rpms / ruby

Clone
Source Code
GIT

#94 [Don't merge][WIP] ruby-2.6: Upgrade to Bundler 2.2.22.
Closed 2 years ago by jaruga. Opened 2 years ago by jaruga.
rpms/ jaruga/ruby wip/ruby-2.6-rebase-bundler  into  stream-ruby-2.6

file modified
+1 
@@ -2,3 +2,4 @@ 
 

  /ruby-2.*.tar.bz2
 

  /ruby-2.*.tar.xz
 

  /*.rpm
 

+ /ruby-rubygems-bundler-*.txz

file added
+116 
@@ -0,0 +1,116 @@ 
 

+ From 5a384e2c08704dc7af9d8d3bdfc475eb8c0723aa Mon Sep 17 00:00:00 2001
 

+ From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@riseup.net>
 

+ Date: Tue, 20 Aug 2019 02:46:31 +0200
 

+ Subject: [PATCH] Fix some bundler specs (#2380)
 

+ 

+ * These seem to consistenly pass already
 

+ 

+ * Show actual command when running `make test-bundler`
 

+ 

+ Current the setup command that installs the necessary gems for testing
 

+ bundler was printed, but not the actual command that runs the tests.
 

+ That was a bit confusing.
 

+ 

+ * Borrow trick from setproctitle specs
 

+ 

+ * A title that long doesn't get set sometimes
 

+ 

+ No idea why, but the test doesn't need that the title is that long.
 

+ 

+ * Fix most gem helper spec ruby-core failures
 

+ 

+ * Fix the rest of the gem helper failures
 

+ 

+ * Fix version spec by improving the assertion
 

+ 

+ * Remove unnecessary `BUNDLE_RUBY` environment var
 

+ 

+ We can use `RUBY` when necessary, and `BUNDLE_RUBY` is not a good name
 

+ because bundler considers `BUNDLE_*` variables as settings.
 

+ 

+ * Rename `BUNDLE_GEM` to `GEM_COMMAND`
 

+ 

+ This is more descriptive I think, and also friendlier for bundler
 

+ because `BUNDLE_` env variables are interpreted by bundler as settings,
 

+ and this is not a bundler setting.
 

+ 

+ This fixes one bundler spec failure in config specs against ruby-core.
 

+ 

+ * Fix quality spec when run in core
 

+ 

+ Use the proper path helper.
 

+ 

+ * Fix dummy lib builder to never load default gems
 

+ 

+ If a dummy library is named as a default gem, when requiring the library
 

+ from its executable, the default gem would be loaded when running from
 

+ core, because in core all default gems share path with bundler, and thus
 

+ they are always in the $LOAD_PATH. We fix the issue by loading lib
 

+ relatively inside dummy lib executables.
 

+ 

+ * More exact assertions
 

+ 

+ Sometimes I have the problem that I do some "print debugging" inside
 

+ specs, and suddently the spec passes. This happens when the assertion is
 

+ too relaxed, and the things I print make it match, specially when they
 

+ are simple strings like "1.0" than can be easily be part of gem paths
 

+ that I print for debugging.
 

+ 

+ I fix this by making a more exact assertion.
 

+ 

+ * Detect the correct shebang when ENV["RUBY"] is set
 

+ 

+ * Relax assertion
 

+ 

+ So that the spec passes even if another paths containing "ext" are in
 

+ the load path. This works to fix a ruby-core issue, but it's a better
 

+ assertion in general. We just want to know that the extension path was
 

+ added.
 

+ 

+ * Use folder structure independent path helper
 

+ 

+ It should fix this spec for ruby-core.
 

