Update to RubyGems HEAD(fe61e4c112). + this version contains new feature that warn invalid SPDX license + identifiers. https://github.com/rubygems/rubygems/pull/1249 + and #1032, #1023, #1332, #1328, #1306, #1321, #1324 + * test/rubygems: ditto. + Tue Sep 8 23:17:36 2015 Yuki Nishijima <mail@y...> * gems/bundled_gems: Upgrade the did_you_mean gem to 1.0.0.beta2. Index: lib/rubygems/specification.rb =================================================================== --- lib/rubygems/specification.rb (revision 51800) +++ lib/rubygems/specification.rb (revision 51801) @@ -563,7 +563,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L563 # Ideally you should pick one that is OSI (Open Source Initiative) # http://opensource.org/licenses/alphabetical approved. # - # The most commonly used OSI approved licenses are BSD-3-Clause and MIT. + # The most commonly used OSI approved licenses are MIT and Apache-2.0. # GitHub also provides a license picker at http://choosealicense.com/. # # You should specify a license for your gem so that people know how they are @@ -592,7 +592,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L592 # See #license= for more discussion # # Usage: - # spec.licenses = ['MIT', 'GPL-2'] + # spec.licenses = ['MIT', 'GPL-2.0'] def licenses= licenses @licenses = Array licenses @@ -619,6 +619,10 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L619 # ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin12.4.0] # #<Gem::Version "2.0.0.247"> # + # Because patch-level is taken into account, be very careful specifying using + # `<=`: `<= 2.2.2` will not match any patch-level of 2.2.2 after the `p0` + # release. It is much safer to specify `< 2.2.3` instead + # # Usage: # # # This gem will work with 1.8.6 or greater... @@ -626,6 +630,9 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L630 # # # Only with ruby 2.0.x # spec.required_ruby_version = '~> 2.0' + # + # # Only with ruby between 2.2.0 and 2.2.2 + # spec.required_ruby_version = ['>= 2.2.0', '< 2.2.3'] def required_ruby_version= req @required_ruby_version = Gem::Requirement.create req @@ -1000,7 +1007,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L1007 def self.find_by_path path stub = stubs.find { |spec| - spec.contains_requirable_file? path + spec.contains_requirable_file? path if spec } stub && stub.to_spec end @@ -1011,7 +1018,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L1018 def self.find_inactive_by_path path stub = stubs.find { |s| - s.contains_requirable_file? path unless s.activated? + s.contains_requirable_file? path unless s.nil? || s.activated? } stub && stub.to_spec end @@ -1023,7 +1030,7 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L1030 # TODO: do we need these?? Kill it specs = unresolved_deps.values.map { |dep| dep.to_specs }.flatten - specs.find_all { |spec| spec.contains_requirable_file? path } + specs.find_all { |spec| spec.contains_requirable_file? path if spec } end ## @@ -2712,11 +2719,18 @@ class Gem::Specification < Gem::BasicSpe https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L2719 raise Gem::InvalidSpecificationException, "each license must be 64 characters or less" end + + if !Gem::Licenses::IDENTIFIERS.include?(license) && !license.eql?