diff options
Diffstat (limited to 'spec/bundler/install')
-rw-r--r-- | spec/bundler/install/gemfile/gemspec_spec.rb | 89 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/install_if_spec.rb | 15 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/path_spec.rb | 73 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/platform_spec.rb | 58 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/sources_spec.rb | 192 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/specific_platform_spec.rb | 164 | ||||
-rw-r--r-- | spec/bundler/install/gems/compact_index_spec.rb | 26 | ||||
-rw-r--r-- | spec/bundler/install/gems/flex_spec.rb | 20 | ||||
-rw-r--r-- | spec/bundler/install/gems/resolving_spec.rb | 33 | ||||
-rw-r--r-- | spec/bundler/install/yanked_spec.rb | 4 |
10 files changed, 329 insertions, 345 deletions
diff --git a/spec/bundler/install/gemfile/gemspec_spec.rb b/spec/bundler/install/gemfile/gemspec_spec.rb index ae53130bf3..c79e275d2b 100644 --- a/spec/bundler/install/gemfile/gemspec_spec.rb +++ b/spec/bundler/install/gemfile/gemspec_spec.rb @@ -28,14 +28,14 @@ RSpec.describe "bundle install from an existing gemspec" do x64_mingw_archs.join("\n ") end - let(:x64_mingw_checksums) do - x64_mingw_archs.map do |arch| + def x64_mingw_checksums(checksums) + x64_mingw_archs.each do |arch| if arch == "x64-mingw-ucrt" - gem_no_checksum "platform_specific", "1.0", arch + checksums.no_checksum "platform_specific", "1.0", arch else - checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", arch + checksums.checksum gem_repo2, "platform_specific", "1.0", arch end - end.join("\n ") + end end it "should install runtime and development dependencies" do @@ -368,6 +368,10 @@ RSpec.describe "bundle install from an existing gemspec" do gemspec :path => "../foo" G + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + end + lockfile <<-L PATH remote: ../foo @@ -385,7 +389,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES foo! - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -459,6 +463,13 @@ RSpec.describe "bundle install from an existing gemspec" do it "keeps all platform dependencies in the lockfile" do expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY" + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0", "java" + x64_mingw_checksums(c) + end + expect(lockfile).to eq <<~L PATH remote: . @@ -480,13 +491,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES foo! - - CHECKSUMS - foo (1.0) - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"} - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"} - #{x64_mingw_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -499,6 +504,13 @@ RSpec.describe "bundle install from an existing gemspec" do it "keeps all platform dependencies in the lockfile" do expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY" + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0", "java" + x64_mingw_checksums(c) + end + expect(lockfile).to eq <<~L PATH remote: . @@ -520,13 +532,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES foo! platform_specific - - CHECKSUMS - foo (1.0) - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"} - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"} - #{x64_mingw_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -540,6 +546,14 @@ RSpec.describe "bundle install from an existing gemspec" do it "keeps all platform dependencies in the lockfile" do expect(the_bundle).to include_gems "foo 1.0", "indirect_platform_specific 1.0", "platform_specific 1.0 RUBY" + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + c.checksum gem_repo2, "indirect_platform_specific", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0" + c.checksum gem_repo2, "platform_specific", "1.0", "java" + x64_mingw_checksums(c) + end + expect(lockfile).to eq <<~L PATH remote: . @@ -563,14 +577,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES foo! indirect_platform_specific - - CHECKSUMS - foo (1.0) - #{checksum_for_repo_gem gem_repo2, "indirect_platform_specific", "1.0"} - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"} - #{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"} - #{x64_mingw_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -634,6 +641,12 @@ RSpec.describe "bundle install from an existing gemspec" do gemspec :path => "../chef" G + checksums = checksums_section_when_existing do |c| + c.no_checksum "chef", "17.1.17" + c.no_checksum "chef", "17.1.17", "universal-mingw32" + c.checksum gem_repo4, "win32-api", "1.5.3", "universal-mingw32" + end + initial_lockfile = <<~L PATH remote: ../chef @@ -654,12 +667,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES chef! - - CHECKSUMS - chef (17.1.17) - chef (17.1.17-universal-mingw32) - #{checksum_for_repo_gem gem_repo4, "win32-api", "1.5.3", "universal-mingw32"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -697,6 +705,12 @@ RSpec.describe "bundle install from an existing gemspec" do end it "does not remove the platform specific specs from the lockfile when re-resolving due to gemspec changes" do + checksums = checksums_section_when_existing do |c| + c.no_checksum "activeadmin", "2.9.0" + c.no_checksum "jruby-openssl", "0.10.7", "java" + c.checksum gem_repo4, "railties", "6.1.4" + end + expect(lockfile).to eq <<~L PATH remote: ../activeadmin @@ -716,12 +730,7 @@ RSpec.describe "bundle install from an existing gemspec" do DEPENDENCIES activeadmin! jruby-openssl - - CHECKSUMS - activeadmin (2.9.0) - jruby-openssl (0.10.7-java) - #{checksum_for_repo_gem gem_repo4, "railties", "6.1.4"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gemfile/install_if_spec.rb b/spec/bundler/install/gemfile/install_if_spec.rb index c8ddb685ff..c7640d07e1 100644 --- a/spec/bundler/install/gemfile/install_if_spec.rb +++ b/spec/bundler/install/gemfile/install_if_spec.rb @@ -18,6 +18,13 @@ RSpec.describe "bundle install with install_if conditionals" do expect(the_bundle).not_to include_gems("thin") expect(the_bundle).not_to include_gems("foo") + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo1, "activesupport", "2.3.5" + c.no_checksum "foo", "1.0" + c.checksum gem_repo1, "rack", "1.0.0" + c.no_checksum "thin", "1.0" + end + expect(lockfile).to eq <<~L GEM remote: #{file_uri_for(gem_repo1)}/ @@ -36,13 +43,7 @@ RSpec.describe "bundle install with install_if conditionals" do foo rack thin - - CHECKSUMS - #{checksum_for_repo_gem gem_repo1, "activesupport", "2.3.5"} - #{gem_no_checksum "foo", "1.0"} - #{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"} - #{gem_no_checksum "thin", "1.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gemfile/path_spec.rb b/spec/bundler/install/gemfile/path_spec.rb index 3af8412eab..d6e008a7c4 100644 --- a/spec/bundler/install/gemfile/path_spec.rb +++ b/spec/bundler/install/gemfile/path_spec.rb @@ -98,6 +98,11 @@ RSpec.describe "bundle install with explicit source paths" do gem "aaa", :path => "./aaa" G + checksums = checksums_section_when_existing do |c| + c.no_checksum "aaa", "1.0" + c.no_checksum "demo", "1.0" + end + lockfile = <<~L PATH remote: . @@ -119,11 +124,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES aaa! demo! - - CHECKSUMS - #{gem_no_checksum("aaa", "1.0")} - #{gem_no_checksum("demo", "1.0")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -345,6 +346,11 @@ RSpec.describe "bundle install with explicit source paths" do lockfile_path = lib_path("foo/Gemfile.lock") + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "0.1.0" + c.checksum gem_repo4, "graphql", "2.0.15" + end + original_lockfile = <<~L PATH remote: . @@ -362,11 +368,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "0.1.0")} - #{checksum_for_repo_gem(gem_repo4, "graphql", "2.0.15")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -673,6 +675,11 @@ RSpec.describe "bundle install with explicit source paths" do expect(the_bundle).to include_gems "rack 0.9.1" + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + c.checksum gem_repo1, "rack", "0.9.1" + end + expect(lockfile).to eq <<~G PATH remote: #{lib_path("foo")} @@ -690,11 +697,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "1.0")} - #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G @@ -722,11 +725,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "1.0")} - #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G @@ -743,6 +742,11 @@ RSpec.describe "bundle install with explicit source paths" do expect(the_bundle).to include_gems "rack 0.9.1" + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + c.checksum gem_repo1, "rack", "0.9.1" + end + expect(lockfile).to eq <<~G PATH remote: #{lib_path("foo")} @@ -760,11 +764,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "1.0")} - #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G @@ -776,6 +776,8 @@ RSpec.describe "bundle install with explicit source paths" do bundle "install" + checksums.checksum gem_repo1, "rake", "13.0.1" + expect(lockfile).to eq <<~G PATH remote: #{lib_path("foo")} @@ -795,12 +797,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "1.0")} - #{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")} - #{checksum_for_repo_gem(gem_repo1, "rake", "13.0.1")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G @@ -813,6 +810,10 @@ RSpec.describe "bundle install with explicit source paths" do s.add_dependency "rack", "0.9.1" end + checksums = checksums_section_when_existing do |c| + c.no_checksum "foo", "1.0" + end + lockfile <<~L PATH remote: #{lib_path("foo")} @@ -824,13 +825,15 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L bundle "lock" + checksums.no_checksum "rack", "0.9.1" + expect(lockfile).to eq <<~G PATH remote: #{lib_path("foo")} @@ -848,11 +851,7 @@ RSpec.describe "bundle install with explicit source paths" do DEPENDENCIES foo! - - CHECKSUMS - #{gem_no_checksum("foo", "1.0")} - #{gem_no_checksum("rack", "0.9.1")} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G diff --git a/spec/bundler/install/gemfile/platform_spec.rb b/spec/bundler/install/gemfile/platform_spec.rb index 918a49e1e1..d4bbecfe04 100644 --- a/spec/bundler/install/gemfile/platform_spec.rb +++ b/spec/bundler/install/gemfile/platform_spec.rb @@ -203,6 +203,15 @@ RSpec.describe "bundle install across platforms" do gem "pry" G + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "coderay", "1.1.2" + c.checksum gem_repo4, "empyrean", "0.1.0" + c.checksum gem_repo4, "ffi", "1.9.23", "java" + c.checksum gem_repo4, "method_source", "0.9.0" + c.checksum gem_repo4, "pry", "0.11.3", "java" + c.checksum gem_repo4, "spoon", "0.0.6" + end + expect(lockfile).to eq <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -224,15 +233,7 @@ RSpec.describe "bundle install across platforms" do DEPENDENCIES empyrean (= 0.1.0) pry - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"} - #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"} - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"} - #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"} - #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"} - #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -264,16 +265,7 @@ RSpec.describe "bundle install across platforms" do DEPENDENCIES empyrean (= 0.1.0) pry - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"} - #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"} - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"} - #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"} - pry (0.11.3) - #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"} - #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -306,15 +298,7 @@ RSpec.describe "bundle install across platforms" do DEPENDENCIES empyrean (= 0.1.0) pry - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"} - #{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"} - #{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"} - #{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"} - #{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"} - #{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"} - + #{checksums} BUNDLED WITH 1.16.1 L @@ -388,6 +372,11 @@ RSpec.describe "bundle install across platforms" do end it "keeps existing platforms when installing with force_ruby_platform" do + checksums = checksums_section do |c| + c.no_checksum "platform_specific", "1.0" + c.no_checksum "platform_specific", "1.0", "java" + end + lockfile <<-G GEM remote: #{file_uri_for(gem_repo1)}/ @@ -399,6 +388,7 @@ RSpec.describe "bundle install across platforms" do DEPENDENCIES platform_specific + #{checksums} G bundle "config set --local force_ruby_platform true" @@ -408,6 +398,8 @@ RSpec.describe "bundle install across platforms" do gem "platform_specific" G + checksums.checksum gem_repo1, "platform_specific", "1.0" + expect(the_bundle).to include_gem "platform_specific 1.0 RUBY" expect(lockfile).to eq <<~G @@ -423,11 +415,7 @@ RSpec.describe "bundle install across platforms" do DEPENDENCIES platform_specific - - CHECKSUMS - #{checksum_for_repo_gem(gem_repo1, "platform_specific", "1.0")} - #{gem_no_checksum "platform_specific", "1.0", "java"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} G @@ -596,9 +584,7 @@ RSpec.describe "bundle install with platform conditionals" do DEPENDENCIES rack - - CHECKSUMS - + #{checksums_section_when_existing} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gemfile/sources_spec.rb b/spec/bundler/install/gemfile/sources_spec.rb index bc6929ef73..7572fad90b 100644 --- a/spec/bundler/install/gemfile/sources_spec.rb +++ b/spec/bundler/install/gemfile/sources_spec.rb @@ -28,15 +28,32 @@ RSpec.describe "bundle install with gems on multiple sources" do end it "refuses to install mismatched checksum because one gem has been tampered with", :bundler => "< 3" do + lockfile <<~L + GEM + remote: https://gem.repo3/ + remote: https://gem.repo1/ + specs: + rack (1.0.0) + + PLATFORMS + #{local_platform} + + DEPENDENCIES + depends_on_rack! + + BUNDLED WITH + #{Bundler::VERSION} + L + bundle :install, :artifice => "compact_index", :raise_on_error => false expect(exitstatus).to eq(37) expect(err).to eq <<~E.strip [DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. Bundler found mismatched checksums. This is a potential security risk. - #{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")} + #{checksum_to_lock(gem_repo1, "rack", "1.0.0")} from the API at https://gem.repo1/ - #{checksum_for_repo_gem(gem_repo3, "rack", "1.0.0")} + #{checksum_to_lock(gem_repo3, "rack", "1.0.0")} from the API at https://gem.repo3/ Mismatched checksums each have an authoritative source: @@ -129,7 +146,7 @@ RSpec.describe "bundle install with gems on multiple sources" do end it "works in standalone mode", :bundler => "< 3" do - gem_checksum = checksum_for_repo_gem(gem_repo4, "foo", "1.0").split(Bundler::Checksum::ALGO_SEPARATOR).last + gem_checksum = checksum_digest(gem_repo4, "foo", "1.0") bundle "install --standalone", :artifice => "compact_index", :env => { "BUNDLER_SPEC_FOO_CHECKSUM" => gem_checksum } end end @@ -314,9 +331,9 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(err).to eq(<<~E.strip) [DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. Bundler found mismatched checksums. This is a potential security