#94 [Don't merge][WIP] ruby-2.6: Upgrade to Bundler 2.2.22.
Opened 2 months ago by jaruga. Modified 2 months ago

file modified
+1
@@ -2,3 +2,4 @@ 

  /ruby-2.*.tar.bz2

  /ruby-2.*.tar.xz

  /*.rpm

+ /ruby-rubygems-bundler-*.txz

@@ -0,0 +1,116 @@ 

+ From 5a384e2c08704dc7af9d8d3bdfc475eb8c0723aa Mon Sep 17 00:00:00 2001

+ From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@riseup.net>

+ Date: Tue, 20 Aug 2019 02:46:31 +0200

+ Subject: [PATCH] Fix some bundler specs (#2380)

+ 

+ * These seem to consistenly pass already

+ 

+ * Show actual command when running `make test-bundler`

+ 

+ Current the setup command that installs the necessary gems for testing

+ bundler was printed, but not the actual command that runs the tests.

+ That was a bit confusing.

+ 

+ * Borrow trick from setproctitle specs

+ 

+ * A title that long doesn't get set sometimes

+ 

+ No idea why, but the test doesn't need that the title is that long.

+ 

+ * Fix most gem helper spec ruby-core failures

+ 

+ * Fix the rest of the gem helper failures

+ 

+ * Fix version spec by improving the assertion

+ 

+ * Remove unnecessary `BUNDLE_RUBY` environment var

+ 

+ We can use `RUBY` when necessary, and `BUNDLE_RUBY` is not a good name

+ because bundler considers `BUNDLE_*` variables as settings.

+ 

+ * Rename `BUNDLE_GEM` to `GEM_COMMAND`

+ 

+ This is more descriptive I think, and also friendlier for bundler

+ because `BUNDLE_` env variables are interpreted by bundler as settings,

+ and this is not a bundler setting.

+ 

+ This fixes one bundler spec failure in config specs against ruby-core.

+ 

+ * Fix quality spec when run in core

+ 

+ Use the proper path helper.

+ 

+ * Fix dummy lib builder to never load default gems

+ 

+ If a dummy library is named as a default gem, when requiring the library

+ from its executable, the default gem would be loaded when running from

+ core, because in core all default gems share path with bundler, and thus

+ they are always in the $LOAD_PATH. We fix the issue by loading lib

+ relatively inside dummy lib executables.

+ 

+ * More exact assertions

+ 

+ Sometimes I have the problem that I do some "print debugging" inside

+ specs, and suddently the spec passes. This happens when the assertion is

+ too relaxed, and the things I print make it match, specially when they

+ are simple strings like "1.0" than can be easily be part of gem paths

+ that I print for debugging.

+ 

+ I fix this by making a more exact assertion.

+ 

+ * Detect the correct shebang when ENV["RUBY"] is set

+ 

+ * Relax assertion

+ 

+ So that the spec passes even if another paths containing "ext" are in

+ the load path. This works to fix a ruby-core issue, but it's a better

+ assertion in general. We just want to know that the extension path was

+ added.

+ 

+ * Use folder structure independent path helper

+ 

+ It should fix this spec for ruby-core.

