summaryrefslogtreecommitdiff
path: root/spec/bundler/install
diff options
context:
space:
mode:
Diffstat (limited to 'spec/bundler/install')
-rw-r--r--spec/bundler/install/gemfile/gemspec_spec.rb89
-rw-r--r--spec/bundler/install/gemfile/install_if_spec.rb15
-rw-r--r--spec/bundler/install/gemfile/path_spec.rb73
-rw-r--r--spec/bundler/install/gemfile/platform_spec.rb58
-rw-r--r--spec/bundler/install/gemfile/sources_spec.rb192
-rw-r--r--spec/bundler/install/gemfile/specific_platform_spec.rb164
-rw-r--r--spec/bundler/install/gems/compact_index_spec.rb26
-rw-r--r--spec/bundler/install/gems/flex_spec.rb20
-rw-r--r--spec/bundler/install/gems/resolving_spec.rb33
-rw-r--r--spec/bundler/install/yanked_spec.rb4
10 files changed, 329 insertions, 345 deletions
diff --git a/spec/bundler/install/gemfile/gemspec_spec.rb b/spec/bundler/install/gemfile/gemspec_spec.rb
index ae53130bf3..c79e275d2b 100644
--- a/spec/bundler/install/gemfile/gemspec_spec.rb
+++ b/spec/bundler/install/gemfile/gemspec_spec.rb
@@ -28,14 +28,14 @@ RSpec.describe "bundle install from an existing gemspec" do
x64_mingw_archs.join("\n ")
end
- let(:x64_mingw_checksums) do
- x64_mingw_archs.map do |arch|
+ def x64_mingw_checksums(checksums)
+ x64_mingw_archs.each do |arch|
if arch == "x64-mingw-ucrt"
- gem_no_checksum "platform_specific", "1.0", arch
+ checksums.no_checksum "platform_specific", "1.0", arch
else
- checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", arch
+ checksums.checksum gem_repo2, "platform_specific", "1.0", arch
end
- end.join("\n ")
+ end
end
it "should install runtime and development dependencies" do
@@ -368,6 +368,10 @@ RSpec.describe "bundle install from an existing gemspec" do
gemspec :path => "../foo"
G
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ end
+
lockfile <<-L
PATH
remote: ../foo
@@ -385,7 +389,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
foo!
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -459,6 +463,13 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0", "java"
+ x64_mingw_checksums(c)
+ end
+
expect(lockfile).to eq <<~L
PATH
remote: .
@@ -480,13 +491,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- foo (1.0)
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
- #{x64_mingw_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -499,6 +504,13 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0", "java"
+ x64_mingw_checksums(c)
+ end
+
expect(lockfile).to eq <<~L
PATH
remote: .
@@ -520,13 +532,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
foo!
platform_specific
-
- CHECKSUMS
- foo (1.0)
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
- #{x64_mingw_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -540,6 +546,14 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "indirect_platform_specific 1.0", "platform_specific 1.0 RUBY"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo2, "indirect_platform_specific", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0"
+ c.checksum gem_repo2, "platform_specific", "1.0", "java"
+ x64_mingw_checksums(c)
+ end
+
expect(lockfile).to eq <<~L
PATH
remote: .
@@ -563,14 +577,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
foo!
indirect_platform_specific
-
- CHECKSUMS
- foo (1.0)
- #{checksum_for_repo_gem gem_repo2, "indirect_platform_specific", "1.0"}
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
- #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
- #{x64_mingw_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -634,6 +641,12 @@ RSpec.describe "bundle install from an existing gemspec" do
gemspec :path => "../chef"
G
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "chef", "17.1.17"
+ c.no_checksum "chef", "17.1.17", "universal-mingw32"
+ c.checksum gem_repo4, "win32-api", "1.5.3", "universal-mingw32"
+ end
+
initial_lockfile = <<~L
PATH
remote: ../chef
@@ -654,12 +667,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
chef!
