Fix bundler improperly resolving archful gems in Gemfile.lock.

For more information see: https://github.com/sclorg/s2i-ruby-container/issues/469 Upstream backport requested in https://bugs.ruby-lang.org/issues/19576 Resolves: rhbz#2178171
2023-03-31 17:36:23 +02:00 · 2023-03-31 17:36:23 +02:00 · 487c4a5aea
commit 487c4a5aea
parent c4f29640fb
3 changed files with 221 additions and 0 deletions
--- a/ruby.spec
+++ b/ruby.spec
@ -195,6 +195,16 @@ Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch
 # https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483
 # https://bugs.ruby-lang.org/issues/19529#note-7
 Patch29: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch
+# Bundler does not correctly resolve archful gems in 2.3.26.
+# Example of such an issue
+# https://github.com/sclorg/s2i-ruby-container/issues/469
+# The patch is an amalgamation of the following:
+# https://github.com/rubygems/rubygems/pull/6225
+# https://github.com/rubygems/rubygems/commit/7b64c64262a7a980c0eb23b96ea56cf72ea06e89
+# Backport requested in
+# https://bugs.ruby-lang.org/issues/19576
+Patch30: rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch
+Patch31: rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@ -667,6 +677,11 @@ rm -rf ext/fiddle/libffi*
 %patch27 -p1
 %patch28 -p1
 %patch29 -p1
+%patch30 -p2
+
+pushd spec/bundler
+%patch31 -p3
+popd

 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@ -1541,6 +1556,8 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
 - Upgrade to Ruby 3.1.4.
 - Fix ReDoS vulnerability in URI (CVE-2023-28755)
 - Fix ReDoS vulnerability in Time (CVE-2023-28756)
+- Fix bundler improperly resolving archful gems in Gemfile.lock.
+  Resolves: rhbz#2178171

