diff options
Diffstat (limited to 'lib/bundler')
| -rw-r--r-- | lib/bundler/checksum.rb | 15 | ||||
| -rw-r--r-- | lib/bundler/definition.rb | 7 | ||||
| -rw-r--r-- | lib/bundler/endpoint_specification.rb | 1 | ||||
| -rw-r--r-- | lib/bundler/lockfile_generator.rb | 1 | ||||
| -rw-r--r-- | lib/bundler/lockfile_parser.rb | 15 | ||||
| -rw-r--r-- | lib/bundler/rubygems_gem_installer.rb | 10 |
6 files changed, 32 insertions, 17 deletions
diff --git a/lib/bundler/checksum.rb b/lib/bundler/checksum.rb index f8fd386569..163eac458e 100644 --- a/lib/bundler/checksum.rb +++ b/lib/bundler/checksum.rb @@ -9,6 +9,18 @@ module Bundler private_constant :DEFAULT_BLOCK_SIZE class << self + def from_gem_package(gem_package, algo = DEFAULT_ALGORITHM) + return if Bundler.settings[:disable_checksum_validation] + return unless source = gem_package.instance_variable_get(:@gem) + return unless source.respond_to?(:with_read_io) + + source.with_read_io do |io| + from_gem(io, source.path) + ensure + io.rewind + end + end + def from_gem(io, pathname, algo = DEFAULT_ALGORITHM) digest = Bundler::SharedHelpers.digest(algo.upcase).new buf = String.new(:capacity => DEFAULT_BLOCK_SIZE) @@ -17,6 +29,7 @@ module Bundler end def from_api(digest, source_uri, algo = DEFAULT_ALGORITHM) + return if Bundler.settings[:disable_checksum_validation] Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:api, source_uri)) end @@ -177,7 +190,6 @@ module Bundler # This ensures a mismatch error where there are multiple top level sources # that contain the same gem with different checksums. def replace(spec, checksum) - return if Bundler.settings[:disable_checksum_validation] return unless checksum name_tuple = spec.name_tuple @@ -193,7 +205,6 @@ module Bundler end def register(spec, checksum) - return if Bundler.settings[:disable_checksum_validation] return unless checksum register_checksum(spec.name_tuple, checksum) end diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index ca12827579..3493f0732d 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -18,7 +18,8 @@ module Bundler :platforms, :ruby_version, :lockfile, - :gemfiles + :gemfiles, + :locked_checksums ) # Given a gemfile and lockfile creates a Bundler definition @@ -92,6 +93,7 @@ module Bundler @locked_bundler_version = @locked_gems.bundler_version @locked_ruby_version = @locked_gems.ruby_version @originally_locked_specs = SpecSet.new(@locked_gems.specs) + @locked_checksums = @locked_gems.checksums if unlock != true @locked_deps = @locked_gems.dependencies @@ -112,6 +114,7 @@ module Bundler @originally_locked_specs = @locked_specs @locked_sources = [] @locked_platforms = [] + @locked_checksums = nil end locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } @@ -767,7 +770,7 @@ module Bundler sources.all_sources.each do |source| # has to be done separately, because we want to keep the locked checksum # store for a source, even when doing a full update - if @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } + if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } source.checksum_store.merge!(locked_source.checksum_store) end # If the source is unlockable and the current command allows an unlock of diff --git a/lib/bundler/endpoint_specification.rb b/lib/bundler/endpoint_specification.rb index b639918f70..87cb352efa 100644 --- a/lib/bundler/endpoint_specification.rb +++ b/lib/bundler/endpoint_specification.rb @@ -125,7 +125,6 @@ module Bundler next unless v case k.to_s when "checksum" - next if Bundler.settings[:disable_checksum_validation] begin @checksum = Checksum.from_api(v.last, @spec_fetcher.uri) rescue ArgumentError => e diff --git a/lib/bundler/lockfile_generator.rb b/lib/bundler/lockfile_generator.rb index 4d2a968d7e..a646d00ee1 100644 --- a/lib/bundler/lockfile_generator.rb +++ b/lib/bundler/lockfile_generator.rb @@ -67,6 +67,7 @@ module Bundler end def add_checksums + return unless definition.locked_checksums checksums = definition.resolve.map do |spec| spec.source.checksum_store.to_lock(spec) end diff --git a/lib/bundler/lockfile_parser.rb b/lib/bundler/lockfile_parser.rb index 942f051052..1e11621e55 100644 --- a/lib/bundler/lockfile_parser.rb +++ b/lib/bundler/lockfile_parser.rb @@ -24,7 +24,15 @@ module Bundler end end - attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version, :checksums + attr_reader( + :sources, + :dependencies, + :specs, + :platforms, + :bundler_version, + :ruby_version, + :checksums, + ) BUNDLED = "BUNDLED WITH" DEPENDENCIES = "DEPENDENCIES" @@ -111,6 +119,9 @@ module Bundler elsif line == DEPENDENCIES @parse_method = :parse_dependency elsif line == CHECKSUMS + # This is a temporary solution to make this feature disabled by default + # for all gemfiles that don't already explicitly include the feature. + @checksums = true @parse_method = :parse_checksum elsif line == PLATFORMS @parse_method = :parse_platform @@ -228,8 +239,6 @@ module Bundler version = Gem::Version.new(version) platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY full_name = Gem::NameTuple.new(name, version, platform).full_name - # Don't raise exception if there's a checksum for a gem that's not in the lockfile, - # we prefer to heal invalid lockfiles return unless spec = @specs[full_name] checksums.split(",") do |lock_checksum| diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb index d04ef62e8e..23fb3c0416 100644 --- a/lib/bundler/rubygems_gem_installer.rb +++ b/lib/bundler/rubygems_gem_installer.rb @@ -103,15 +103,7 @@ module Bundler end def gem_checksum - return nil if Bundler.settings[:disable_checksum_validation] - return nil unless source = @package.instance_variable_get(:@gem) - return nil unless source.respond_to?(:with_read_io) - - source.with_read_io do |io| - Checksum.from_gem(io, source.path) - ensure - io.rewind - end + Checksum.from_gem_package(@package) end private |