Blob Blame History Raw
%global gem_name bundler

# Enable test when building on local.
%bcond_with tests

# Ideally it should be checked against FileUtils::VERSION.
# https://github.com/ruby/fileutils/pull/12
%global fileutils_version 0.7.2
%global molinillo_version 0.6.4
%global net_http_persistent_version 2.9.4
%global thor_version 0.20.0

Name: rubygem-%{gem_name}
Version: 1.16.1
Release: 4%{?dist}
Summary: Library and utilities to manage a Ruby application's gem dependencies
Group: Development/Languages
License: MIT
URL: http://bundler.io
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# git clone https://github.com/bundler/bundler.git && cd bundler
# git checkout v1.16.1 && tar czvf bundler-1.16.1-specs.tgz spec/
Source1: %{gem_name}-%{version}-specs.tgz
# Raise an error or print a warning in dependency confusion cases.
# https://github.com/rubygems/rubygems/pull/5029
Patch0: ruby-bundler-raise-error-in-dependency-confusion.patch
Patch1: ruby-bundler-raise-error-in-dependency-confusion-tests.patch
# ruby package has just soft dependency on rubygem(io-console), while
# Bundler always requires it.
Requires: rubygem(io-console)
BuildRequires: ruby(release)
BuildRequires: rubygems-devel
BuildRequires: ruby
%if %{with tests}
BuildRequires: ruby-devel
BuildRequires: rubygem(rspec) >= 3.0
BuildRequires: rubygem(rake)
BuildRequires: git
BuildRequires: %{_bindir}/ps
%endif
# https://github.com/bundler/bundler/issues/3647
Provides: bundled(rubygem-fileutils) = %{fileutils_version}
Provides: bundled(rubygem-molinillo) = %{molinillo_version}
Provides: bundled(rubygem-net-http-persisntent) = %{net_http_persistent_version}
Provides: bundled(rubygem-thor) = %{thor_version}
BuildArch: noarch

%description
Bundler manages an application's dependencies through its entire life, across
many machines, systematically and repeatably.


%package doc
Summary: Documentation for %{name}
Group: Documentation
Requires: %{name} = %{version}-%{release}
BuildArch: noarch

%description doc
Documentation for %{name}.

%prep
%setup -q -c -T
%gem_install -n %{SOURCE0}

pushd .%{gem_instdir}
%patch0 -p1
popd

%build

%install
mkdir -p %{buildroot}%{gem_dir}
cp -a .%{gem_dir}/* \
        %{buildroot}%{gem_dir}/


mkdir -p %{buildroot}%{_bindir}
cp -a .%{_bindir}/* \
        %{buildroot}%{_bindir}/

find %{buildroot}%{gem_instdir}/exe -type f | xargs chmod a+x

# Remove unnecessary executable bit.
# https://github.com/bundler/bundler/pull/6285
chmod a-x %{buildroot}%{gem_libdir}/bundler/templates/Executable

# Man pages are used by Bundler internally, do not remove them!
for n in 5 1; do
  mkdir -p %{buildroot}%{_mandir}/man${n}
  for file in %{buildroot}%{gem_instdir}/man/*.${n}; do
    base_name=$(basename "${file}")
    cp -a "${file}" "%{buildroot}%{_mandir}/man${n}/${base_name}"
  done
done

%check
pushd .%{gem_instdir}
# Check bundled libraries.
[ `ls lib/bundler/vendor | wc -l` == 4 ]

ruby -e '
  module Bundler; end
  require "./lib/bundler/vendor/fileutils/lib/fileutils.rb"'

[ `ruby -e '
  module Bundler; end
  require "./lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata"
  puts Bundler::Molinillo::VERSION'` == '%{molinillo_version}' ]

[ `ruby -Ilib -e '
  module Bundler; module Persistent; module Net; module HTTP; end; end; end; end
  require "./lib/bundler/vendor/net-http-persistent/lib/net/http/persistent"
  puts Bundler::Persistent::Net::HTTP::Persistent::VERSION'` == '%{net_http_persistent_version}' ]