-
- CHECKSUMS
- chef (17.1.17)
- chef (17.1.17-universal-mingw32)
- #{checksum_for_repo_gem gem_repo4, "win32-api", "1.5.3", "universal-mingw32"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -697,6 +705,12 @@ RSpec.describe "bundle install from an existing gemspec" do
end
it "does not remove the platform specific specs from the lockfile when re-resolving due to gemspec changes" do
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "activeadmin", "2.9.0"
+ c.no_checksum "jruby-openssl", "0.10.7", "java"
+ c.checksum gem_repo4, "railties", "6.1.4"
+ end
+
expect(lockfile).to eq <<~L
PATH
remote: ../activeadmin
@@ -716,12 +730,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES
activeadmin!
jruby-openssl
-
- CHECKSUMS
- activeadmin (2.9.0)
- jruby-openssl (0.10.7-java)
- #{checksum_for_repo_gem gem_repo4, "railties", "6.1.4"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gemfile/install_if_spec.rb b/spec/bundler/install/gemfile/install_if_spec.rb
index c8ddb685ff..c7640d07e1 100644
--- a/spec/bundler/install/gemfile/install_if_spec.rb
+++ b/spec/bundler/install/gemfile/install_if_spec.rb
@@ -18,6 +18,13 @@ RSpec.describe "bundle install with install_if conditionals" do
expect(the_bundle).not_to include_gems("thin")
expect(the_bundle).not_to include_gems("foo")
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo1, "activesupport", "2.3.5"
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo1, "rack", "1.0.0"
+ c.no_checksum "thin", "1.0"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: #{file_uri_for(gem_repo1)}/
@@ -36,13 +43,7 @@ RSpec.describe "bundle install with install_if conditionals" do
foo
rack
thin
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo1, "activesupport", "2.3.5"}
- #{gem_no_checksum "foo", "1.0"}
- #{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
- #{gem_no_checksum "thin", "1.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gemfile/path_spec.rb b/spec/bundler/install/gemfile/path_spec.rb
index 3af8412eab..d6e008a7c4 100644
--- a/spec/bundler/install/gemfile/path_spec.rb
+++ b/spec/bundler/install/gemfile/path_spec.rb
@@ -98,6 +98,11 @@ RSpec.describe "bundle install with explicit source paths" do
gem "aaa", :path => "./aaa"
G
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "aaa", "1.0"
+ c.no_checksum "demo", "1.0"
+ end
+
lockfile = <<~L
PATH
remote: .
@@ -119,11 +124,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
aaa!
demo!
-
- CHECKSUMS
- #{gem_no_checksum("aaa", "1.0")}
- #{gem_no_checksum("demo", "1.0")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -345,6 +346,11 @@ RSpec.describe "bundle install with explicit source paths" do
lockfile_path = lib_path("foo/Gemfile.lock")
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "0.1.0"
+ c.checksum gem_repo4, "graphql", "2.0.15"
+ end
+
original_lockfile = <<~L
PATH
remote: .
@@ -362,11 +368,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "0.1.0")}
- #{checksum_for_repo_gem(gem_repo4, "graphql", "2.0.15")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -673,6 +675,11 @@ RSpec.describe "bundle install with explicit source paths" do
expect(the_bundle).to include_gems "rack 0.9.1"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo1, "rack", "0.9.1"
+ end
+
expect(lockfile).to eq <<~G
PATH
remote: #{lib_path("foo")}
@@ -690,11 +697,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "1.0")}
- #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
@@ -722,11 +725,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "1.0")}
- #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
@@ -743,6 +742,11 @@ RSpec.describe "bundle install with explicit source paths" do
expect(the_bundle).to include_gems "rack 0.9.1"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ c.checksum gem_repo1, "rack", "0.9.1"
+ end
+
expect(lockfile).to eq <<~G
PATH
remote: #{lib_path("foo")}
@@ -760,11 +764,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "1.0")}
- #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
@@ -776,6 +776,8 @@ RSpec.describe "bundle install with explicit source paths" do
bundle "install"
+ checksums.checksum gem_repo1, "rake", "13.0.1"
+
expect(lockfile).to eq <<~G
PATH
remote: #{lib_path("foo")}
@@ -795,12 +797,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "1.0")}
- #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
- #{checksum_for_repo_gem(gem_repo1, "rake", "13.0.1")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
@@ -813,6 +810,10 @@ RSpec.describe "bundle install with explicit source paths" do
s.add_dependency "rack", "0.9.1"
end
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "foo", "1.0"
+ end
+
lockfile <<~L
PATH
remote: #{lib_path("foo")}
@@ -824,13 +825,15 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
bundle "lock"
+ checksums.no_checksum "rack", "0.9.1"
+
expect(lockfile).to eq <<~G
PATH
remote: #{lib_path("foo")}
@@ -848,11 +851,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES
foo!