+ 

+ * Fix the last failing spec on ruby-core

+ 

+ * Skip `bundle open <default_gem>` spec when no default gems

+ ---

+  common.mk                                      |  1 -

+  lib/bundler/bundler.gemspec                    |  9 +++------

+  lib/bundler/gem_helper.rb                      | 12 ++++++------

+  lib/bundler/shared_helpers.rb                  |  2 +-

+  spec/bundler/bundler/cli_spec.rb               |  2 +-

+  spec/bundler/bundler/env_spec.rb               |  4 ++--

+  spec/bundler/bundler/gem_helper_spec.rb        |  2 +-

+  spec/bundler/bundler/mirror_spec.rb            |  2 +-

+  spec/bundler/commands/config_spec.rb           |  2 +-

+  spec/bundler/commands/exec_spec.rb             | 18 +++++++++---------

+  spec/bundler/commands/info_spec.rb             |  2 +-

+  spec/bundler/commands/newgem_spec.rb           |  2 +-

+  spec/bundler/commands/open_spec.rb             | 12 +++++++++++-

+  spec/bundler/commands/show_spec.rb             |  2 +-

+  spec/bundler/install/gemfile/git_spec.rb       | 10 +++++-----

+  spec/bundler/install/gems/resolving_spec.rb    |  6 +++---

+  spec/bundler/quality_es_spec.rb                |  4 ++--

+  spec/bundler/quality_spec.rb                   |  5 ++---

+  spec/bundler/runtime/setup_spec.rb             |  4 ++--

+  .../bundler/runtime/with_unbundled_env_spec.rb |  2 +-

+  spec/bundler/spec_helper.rb                    | 12 ++++++------

+  spec/bundler/support/builders.rb               |  2 +-

+  spec/bundler/support/hax.rb                    |  8 ++++++++

+  spec/bundler/support/path.rb                   | 10 +++++++---

+  tool/runruby.rb                                |  3 +--

+  25 files changed, 77 insertions(+), 61 deletions(-)

+ 

+ diff --git a/tool/runruby.rb b/tool/runruby.rb

+ index d9fc1ac09db7..4715ff4d5cdf 100755

+ --- a/tool/runruby.rb

+ +++ b/tool/runruby.rb

+ @@ -107,6 +107,7 @@

+  env["GEM_PATH"] = env["GEM_HOME"] = File.expand_path(".bundle", srcdir)

+  env["BUNDLE_RUBY"] = abs_ruby

+  env["BUNDLE_GEM"] = "#{abs_ruby} -rrubygems #{srcdir}/bin/gem --backtrace"

+ +env["GEM_COMMAND"] = "#{abs_ruby} -rrubygems #{srcdir}/bin/gem --backtrace"

+  env["PATH"] = [File.dirname(abs_ruby), abs_archdir, ENV["PATH"]].compact.join(File::PATH_SEPARATOR)

+  

+  if e = ENV["RUBYLIB"]

@@ -0,0 +1,22 @@ 

+ From 614154bbb6adeb06cce755be7b8540e1594703c5 Mon Sep 17 00:00:00 2001

+ From: Hiroshi SHIBATA <hsbt@ruby-lang.org>

+ Date: Sun, 9 Jun 2019 10:49:51 +0900

+ Subject: [PATCH] Added missing dependency for rake examples.

+ 

+ ---

+  common.mk | 2 +-

+  1 file changed, 1 insertion(+), 1 deletion(-)

+ 

+ diff --git a/common.mk b/common.mk

+ index de36ccfdb221..d6e4d6acd7c5 100755

+ --- a/common.mk

+ +++ b/common.mk

+ @@ -1275,7 +1275,7 @@ test-bundler-precheck: $(arch)-fake.rb programs

+  

+  yes-test-bundler-prepare: test-bundler-precheck

+  	$(XRUBY) -C "$(srcdir)" bin/gem install --no-document \

+ -		--install-dir .bundle --conservative "rspec:~> 3.5"

+ +		--install-dir .bundle --conservative "rspec:~> 3.5" "rake:~> 12.0"

+  

+  RSPECOPTS = --format progress

+  BUNDLER_SPECS =

file modified
+58 -13
@@ -21,7 +21,7 @@ 

  %endif

  

  

- %global release 127

+ %global release 128

  %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}

  

  # The RubyGems library has to stay out of Ruby directory tree, since the
@@ -32,11 +32,14 @@ 

  %global rubygems_version 3.0.3

  %global rubygems_molinillo_version 0.5.7

  

- %global bundler_version 1.17.2

- %global bundler_fileutils_version 1.1.0

- %global bundler_molinillo_version 0.6.6

- %global bundler_net_http_persistent_version 2.9.4

- %global bundler_thor_version 0.20.0

+ %global bundler_version 2.2.22

+ %global bundler_connection_pool_version 2.2.2

+ %global bundler_fileutils_version 1.4.1

+ %global bundler_molinillo_version 0.7.0

+ %global bundler_net_http_persistent_version 4.0.0

+ %global bundler_thor_version 1.1.0

+ %global bundler_tmpdir_version 0.1.0

+ %global bundler_uri_version 0.10.0

  