risk. - #{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")} + #{checksum_to_lock(gem_repo2, "rack", "1.0.0")} from the API at https://gem.repo2/ - #{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")} + #{checksum_to_lock(gem_repo1, "rack", "1.0.0")} from the API at https://gem.repo1/ Mismatched checksums each have an authoritative source: @@ -340,7 +357,7 @@ RSpec.describe "bundle install with gems on multiple sources" do rack (1.0.0) sha256=#{rack_checksum} from the API at https://gem.repo2/ and the API at https://gem.repo1/ - #{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")} + #{checksum_to_lock(gem_repo2, "rack", "1.0.0")} from the gem at #{default_bundle_path("cache", "rack-1.0.0.gem")} If you trust the API at https://gem.repo2/, to resolve this issue you can: @@ -354,15 +371,15 @@ RSpec.describe "bundle install with gems on multiple sources" do end it "installs from the other source and warns about ambiguous gems when the sources have the same checksum", :bundler => "< 3" do - gem_checksum = checksum_for_repo_gem(gem_repo2, "rack", "1.0.0").split(Bundler::Checksum::ALGO_SEPARATOR).last + gem_checksum = checksum_digest(gem_repo2, "rack", "1.0.0") bundle :install, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => gem_checksum, "DEBUG" => "1" } expect(err).to include("Warning: the gem 'rack' was found in multiple sources.") expect(err).to include("Installed from: https://gem.repo2") - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo3, "depends_on_rack", "1.0.1" - c.repo_gem gem_repo2, "rack", "1.0.0" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo3, "depends_on_rack", "1.0.1" + c.checksum gem_repo2, "rack", "1.0.0" end expect(lockfile).to eq <<~L @@ -383,10 +400,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES depends_on_rack! - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -403,7 +417,7 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(err).to include("Warning: the gem 'rack' was found in multiple sources.") expect(err).to include("Installed from: https://gem.repo2") - expected_checksums = checksum_section do |c| + checksums = checksums_section_when_existing do |c| c.no_checksum "depends_on_rack", "1.0.1" c.no_checksum "rack", "1.0.0" end @@ -426,10 +440,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES depends_on_rack! - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -772,6 +783,21 @@ RSpec.describe "bundle install with gems on multiple sources" do end G + @locked_checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "activesupport", "6.0.3.4" + c.checksum gem_repo2, "concurrent-ruby", "1.1.8" + c.checksum gem_repo2, "connection_pool", "2.2.3" + c.checksum gem_repo2, "i18n", "1.8.9" + c.checksum gem_repo2, "minitest", "5.14.3" + c.checksum gem_repo2, "rack", "2.2.3" + c.checksum gem_repo2, "redis", "4.2.5" + c.checksum gem_repo2, "sidekiq", "6.1.3" + c.checksum gem_repo3, "sidekiq-pro", "5.2.1" + c.checksum gem_repo2, "thread_safe", "0.3.6" + c.checksum gem_repo2, "tzinfo", "1.2.9" + c.checksum gem_repo2, "zeitwerk", "2.4.2" + end + lockfile <<~L GEM remote: https://gem.repo2/ @@ -808,7 +834,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES activesupport sidekiq-pro! - + #{@locked_checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -825,21 +851,6 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(the_bundle).to include_gems("concurrent-ruby 1.1.8") expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9") - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo2, "activesupport", "6.0.3.4" - c.repo_gem gem_repo2, "concurrent-ruby", "1.1.8" - c.repo_gem gem_repo2, "connection_pool", "2.2.3" - c.repo_gem gem_repo2, "i18n", "1.8.9" - c.repo_gem gem_repo2, "minitest", "5.14.3" - c.repo_gem gem_repo2, "rack", "2.2.3" - c.repo_gem gem_repo2, "redis", "4.2.5" - c.repo_gem gem_repo2, "sidekiq", "6.1.3" - c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1" - c.repo_gem gem_repo2, "thread_safe", "0.3.6" - c.repo_gem gem_repo2, "tzinfo", "1.2.9" - c.repo_gem gem_repo2, "zeitwerk", "2.4.2" - end - expect(lockfile).to eq <<~L GEM remote: https://gem.repo2/ @@ -879,10 +890,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES activesupport sidekiq-pro! - - CHECKSUMS - #{expected_checksums} - + #{@locked_checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -923,24 +931,16 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(the_bundle).not_to include_gems("activesupport 6.0.3.4") expect(the_bundle).to include_gems("activesupport 6.1.2.1") + @locked_checksums.checksum gem_repo2, "activesupport", "6.1.2.1" + expect(the_bundle).not_to include_gems("tzinfo 1.2.9") expect(the_bundle).to include_gems("tzinfo 2.0.4") + @locked_checksums.checksum gem_repo2, "tzinfo", "2.0.4" + @locked_checksums.delete "thread_safe" + expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8") expect(the_bundle).to include_gems("concurrent-ruby 1.1.9") - - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo2, "activesupport", "6.1.2.1" - c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9" - c.repo_gem