diff options
author | Samuel Giddins <segiddins@segiddins.me> | 2023-08-09 13:45:56 -0700 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-10-23 13:59:01 +0900 |
commit | c5fd94073ff2e22b6eea29c242c7e4a12ed7c865 (patch) | |
tree | 327479235e44b16b1dd927b3d6b8b53b36bdc8c8 /spec/bundler/commands/lock_spec.rb | |
parent | 69d7e9a12eb6e3dbfa1b1021b73c2afcbf7d4a46 (diff) |
[rubygems/rubygems] Refactor to checksums stored via source
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
Diffstat (limited to 'spec/bundler/commands/lock_spec.rb')
-rw-r--r-- | spec/bundler/commands/lock_spec.rb | 89 |
1 files changed, 59 insertions, 30 deletions
diff --git a/spec/bundler/commands/lock_spec.rb b/spec/bundler/commands/lock_spec.rb index 4426c484fb..90138087f6 100644 --- a/spec/bundler/commands/lock_spec.rb +++ b/spec/bundler/commands/lock_spec.rb @@ -65,7 +65,9 @@ RSpec.describe "bundle lock" do it "prints a lockfile when there is no existing lockfile with --print" do bundle "lock --print" - expect(out).to eq(@lockfile.strip) + # No checksums because no way to get them from a file uri source + # + no existing lockfile that has them + expect(out).to eq(@lockfile.strip.gsub(/ sha256-[a-f0-9]+$/, "")) end it "prints a lockfile when there is an existing lockfile with --print" do @@ -79,7 +81,9 @@ RSpec.describe "bundle lock" do it "writes a lockfile when there is no existing lockfile" do bundle "lock" - expect(read_lockfile).to eq(@lockfile) + # No checksums because no way to get them from a file uri source + # + no existing lockfile that has them + expect(read_lockfile).to eq(@lockfile.gsub(/ sha256-[a-f0-9]+$/, "")) end it "writes a lockfile when there is an outdated lockfile using --update" do @@ -93,7 +97,8 @@ RSpec.describe "bundle lock" do bundle "lock --update", :env => { "BUNDLE_FROZEN" => "true" } - expect(read_lockfile).to eq(@lockfile) + # No checksums for the updated gems + expect(read_lockfile).to eq(@lockfile.gsub(/( \(2\.3\.2\)) sha256-[a-f0-9]+$/, "\\1")) end it "does not fetch remote specs when using the --local option" do @@ -120,7 +125,7 @@ RSpec.describe "bundle lock" do foo CHECKSUMS - #{checksum_for_repo_gem repo, "foo", "1.0"} + #{checksum_for_repo_gem repo, "foo", "1.0", :empty => true} BUNDLED WITH #{Bundler::VERSION} @@ -136,7 +141,7 @@ RSpec.describe "bundle lock" do bundle "lock --lockfile=lock" expect(out).to match(/Writing lockfile to.+lock/) - expect(read_lockfile("lock")).to eq(@lockfile) + expect(read_lockfile("lock")).to eq(@lockfile.gsub(/ sha256-[a-f0-9]+$/, "")) expect { read_lockfile }.to raise_error(Errno::ENOENT) end @@ -156,7 +161,7 @@ RSpec.describe "bundle lock" do c.repo_gem repo, "weakling", "0.0.3" end - lockfile = strip_lockfile(<<-L) + lockfile = <<~L GEM remote: #{file_uri_for(repo)}/ specs: @@ -203,7 +208,17 @@ RSpec.describe "bundle lock" do bundle "lock --update rails rake" - expect(read_lockfile).to eq(@lockfile) + expect(read_lockfile).to eq(@lockfile.gsub(/( \((?:2\.3\.2|13\.0\.1)\)) sha256-[a-f0-9]+$/, "\\1")) + end + + it "preserves unknown checksum algorithms" do + lockfile @lockfile.gsub(/(sha256-[a-f0-9]+)$/, "constant-true,\\1,xyz-123") + + previous_lockfile = read_lockfile + + bundle "lock" + + expect(read_lockfile).to eq(previous_lockfile) end it "does not unlock git sources when only uri shape changes" do @@ -280,7 +295,7 @@ RSpec.describe "bundle lock" do G bundle "config set without test" bundle "config set path vendor/bundle" - bundle "lock" + bundle "lock", :verbose => true expect(bundled_app("vendor/bundle")).not_to exist end @@ -611,10 +626,10 @@ RSpec.describe "bundle lock" do mixlib-shellout CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14", "x86-mingw32"} - #{checksum_for_repo_gem gem_repo4, "gssapi", "1.2.0"} - #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6", "universal-mingw32"} - #{checksum_for_repo_gem gem_repo4, "win32-process", "0.8.3"} + #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14", "x86-mingw32", :empty => true} + #{checksum_for_repo_gem