+ 

+ * Fix the last failing spec on ruby-core
 

+ 

+ * Skip `bundle open <default_gem>` spec when no default gems
 

+ ---
 

+  common.mk                                      |  1 -
 

+  lib/bundler/bundler.gemspec                    |  9 +++------
 

+  lib/bundler/gem_helper.rb                      | 12 ++++++------
 

+  lib/bundler/shared_helpers.rb                  |  2 +-
 

+  spec/bundler/bundler/cli_spec.rb               |  2 +-
 

+  spec/bundler/bundler/env_spec.rb               |  4 ++--
 

+  spec/bundler/bundler/gem_helper_spec.rb        |  2 +-
 

+  spec/bundler/bundler/mirror_spec.rb            |  2 +-
 

+  spec/bundler/commands/config_spec.rb           |  2 +-
 

+  spec/bundler/commands/exec_spec.rb             | 18 +++++++++---------
 

+  spec/bundler/commands/info_spec.rb             |  2 +-
 

+  spec/bundler/commands/newgem_spec.rb           |  2 +-
 

+  spec/bundler/commands/open_spec.rb             | 12 +++++++++++-
 

+  spec/bundler/commands/show_spec.rb             |  2 +-
 

+  spec/bundler/install/gemfile/git_spec.rb       | 10 +++++-----
 

+  spec/bundler/install/gems/resolving_spec.rb    |  6 +++---
 

+  spec/bundler/quality_es_spec.rb                |  4 ++--
 

+  spec/bundler/quality_spec.rb                   |  5 ++---
 

+  spec/bundler/runtime/setup_spec.rb             |  4 ++--
 

+  .../bundler/runtime/with_unbundled_env_spec.rb |  2 +-
 

+  spec/bundler/spec_helper.rb                    | 12 ++++++------
 

+  spec/bundler/support/builders.rb               |  2 +-
 

+  spec/bundler/support/hax.rb                    |  8 ++++++++
 

+  spec/bundler/support/path.rb                   | 10 +++++++---
 

+  tool/runruby.rb                                |  3 +--
 

+  25 files changed, 77 insertions(+), 61 deletions(-)
 

+ 

+ diff --git a/tool/runruby.rb b/tool/runruby.rb
 

+ index d9fc1ac09db7..4715ff4d5cdf 100755
 

+ --- a/tool/runruby.rb
 

+ +++ b/tool/runruby.rb
 

+ @@ -107,6 +107,7 @@
 

+  env["GEM_PATH"] = env["GEM_HOME"] = File.expand_path(".bundle", srcdir)
 

+  env["BUNDLE_RUBY"] = abs_ruby
 

+  env["BUNDLE_GEM"] = "#{abs_ruby} -rrubygems #{srcdir}/bin/gem --backtrace"
 

+ +env["GEM_COMMAND"] = "#{abs_ruby} -rrubygems #{srcdir}/bin/gem --backtrace"
 

+  env["PATH"] = [File.dirname(abs_ruby), abs_archdir, ENV["PATH"]].compact.join(File::PATH_SEPARATOR)
 

+  

+  if e = ENV["RUBYLIB"]

file added
+22 
@@ -0,0 +1,22 @@ 
 

+ From 614154bbb6adeb06cce755be7b8540e1594703c5 Mon Sep 17 00:00:00 2001
 

+ From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
 

+ Date: Sun, 9 Jun 2019 10:49:51 +0900
 

+ Subject: [PATCH] Added missing dependency for rake examples.
 

+ 

+ ---
 

+  common.mk | 2 +-
 

+  1 file changed, 1 insertion(+), 1 deletion(-)
 

+ 

+ diff --git a/common.mk b/common.mk
 

+ index de36ccfdb221..d6e4d6acd7c5 100755
 

+ --- a/common.mk
 

+ +++ b/common.mk
 

+ @@ -1275,7 +1275,7 @@ test-bundler-precheck: $(arch)-fake.rb programs
 

+  

+  yes-test-bundler-prepare: test-bundler-precheck
 

+  	$(XRUBY) -C "$(srcdir)" bin/gem install --no-document \
 

+ -		--install-dir .bundle --conservative "rspec:~> 3.5"
 