(Gem::Licenses::NONSTANDARD) + warning <<-warning +WARNING: license value '#{license}' is invalid. Use a license identifier from +http://spdx.org/licenses or '#{Gem::Licenses::NONSTANDARD}' for a nonstandard license. + warning + end } warning <<-warning if licenses.empty? -licenses is empty, but is recommended. Use a license abbreviation from: -http://opensource.org/licenses/alphabetical +licenses is empty, but is recommended. Use a license identifier from +http://spdx.org/licenses or '#{Gem::Licenses::NONSTANDARD}' for a nonstandard license. warning validate_permissions @@ -2788,23 +2802,26 @@ http://opensource.org/licenses/alphabeti https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L2802 # versioning. def validate_dependencies # :nodoc: - seen = {} + # NOTE: see REFACTOR note in Gem::Dependency about types - this might be brittle + seen = Gem::Dependency::TYPES.inject({}) { |types, type| types.merge({ type => {}}) } + error_messages = [] + warning_messages = [] dependencies.each do |dep| - if prev = seen[dep.name] then - raise Gem::InvalidSpecificationException, <<-MESSAGE + if prev = seen[dep.type][dep.name] then + error_messages << <<-MESSAGE duplicate dependency on #{dep}, (#{prev.requirement}) use: - add_runtime_dependency '#{dep.name}', '#{dep.requirement}', '#{prev.requirement}' + add_#{dep.type}_dependency '#{dep.name}', '#{dep.requirement}', '#{prev.requirement}' MESSAGE end - seen[dep.name] = dep + seen[dep.type][dep.name] = dep prerelease_dep = dep.requirements_list.any? do |req| Gem::Requirement.new(req).prerelease? end - warning "prerelease dependency on #{dep} is not recommended" if + warning_messages << "prerelease dependency on #{dep} is not recommended" if prerelease_dep overly_strict = dep.requirement.requirements.length == 1 && @@ -2820,7 +2837,7 @@ duplicate dependency on #{dep}, (#{prev. https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L2837 base = dep_version.segments.first 2 - warning <<-WARNING + warning_messages << <<-WARNING pessimistic dependency on #{dep} may be overly strict if #{dep.name} is semantically versioned, use: add_#{dep.type}_dependency '#{dep.name}', '~> #{base.join '.'}', '>= #{dep_version}' @@ -2842,13 +2859,19 @@ pessimistic dependency on #{dep} may be https://github.com/ruby/ruby/blob/trunk/lib/rubygems/specification.rb#L2859 ", '>= #{dep_version}'" end - warning <<-WARNING + warning_messages << <<-WARNING open-ended dependency on #{dep} is not recommended if #{dep.name} is semantically versioned, use: add_#{dep.type}_dependency '#{dep.name}', '~> #{base.join '.'}'#{bugfix} WARNING end end + if error_messages.any? + raise Gem::InvalidSpecificationException, error_messages.join + end + if warning_messages.any? + warning_messages.each { |warning_message| warning warning_message } + end end ## Index: lib/rubygems/commands/update_command.rb =================================================================== --- lib/rubygems/commands/update_command.rb (revision 51800) +++ lib/rubygems/commands/update_command.rb (revision 51801) @@ -47,7 +47,7 @@ class Gem::Commands::UpdateCommand < Gem https://github.com/ruby/ruby/blob/trunk/lib/rubygems/commands/update_command.rb#L47 end def arguments # :nodoc: - "REGEXP regexp to search for in gem name" + "GEMNAME name of gem to update" end