-
- CHECKSUMS
- #{gem_no_checksum("foo", "1.0")}
- #{gem_no_checksum("rack", "0.9.1")}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
diff --git a/spec/bundler/install/gemfile/platform_spec.rb b/spec/bundler/install/gemfile/platform_spec.rb
index 918a49e1e1..d4bbecfe04 100644
--- a/spec/bundler/install/gemfile/platform_spec.rb
+++ b/spec/bundler/install/gemfile/platform_spec.rb
@@ -203,6 +203,15 @@ RSpec.describe "bundle install across platforms" do
gem "pry"
G
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "coderay", "1.1.2"
+ c.checksum gem_repo4, "empyrean", "0.1.0"
+ c.checksum gem_repo4, "ffi", "1.9.23", "java"
+ c.checksum gem_repo4, "method_source", "0.9.0"
+ c.checksum gem_repo4, "pry", "0.11.3", "java"
+ c.checksum gem_repo4, "spoon", "0.0.6"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -224,15 +233,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES
empyrean (= 0.1.0)
pry
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
- #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
- #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
- #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
- #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
- #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -264,16 +265,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES
empyrean (= 0.1.0)
pry
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
- #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
- #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
- #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
- pry (0.11.3)
- #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
- #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -306,15 +298,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES
empyrean (= 0.1.0)
pry
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
- #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
- #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
- #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
- #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
- #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
-
+ #{checksums}
BUNDLED WITH
1.16.1
L
@@ -388,6 +372,11 @@ RSpec.describe "bundle install across platforms" do
end
it "keeps existing platforms when installing with force_ruby_platform" do
+ checksums = checksums_section do |c|
+ c.no_checksum "platform_specific", "1.0"
+ c.no_checksum "platform_specific", "1.0", "java"
+ end
+
lockfile <<-G
GEM
remote: #{file_uri_for(gem_repo1)}/
@@ -399,6 +388,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES
platform_specific
+ #{checksums}
G
bundle "config set --local force_ruby_platform true"
@@ -408,6 +398,8 @@ RSpec.describe "bundle install across platforms" do
gem "platform_specific"
G
+ checksums.checksum gem_repo1, "platform_specific", "1.0"
+
expect(the_bundle).to include_gem "platform_specific 1.0 RUBY"
expect(lockfile).to eq <<~G
@@ -423,11 +415,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES
platform_specific
-
- CHECKSUMS
- #{checksum_for_repo_gem(gem_repo1, "platform_specific", "1.0")}
- #{gem_no_checksum "platform_specific", "1.0", "java"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
G
@@ -596,9 +584,7 @@ RSpec.describe "bundle install with platform conditionals" do
DEPENDENCIES
rack
-
- CHECKSUMS
-
+ #{checksums_section_when_existing}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gemfile/sources_spec.rb b/spec/bundler/install/gemfile/sources_spec.rb
index bc6929ef73..7572fad90b 100644
--- a/spec/bundler/install/gemfile/sources_spec.rb
+++ b/spec/bundler/install/gemfile/sources_spec.rb
@@ -28,15 +28,32 @@ RSpec.describe "bundle install with gems on multiple sources" do
end
it "refuses to install mismatched checksum because one gem has been tampered with", :bundler => "< 3" do
+ lockfile <<~L
+ GEM
+ remote: https://gem.repo3/
+ remote: https://gem.repo1/
+ specs:
+ rack (1.0.0)
+
+ PLATFORMS
+ #{local_platform}
+
+ DEPENDENCIES
+ depends_on_rack!
+
+ BUNDLED WITH
+ #{Bundler::VERSION}
+ L
+
bundle :install, :artifice => "compact_index", :raise_on_error => false
expect(exitstatus).to eq(37)
expect(err).to eq <<~E.strip
[DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source.
Bundler found mismatched checksums. This is a potential security risk.
- #{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")}
+ #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the API at https://gem.repo1/
- #{checksum_for_repo_gem(gem_repo3, "rack", "1.0.0")}
+ #{checksum_to_lock(gem_repo3, "rack", "1.0.0")}
from the API at https://gem.repo3/
Mismatched checksums each have an authoritative source:
@@ -129,7 +146,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
end
it "works in standalone mode", :bundler => "< 3" do
- gem_checksum = checksum_for_repo_gem(gem_repo4, "foo", "1.0").split(Bundler::Checksum::ALGO_SEPARATOR).last
+ gem_checksum = checksum_digest(gem_repo4, "foo", "1.0")
bundle "install --standalone", :artifice => "compact_index", :env => { "BUNDLER_SPEC_FOO_CHECKSUM" => gem_checksum }
end
end
@@ -314,9 +331,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(err).to eq(<<~E.strip)
[DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source.