gem_repo2, "connection_pool", "2.2.3" - c.repo_gem gem_repo2, "i18n", "1.8.9" - c.repo_gem gem_repo2, "minitest", "5.14.3" - c.repo_gem gem_repo2, "rack", "2.2.3" - c.repo_gem gem_repo2, "redis", "4.2.5" - c.repo_gem gem_repo2, "sidekiq", "6.1.3" - c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1" - c.repo_gem gem_repo2, "tzinfo", "2.0.4" - c.repo_gem gem_repo2, "zeitwerk", "2.4.2" - end + @locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9" expect(lockfile).to eq <<~L GEM @@ -980,10 +980,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES activesupport sidekiq-pro! - - CHECKSUMS - #{expected_checksums} - + #{@locked_checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1000,20 +997,7 @@ RSpec.describe "bundle install with gems on multiple sources" do expect(the_bundle).to include_gems("concurrent-ruby 1.1.9") expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8") - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo2, "activesupport", "6.0.3.4" - c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9" - c.repo_gem gem_repo2, "connection_pool", "2.2.3" - c.repo_gem gem_repo2, "i18n", "1.8.9" - c.repo_gem gem_repo2, "minitest", "5.14.3" - c.repo_gem gem_repo2, "rack", "2.2.3" - c.repo_gem gem_repo2, "redis", "4.2.5" - c.repo_gem gem_repo2, "sidekiq", "6.1.3" - c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1" - c.repo_gem gem_repo2, "thread_safe", "0.3.6" - c.repo_gem gem_repo2, "tzinfo", "1.2.9" - c.repo_gem gem_repo2, "zeitwerk", "2.4.2" - end + @locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9" expect(lockfile).to eq <<~L GEM @@ -1054,10 +1038,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES activesupport sidekiq-pro! - - CHECKSUMS - #{expected_checksums} - + #{@locked_checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1125,10 +1106,10 @@ RSpec.describe "bundle install with gems on multiple sources" do end it "installs from the default source without any warnings or errors and generates a proper lockfile" do - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo3, "handsoap", "0.2.5.5" - c.repo_gem gem_repo2, "nokogiri", "1.11.1" - c.repo_gem gem_repo2, "racca", "1.5.2" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo3, "handsoap", "0.2.5.5" + c.checksum gem_repo2, "nokogiri", "1.11.1" + c.checksum gem_repo2, "racca", "1.5.2" end expected_lockfile = <<~L @@ -1151,10 +1132,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES handsoap! nokogiri - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1243,7 +1221,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES rack! - + #{checksums_section} BUNDLED WITH #{Bundler::VERSION} L @@ -1302,8 +1280,8 @@ RSpec.describe "bundle install with gems on multiple sources" do bundle "install", :artifice => "compact_index", :raise_on_error => false - api_checksum1 = checksum_for_repo_gem(gem_repo1, "rack", "0.9.1").split("sha256=").last - api_checksum3 = checksum_for_repo_gem(gem_repo3, "rack", "0.9.1").split("sha256=").last + api_checksum1 = checksum_digest(gem_repo1, "rack", "0.9.1") + api_checksum3 = checksum_digest(gem_repo3, "rack", "0.9.1") expect(exitstatus).to eq(37) expect(err).to eq(<<~E.strip) @@ -1712,9 +1690,9 @@ RSpec.describe "bundle install with gems on multiple sources" do it "upgrades the lockfile correctly" do bundle "lock --update", :artifice => "compact_index" - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo2, "capybara", "2.5.0" - c.repo_gem gem_repo4, "mime-types", "3.0.0" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "capybara", "2.5.0" + c.checksum gem_repo4, "mime-types", "3.0.0" end expect(lockfile).to eq <<~L @@ -1735,10 +1713,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES capybara (~> 2.5.0) mime-types (~> 3.0)! - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1774,6 +1749,11 @@ RSpec.describe "bundle install with gems on multiple sources" do it "handles that fine" do bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "pdf-writer", "1.1.8" + c.checksum gem_repo2, "ruport", "1.7.0.3" + end + expect(lockfile).to eq <<~L GEM remote: https://localgemserver.test/ @@ -1791,11 +1771,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES ruport (= 1.7.0.3)! - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "pdf-writer", "1.1.8"} - #{checksum_for_repo_gem gem_repo2, "ruport", "1.7.0.3"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1831,9 +1807,9 @@ RSpec.describe "bundle install with gems on multiple sources" do it "handles that fine" do bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "pdf-writer", "1.1.8" - c.repo_gem gem_repo2, "ruport", "1.7.0.3" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "pdf-writer", "1.1.8" + c.checksum gem_repo2, "ruport", "1.7.0.3" end expect(lockfile).to eq <<~L @@ -1853,10 +1829,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES ruport (= 1.7.0.3)! - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1886,8 +1859,8 @@ RSpec.describe "bundle install with gems on multiple sources" do it "handles that fine" do bundle "install --verbose", :artifice => "endpoint", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "pdf-writer", "1.1.8" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "pdf-writer", "1.1.8" end expect(lockfile).to eq <<~L @@ -1901,10 +1874,7 @@ RSpec.describe "bundle install with gems on multiple sources" do DEPENDENCIES pdf-writer (= 1.1.8) - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gemfile/specific_platform_spec.rb b/spec/bundler/install/gemfile/specific_platform_spec.rb index 7089a94a66..131426b443 100644 --- a/spec/bundler/install/gemfile/specific_platform_spec.rb +++ b/spec/bundler/install/gemfile/specific_platform_spec.rb @@ -66,6 +66,10 @@ RSpec.describe "bundle install with specific platforms" do gemfile google_protobuf + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.4.0" + end + # simulate lockfile created with old bundler, which only locks for ruby platform lockfile <<-L GEM @@ -78,16 +82,15 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES google-protobuf - - CHECKSUMS - google-protobuf (3.0.0.alpha.4.0) - + #{checksums} BUNDLED WITH 2.1.4 L bundle "update", :env => { "BUNDLER_VERSION" => Bundler::VERSION } + checksums.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.5.0.5.1" + # make sure the platform that the platform specific dependency is used, since we're only locked to ruby expect(the_bundle).to include_gem("google-protobuf 3.0.0.alpha.5.0.5.1 universal-darwin") @@ -103,10 +106,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES google-protobuf - - CHECKSUMS - google-protobuf (3.0.0.alpha.5.0.5.1) - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -528,11 +528,11 @@ RSpec.describe "bundle install with specific platforms" do bundle "update" - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "sorbet", "0.5.10160" - c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160" - c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local - c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "sorbet", "0.5.10160" + c.checksum gem_repo4, "sorbet-runtime", "0.5.10160" + c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local + c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160" end expect(lockfile).to eq <<~L @@ -552,10 +552,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES sorbet-static-and-runtime - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -587,6 +584,11 @@ RSpec.describe "bundle install with specific platforms" do G end + checksums = checksums_section_when_existing do |c| + c.no_checksum "nokogiri", "1.13.0", "x86_64-darwin" + c.no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin" + end + lockfile <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -602,7 +604,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri sorbet-static - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -624,11 +626,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri sorbet-static - - CHECKSUMS - #{gem_no_checksum "nokogiri", "1.13.0", "x86_64-darwin"} - #{gem_no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -682,11 +680,11 @@ RSpec.describe "bundle install with specific platforms" do bundle "update" - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "sorbet", "0.5.10160" - c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160" - c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local - c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "sorbet", "0.5.10160" + c.checksum gem_repo4, "sorbet-runtime", "0.5.10160" + c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local + c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160" end expect(lockfile).to eq <<~L @@ -706,10 +704,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES sorbet-static-and-runtime - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -760,9 +755,9 @@ RSpec.describe "bundle install with specific platforms" do bundle "update" - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "nokogiri", "1.14.0", "x86_64-linux" - c.repo_gem gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux" + c.checksum gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux" end expect(lockfile).to eq <<~L @@ -778,10 +773,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri sorbet-static - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -807,6 +799,11 @@ RSpec.describe "bundle install with specific platforms" do gem "sorbet-static", "= 0.5.10549" G + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20" + c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21" + end + # Make sure the lockfile is missing sorbet-static-0.5.10549-universal-darwin-21 lockfile <<~L GEM @@ -819,17 +816,15 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES sorbet-static (= 0.5.10549) - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"} - #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L bundle "install" + checksums.no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21" + expect(lockfile).to eq <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -842,11 +837,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES sorbet-static (= 0.5.10549) - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"} - #{gem_no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -893,6 +884,11 @@ RSpec.describe "bundle install with specific platforms" do bundle "lock --update" + checksums = checksums_section_when_existing do |c| + c.no_checksum "nokogiri", "1.13.8" + c.no_checksum "nokogiri", "1.13.8", Gem::Platform.local + end + updated_lockfile = <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -906,11 +902,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri tzinfo (~> 1.2) - - CHECKSUMS - #{gem_no_checksum "nokogiri", "1.13.8"} - #{gem_no_checksum "nokogiri", "1.13.8", Gem::Platform.local} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -931,6 +923,11 @@ RSpec.describe "bundle install with specific platforms" do gem "rack" G + checksums = checksums_section_when_existing do |c| + c.no_checksum "concurrent-ruby", "1.2.2" + c.no_checksum "rack", "3.0.7" + end + lockfile <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -942,7 +939,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES concurrent-ruby - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -962,11 +959,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES concurrent-ruby rack - - CHECKSUMS - #{gem_no_checksum "concurrent-ruby", "1.2.2"} - #{gem_no_checksum "rack", "3.0.7"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1029,6 +1022,10 @@ RSpec.describe "bundle install with specific platforms" do gem "nokogiri", "1.14.0" G + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux" + end + lockfile <<~L GEM remote: #{file_uri_for(gem_repo4)}/ @@ -1040,13 +1037,17 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri (= 1.14.0) - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L bundle :install + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "nokogiri", "1.14.0" + end + expect(lockfile).to eq(<<~L) GEM remote: #{file_uri_for(gem_repo4)}/ @@ -1058,10 +1059,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri (= 1.14.0) - - CHECKSUMS - #{checksum_for_repo_gem gem_repo4, "nokogiri", "1.14.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1101,6 +1099,12 @@ RSpec.describe "bundle install with specific platforms" do bundle "lock" + checksums = checksums_section_when_existing do |c| + c.no_checksum "nokogiri", "1.14.0" + c.no_checksum "nokogiri", "1.14.0", "arm-linux" + c.no_checksum "nokogiri", "1.14.0", "x86_64-linux" + end + # locks all compatible platforms, excluding Java and Windows expect(lockfile).to eq(<<~L) GEM @@ -1117,12 +1121,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri - - CHECKSUMS - #{gem_no_checksum "nokogiri", "1.14.0"} - #{gem_no_checksum "nokogiri", "1.14.0", "arm-linux"} - #{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1138,6 +1137,10 @@ RSpec.describe "bundle install with specific platforms" do bundle "lock" + checksums.delete "nokogiri", "arm-linux" + checksums.no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22" + checksums.no_checksum "sorbet-static", "0.5.10696", "x86_64-linux" + # locks only platforms compatible with all gems in the bundle expect(lockfile).to eq(<<~L) GEM @@ -1155,13 +1158,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri sorbet-static - - CHECKSUMS - #{gem_no_checksum "nokogiri", "1.14.0"} - #{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"} - #{gem_no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22"} - #{gem_no_checksum "sorbet-static", "0.5.10696", "x86_64-linux"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -1191,10 +1188,10 @@ RSpec.describe "bundle install with specific platforms" do gem "sass-embedded" G - expected_checksums = checksum_section do |c| - c.repo_gem gem_repo4, "nokogiri", "1.15.5" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo4, "nokogiri", "1.15.5" c.no_checksum "sass-embedded", "1.69.5" - c.repo_gem gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu" + c.checksum gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu" end simulate_platform "x86_64-linux" do @@ -1216,10 +1213,7 @@ RSpec.describe "bundle install with specific platforms" do DEPENDENCIES nokogiri sass-embedded - - CHECKSUMS - #{expected_checksums} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gems/compact_index_spec.rb b/spec/bundler/install/gems/compact_index_spec.rb index b383614410..ea21e66987 100644 --- a/spec/bundler/install/gems/compact_index_spec.rb +++ b/spec/bundler/install/gems/compact_index_spec.rb @@ -961,8 +961,25 @@ RSpec.describe "compact index api" do end describe "checksum validation" do + before do + lockfile <<-L + GEM + remote: #{source_uri} + specs: + rack (1.0.0) + + PLATFORMS + ruby + + DEPENDENCIES + #{checksums_section} + BUNDLED WITH + #{Bundler::VERSION} + L + end + it "handles checksums from the server in base64" do - api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last + api_checksum = checksum_digest(gem_repo1, "rack", "1.0.0") rack_checksum = [[api_checksum].pack("H*")].pack("m0") install_gemfile <<-G, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => rack_checksum } source "#{source_uri}" @@ -979,8 +996,6 @@ RSpec.describe "compact index api" do gem "rack" G - api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last - gem_path = if Bundler.feature_flag.global_gem_cache? default_cache_path.dirname.join("cache", "gems", "localgemserver.test.80.dd34752a738ee965a2a4298dc16db6c5", "rack-1.0.0.gem") else @@ -992,7 +1007,7 @@ RSpec.describe "compact index api" do Bundler found mismatched checksums. This is a potential security risk. rack (1.0.0) sha256=2222222222222222222222222222222222222222222222222222222222222222 from the API at http://localgemserver.test/ - rack (1.0.0) sha256=#{api_checksum} + #{checksum_to_lock(gem_repo1, "rack", "1.0.0")} from the gem at #{gem_path} If you trust the API at http://localgemserver.test/, to resolve this issue you can: @@ -1057,6 +1072,7 @@ Running `bundle update rails` should fix the problem. G gem_command "uninstall activemerchant" bundle "update rails", :artifice => "compact_index" - expect(lockfile.scan(/activemerchant \(/).size).to eq(2) # Once in the specs, and once in CHECKSUMS + count = lockfile.match?("CHECKSUMS") ? 2 : 1 # Once in the specs, and once in CHECKSUMS + expect(lockfile.scan(/activemerchant \(/).size).to eq(count) end end diff --git a/spec/bundler/install/gems/flex_spec.rb b/spec/bundler/install/gems/flex_spec.rb index 484ec1f839..01222cbbc4 100644 --- a/spec/bundler/install/gems/flex_spec.rb +++ b/spec/bundler/install/gems/flex_spec.rb @@ -268,6 +268,11 @@ RSpec.describe "bundle flex_install" do it "should work when you install" do bundle "install" + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo1, "rack", "0.9.1" + c.checksum gem_repo1, "rack-obama", "1.0" + end + expect(lockfile).to eq <<~L GEM remote: #{file_uri_for(gem_repo1)}/ @@ -282,11 +287,7 @@ RSpec.describe "bundle flex_install" do DEPENDENCIES rack (= 0.9.1) rack-obama - - CHECKSUMS - #{checksum_for_repo_gem gem_repo1, "rack", "0.9.1"} - #{checksum_for_repo_gem gem_repo1, "rack-obama", "1.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -312,6 +313,10 @@ RSpec.describe "bundle flex_install" do gem "rack" G + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo1, "rack", "1.0.0" + end + expect(lockfile).to eq <<~L GEM remote: #{file_uri_for(gem_repo1)}/ @@ -327,10 +332,7 @@ RSpec.describe "bundle flex_install" do DEPENDENCIES rack - - CHECKSUMS - #{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/gems/resolving_spec.rb b/spec/bundler/install/gems/resolving_spec.rb index b9f928a0db..8c9ec61ed0 100644 --- a/spec/bundler/install/gems/resolving_spec.rb +++ b/spec/bundler/install/gems/resolving_spec.rb @@ -256,6 +256,10 @@ RSpec.describe "bundle install with install-time dependencies" do gem 'parallel_tests' G + checksums = checksums_section do |c| + c.checksum gem_repo2, "parallel_tests", "3.8.0" + end + lockfile <<~L GEM remote: http://localgemserver.test/ @@ -267,7 +271,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -276,6 +280,10 @@ RSpec.describe "bundle install with install-time dependencies" do it "automatically updates lockfile to use the older version" do bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "parallel_tests", "3.7.0" + end + expect(lockfile).to eq <<~L GEM remote: http://localgemserver.test/ @@ -287,10 +295,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - - CHECKSUMS - #{checksum_for_repo_gem gem_repo2, "parallel_tests", "3.7.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -335,6 +340,11 @@ RSpec.describe "bundle install with install-time dependencies" do gem 'rubocop' G + checksums = checksums_section do |c| + c.checksum gem_repo2, "rubocop", "1.35.0" + c.checksum gem_repo2, "rubocop-ast", "1.21.0" + end + lockfile <<~L GEM remote: http://localgemserver.test/ @@ -348,7 +358,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES parallel_tests - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L @@ -357,6 +367,11 @@ RSpec.describe "bundle install with install-time dependencies" do it "automatically updates lockfile to use the older compatible versions" do bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } + checksums = checksums_section_when_existing do |c| + c.checksum gem_repo2, "rubocop", "1.28.2" + c.checksum gem_repo2, "rubocop-ast", "1.17.0" + end + expect(lockfile).to eq <<~L GEM remote: http://localgemserver.test/ @@ -370,11 +385,7 @@ RSpec.describe "bundle install with install-time dependencies" do DEPENDENCIES rubocop - - CHECKSUMS - #{checksum_for_repo_gem gem_repo2, "rubocop", "1.28.2"} - #{checksum_for_repo_gem gem_repo2, "rubocop-ast", "1.17.0"} - + #{checksums} BUNDLED WITH #{Bundler::VERSION} L diff --git a/spec/bundler/install/yanked_spec.rb b/spec/bundler/install/yanked_spec.rb index 338a187472..dc054b50bb 100644 --- a/spec/bundler/install/yanked_spec.rb +++ b/spec/bundler/install/yanked_spec.rb @@ -160,10 +160,6 @@ RSpec.context "when resolving a bundle that includes yanked gems, but unlocking bar foo - CHECKSUMS - #{gem_no_checksum "bar", "2.0.0"} - #{gem_no_checksum "foo", "9.0.0"} - BUNDLED WITH #{Bundler::VERSION} L |