diff options
Diffstat (limited to 'lib/bundler/definition.rb')
-rw-r--r-- | lib/bundler/definition.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index a09d661a07..686721cd32 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -106,6 +106,17 @@ module Bundler @locked_platforms = [] end + @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } + @disable_multisource = @locked_gem_sources.all?(&:disable_multisource?) + + unless @disable_multisource + msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. You should run `bundle update` or generate your lockfile from scratch." + + Bundler::SharedHelpers.major_deprecation 2, msg + + @sources.merged_gem_lockfile_sections! + end + @unlock[:gems] ||= [] @unlock[:sources] ||= [] @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object @@ -145,6 +156,10 @@ module Bundler end end + def disable_multisource? + @disable_multisource + end + def resolve_with_cache! raise "Specs already loaded" if @specs sources.cached! @@ -530,6 +545,9 @@ module Bundler attr_reader :sources private :sources + attr_reader :locked_gem_sources + private :locked_gem_sources + def nothing_changed? !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform end @@ -654,10 +672,8 @@ module Bundler end def converge_rubygems_sources - return false if Bundler.feature_flag.disable_multisource? + return false if disable_multisource? - # Get the RubyGems sources from the Gemfile.lock - locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } return false if locked_gem_sources.empty? # Get the RubyGems remotes from the Gemfile |