Bundler found mismatched checksums. This is a potential security risk.
- #{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
+ #{checksum_to_lock(gem_repo2, "rack", "1.0.0")}
from the API at https://gem.repo2/
- #{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")}
+ #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the API at https://gem.repo1/
Mismatched checksums each have an authoritative source:
@@ -340,7 +357,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
rack (1.0.0) sha256=#{rack_checksum}
from the API at https://gem.repo2/
and the API at https://gem.repo1/
- #{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
+ #{checksum_to_lock(gem_repo2, "rack", "1.0.0")}
from the gem at #{default_bundle_path("cache", "rack-1.0.0.gem")}
If you trust the API at https://gem.repo2/, to resolve this issue you can:
@@ -354,15 +371,15 @@ RSpec.describe "bundle install with gems on multiple sources" do
end
it "installs from the other source and warns about ambiguous gems when the sources have the same checksum", :bundler => "< 3" do
- gem_checksum = checksum_for_repo_gem(gem_repo2, "rack", "1.0.0").split(Bundler::Checksum::ALGO_SEPARATOR).last
+ gem_checksum = checksum_digest(gem_repo2, "rack", "1.0.0")
bundle :install, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => gem_checksum, "DEBUG" => "1" }
expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
expect(err).to include("Installed from: https://gem.repo2")
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo3, "depends_on_rack", "1.0.1"
- c.repo_gem gem_repo2, "rack", "1.0.0"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo3, "depends_on_rack", "1.0.1"
+ c.checksum gem_repo2, "rack", "1.0.0"
end
expect(lockfile).to eq <<~L
@@ -383,10 +400,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
depends_on_rack!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -403,7 +417,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
expect(err).to include("Installed from: https://gem.repo2")
- expected_checksums = checksum_section do |c|
+ checksums = checksums_section_when_existing do |c|
c.no_checksum "depends_on_rack", "1.0.1"
c.no_checksum "rack", "1.0.0"
end
@@ -426,10 +440,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
depends_on_rack!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -772,6 +783,21 @@ RSpec.describe "bundle install with gems on multiple sources" do
end
G
+ @locked_checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo2, "activesupport", "6.0.3.4"
+ c.checksum gem_repo2, "concurrent-ruby", "1.1.8"
+ c.checksum gem_repo2, "connection_pool", "2.2.3"
+ c.checksum gem_repo2, "i18n", "1.8.9"
+ c.checksum gem_repo2, "minitest", "5.14.3"
+ c.checksum gem_repo2, "rack", "2.2.3"
+ c.checksum gem_repo2, "redis", "4.2.5"
+ c.checksum gem_repo2, "sidekiq", "6.1.3"
+ c.checksum gem_repo3, "sidekiq-pro", "5.2.1"
+ c.checksum gem_repo2, "thread_safe", "0.3.6"
+ c.checksum gem_repo2, "tzinfo", "1.2.9"
+ c.checksum gem_repo2, "zeitwerk", "2.4.2"
+ end
+
lockfile <<~L
GEM
remote: https://gem.repo2/
@@ -808,7 +834,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
activesupport
sidekiq-pro!
-
+ #{@locked_checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -825,21 +851,6 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).to include_gems("concurrent-ruby 1.1.8")
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9")
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo2, "activesupport", "6.0.3.4"
- c.repo_gem gem_repo2, "concurrent-ruby", "1.1.8"
- c.repo_gem gem_repo2, "connection_pool", "2.2.3"
- c.repo_gem gem_repo2, "i18n", "1.8.9"
- c.repo_gem gem_repo2, "minitest", "5.14.3"
- c.repo_gem gem_repo2, "rack", "2.2.3"
- c.repo_gem gem_repo2, "redis", "4.2.5"
- c.repo_gem gem_repo2, "sidekiq", "6.1.3"
- c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
- c.repo_gem gem_repo2, "thread_safe", "0.3.6"
- c.repo_gem gem_repo2, "tzinfo", "1.2.9"
- c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
- end
-
expect(lockfile).to eq <<~L
GEM
remote: https://gem.repo2/
@@ -879,10 +890,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
activesupport
sidekiq-pro!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{@locked_checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -923,24 +931,16 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).not_to include_gems("activesupport 6.0.3.4")
expect(the_bundle).to include_gems("activesupport 6.1.2.1")
+ @locked_checksums.checksum gem_repo2, "activesupport", "6.1.2.1"
+
expect(the_bundle).not_to include_gems("tzinfo 1.2.9")
expect(the_bundle).to include_gems("tzinfo 2.0.4")
+ @locked_checksums.checksum gem_repo2, "tzinfo", "2.0.4"
+ @locked_checksums.delete "thread_safe"
+
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8")
expect(the_bundle).to include_gems("concurrent-ruby 1.1.9")
-