+ +		--install-dir .bundle --conservative "rspec:~> 3.5" "rake:~> 12.0"
 

+  

+  RSPECOPTS = --format progress
 

+  BUNDLER_SPECS =

file modified
+58 -13 
@@ -21,7 +21,7 @@ 
 

  %endif
 

  

  

- %global release 127
 

+ %global release 128
 

  %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 

  

  # The RubyGems library has to stay out of Ruby directory tree, since the
 
@@ -32,11 +32,14 @@ 
 

  %global rubygems_version 3.0.3
 

  %global rubygems_molinillo_version 0.5.7
 

  

- %global bundler_version 1.17.2
 

- %global bundler_fileutils_version 1.1.0
 

- %global bundler_molinillo_version 0.6.6
 

- %global bundler_net_http_persistent_version 2.9.4
 

- %global bundler_thor_version 0.20.0
 

+ %global bundler_version 2.2.22
 

+ %global bundler_connection_pool_version 2.2.2
 

+ %global bundler_fileutils_version 1.4.1
 

+ %global bundler_molinillo_version 0.7.0
 

+ %global bundler_net_http_persistent_version 4.0.0
 

+ %global bundler_thor_version 1.1.0
 

+ %global bundler_tmpdir_version 0.1.0
 

+ %global bundler_uri_version 0.10.0
 

  

  %global bigdecimal_version 1.4.1
 

  %global did_you_mean_version 1.3.0
 
@@ -106,6 +109,9 @@ 
 

  Source13: test_abrt.rb
 

  # SystemTap tests.
 

  Source14: test_systemtap.rb
 

+ # git clone --no-checkout git@github.com:rubygems/rubygems.git
 

+ # git -C rubygems archive --prefix=rubygems/ -v -o ruby-rubygems-bundler-v2.2.22.txz bundler-v2.2.22
 

+ Source15: ruby-rubygems-bundler-v%{bundler_version}.txz
 

  

  # The load directive is supported since RPM 4.12, i.e. F21+. The build process
 

  # fails on older Fedoras.
 
@@ -165,6 +171,18 @@ 
 

  Patch41: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
 

  # https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
 

  Patch42: ruby-2.8.0-Moved-not-implemented-method-tests.patch
 

+ # Update `bundler.gemspec` from RubyGems, required to pass `make test-bundler`.
 

+ # Compare RubyGems `bundler/bundler.gemspec` with Ruby `lib/bundler/bundler.gemspec`.
 

+ Patch50: rubygems-bundler-gemspec-for-make-test-bundler.patch
 

+ # A missing gem error message is changed on RubyGems 3.2.13.
 

+ # https://github.com/ruby/ruby/commit/7efc7afcae6720e1af7ab49986d789b6f9d6fe0a
 

+ Patch51: rubygems-3.2.13-test-gem-message.patch
 

+ # Add rake dependnecy to run `make test-bundler`.
 

+ # https://github.com/ruby/ruby/commit/614154bbb6adeb06cce755be7b8540e1594703c5
 

+ Patch52: ruby-2.7.0-test-bundler-add-rake.patch
 

+ # Make spec/bundler/support/path.rb#ruby_core? return true.
 

+ # https://github.com/ruby/ruby/commit/5a384e2c08704dc7af9d8d3bdfc475eb8c0723aa
 

+ Patch53: ruby-2.7.0-test-bundler-add-env-gem-command.patch
 

  

  Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 

  Suggests: rubypick
 
@@ -539,12 +557,21 @@ 
 

  

  

  %prep
 

- %setup -q -n %{ruby_archive}
 

+ %setup -q -n %{ruby_archive} -b15
 

  

  # Remove bundled libraries to be sure they are not used.
 

  rm -rf ext/psych/yaml
 

  rm -rf ext/fiddle/libffi*
 

  

+ # Update Bundler to fix CVE-2020-36327.
 

