diff options
| author | David RodrÃguez <deivid.rodriguez@riseup.net> | 2024-11-07 14:05:08 +0100 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2024-11-11 19:24:42 +0000 |
| commit | db0c7be6423dbe8ddcb8a525d7a72e0c4c95e72e (patch) | |
| tree | fcf753f6d4c13b55ad3ee8902b4c933e25fa5fdd | |
| parent | 8672e88cd2c983917c38f6c1c138b3de55607b96 (diff) | |
[rubygems/rubygems] Add a `lockfile_checksums` configuration to include checksums in fresh lockfiles
https://github.com/rubygems/rubygems/commit/50b9ef8589
| -rw-r--r-- | lib/bundler/definition.rb | 2 | ||||
| -rw-r--r-- | lib/bundler/feature_flag.rb | 1 | ||||
| -rw-r--r-- | lib/bundler/man/bundle-config.1 | 2 | ||||
| -rw-r--r-- | lib/bundler/man/bundle-config.1.ronn | 2 | ||||
| -rw-r--r-- | lib/bundler/settings.rb | 1 | ||||
| -rw-r--r-- | spec/bundler/commands/lock_spec.rb | 42 |
6 files changed, 49 insertions, 1 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index 00cc139402..c11e922ea2 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -117,7 +117,7 @@ module Bundler @originally_locked_specs = @locked_specs @locked_sources = [] @locked_platforms = [] - @locked_checksums = Bundler.feature_flag.bundler_3_mode? + @locked_checksums = Bundler.feature_flag.lockfile_checksums? end locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } diff --git a/lib/bundler/feature_flag.rb b/lib/bundler/feature_flag.rb index ab2189f7f0..63e0c85c8a 100644 --- a/lib/bundler/feature_flag.rb +++ b/lib/bundler/feature_flag.rb @@ -33,6 +33,7 @@ module Bundler settings_flag(:default_install_uses_path) { bundler_3_mode? } settings_flag(:forget_cli_options) { bundler_3_mode? } settings_flag(:global_gem_cache) { bundler_3_mode? } + settings_flag(:lockfile_checksums) { bundler_3_mode? } settings_flag(:path_relative_to_cwd) { bundler_3_mode? } settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") } settings_flag(:print_only_version_number) { bundler_3_mode? } diff --git a/lib/bundler/man/bundle-config.1 b/lib/bundler/man/bundle-config.1 index 547344574f..24ea3e44b9 100644 --- a/lib/bundler/man/bundle-config.1 +++ b/lib/bundler/man/bundle-config.1 @@ -149,6 +149,8 @@ The following is a list of all configuration keys and their purpose\. You can le .IP "\(bu" 4 \fBjobs\fR (\fBBUNDLE_JOBS\fR): The number of gems Bundler can install in parallel\. Defaults to the number of available processors\. .IP "\(bu" 4 +\fBlockfile_checksums\fR (\fBBUNDLE_LOCKFILE_CHECKSUMS\fR): Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources\. +.IP "\(bu" 4 \fBno_install\fR (\fBBUNDLE_NO_INSTALL\fR): Whether \fBbundle package\fR should skip installing gems\. .IP "\(bu" 4 \fBno_prune\fR (\fBBUNDLE_NO_PRUNE\fR): Whether Bundler should leave outdated gems unpruned when caching\. diff --git a/lib/bundler/man/bundle-config.1.ronn b/lib/bundler/man/bundle-config.1.ronn index 56e1dfd3bc..00e2081959 100644 --- a/lib/bundler/man/bundle-config.1.ronn +++ b/lib/bundler/man/bundle-config.1.ronn @@ -217,6 +217,8 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html). * `jobs` (`BUNDLE_JOBS`): The number of gems Bundler can install in parallel. Defaults to the number of available processors. +* `lockfile_checksums` (`BUNDLE_LOCKFILE_CHECKSUMS`): + Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources. * `no_install` (`BUNDLE_NO_INSTALL`): Whether `bundle package` should skip installing gems. * `no_prune` (`BUNDLE_NO_PRUNE`): diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb index 4dda36242d..cde01e0181 100644 --- a/lib/bundler/settings.rb +++ b/lib/bundler/settings.rb @@ -32,6 +32,7 @@ module Bundler ignore_messages init_gems_rb inline + lockfile_checksums no_install no_prune path_relative_to_cwd diff --git a/spec/bundler/commands/lock_spec.rb b/spec/bundler/commands/lock_spec.rb index 816fadf707..4f89f9f5a3 100644 --- a/spec/bundler/commands/lock_spec.rb +++ b/spec/bundler/commands/lock_spec.rb @@ -1832,6 +1832,48 @@ RSpec.describe "bundle lock" do L end + it "generates checksums by default if configured to do so" do + build_repo4 do + build_gem "nokogiri", "1.14.2" + build_gem "nokogiri", "1.14.2" do |s| + s.platform = "x86_64-linux" + end + end + + bundle "config lockfile_checksums true" + + simulate_platform "x86_64-linux" do + install_gemfile <<-G + source "https://gem.repo4" + + gem "nokogiri" + G + end + + checksums = checksums_section do |c| + c.checksum gem_repo4, "nokogiri", "1.14.2" + c.checksum gem_repo4, "nokogiri", "1.14.2", "x86_64-linux" + end + + expect(lockfile).to eq <<~L + GEM + remote: https://gem.repo4/ + specs: + nokogiri (1.14.2) + nokogiri (1.14.2-x86_64-linux) + + PLATFORMS + ruby + x86_64-linux + + DEPENDENCIES + nokogiri + #{checksums} + BUNDLED WITH + #{Bundler::VERSION} + L + end + context "when re-resolving to include prereleases" do before do build_repo4 do |