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo2, "activesupport", "6.1.2.1"
- c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9"
- c.repo_gem gem_repo2, "connection_pool", "2.2.3"
- c.repo_gem gem_repo2, "i18n", "1.8.9"
- c.repo_gem gem_repo2, "minitest", "5.14.3"
- c.repo_gem gem_repo2, "rack", "2.2.3"
- c.repo_gem gem_repo2, "redis", "4.2.5"
- c.repo_gem gem_repo2, "sidekiq", "6.1.3"
- c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
- c.repo_gem gem_repo2, "tzinfo", "2.0.4"
- c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
- end
+ @locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9"
expect(lockfile).to eq <<~L
GEM
@@ -980,10 +980,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
activesupport
sidekiq-pro!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{@locked_checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1000,20 +997,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).to include_gems("concurrent-ruby 1.1.9")
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8")
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo2, "activesupport", "6.0.3.4"
- c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9"
- c.repo_gem gem_repo2, "connection_pool", "2.2.3"
- c.repo_gem gem_repo2, "i18n", "1.8.9"
- c.repo_gem gem_repo2, "minitest", "5.14.3"
- c.repo_gem gem_repo2, "rack", "2.2.3"
- c.repo_gem gem_repo2, "redis", "4.2.5"
- c.repo_gem gem_repo2, "sidekiq", "6.1.3"
- c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
- c.repo_gem gem_repo2, "thread_safe", "0.3.6"
- c.repo_gem gem_repo2, "tzinfo", "1.2.9"
- c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
- end
+ @locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9"
expect(lockfile).to eq <<~L
GEM
@@ -1054,10 +1038,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
activesupport
sidekiq-pro!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{@locked_checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1125,10 +1106,10 @@ RSpec.describe "bundle install with gems on multiple sources" do
end
it "installs from the default source without any warnings or errors and generates a proper lockfile" do
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo3, "handsoap", "0.2.5.5"
- c.repo_gem gem_repo2, "nokogiri", "1.11.1"
- c.repo_gem gem_repo2, "racca", "1.5.2"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo3, "handsoap", "0.2.5.5"
+ c.checksum gem_repo2, "nokogiri", "1.11.1"
+ c.checksum gem_repo2, "racca", "1.5.2"
end
expected_lockfile = <<~L
@@ -1151,10 +1132,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
handsoap!
nokogiri
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1243,7 +1221,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
rack!
-
+ #{checksums_section}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1302,8 +1280,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
bundle "install", :artifice => "compact_index", :raise_on_error => false
- api_checksum1 = checksum_for_repo_gem(gem_repo1, "rack", "0.9.1").split("sha256=").last
- api_checksum3 = checksum_for_repo_gem(gem_repo3, "rack", "0.9.1").split("sha256=").last
+ api_checksum1 = checksum_digest(gem_repo1, "rack", "0.9.1")
+ api_checksum3 = checksum_digest(gem_repo3, "rack", "0.9.1")
expect(exitstatus).to eq(37)
expect(err).to eq(<<~E.strip)
@@ -1712,9 +1690,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "upgrades the lockfile correctly" do
bundle "lock --update", :artifice => "compact_index"
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo2, "capybara", "2.5.0"
- c.repo_gem gem_repo4, "mime-types", "3.0.0"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo2, "capybara", "2.5.0"
+ c.checksum gem_repo4, "mime-types", "3.0.0"
end
expect(lockfile).to eq <<~L
@@ -1735,10 +1713,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
capybara (~> 2.5.0)
mime-types (~> 3.0)!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1774,6 +1749,11 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do
bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "pdf-writer", "1.1.8"
+ c.checksum gem_repo2, "ruport", "1.7.0.3"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: https://localgemserver.test/
@@ -1791,11 +1771,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
ruport (= 1.7.0.3)!
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "pdf-writer", "1.1.8"}
- #{checksum_for_repo_gem gem_repo2, "ruport", "1.7.0.3"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1831,9 +1807,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do
bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "pdf-writer", "1.1.8"
- c.repo_gem gem_repo2, "ruport", "1.7.0.3"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "pdf-writer", "1.1.8"
+ c.checksum gem_repo2, "ruport", "1.7.0.3"
end
expect(lockfile).to eq <<~L
@@ -1853,10 +1829,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
ruport (= 1.7.0.3)!
