diff options
| author | Martin Emde <martin.emde@gmail.com> | 2023-12-01 14:20:51 -0800 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2023-12-05 21:09:53 +0000 |
| commit | 5f0ea3f590f8983669fe478bc9eace6880353b84 (patch) | |
| tree | ca777e6b654fa43b841e3286a9b35a0869987d2e /spec/bundler/install/gems/resolving_spec.rb | |
| parent | a33632e1ca7af1e3ba34cff05643aa067561a8cc (diff) | |
[rubygems/rubygems] Converts Bundler lockfile checksum validation to opt-in only
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.
https://github.com/rubygems/rubygems/commit/2353cc93a4
Diffstat (limited to 'spec/bundler/install/gems/resolving_spec.rb')
| -rw-r--r-- | spec/bundler/install/gems/resolving_spec.rb | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/spec/bundler/install/gems/resolving_spec.rb b/spec/bundler/install/gems/resolving_spec.rb index b9f928a0db..8c9ec61ed0 100644 --- a/spec/bundler/install/gems/resolving_spec.rb +++ b/spec/bundler/install/gems/resolving_spec.rb @@ -256,6 +256,10 @@ RSpec.describe "bundle install with install-time dependencies" do gem 'parallel_tests' G + checksums = checksums_section do |c| + c.checksum gem_repo2, "parallel_tests", "3.8.0" + end + lockfile <<~L GEM remote: http://localgemserver.test/ @@ -267,7 +271,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -276,6 +280,10 @@ RSpec.describe "bundle install with install-time dependencies" do it "automatically updates lockfile to use the older version" do bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "parallel_tests", "3.7.0" + end + expect(lockfile).to eq <<~L GEM remote: http://localgemserver.test/ @@ -287,10 +295,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - - CHECKSUMS - #{checksum_for_repo_gem gem_repo2, "parallel_tests", "3.7.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -335,6 +340,11 @@ RSpec.describe "bundle install with install-time dependencies" do gem 'rubocop' G + checksums = checksums_section do |c| + c.checksum gem_repo2, "rubocop", "1.35.0" + c.checksum gem_repo2, "rubocop-ast", "1.21.0" + end + lockfile <<~L GEM remote: http://localgemserver.test/ @@ -348,7 +358,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -357,6 +367,11 @@ RSpec.describe "bundle install with install-time dependencies" do it "automatically updates lockfile to use the older compatible versions" do bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "rubocop", "1.28.2" + c.checksum gem_repo2, "rubocop-ast", "1.17.0" + end + expect(lockfile).to eq <<~L GEM remote: http://localgemserver.test/ @@ -370,11 +385,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES rubocop - - CHECKSUMS - #{checksum_for_repo_gem gem_repo2, "rubocop", "1.28.2"} - #{checksum_for_repo_gem gem_repo2, "rubocop-ast", "1.17.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L |