  %global bigdecimal_version 1.4.1

  %global did_you_mean_version 1.3.0
@@ -106,6 +109,9 @@ 

  Source13: test_abrt.rb

  # SystemTap tests.

  Source14: test_systemtap.rb

+ # git clone --no-checkout git@github.com:rubygems/rubygems.git

+ # git -C rubygems archive --prefix=rubygems/ -v -o ruby-rubygems-bundler-v2.2.22.txz bundler-v2.2.22

+ Source15: ruby-rubygems-bundler-v%{bundler_version}.txz

  

  # The load directive is supported since RPM 4.12, i.e. F21+. The build process

  # fails on older Fedoras.
@@ -165,6 +171,18 @@ 

  Patch41: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch

  # https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704

  Patch42: ruby-2.8.0-Moved-not-implemented-method-tests.patch

+ # Update `bundler.gemspec` from RubyGems, required to pass `make test-bundler`.

+ # Compare RubyGems `bundler/bundler.gemspec` with Ruby `lib/bundler/bundler.gemspec`.

+ Patch50: rubygems-bundler-gemspec-for-make-test-bundler.patch

+ # A missing gem error message is changed on RubyGems 3.2.13.

+ # https://github.com/ruby/ruby/commit/7efc7afcae6720e1af7ab49986d789b6f9d6fe0a

+ Patch51: rubygems-3.2.13-test-gem-message.patch

+ # Add rake dependnecy to run `make test-bundler`.

+ # https://github.com/ruby/ruby/commit/614154bbb6adeb06cce755be7b8540e1594703c5

+ Patch52: ruby-2.7.0-test-bundler-add-rake.patch

+ # Make spec/bundler/support/path.rb#ruby_core? return true.

+ # https://github.com/ruby/ruby/commit/5a384e2c08704dc7af9d8d3bdfc475eb8c0723aa

+ Patch53: ruby-2.7.0-test-bundler-add-env-gem-command.patch

  

  Requires: %{name}-libs%{?_isa} = %{version}-%{release}

  Suggests: rubypick
@@ -539,12 +557,21 @@ 

  

  

  %prep

- %setup -q -n %{ruby_archive}

+ %setup -q -n %{ruby_archive} -b15

  

  # Remove bundled libraries to be sure they are not used.

  rm -rf ext/psych/yaml

  rm -rf ext/fiddle/libffi*

  

+ # Update Bundler to fix CVE-2020-36327.

+ # https://bugzilla.redhat.com/show_bug.cgi?id=1958999

+ rm -rf lib/bundler{.rb,}

+ rm -rf {spec,tool}/bundler

+ cp -a %{_builddir}/rubygems/bundler/lib/bundler{.rb,} lib/

+ cp -a %{_builddir}/rubygems/bundler/bundler.gemspec lib/bundler/

+ cp -a %{_builddir}/rubygems/bundler/spec spec/bundler

+ cp -a %{_builddir}/rubygems/bundler/tool/bundler tool/bundler

+ 

  %patch0 -p1

  %patch1 -p1

  %patch2 -p1
@@ -562,6 +589,10 @@ 

  %patch22 -p1

  %patch41 -p1

  %patch42 -p1

+ %patch50 -p1

+ %patch51 -p1

+ %patch52 -p1

+ %patch53 -p1

  

  # Provide an example of usage of the tapset:

  cp -a %{SOURCE3} .
@@ -625,13 +656,9 @@ 

  do

    rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert

    rm -r $(dirname %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert)

-   rm %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert

-   rm -r $(dirname %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert)

  done

  # Ensure there is not forgotten any certificate.

  test ! "$(ls -A  %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ 2>/dev/null)"

- test "$(ls -A  %{buildroot}%{ruby_libdir}/bundler/ssl_certs/ 2>/dev/null)" \

-   = "certificate_manager.rb"

  

  # Move macros file into proper place and replace the %%{name} macro, since it

  # would be wrongly evaluated during build of other packages.
@@ -798,8 +825,11 @@ 

  # Check Bundler bundled dependencies versions.

  

  # FileUtils.

- # TODO: There is no version in bundled FileUtils yet.

- #%%{global bundler_fileutils_version}

+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \

+   module Bundler; end; \

+   require 'bundler/vendor/fileutils/lib/fileutils'; \

+   puts Bundler::FileUtils::VERSION\\\"\" | tail -1`" \

+   == '%{bundler_fileutils_version}' ]

  

  # Molinillo.

  [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
@@ -823,6 +853,17 @@ 

    puts Bundler::Thor::VERSION\\\"\" | tail -1`" \

    == '%{bundler_thor_version}' ]

  

+ # tmpdir.