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1886,8 +1859,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do
bundle "install --verbose", :artifice => "endpoint", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "pdf-writer", "1.1.8"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "pdf-writer", "1.1.8"
end
expect(lockfile).to eq <<~L
@@ -1901,10 +1874,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES
pdf-writer (= 1.1.8)
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gemfile/specific_platform_spec.rb b/spec/bundler/install/gemfile/specific_platform_spec.rb
index 7089a94a66..131426b443 100644
--- a/spec/bundler/install/gemfile/specific_platform_spec.rb
+++ b/spec/bundler/install/gemfile/specific_platform_spec.rb
@@ -66,6 +66,10 @@ RSpec.describe "bundle install with specific platforms" do
gemfile google_protobuf
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.4.0"
+ end
+
# simulate lockfile created with old bundler, which only locks for ruby platform
lockfile <<-L
GEM
@@ -78,16 +82,15 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
google-protobuf
-
- CHECKSUMS
- google-protobuf (3.0.0.alpha.4.0)
-
+ #{checksums}
BUNDLED WITH
2.1.4
L
bundle "update", :env => { "BUNDLER_VERSION" => Bundler::VERSION }
+ checksums.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.5.0.5.1"
+
# make sure the platform that the platform specific dependency is used, since we're only locked to ruby
expect(the_bundle).to include_gem("google-protobuf 3.0.0.alpha.5.0.5.1 universal-darwin")
@@ -103,10 +106,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
google-protobuf
-
- CHECKSUMS
- google-protobuf (3.0.0.alpha.5.0.5.1)
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -528,11 +528,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update"
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "sorbet", "0.5.10160"
- c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160"
- c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
- c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "sorbet", "0.5.10160"
+ c.checksum gem_repo4, "sorbet-runtime", "0.5.10160"
+ c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
+ c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
end
expect(lockfile).to eq <<~L
@@ -552,10 +552,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
sorbet-static-and-runtime
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -587,6 +584,11 @@ RSpec.describe "bundle install with specific platforms" do
G
end
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "nokogiri", "1.13.0", "x86_64-darwin"
+ c.no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin"
+ end
+
lockfile <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -602,7 +604,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
sorbet-static
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -624,11 +626,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
sorbet-static
-
- CHECKSUMS
- #{gem_no_checksum "nokogiri", "1.13.0", "x86_64-darwin"}
- #{gem_no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -682,11 +680,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update"
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "sorbet", "0.5.10160"
- c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160"
- c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
- c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "sorbet", "0.5.10160"
+ c.checksum gem_repo4, "sorbet-runtime", "0.5.10160"
+ c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
+ c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
end
expect(lockfile).to eq <<~L
@@ -706,10 +704,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
sorbet-static-and-runtime
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -760,9 +755,9 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update"
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "nokogiri", "1.14.0", "x86_64-linux"
- c.repo_gem gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux"
+ c.checksum gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux"
end
expect(lockfile).to eq <<~L
@@ -778,10 +773,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
sorbet-static
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -807,6 +799,11 @@ RSpec.describe "bundle install with specific platforms" do
gem "sorbet-static", "= 0.5.10549"
G
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"
+ c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21"
+ end
+
# Make sure the lockfile is missing sorbet-static-0.5.10549-universal-darwin-21
lockfile <<~L
GEM
@@ -819,17 +816,15 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
sorbet-static (= 0.5.10549)
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"}
- #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
bundle "install"
+ checksums.no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21"
+
expect(lockfile).to eq <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -842,11 +837,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
sorbet-static (= 0.5.10549)
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"}
- #{gem_no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -893,6 +884,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock --update"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "nokogiri", "1.13.8"
+ c.no_checksum "nokogiri", "1.13.8", Gem::Platform.local
+ end
+