def defaults_str # :nodoc: @@ -64,7 +64,7 @@ command to remove old versions. https://github.com/ruby/ruby/blob/trunk/lib/rubygems/commands/update_command.rb#L64 end def usage # :nodoc: - "#{program_name} REGEXP [REGEXP ...]" + "#{program_name} GEMNAME [GEMNAME ...]" end def check_latest_rubygems version # :nodoc: Index: lib/rubygems/commands/sources_command.rb =================================================================== --- lib/rubygems/commands/sources_command.rb (revision 51800) +++ lib/rubygems/commands/sources_command.rb (revision 51801) @@ -102,7 +102,7 @@ Do you want to add this insecure source? https://github.com/ruby/ruby/blob/trunk/lib/rubygems/commands/sources_command.rb#L102 RubyGems fetches gems from the sources you have configured (stored in your ~/.gemrc). -The default source is https://rubygems.org, but you may have older sources +The default source is https://rubygems.org, but you may have other sources configured. This guide will help you update your sources or configure yourself to use your own gem server. Index: lib/rubygems/util/licenses.rb =================================================================== --- lib/rubygems/util/licenses.rb (revision 0) +++ lib/rubygems/util/licenses.rb (revision 51801) @@ -0,0 +1,309 @@ https://github.com/ruby/ruby/blob/trunk/lib/rubygems/util/licenses.rb#L1 +class Gem::Licenses + NONSTANDARD = 'Nonstandard'.freeze + + # Software Package Data Exchange (SPDX) standard open-source software + # license identifiers + IDENTIFIERS = %w( + AAL + ADSL + AFL-1.1 + AFL-1.2 + AFL-2.0 + AFL-2.1 + AFL-3.0 + AGPL-1.0 + AGPL-3.0 + AMDPLPA + AML + AMPAS + ANTLR-PD + APAFML + APL-1.0 + APSL-1.0 + APSL-1.1 + APSL-1.2 + APSL-2.0 + Abstyles + Adobe-2006 + Adobe-Glyph + Afmparse + Aladdin + Apache-1.0 + Apache-1.1 + Apache-2.0 + Artistic-1.0 + Artistic-1.0-Perl + Artistic-1.0-cl8 + Artistic-2.0 + BSD-2-Clause + BSD-2-Clause-FreeBSD + BSD-2-Clause-NetBSD + BSD-3-Clause + BSD-3-Clause-Attribution + BSD-3-Clause-Clear + BSD-3-Clause-LBNL + BSD-4-Clause + BSD-4-Clause-UC + BSD-Protection + BSL-1.0 + Bahyph + Barr + Beerware + BitTorrent-1.0 + BitTorrent-1.1 + Borceux + CATOSL-1.1 + CC-BY-1.0 + CC-BY-2.0 + CC-BY-2.5 + CC-BY-3.0 + CC-BY-4.0 + CC-BY-NC-1.0 + CC-BY-NC-2.0 + CC-BY-NC-2.5 + CC-BY-NC-3.0 + CC-BY-NC-4.0 + CC-BY-NC-ND-1.0 + CC-BY-NC-ND-2.0 + CC-BY-NC-ND-2.5 + CC-BY-NC-ND-3.0 + CC-BY-NC-ND-4.0 + CC-BY-NC-SA-1.0 + CC-BY-NC-SA-2.0 + CC-BY-NC-SA-2.5 + CC-BY-NC-SA-3.0 + CC-BY-NC-SA-4.0 + CC-BY-ND-1.0 + CC-BY-ND-2.0 + CC-BY-ND-2.5 + CC-BY-ND-3.0 + CC-BY-ND-4.0 + CC-BY-SA-1.0 + CC-BY-SA-2.0 + CC-BY-SA-2.5 + CC-BY-SA-3.0 + CC-BY-SA-4.0 + CC0-1.0 + CDDL-1.0 + CDDL-1.1 + CECILL-1.0 + CECILL-1.1 + CECILL-2.0 + CECILL-B + CECILL-C + CNRI-Jython + CNRI-Python + CNRI-Python-GPL-Compatible + CPAL-1.0 + CPL-1.0 + CPOL-1.02 + CUA-OPL-1.0 + Caldera + ClArtistic + Condor-1.1 + Crossword + Cube + D-FSL-1.0 + DOC + DSDP + Dotseqn + ECL-1.0 + ECL-2.0 + EFL-1.0 + EFL-2.0 + EPL-1.0 + EUDatagrid + EUPL-1.0 + EUPL-1.1 + Entessa + ErlPL-1.1 + Eurosym + FSFUL + FSFULLR + FTL + Fair + Frameworx-1.0 + FreeImage + GFDL-1.1 + GFDL-1.2 + GFDL-1.3 + GL2PS + GPL-1.0 + GPL-2.0 + GPL-3.0 + Giftware + Glide + Glulxe + HPND + HaskellReport + IBM-pibs + ICU + IJG + IPA + IPL-1.0 + ISC + ImageMagick + Imlib2 + Intel + Intel-ACPI + JSON + JasPer-2.0 + LGPL-2.0 + LGPL-2.1 + LGPL-3.0 + LGPLLR + LPL-1.0 + LPL-1.02 + LPPL-1.0 + LPPL-1.1 + LPPL-1.2 + LPPL-1.3a + LPPL-1.3c + Latex2e + Leptonica + Libpng + MIT + MIT-CMU + MIT-advertising + MIT-enna + MIT-feh + MITNFA + MPL-1.0 + MPL-1.1 + MPL-2.0 + MPL-2.0-no-copyleft-exception + MS-PL + MS-RL + MTLL + MakeIndex + MirOS + Motosoto + Multics + Mup + NASA-1.3 + NBPL-1.0 + NCSA + NGPL + NLPL + NOSL + NPL-1.0 + NPL-1.1 + NPOSL-3.0 + NRL + NTP + Naumen + NetCDF + Newsletr + Nokia + Noweb + Nunit + OCLC-2.0 + ODbL-1.0 + OFL-1.0 + OFL-1.1 + OGTSL + OLDAP-1.1 + OLDAP-1.2 + OLDAP-1.3 + OLDAP-1.4 + OLDAP-2.0 + OLDAP-2.0.1 + OLDAP-2.1 + OLDAP-2.2 + OLDAP-2.2.1 + OLDAP-2.2.2 + OLDAP-2.3 + OLDAP-2.4 + OLDAP-2.5 + OLDAP-2.6 + OLDAP-2.7 + OLDAP-2.8 + OML + OPL-1.0 + OSL-1.0 + OSL-1.1 + OSL-2.0 + OSL-2.1 + OSL-3.0 + OpenSSL + PDDL-1.0 + PHP-3.0 + PHP-3.01 + Plexus + PostgreSQL + Python-2.0 + QPL-1.0 + Qhull + RHeCos-1.1 + RPL-1.1 + RPL-1.5 + RPSL-1.0 + RSA-MD + RSCPL + Rdisc + Ruby + SAX-PD + SCEA + SGI-B-1.0 + SGI-B-1.1 + SGI-B-2.0 + SISSL + SISSL-1.2 + SMLNJ + SNIA + SPL-1.0 + SWL + Saxpath + SimPL-2.0 + Sleepycat + Spencer-86 + Spencer-94 + Spencer-99 + SugarCRM-1.1.3 + TCL + TMate + TORQUE-1.1 + TOSL + UPL-1.0 + Unicode-TOU + Unlicense + VOSTROM + VSL-1.0 + Vim + W3C + W3C-19980720 + WTFPL + Watcom-1.0 + Wsuipa + X11 + XFree86-1.1 + XSkat + Xerox + Xnet + YPL-1.0 + YPL-1.1 + ZPL-1.1 + ZPL-2.0 + ZPL-2.1 + Zed + Zend-2.0 + Zimbra-1.3 + Zimbra-1.4 + Zlib + bzip2-1.0.5 + bzip2-1.0.6 + diffmark + dvipdfm + eGenix + gSOAP-1.3b + gnuplot + iMatix + libtiff + mpich2 + psfrag + psutils + xinetd + xpp + zlib-acknowledgement + ).freeze +end Index: lib/rubygems/request_set/gem_dependency_api.rb =================================================================== --- lib/rubygems/request_set/gem_dependency_api.rb (revision 51800) +++ lib/rubygems/request_set/gem_dependency_api.rb (revision 51801) @@ -396,7 +396,7 @@ Gem dependencies file #{@path} requires https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/gem_dependency_api.rb#L396 ## # Handles the git: option from +options+ for gem +name+. # - # Returns +true+ if the path option was handled. + # Returns +true+ if the gist or git option was handled. def gem_git name, options # :nodoc: if gist = options.delete(:gist) then Index: lib/rubygems/request_set/lockfile/tokenizer.rb =================================================================== --- lib/rubygems/request_set/lockfile/tokenizer.rb (revision 51800) +++ lib/rubygems/request_set/lockfile/tokenizer.rb (revision 51801) @@ -2,6 +2,9 @@ require 'strscan' https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/tokenizer.rb#L2 require 'rubygems/request_set/lockfile/parser' class Gem::RequestSet::Lockfile::Tokenizer + Token = Struct.new :type, :value, :column, :line + EOF = Token.new :EOF + def self.from_file file new File.read(file), file end @@ -19,11 +22,11 @@ class Gem::RequestSet::Lockfile::Tokeniz https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/tokenizer.rb#L22 end def to_a - @tokens + @tokens.map { |token| [token.type, token.value, token.column, token.line] } end def skip type - @tokens.shift while not @tokens.empty? and peek.first == type + @tokens.shift while not @tokens.empty? and peek.type == type end ## @@ -48,7 +51,7 @@ class Gem::RequestSet::Lockfile::Tokeniz https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/tokenizer.rb#L51 alias :shift :next_token def peek - @tokens.first || [:EOF] + @tokens.first || EOF end private @@ -71,7 +74,7 @@ class Gem::RequestSet::Lockfile::Tokeniz https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/tokenizer.rb#L74 @tokens << case when s.scan(/\r?