+ # TODO: There is no version in bundled tmpdir yet.

+ #%%{global bundler_tmpdir_version}

+ 

+ # URI.

+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \

+   module Bundler; end; \

+   require 'bundler/vendor/uri/lib/uri/version'; \

+   puts Bundler::URI::VERSION\\\"\" | tail -1`" \

+   == '%{bundler_uri_version}' ]

+ 

  

  # test_debug(TestRubyOptions) fails due to LoadError reported in debug mode,

  # when abrt.rb cannot be required (seems to be easier way then customizing
@@ -1214,6 +1255,10 @@ 

  %{_mandir}/man5/gemfile.5*

  

  %changelog

+ * Thu Jul 08 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-128

+ - Upgrade to Bundler 2.2.22.

+   Resolves: CVE-2020-36327

+ 

  * Wed Jul 07 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-127

  - Fix FTBFS due to incompatible load directive.

  - Properly support DWARF5 debug information.

@@ -0,0 +1,21 @@ 

+ --- a/test/rubygems/test_gem.rb

+ +++ b/test/rubygems/test_gem.rb

+ @@ -1821,16 +1821,11 @@

+        io.write 'gem "a"'

+      end

+  

+ -    platform = Bundler::GemHelpers.generic_local_platform

+ -    if platform == Gem::Platform::RUBY

+ -      platform = ''

+ -    else

+ -      platform = " #{platform}"

+ -    end

+      expected =

+        if Gem::USE_BUNDLER_FOR_GEMDEPS

+          <<-EXPECTED

+ -Could not find gem 'a#{platform}' in any of the gem sources listed in your Gemfile.

+ +Could not find gem 'a' in locally installed gems.

+ +The source does not contain any versions of 'a'

+  You may need to `gem install -g` to install missing gems

+  

+          EXPECTED

@@ -0,0 +1,15 @@ 

+ --- a/lib/bundler/bundler.gemspec

+ +++ b/lib/bundler/bundler.gemspec

+ @@ -37,10 +37,9 @@

+    s.files = Dir.glob("lib/bundler{.rb,/**/*}", File::FNM_DOTMATCH).reject {|f| File.directory?(f) }

+  

+    # include the gemspec itself because warbler breaks w/o it

+ -  s.files += %w[bundler.gemspec]

+ +  s.files += %w[lib/bundler/bundler.gemspec]

+  

+ -  s.files += %w[CHANGELOG.md LICENSE.md README.md]

+ -  s.bindir        = "exe"

+ +  s.bindir        = "libexec"

+    s.executables   = %w[bundle bundler]

+    s.require_paths = ["lib"]

+  end

file modified
+1
@@ -1,1 +1,2 @@ 

  SHA512 (ruby-2.6.6.tar.xz) = 86caf93dbf61d03781767ab5375a7edf4761f13ba08ccfefe16c0a7550499237e7390c2f72a95d42670d4fe76b2401b4218936187c62ec1572799e9e04c50d62

+ SHA512 (ruby-rubygems-bundler-v2.2.22.txz) = f511473f3624ab0ae594577dbf6da5725bf0ab20beda8a3955d31b730aa4f245e6c1fa706c9925b3d936050870575fd730ca2718ccb450d31210bc8439da6d6a

Resolves: CVE-2020-36327

This PR is just to show an possibility to upgrade rubygem-bundler sub package in rpms/ruby Ruby 2.6 to fix CVE-2020-36327 as well as the following PRs.

https://src.fedoraproject.org/rpms/ruby/pull-request/88
https://src.fedoraproject.org/rpms/ruby/pull-request/90

This PR is working in progress. The make check passes on mock. I am trying to fix the make test-bundler showing the following error now.