+ # https://bugzilla.redhat.com/show_bug.cgi?id=1958999
 

+ rm -rf lib/bundler{.rb,}
 

+ rm -rf {spec,tool}/bundler
 

+ cp -a %{_builddir}/rubygems/bundler/lib/bundler{.rb,} lib/
 

+ cp -a %{_builddir}/rubygems/bundler/bundler.gemspec lib/bundler/
 

+ cp -a %{_builddir}/rubygems/bundler/spec spec/bundler
 

+ cp -a %{_builddir}/rubygems/bundler/tool/bundler tool/bundler
 

+ 

  %patch0 -p1
 

  %patch1 -p1
 

  %patch2 -p1
 
@@ -562,6 +589,10 @@ 
 

  %patch22 -p1
 

  %patch41 -p1
 

  %patch42 -p1
 

+ %patch50 -p1
 

+ %patch51 -p1
 

+ %patch52 -p1
 

+ %patch53 -p1
 

  

  # Provide an example of usage of the tapset:
 

  cp -a %{SOURCE3} .
 
@@ -625,13 +656,9 @@ 
 

  do
 

    rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert
 

    rm -r $(dirname %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert)
 

-   rm %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert
 

-   rm -r $(dirname %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert)
 

  done
 

  # Ensure there is not forgotten any certificate.
 

  test ! "$(ls -A  %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ 2>/dev/null)"
 

- test "$(ls -A  %{buildroot}%{ruby_libdir}/bundler/ssl_certs/ 2>/dev/null)" \
 

-   = "certificate_manager.rb"
 

  

  # Move macros file into proper place and replace the %%{name} macro, since it
 

  # would be wrongly evaluated during build of other packages.
 
@@ -798,8 +825,11 @@ 
 

  # Check Bundler bundled dependencies versions.
 

  

  # FileUtils.
 

- # TODO: There is no version in bundled FileUtils yet.
 

- #%%{global bundler_fileutils_version}
 

+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
 

+   module Bundler; end; \
 

+   require 'bundler/vendor/fileutils/lib/fileutils'; \
 

+   puts Bundler::FileUtils::VERSION\\\"\" | tail -1`" \
 

+   == '%{bundler_fileutils_version}' ]
 

  

  # Molinillo.
 

  [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
 
@@ -823,6 +853,17 @@ 
 

    puts Bundler::Thor::VERSION\\\"\" | tail -1`" \
 

    == '%{bundler_thor_version}' ]
 

  

+ # tmpdir.
 

+ # TODO: There is no version in bundled tmpdir yet.
 

+ #%%{global bundler_tmpdir_version}
 

+ 

+ # URI.
 

+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
 

+   module Bundler; end; \
 

+   require 'bundler/vendor/uri/lib/uri/version'; \
 

+   puts Bundler::URI::VERSION\\\"\" | tail -1`" \
 

+   == '%{bundler_uri_version}' ]
 

+ 

  

  # test_debug(TestRubyOptions) fails due to LoadError reported in debug mode,
 

  # when abrt.rb cannot be required (seems to be easier way then customizing
 
@@ -1214,6 +1255,10 @@ 
 

  %{_mandir}/man5/gemfile.5*
 

  

  %changelog
 

+ * Thu Jul 08 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-128
 

+ - Upgrade to Bundler 2.2.22.
 

+   Resolves: CVE-2020-36327
 

+ 

  * Wed Jul 07 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-127
 

  - Fix FTBFS due to incompatible load directive.
 

  - Properly support DWARF5 debug information.

file added
+21 
@@ -0,0 +1,21 @@ 
 

+ --- a/test/rubygems/test_gem.rb
 

+ +++ b/test/rubygems/test_gem.rb
 

+ @@ -1821,16 +1821,11 @@
 

+        io.write 'gem "a"'
 

+      end
 

+  

+ -    platform = Bundler::GemHelpers.generic_local_platform
 

+ -    if platform == Gem::Platform::RUBY
 

+ -      platform = ''
 

+ -    else
 

+ -      platform = " #{platform}"
 

+ -    end
 

+      expected =
 

+        if Gem::USE_BUNDLER_FOR_GEMDEPS
 

+          <<-EXPECTED
 

+ -Could not find gem 'a#{platform}' in any of the gem sources listed in your Gemfile.
 

