diff options
| author | Martin Emde <martin.emde@gmail.com> | 2023-12-01 14:20:51 -0800 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2023-12-05 21:09:53 +0000 |
| commit | 5f0ea3f590f8983669fe478bc9eace6880353b84 (patch) | |
| tree | ca777e6b654fa43b841e3286a9b35a0869987d2e /lib/bundler/definition.rb | |
| parent | a33632e1ca7af1e3ba34cff05643aa067561a8cc (diff) | |
[rubygems/rubygems] Converts Bundler lockfile checksum validation to opt-in only
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.
https://github.com/rubygems/rubygems/commit/2353cc93a4
Diffstat (limited to 'lib/bundler/definition.rb')
| -rw-r--r-- | lib/bundler/definition.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index ca12827579..3493f0732d 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -18,7 +18,8 @@ module Bundler :platforms, :ruby_version, :lockfile, - :gemfiles + :gemfiles, + :locked_checksums ) # Given a gemfile and lockfile creates a Bundler definition @@ -92,6 +93,7 @@ module Bundler @locked_bundler_version = @locked_gems.bundler_version @locked_ruby_version = @locked_gems.ruby_version @originally_locked_specs = SpecSet.new(@locked_gems.specs) + @locked_checksums = @locked_gems.checksums if unlock != true @locked_deps = @locked_gems.dependencies @@ -112,6 +114,7 @@ module Bundler @originally_locked_specs = @locked_specs @locked_sources = [] @locked_platforms = [] + @locked_checksums = nil end locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } @@ -767,7 +770,7 @@ module Bundler sources.all_sources.each do |source| # has to be done separately, because we want to keep the locked checksum # store for a source, even when doing a full update - if @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } + if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } source.checksum_store.merge!(locked_source.checksum_store) end # If the source is unlockable and the current command allows an unlock of |