gem_repo4, "gssapi", "1.2.0", :empty => true} + #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6", "universal-mingw32", :empty => true} + #{checksum_for_repo_gem gem_repo4, "win32-process", "0.8.3", :empty => true} BUNDLED WITH #{Bundler::VERSION} @@ -646,12 +661,12 @@ RSpec.describe "bundle lock" do mixlib-shellout CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14"} - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14", "x86-mingw32"} - #{checksum_for_repo_gem gem_repo4, "gssapi", "1.2.0"} - #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6"} - #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6", "universal-mingw32"} - #{checksum_for_repo_gem gem_repo4, "win32-process", "0.8.3"} + #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14", :empty => true} + #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.14", "x86-mingw32", :empty => true} + #{checksum_for_repo_gem gem_repo4, "gssapi", "1.2.0", :empty => true} + #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6", :empty => true} + #{checksum_for_repo_gem gem_repo4, "mixlib-shellout", "2.2.6", "universal-mingw32", :empty => true} + #{checksum_for_repo_gem gem_repo4, "win32-process", "0.8.3", :empty => true} BUNDLED WITH #{Bundler::VERSION} @@ -732,8 +747,8 @@ RSpec.describe "bundle lock" do libv8 CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-19"} - #{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-20"} + #{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-19", :empty => true} + #{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-20", :empty => true} BUNDLED WITH #{Bundler::VERSION} @@ -928,13 +943,15 @@ RSpec.describe "bundle lock" do end context "when an update is available" do - let(:repo) { gem_repo2 } - - before do - lockfile(@lockfile) + let(:repo) do build_repo2 do build_gem "foo", "2.0" end + gem_repo2 + end + + before do + lockfile(@lockfile) end it "does not implicitly update" do @@ -952,7 +969,7 @@ RSpec.describe "bundle lock" do c.repo_gem repo, "weakling", "0.0.3" end - expected_lockfile = strip_lockfile(<<-L) + expected_lockfile = <<~L GEM remote: #{file_uri_for(repo)}/ specs: @@ -1003,13 +1020,15 @@ RSpec.describe "bundle lock" do c.repo_gem repo, "activerecord", "2.3.2" c.repo_gem repo, "activeresource", "2.3.2" c.repo_gem repo, "activesupport", "2.3.2" - c.repo_gem repo, "foo", "2.0" + # We don't have a checksum for foo 2, + # since it is not downloaded by bundle lock, therefore we don't include it + # c.repo_gem repo, "foo", "2.0" c.repo_gem repo, "rails", "2.3.2" c.repo_gem repo, "rake", "13.0.1" c.repo_gem repo, "weakling", "0.0.3" end - expected_lockfile = strip_lockfile(<<-L) + expected_lockfile = <<~L GEM remote: #{file_uri_for(repo)}/ specs: @@ -1041,7 +1060,7 @@ RSpec.describe "bundle lock" do weakling CHECKSUMS - #{expected_checksums} + #{expected_checksums.prepend(" ").lines(:chomp => true).append(" foo (2.0)").sort.join("\n")} BUNDLED WITH #{Bundler::VERSION} @@ -1118,8 +1137,8 @@ RSpec.describe "bundle lock" do debug CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "debug", "1.6.3"} - #{checksum_for_repo_gem gem_repo4, "irb", "1.5.0"} + #{checksum_for_repo_gem gem_repo4, "debug", "1.6.3", :empty => true} + #{checksum_for_repo_gem gem_repo4, "irb", "1.5.0", :empty => true} BUNDLED WITH #{Bundler::VERSION} @@ -1424,6 +1443,10 @@ RSpec.describe "bundle lock" do DEPENDENCIES foo! + CHECKSUMS + #{checksum_for_repo_gem(gem_repo4, "foo", "1.0", :empty => true)} + #{checksum_for_repo_gem(gem_repo4, "nokogiri", "1.14.2", :empty => true)} + BUNDLED WITH #{Bundler::VERSION} L @@ -1507,6 +1530,12 @@ RSpec.describe "bundle lock" do activesupport (= 7.0.4.3) govuk_app_config + CHECKSUMS + #{checksum_for_repo_gem gem_repo4, "actionpack", "7.0.4.3", :empty => true} + #{checksum_for_repo_gem gem_repo4, "activesupport", "7.0.4.3", :empty => true} + #{checksum_for_repo_gem gem_repo4, "govuk_app_config", "4.13.0", :empty => true} + #{checksum_for_repo_gem gem_repo4, "railties", "7.0.4.3", :empty => true} + BUNDLED WITH #{Bundler::VERSION} L |