+ +Could not find gem 'a' in locally installed gems.
 

+ +The source does not contain any versions of 'a'
 

+  You may need to `gem install -g` to install missing gems
 

+  

+          EXPECTED

file added
+15 
@@ -0,0 +1,15 @@ 
 

+ --- a/lib/bundler/bundler.gemspec
 

+ +++ b/lib/bundler/bundler.gemspec
 

+ @@ -37,10 +37,9 @@
 

+    s.files = Dir.glob("lib/bundler{.rb,/**/*}", File::FNM_DOTMATCH).reject {|f| File.directory?(f) }
 

+  

+    # include the gemspec itself because warbler breaks w/o it
 

+ -  s.files += %w[bundler.gemspec]
 

+ +  s.files += %w[lib/bundler/bundler.gemspec]
 

+  

+ -  s.files += %w[CHANGELOG.md LICENSE.md README.md]
 

+ -  s.bindir        = "exe"
 

+ +  s.bindir        = "libexec"
 

+    s.executables   = %w[bundle bundler]
 

+    s.require_paths = ["lib"]
 

+  end

file modified
+1 
@@ -1,1 +1,2 @@ 
 

  SHA512 (ruby-2.6.6.tar.xz) = 86caf93dbf61d03781767ab5375a7edf4761f13ba08ccfefe16c0a7550499237e7390c2f72a95d42670d4fe76b2401b4218936187c62ec1572799e9e04c50d62
 

+ SHA512 (ruby-rubygems-bundler-v2.2.22.txz) = f511473f3624ab0ae594577dbf6da5725bf0ab20beda8a3955d31b730aa4f245e6c1fa706c9925b3d936050870575fd730ca2718ccb450d31210bc8439da6d6a

Resolves: CVE-2020-36327

This PR is just to show an possibility to upgrade rubygem-bundler sub package in rpms/ruby Ruby 2.6 to fix CVE-2020-36327 as well as the following PRs.

https://src.fedoraproject.org/rpms/ruby/pull-request/88
https://src.fedoraproject.org/rpms/ruby/pull-request/90

This PR is working in progress. The make check passes on mock. I am trying to fix the make test-bundler showing the following error now.

<mock-chroot> sh-5.1$ make test-bundler
./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems -C "." bin/gem install --no-document \
>---install-dir .bundle --conservative "rspec:~> 3.5"
Fetching rspec-support-3.10.2.gem
Successfully installed rspec-support-3.10.2
Fetching rspec-core-3.10.1.gem
Successfully installed rspec-core-3.10.1 
Fetching diff-lcs-1.4.4.gem
Successfully installed diff-lcs-1.4.4
Fetching rspec-expectations-3.10.1.gem
Successfully installed rspec-expectations-3.10.1
Fetching rspec-mocks-3.10.2.gem
Successfully installed rspec-mocks-3.10.2
Fetching rspec-3.10.0.gem
Successfully installed rspec-3.10.0
6 gems installed

An error occurred while loading ./spec/bundler/bundler/gem_helper_spec.rb.
Hint: Install the `did_you_mean` gem in order to provide suggestions for similarly named files.
Failure/Error: return gem_original_require(path)

LoadError:
  cannot load such file -- rake
# ./spec/bundler/bundler/gem_helper_spec.rb:3:in `<top (required)>'
Run options: exclude {:truffleruby=>true, :jruby=>true, :readline=>false, :permissions=>false, :no_color_tty=>false, :ruby_repo=>false, :bundler=>"!= 2", :git=>"!= 2.32.0", :realworld=>true, :sudo=>true}


Finished in 0.00004 seconds (files took 1 second to load)
0 examples, 0 failures, 1 error occurred outside of examples

1 new commit added

  • Fix errors in `make test-bundler`.
2 years ago

I added one more commit to fix errors in the RSpec preparation process to start to run make test-bundler.