 * Fri Jan 20 2023 Jun Aruga <jaruga@redhat.com> - 3.1.3-174
 - Fix for tzdata-2022g.
--- a/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch
+++ b/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch
@ -0,0 +1,144 @@
+From 0985592ad2d815ac461100807f5b2621e5f49b21 Mon Sep 17 00:00:00 2001
+From: Jarek Prokop <jprokop@redhat.com>
+Date: Fri, 31 Mar 2023 11:54:07 +0200
+Subject: [PATCH 1/2] Provide fix for bundler Gemfile resolving regression.
+
+Instead of resolving to correct Ruby platform, it preferred the
+archful package, that is actually incompatible.
+
+See https://github.com/sclorg/s2i-ruby-container/issues/469
+for an example of the bug.
+
+Commit taken from:
+<https://github.com/rubygems/rubygems/pull/6225>
+and adapted:
+<https://github.com/rubygems/rubygems/commit/7b64c64262a7a980c0eb23b96ea56cf72ea06e89>
+for the PR#6225.
+---
+ bundler/lib/bundler/index.rb              |  5 ++
+ bundler/lib/bundler/lazy_specification.rb | 64 ++++++++++-------------
+ 2 files changed, 34 insertions(+), 35 deletions(-)
+
+diff --git a/bundler/lib/bundler/index.rb b/bundler/lib/bundler/index.rb
+index ed16c90a3..903e220d5 100644
+--- a/bundler/lib/bundler/index.rb
+++ b/bundler/lib/bundler/index.rb
+@@ -71,6 +71,7 @@ def local_search(query)
+       when Gem::Specification, RemoteSpecification, LazySpecification, EndpointSpecification then search_by_spec(query)
+       when String then specs_by_name(query)
+       when Gem::Dependency then search_by_dependency(query)
+      when Array then search_by_name_and_version(*query)
+       else
+         raise "You can't search for a #{query.inspect}."
+       end
+@@ -173,6 +174,10 @@ def search_by_dependency(dependency)
+       end
+     end
+ 
+    def search_by_name_and_version(name, version)
+      specs_by_name(name).select { |spec| spec.version == version }
+    end
+
+     EMPTY_SEARCH = [].freeze
+ 
+     def search_by_spec(spec)
+diff --git a/bundler/lib/bundler/lazy_specification.rb b/bundler/lib/bundler/lazy_specification.rb
+index 949e8264b..e8bee25ab 100644
+--- a/bundler/lib/bundler/lazy_specification.rb
+++ b/bundler/lib/bundler/lazy_specification.rb
+@@ -13,7 +13,6 @@ def initialize(name, version, platform, source = nil)
+       @dependencies  = []
+       @platform      = platform || Gem::Platform::RUBY
+       @source        = source
+-      @specification = nil
+     end
+ 
+     def full_name
+@@ -76,37 +75,41 @@ def to_lock
+     def materialize_for_installation
+       source.local!
+ 
+-      candidates = if source.is_a?(Source::Path) || !ruby_platform_materializes_to_ruby_platform?
+-        target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform
+      matching_specs = source.specs.search(use_exact_resolved_specifications? ? self : [name, version])
+      return self if matching_specs.empty?
+ 
+-        GemHelpers.select_best_platform_match(source.specs.search(Dependency.new(name, version)), target_platform)
+-      else
+-        source.specs.search(self)
+-      end
+      candidates = if use_exact_resolved_specifications?
+                     matching_specs
+                   else
+                     target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform
+
+                     installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
+
+                     specification = __materialize__(installable_candidates)
+                     return specification unless specification.nil?
+ 
+-      return self if candidates.empty?
+                     if target_platform != platform
+                       installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform)
+                     end
+
+                     installable_candidates
+                   end
+ 
+       __materialize__(candidates)
+     end
+ 
+     def __materialize__(candidates)
+-      @specification = begin
+-        search = candidates.reverse.find do |spec|
+-          spec.is_a?(StubSpecification) ||
+-            (spec.matches_current_ruby? &&
+-              spec.matches_current_rubygems?)
+-        end
+-        if search.nil? && Bundler.frozen_bundle?
+-          search = candidates.last
+-        else
+-          search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
+-        end
+-        search
+      search = candidates.reverse.find do |spec|
+        spec.is_a?(StubSpecification) ||
+          (spec.matches_current_ruby? &&
+           spec.matches_current_rubygems?)
+       end
+-    end
+-
+-    def respond_to?(*args)
+-      super || @specification ? @specification.respond_to?(*args) : nil
+      if search.nil? && Bundler.frozen_bundle?
+        search = candidates.last
+      else
+        search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
+      end
+      search
+     end
+ 
+     def to_s
+@@ -127,17 +130,8 @@ def git_version
+     end
+ 
+     private
+-
+-    def to_ary
+-      nil
+-    end
+-
+-    def method_missing(method, *args, &blk)
+-      raise "LazySpecification has not been materialized yet (calling :#{method} #{args.inspect})" unless @specification
+-
+-      return super unless respond_to?(method)
+-
+-      @specification.send(method, *args, &blk)
+    def use_exact_resolved_specifications?
+      @use_exact_resolved_specifications ||= !source.is_a?(Source::Path) && ruby_platform_materializes_to_ruby_platform?
+     end
+ 
+     #
+-- 
+2.40.0
+
--- a/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch
+++ b/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch
@ -0,0 +1,60 @@
+From cb3d287a91e9b6762e47635137d6024fe39e117d Mon Sep 17 00:00:00 2001
+From: Jarek Prokop <jprokop@redhat.com>
+Date: Fri, 31 Mar 2023 12:06:21 +0200
+Subject: [PATCH] Tests from bundler's PR#6225.
+
+See <https://github.com/rubygems/rubygems/pull/6225>.
+---
+ .../install/gemfile/specific_platform_spec.rb | 36 +++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/bundler/spec/install/gemfile/specific_platform_spec.rb b/bundler/spec/install/gemfile/specific_platform_spec.rb
+index 98efec396..a29446305 100644
+--- a/bundler/spec/install/gemfile/specific_platform_spec.rb
+++ b/bundler/spec/install/gemfile/specific_platform_spec.rb
+@@ -104,6 +104,42 @@
+       L
+     end
+ 
+    it "still installs the generic RUBY variant if necessary even when running on a legacy lockfile locked only to RUBY" do
+      build_repo4 do
+        build_gem "nokogiri", "1.3.10"
+        build_gem "nokogiri", "1.3.10" do |s|
+          s.platform = "arm64-darwin"
+          s.required_ruby_version = "< #{Gem.ruby_version}"
+        end
+
+        build_gem "bundler", "2.1.4"
+      end
+
+      gemfile <<~G
+        source "#{file_uri_for(gem_repo4)}"
+        gem "nokogiri"
+      G
+
+      lockfile <<-L
+        GEM
+          remote: #{file_uri_for(gem_repo4)}/
+          specs:
+            nokogiri (1.3.10)
+        PLATFORMS
+          ruby
+        DEPENDENCIES
+          nokogiri
+        RUBY VERSION
+          2.5.3p105
+        BUNDLED WITH
+           2.1.4
+      L
+
+      simulate_platform "arm64-darwin-22" do
+        bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
+      end
+    end
+
+     it "doesn't discard previously installed platform specific gem and fall back to ruby on subsequent bundles" do
+       build_repo2 do
+         build_gem("libv8", "8.4.255.0")
+-- 
+2.40.0
+