1 files changed, 19 insertions, 3 deletions

diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index a09d661a07..686721cd32 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -106,6 +106,17 @@ module Bundler
         @locked_platforms = []
       end
 
+      @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
+      @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?)
+
+      unless @disable_multisource
+        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch."
+
+        Bundler::SharedHelpers.major_deprecation 2, msg
+
+        @sources.merged_gem_lockfile_sections!
+      end
+
       @unlock[:gems] ||= []
       @unlock[:sources] ||= []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
@@ -145,6 +156,10 @@ module Bundler
       end
     end
 
+    def disable_multisource?
+      @disable_multisource
+    end
+
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -530,6 +545,9 @@ module Bundler
     attr_reader :sources
     private :sources
 
+    attr_reader :locked_gem_sources
+    private :locked_gem_sources
+
     def nothing_changed?
       !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
     end
@@ -654,10 +672,8 @@ module Bundler
     end
 
     def converge_rubygems_sources
-      return false if Bundler.feature_flag.disable_multisource?
+      return false if disable_multisource?
 
-      # Get the RubyGems sources from the Gemfile.lock
-      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
       return false if locked_gem_sources.empty?
 
       # Get the RubyGems remotes from the Gemfile