updated_lockfile = <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -906,11 +902,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
tzinfo (~> 1.2)
-
- CHECKSUMS
- #{gem_no_checksum "nokogiri", "1.13.8"}
- #{gem_no_checksum "nokogiri", "1.13.8", Gem::Platform.local}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -931,6 +923,11 @@ RSpec.describe "bundle install with specific platforms" do
gem "rack"
G
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "concurrent-ruby", "1.2.2"
+ c.no_checksum "rack", "3.0.7"
+ end
+
lockfile <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -942,7 +939,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
concurrent-ruby
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -962,11 +959,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
concurrent-ruby
rack
-
- CHECKSUMS
- #{gem_no_checksum "concurrent-ruby", "1.2.2"}
- #{gem_no_checksum "rack", "3.0.7"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1029,6 +1022,10 @@ RSpec.describe "bundle install with specific platforms" do
gem "nokogiri", "1.14.0"
G
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux"
+ end
+
lockfile <<~L
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -1040,13 +1037,17 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri (= 1.14.0)
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
bundle :install
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "nokogiri", "1.14.0"
+ end
+
expect(lockfile).to eq(<<~L)
GEM
remote: #{file_uri_for(gem_repo4)}/
@@ -1058,10 +1059,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri (= 1.14.0)
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo4, "nokogiri", "1.14.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1101,6 +1099,12 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock"
+ checksums = checksums_section_when_existing do |c|
+ c.no_checksum "nokogiri", "1.14.0"
+ c.no_checksum "nokogiri", "1.14.0", "arm-linux"
+ c.no_checksum "nokogiri", "1.14.0", "x86_64-linux"
+ end
+
# locks all compatible platforms, excluding Java and Windows
expect(lockfile).to eq(<<~L)
GEM
@@ -1117,12 +1121,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
-
- CHECKSUMS
- #{gem_no_checksum "nokogiri", "1.14.0"}
- #{gem_no_checksum "nokogiri", "1.14.0", "arm-linux"}
- #{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1138,6 +1137,10 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock"
+ checksums.delete "nokogiri", "arm-linux"
+ checksums.no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22"
+ checksums.no_checksum "sorbet-static", "0.5.10696", "x86_64-linux"
+
# locks only platforms compatible with all gems in the bundle
expect(lockfile).to eq(<<~L)
GEM
@@ -1155,13 +1158,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
sorbet-static
-
- CHECKSUMS
- #{gem_no_checksum "nokogiri", "1.14.0"}
- #{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"}
- #{gem_no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22"}
- #{gem_no_checksum "sorbet-static", "0.5.10696", "x86_64-linux"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -1191,10 +1188,10 @@ RSpec.describe "bundle install with specific platforms" do
gem "sass-embedded"
G
- expected_checksums = checksum_section do |c|
- c.repo_gem gem_repo4, "nokogiri", "1.15.5"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo4, "nokogiri", "1.15.5"
c.no_checksum "sass-embedded", "1.69.5"
- c.repo_gem gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu"
+ c.checksum gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu"
end
simulate_platform "x86_64-linux" do
@@ -1216,10 +1213,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES
nokogiri
sass-embedded
-
- CHECKSUMS
- #{expected_checksums}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gems/compact_index_spec.rb b/spec/bundler/install/gems/compact_index_spec.rb
index b383614410..ea21e66987 100644
--- a/spec/bundler/install/gems/compact_index_spec.rb
+++ b/spec/bundler/install/gems/compact_index_spec.rb
@@ -961,8 +961,25 @@ RSpec.describe "compact index api" do
end
describe "checksum validation" do
+ before do
+ lockfile <<-L
+ GEM
+ remote: #{source_uri}
+ specs:
+ rack (1.0.0)
+
+ PLATFORMS
+ ruby
+
+ DEPENDENCIES
+ #{checksums_section}
+ BUNDLED WITH
+ #{Bundler::VERSION}
+ L
+ end
+
it "handles checksums from the server in base64" do
- api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last
+ api_checksum = checksum_digest(gem_repo1, "rack", "1.0.0")
rack_checksum = [[api_checksum].pack("H*")].pack("m0")
install_gemfile <<-G, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => rack_checksum }
source "#{source_uri}"
@@ -979,8 +996,6 @@ RSpec.describe "compact index api" do
gem "rack"
G
- api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last
-
gem_path = if Bundler.feature_flag.global_gem_cache?
default_cache_path.dirname.join("cache", "gems", "localgemserver.test.80.dd34752a738ee965a2a4298dc16db6c5", "rack-1.0.0.gem")
else
@@ -992,7 +1007,7 @@ RSpec.describe "compact index api" do
Bundler found mismatched checksums. This is a potential security risk.
rack (1.0.0) sha256=2222222222222222222222222222222222222222222222222222222222222222
from the API at http://localgemserver.test/
- rack (1.0.0) sha256=#{api_checksum}
+ #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the gem at #{gem_path}
If you trust the API at http://localgemserver.test/, to resolve this issue you can:
@@ -1057,6 +1072,7 @@ Running `bundle update rails` should fix the problem.