The ruby-2.7.0-test-bundler-add-rake.patch fixes the following error that is also above.

An error occurred while loading ./spec/bundler/bundler/gem_helper_spec.rb.
Hint: Install the `did_you_mean` gem in order to provide suggestions for similarly named files.
Failure/Error: return gem_original_require(path)

LoadError:
  cannot load such file -- rake
# ./spec/bundler/bundler/gem_helper_spec.rb:3:in `<top (required)>'

The ruby-2.7.0-test-bundler-add-env-gem-command.patch fixes the following 2 errors after applying the above patch.

An error occurred in a `before(:suite)` hook.
Failure/Error: @shipped_files ||= loaded_gemspec.files

NoMethodError:
  undefined method `files' for nil:NilClass
# ./spec/bundler/support/path.rb:83:in `shipped_files'
# ./spec/bundler/support/helpers.rb:326:in `with_built_bundler'
# ./spec/bundler/support/helpers.rb:298:in `block (2 levels) in system_gems'
# ./spec/bundler/support/helpers.rb:294:in `each'
# ./spec/bundler/support/helpers.rb:294:in `block in system_gems'
# ./spec/bundler/support/helpers.rb:350:in `block in with_gem_path_as'
# ./spec/bundler/support/helpers.rb:364:in `without_env_side_effects'
# ./spec/bundler/support/helpers.rb:346:in `with_gem_path_as'
# ./spec/bundler/support/helpers.rb:292:in `system_gems'
# ./spec/bundler/spec_helper.rb:83:in `block (2 levels) in <top (required)>'
An error occurred in an `after(:suite)` hook.
Failure/Error: File.unlink path

Errno::ENOENT:
  No such file or directory @ apply2files - /builddir/build/BUILD/ruby-2.6.6/spec/tmp/1/gems/base_system
# ./lib/fileutils.rb:1438:in `unlink'
# ./lib/fileutils.rb:1438:in `block in remove_file'
# ./lib/fileutils.rb:1443:in `platform_support'
# ./lib/fileutils.rb:1437:in `remove_file'
# ./lib/fileutils.rb:1426:in `remove'
# ./lib/fileutils.rb:760:in `block in remove_entry'
# ./lib/fileutils.rb:1481:in `postorder_traverse'
# ./lib/fileutils.rb:758:in `remove_entry'
# ./lib/fileutils.rb:610:in `block in rm_r'
# ./lib/fileutils.rb:606:in `each'
# ./lib/fileutils.rb:606:in `rm_r'
# ./spec/bundler/spec_helper.rb:115:in `block (2 levels) in <top (required)>'

After fixing the above errors, the process moves to the actual testing process. And there are some failures. The full log is https://gist.github.com/junaruga/de1302520d43a0230af259096f09f8f0 .

<mock-chroot> sh-5.1$ make test-bundler
...
Finished in 25 minutes 28 seconds (files took 1.01 seconds to load)
2898 examples, 40 failures, 25 pending

I think we can close this PR now as we almost finished CVE-2020-36327 tasks.

Pull-Request has been closed by jaruga
2 years ago
Metadata
None
No Tags
Changes Summary 7
+1 -0
file changed
.gitignore
+116
file added
ruby-2.7.0-test-bundler-add-env-gem-command.patch
+22
file added
ruby-2.7.0-test-bundler-add-rake.patch
+58 -13
file changed
ruby.spec
+21
file added
rubygems-3.2.13-test-gem-message.patch
+15
file added
rubygems-bundler-gemspec-for-make-test-bundler.patch
+1 -0
file changed
sources
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.