<mock-chroot> sh-5.1$ make test-bundler
./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems -C "." bin/gem install --no-document \
>---install-dir .bundle --conservative "rspec:~> 3.5"
Fetching rspec-support-3.10.2.gem
Successfully installed rspec-support-3.10.2
Fetching rspec-core-3.10.1.gem
Successfully installed rspec-core-3.10.1 
Fetching diff-lcs-1.4.4.gem
Successfully installed diff-lcs-1.4.4
Fetching rspec-expectations-3.10.1.gem
Successfully installed rspec-expectations-3.10.1
Fetching rspec-mocks-3.10.2.gem
Successfully installed rspec-mocks-3.10.2
Fetching rspec-3.10.0.gem
Successfully installed rspec-3.10.0
6 gems installed

An error occurred while loading ./spec/bundler/bundler/gem_helper_spec.rb.
Hint: Install the `did_you_mean` gem in order to provide suggestions for similarly named files.
Failure/Error: return gem_original_require(path)

LoadError:
  cannot load such file -- rake
# ./spec/bundler/bundler/gem_helper_spec.rb:3:in `<top (required)>'
Run options: exclude {:truffleruby=>true, :jruby=>true, :readline=>false, :permissions=>false, :no_color_tty=>false, :ruby_repo=>false, :bundler=>"!= 2", :git=>"!= 2.32.0", :realworld=>true, :sudo=>true}


Finished in 0.00004 seconds (files took 1 second to load)
0 examples, 0 failures, 1 error occurred outside of examples

1 new commit added

  • Fix errors in `make test-bundler`.
2 months ago

I added one more commit to fix errors in the RSpec preparation process to start to run make test-bundler.

The ruby-2.7.0-test-bundler-add-rake.patch fixes the following error that is also above.

An error occurred while loading ./spec/bundler/bundler/gem_helper_spec.rb.
Hint: Install the `did_you_mean` gem in order to provide suggestions for similarly named files.
Failure/Error: return gem_original_require(path)

LoadError:
  cannot load such file -- rake
# ./spec/bundler/bundler/gem_helper_spec.rb:3:in `<top (required)>'

The ruby-2.7.0-test-bundler-add-env-gem-command.patch fixes the following 2 errors after applying the above patch.

An error occurred in a `before(:suite)` hook.
Failure/Error: @shipped_files ||= loaded_gemspec.files

NoMethodError:
  undefined method `files' for nil:NilClass
# ./spec/bundler/support/path.rb:83:in `shipped_files'
# ./spec/bundler/support/helpers.rb:326:in `with_built_bundler'
# ./spec/bundler/support/helpers.rb:298:in `block (2 levels) in system_gems'
# ./spec/bundler/support/helpers.rb:294:in `each'
# ./spec/bundler/support/helpers.rb:294:in `block in system_gems'
# ./spec/bundler/support/helpers.rb:350:in `block in with_gem_path_as'
# ./spec/bundler/support/helpers.rb:364:in `without_env_side_effects'
# ./spec/bundler/support/helpers.rb:346:in `with_gem_path_as'
# ./spec/bundler/support/helpers.rb:292:in `system_gems'
# ./spec/bundler/spec_helper.rb:83:in `block (2 levels) in <top (required)>'
An error occurred in an `after(:suite)` hook.
Failure/Error: File.unlink path

Errno::ENOENT:
  No such file or directory @ apply2files - /builddir/build/BUILD/ruby-2.6.6/spec/tmp/1/gems/base_system
# ./lib/fileutils.rb:1438:in `unlink'
# ./lib/fileutils.rb:1438:in `block in remove_file'
# ./lib/fileutils.rb:1443:in `platform_support'
# ./lib/fileutils.rb:1437:in `remove_file'
# ./lib/fileutils.rb:1426:in `remove'
# ./lib/fileutils.rb:760:in `block in remove_entry'
# ./lib/fileutils.rb:1481:in `postorder_traverse'
# ./lib/fileutils.rb:758:in `remove_entry'
# ./lib/fileutils.rb:610:in `block in rm_r'
# ./lib/fileutils.rb:606:in `each'
# ./lib/fileutils.rb:606:in `rm_r'
# ./spec/bundler/spec_helper.rb:115:in `block (2 levels) in <top (required)>'

After fixing the above errors, the process moves to the actual testing process. And there are some failures. The full log is https://gist.github.com/junaruga/de1302520d43a0230af259096f09f8f0 .

<mock-chroot> sh-5.1$ make test-bundler
...
Finished in 25 minutes 28 seconds (files took 1.01 seconds to load)
2898 examples, 40 failures, 25 pending