\n/) then - token = [:newline, nil, *token_pos(pos)] + token = Token.new(:newline, nil, *token_pos(pos)) @line_pos = s.pos @line += 1 token @@ -79,25 +82,25 @@ class Gem::RequestSet::Lockfile::Tokeniz https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/tokenizer.rb#L82 if leading_whitespace then text = s.matched text += s.scan(/[^\s)]*/).to_s # in case of no match - [:text, text, *token_pos(pos)] + Token.new(:text, text, *token_pos(pos)) else - [:section, s.matched, *token_pos(pos)] + Token.new(:section, s.matched, *token_pos(pos)) end when s.scan(/([a-z]+):\s/) then s.pos -= 1 # rewind for possible newline - [:entry, s[1], *token_pos(pos)] + Token.new(:entry, s[1], *token_pos(pos)) when s.scan(/\(/) then - [:l_paren, nil, *token_pos(pos)] + Token.new(:l_paren, nil, *token_pos(pos)) when s.scan(/\)/) then - [:r_paren, nil, *token_pos(pos)] + Token.new(:r_paren, nil, *token_pos(pos)) when s.scan(/<=|>=|=|~>|<|>|!=/) then - [:requirement, s.matched, *token_pos(pos)] + Token.new(:requirement, s.matched, *token_pos(pos)) when s.scan(/,/) then - [:comma, nil, *token_pos(pos)] + Token.new(:comma, nil, *token_pos(pos)) when s.scan(/!/) then - [:bang, nil, *token_pos(pos)] + Token.new(:bang, nil, *token_pos(pos)) when s.scan(/[^\s),!]*/) then - [:text, s.matched, *token_pos(pos)] + Token.new(:text, s.matched, *token_pos(pos)) else raise "BUG: can't create token for: #{s.string[s.pos..-1].inspect}" end Index: lib/rubygems/request_set/lockfile/parser.rb =================================================================== --- lib/rubygems/request_set/lockfile/parser.rb (revision 51800) +++ lib/rubygems/request_set/lockfile/parser.rb (revision 51801) @@ -11,13 +11,13 @@ class Gem::RequestSet::Lockfile::Parser https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/parser.rb#L11 def parse until @tokens.empty? do - type, data, column, line = get + token = get - case type + case token.type when :section then @tokens.skip :newline - case data + case token.value when 'DEPENDENCIES' then parse_DEPENDENCIES when 'GIT' then @@ -29,10 +29,10 @@ class Gem::RequestSet::Lockfile::Parser https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/parser.rb#L29 when 'PLATFORMS' then parse_PLATFORMS else - type, = get until @tokens.empty? or peek.first == :section + token = get until @tokens.empty? or peek.first == :section end else - raise "BUG: unhandled token #{type} (#{data.inspect}) at line #{line} column #{column}" + raise "BUG: unhandled token #{token.type} (#{token.value.inspect}) at line #{token.line} column #{token.column}" end end end @@ -41,35 +41,33 @@ class Gem::RequestSet::Lockfile::Parser https://github.com/ruby/ruby/blob/trunk/lib/rubygems/request_set/lockfile/parser.rb#L41 # Gets the next token for a Lock (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/