[ `ruby -e '
  module Bundler; end
  require "./lib/bundler/vendor/thor/lib/thor/version"
  puts Bundler::Thor::VERSION'` == '%{thor_version}' ]

# Test suite has to be disabled for official build, since it downloads various
# gems, which are not in Fedora or they have different version etc.
# Nevertheless, the test suite should run for local builds.
%if %{with tests}

tar xzvf %{SOURCE1}
cat %{PATCH1} | patch -p1

# Re-create bundler.gemspec used in spec/spec_helper.rb to avoid unnecessary
# git dependency.
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec

# Color tests do not work in mock building process (but this can be tested
# running from shell).
# https://github.com/rpm-software-management/mock/issues/136
sed -i '/^          context "with color" do$/,/^          end$/ s/^/#/' \
  spec/bundler/source_spec.rb

# This test fails due to rubypick.
sed -i '/^      it "like a normally executed executable" do$/,/^      end$/ s/^/#/' \
  spec/commands/exec_spec.rb

# RDoc is not default gem on Fedora.
sed -i '/^    context "given a default gem shippped in ruby" do$/,/^    end$/ s/^/#/' \
  spec/commands/info_spec.rb

# Avoid unexpected influence of Fedora specific configuration. This forces
# Ruby to load this empty operating_system.rb instead of operatin_system.rb
# shipped as part of RubyGems.
mkdir -p %{_builddir}/rubygems/rubygems/defaults/
touch %{_builddir}/rubygems/rubygems/defaults/operating_system.rb

# Suppress warnings by "git init" on Git >= 2.28.
# Running `git config --global init.defaultBranch <name>` is not enough.
# https://github.blog/2020-07-27-highlights-from-git-2-28/
for file in \
  lib/bundler/cli/gem.rb \
  spec/bundler/gem_helper_spec.rb \
  spec/commands/show_spec.rb \
  spec/support/builders.rb
do
  sed -E -i 's|(git init( --bare)?)|\1 2> /dev/null|' $file
done

# It is necessary to require spec_helper.rb explicitly.
# https://github.com/bundler/bundler/pull/5634
# To pass other tests, set BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK
RUBYOPT=-I%{_builddir}/rubygems GEM_PATH=/usr/share/gems \
BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK=1 \
rspec -rspec_helper spec -f d

%endif

popd

%files
%dir %{gem_instdir}
%{_bindir}/bundle
%{_bindir}/bundler
%exclude %{gem_instdir}/.*
%exclude %{gem_libdir}/bundler/ssl_certs/index.rubygems.org
%exclude %{gem_libdir}/bundler/ssl_certs/rubygems.global.ssl.fastly.net
%exclude %{gem_libdir}/bundler/ssl_certs/rubygems.org
%exclude %{gem_libdir}/bundler/ssl_certs/.document
%license %{gem_instdir}/LICENSE.md
%exclude %{gem_instdir}/bundler.gemspec
%{gem_instdir}/exe
%{gem_libdir}
%exclude %{gem_instdir}/man/*.ronn
%doc %{gem_instdir}/man
%exclude %{gem_cache}
%{gem_spec}
%doc %{_mandir}/man1/*
%doc %{_mandir}/man5/*

%files doc
%doc %{gem_docdir}
%doc %{gem_instdir}/CHANGELOG.md
%doc %{gem_instdir}/README.md

%changelog
* Mon Dec 13 2021 Jun Aruga <jaruga@redhat.com> - 1.16.1-4
- Fix Bundler dependency confusion.
  Resolves: CVE-2020-36327

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Feb 01 2018 Vít Ondruch <vondruch@redhat.com> - 1.16.1-2
- Remove unnecessary executable bit.

* Tue Jan 02 2018 Jun Aruga <jaruga@redhat.com> - 1.16.1-1
- Update to Bundler 1.16.1.

