[rubygems/rubygems] Add CHECKSUMS for each gem in lockfile

We lock the checksum for each resolved spec under a new CHECKSUMS
section in the lockfile.

If the locked spec does not resolve for the local platform, we preserve
the locked checksum, similar to how we preserve specs.

Checksum locking only makes sense on install. The compact index
information is only available then.

https://github.com/rubygems/rubygems/commit/bde37ca6bf

1 files changed, 42 insertions, 0 deletions

diff --git a/lib/bundler/checksum.rb b/lib/bundler/checksum.rb
new file mode 100644
index 0000000000..2e0a80cac2
--- /dev/null
+++ b/lib/bundler/checksum.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Bundler
+  class Checksum
+    attr_reader :name, :version, :platform
+    attr_accessor :checksum
+
+    SHA256 = /\Asha256-([a-z0-9]{64}|[A-Za-z0-9+\/=]{44})\z/.freeze
+
+    def initialize(name, version, platform, checksum = nil)
+      @name     = name
+      @version  = version
+      @platform = platform || Gem::Platform::RUBY
+      @checksum = checksum
+
+      if @checksum && @checksum !~ SHA256
+        raise ArgumentError, "invalid checksum (#{@checksum})"
+      end
+    end
+
+    def match_spec?(spec)
+      name == spec.name &&
+        version == spec.version &&
+        platform.to_s == spec.platform.to_s
+    end
+
+    def to_lock
+      out = String.new
+
+      if platform == Gem::Platform::RUBY
+        out << "  #{name} (#{version})"
+      else
+        out << "  #{name} (#{version}-#{platform})"
+      end
+
+      out << " #{checksum}" if checksum
+      out << "\n"
+
+      out
+    end
+  end
+end