G
gem_command "uninstall activemerchant"
bundle "update rails", :artifice => "compact_index"
- expect(lockfile.scan(/activemerchant \(/).size).to eq(2) # Once in the specs, and once in CHECKSUMS
+ count = lockfile.match?("CHECKSUMS") ? 2 : 1 # Once in the specs, and once in CHECKSUMS
+ expect(lockfile.scan(/activemerchant \(/).size).to eq(count)
end
end
diff --git a/spec/bundler/install/gems/flex_spec.rb b/spec/bundler/install/gems/flex_spec.rb
index 484ec1f839..01222cbbc4 100644
--- a/spec/bundler/install/gems/flex_spec.rb
+++ b/spec/bundler/install/gems/flex_spec.rb
@@ -268,6 +268,11 @@ RSpec.describe "bundle flex_install" do
it "should work when you install" do
bundle "install"
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo1, "rack", "0.9.1"
+ c.checksum gem_repo1, "rack-obama", "1.0"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: #{file_uri_for(gem_repo1)}/
@@ -282,11 +287,7 @@ RSpec.describe "bundle flex_install" do
DEPENDENCIES
rack (= 0.9.1)
rack-obama
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo1, "rack", "0.9.1"}
- #{checksum_for_repo_gem gem_repo1, "rack-obama", "1.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -312,6 +313,10 @@ RSpec.describe "bundle flex_install" do
gem "rack"
G
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo1, "rack", "1.0.0"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: #{file_uri_for(gem_repo1)}/
@@ -327,10 +332,7 @@ RSpec.describe "bundle flex_install" do
DEPENDENCIES
rack
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/gems/resolving_spec.rb b/spec/bundler/install/gems/resolving_spec.rb
index b9f928a0db..8c9ec61ed0 100644
--- a/spec/bundler/install/gems/resolving_spec.rb
+++ b/spec/bundler/install/gems/resolving_spec.rb
@@ -256,6 +256,10 @@ RSpec.describe "bundle install with install-time dependencies" do
gem 'parallel_tests'
G
+ checksums = checksums_section do |c|
+ c.checksum gem_repo2, "parallel_tests", "3.8.0"
+ end
+
lockfile <<~L
GEM
remote: http://localgemserver.test/
@@ -267,7 +271,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES
parallel_tests
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -276,6 +280,10 @@ RSpec.describe "bundle install with install-time dependencies" do
it "automatically updates lockfile to use the older version" do
bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo2, "parallel_tests", "3.7.0"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: http://localgemserver.test/
@@ -287,10 +295,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES
parallel_tests
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo2, "parallel_tests", "3.7.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -335,6 +340,11 @@ RSpec.describe "bundle install with install-time dependencies" do
gem 'rubocop'
G
+ checksums = checksums_section do |c|
+ c.checksum gem_repo2, "rubocop", "1.35.0"
+ c.checksum gem_repo2, "rubocop-ast", "1.21.0"
+ end
+
lockfile <<~L
GEM
remote: http://localgemserver.test/
@@ -348,7 +358,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES
parallel_tests
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
@@ -357,6 +367,11 @@ RSpec.describe "bundle install with install-time dependencies" do
it "automatically updates lockfile to use the older compatible versions" do
bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }
+ checksums = checksums_section_when_existing do |c|
+ c.checksum gem_repo2, "rubocop", "1.28.2"
+ c.checksum gem_repo2, "rubocop-ast", "1.17.0"
+ end
+
expect(lockfile).to eq <<~L
GEM
remote: http://localgemserver.test/
@@ -370,11 +385,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES
rubocop
-
- CHECKSUMS
- #{checksum_for_repo_gem gem_repo2, "rubocop", "1.28.2"}
- #{checksum_for_repo_gem gem_repo2, "rubocop-ast", "1.17.0"}
-
+ #{checksums}
BUNDLED WITH
#{Bundler::VERSION}
L
diff --git a/spec/bundler/install/yanked_spec.rb b/spec/bundler/install/yanked_spec.rb
index 338a187472..dc054b50bb 100644
--- a/spec/bundler/install/yanked_spec.rb
+++ b/spec/bundler/install/yanked_spec.rb
@@ -160,10 +160,6 @@ RSpec.context "when resolving a bundle that includes yanked gems, but unlocking
bar
foo
- CHECKSUMS
- #{gem_no_checksum "bar", "2.0.0"}
- #{gem_no_checksum "foo", "9.0.0"}
-
BUNDLED WITH
#{Bundler::VERSION}
L
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 22:20:33 +0000