* Mon Nov 06 2017 Jun Aruga <jaruga@redhat.com> - 1.16.0-1
- Update to Bundler 1.16.0.

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Jan 02 2017 Vít Ondruch <vondruch@redhat.com> - 1.13.7-1
- Update to Bundler 1.13.7.

* Fri Dec 16 2016 Vít Ondruch <vondruch@redhat.com> - 1.13.6-1
- Update to Bundler 1.13.6.

* Wed Jul 27 2016 Vít Ondruch <vondruch@redhat.com> - 1.12.5-1
- Update to Bundler 1.12.5.

* Fri Apr 08 2016 Vít Ondruch <vondruch@redhat.com> - 1.10.6-3
- Explicitly set rubygem(io-console) dependency.

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Mon Oct 12 2015 Vít Ondruch <vondruch@redhat.com> - 1.10.6-1
- Update to Bundler 1.10.6.
- Keep vendored libraries.

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Thu Feb 05 2015 Vít Ondruch <vondruch@redhat.com> - 1.7.8-2
- Properly uninstall the vendor directory.

* Tue Dec 09 2014 Vít Ondruch <vondruch@redhat.com> - 1.7.8-1
- Update to Bundler 1.7.8.

* Thu Nov 20 2014 Josef Stribny <jstribny@redhat.com> - 1.7.6-2
- Keep ssl_certs/certificate_manager.rb file (used in tests)
- Correctly add load paths for gems during tests

* Wed Nov 12 2014 Josef Stribny <jstribny@redhat.com> - 1.7.6-1
- Update to 1.7.6

* Tue Nov 11 2014 Josef Stribny <jstribny@redhat.com> - 1.7.4-2
- Use symlinks for vendored libraries (rhbz#1163039)

* Mon Oct 27 2014 Vít Ondruch <vondruch@redhat.com> - 1.7.4-1
- Update to Bundler 1.7.4.
- Add thor and net-http-persistent dependencies into .gemspec.

* Mon Sep 22 2014 Josef Stribny <jstribny@redhat.com> - 1.7.3-1
- Update to 1.7.3

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sun Jan 12 2014 Sam Kottler <skottler@fedoraproject.org> - 1.5.2-1
- Update to 1.5.2 (BZ #1047222)

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Tue Jun 11 2013 Vít Ondruch <vondruch@redhat.com> - 1.3.5-1
- Update to Bundler 1.3.5.

* Mon Mar 04 2013 Josef Stribny <jstribny@redhat.com> - 1.3.1-1
- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0
- Update to Bundler 1.3.1

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Fri Nov 02 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1.2.1-1
- Update to Bundler 1.2.1.
- Fix permissions on some executable files.

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Jul 13 2012 Vít Ondruch <vondruch@redhat.com> - 1.1.4-1
- Update to Bundler 1.1.4.

* Wed Feb 01 2012 Vít Ondruch <vondruch@redhat.com> - 1.0.21-1
- Rebuilt for Ruby 1.9.3.
- Update to Bundler 1.0.21.

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Jul 07 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.15-1
- Updated to Bundler 1.0.15

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Feb 04 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.10-1
- Upstream update

* Thu Jan 27 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.9-2
- More concise summary
- Do not remove manpages, they are used internally
- Added buildroot cleanup in clean section

* Mon Jan 24 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.9-1
- Bumped to Bundler 1.0.9
- Installed manual pages
- Removed obsolete buildroot cleanup

* Mon Nov 1 2010 Jozef Zigmund <jzigmund@redhat.com> - 1.0.3-2
- Add ruby(abi) dependency
- Add using macro %%{geminstdir} in files section
- Add subpackage doc for doc files
- Removed .gitignore file
- Removed rubygem-thor from vendor folder
- Add dependency rubygem(thor)

* Mon Oct 18 2010 Jozef Zigmund <jzigmund@redhat.com> - 1.0.3-1
- Initial package