1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rubygems/rubygems] Converts Bundler lockfile checksum validation to opt-in only

Browse Source 
Looks for the CHECKSUMS section in the lockfile, activating the feature
only if the section exists. Without a CHECKSUMS section, Bundler will
continue as normal, validating checksums when gems are installed while
checksums from the compact index are present.

https://github.com/rubygems/rubygems/commit/2353cc93a4
This commit is contained in:
Martin Emde 2023-12-01 14:20:51 -08:00 committed by git
parent a33632e1ca
commit 5f0ea3f590
28 changed files with 869 additions and 827 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/bundler/checksum.rb
View File

@ -9,6 +9,18 @@ module Bundler
private_constant :DEFAULT_BLOCK_SIZE private_constant :DEFAULT_BLOCK_SIZE
class << self class << self
def from_gem_package(gem_package, algo = DEFAULT_ALGORITHM)
return if Bundler.settings[:disable_checksum_validation]
return unless source = gem_package.instance_variable_get(:@gem)
return unless source.respond_to?(:with_read_io)
source.with_read_io do |io|
from_gem(io, source.path)
ensure
io.rewind
end
end
def from_gem(io, pathname, algo = DEFAULT_ALGORITHM) def from_gem(io, pathname, algo = DEFAULT_ALGORITHM)
digest = Bundler::SharedHelpers.digest(algo.upcase).new digest = Bundler::SharedHelpers.digest(algo.upcase).new
buf = String.new(:capacity => DEFAULT_BLOCK_SIZE) buf = String.new(:capacity => DEFAULT_BLOCK_SIZE)
@ -17,6 +29,7 @@ module Bundler
end end
def from_api(digest, source_uri, algo = DEFAULT_ALGORITHM) def from_api(digest, source_uri, algo = DEFAULT_ALGORITHM)
return if Bundler.settings[:disable_checksum_validation]
Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:api, source_uri)) Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:api, source_uri))
end end
@ -177,7 +190,6 @@ module Bundler
# This ensures a mismatch error where there are multiple top level sources # This ensures a mismatch error where there are multiple top level sources
# that contain the same gem with different checksums. # that contain the same gem with different checksums.
def replace(spec, checksum) def replace(spec, checksum)
return if Bundler.settings[:disable_checksum_validation]
return unless checksum return unless checksum
name_tuple = spec.name_tuple name_tuple = spec.name_tuple
@ -193,7 +205,6 @@ module Bundler
end end
def register(spec, checksum) def register(spec, checksum)
return if Bundler.settings[:disable_checksum_validation]
return unless checksum return unless checksum
register_checksum(spec.name_tuple, checksum) register_checksum(spec.name_tuple, checksum)
end end

7
lib/bundler/definition.rb
View File

@ -18,7 +18,8 @@ module Bundler
:platforms, :platforms,
:ruby_version, :ruby_version,
:lockfile, :lockfile,
:gemfiles :gemfiles,
:locked_checksums
) )
# Given a gemfile and lockfile creates a Bundler definition # Given a gemfile and lockfile creates a Bundler definition
@ -92,6 +93,7 @@ module Bundler
@locked_bundler_version = @locked_gems.bundler_version @locked_bundler_version = @locked_gems.bundler_version
@locked_ruby_version = @locked_gems.ruby_version @locked_ruby_version = @locked_gems.ruby_version
@originally_locked_specs = SpecSet.new(@locked_gems.specs) @originally_locked_specs = SpecSet.new(@locked_gems.specs)
@locked_checksums = @locked_gems.checksums
if unlock != true if unlock != true
@locked_deps = @locked_gems.dependencies @locked_deps = @locked_gems.dependencies
@ -112,6 +114,7 @@ module Bundler
@originally_locked_specs = @locked_specs @originally_locked_specs = @locked_specs
@locked_sources = [] @locked_sources = []
@locked_platforms = [] @locked_platforms = []
@locked_checksums = nil
end end
locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) } locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
@ -767,7 +770,7 @@ module Bundler
sources.all_sources.each do |source| sources.all_sources.each do |source|
# has to be done separately, because we want to keep the locked checksum # has to be done separately, because we want to keep the locked checksum
# store for a source, even when doing a full update # store for a source, even when doing a full update
if @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) } if @locked_checksums && @locked_gems && locked_source = @locked_gems.sources.find {|s| s == source && !s.equal?(source) }
source.checksum_store.merge!(locked_source.checksum_store) source.checksum_store.merge!(locked_source.checksum_store)
end end
# If the source is unlockable and the current command allows an unlock of # If the source is unlockable and the current command allows an unlock of

1
lib/bundler/endpoint_specification.rb
View File

@ -125,7 +125,6 @@ module Bundler
next unless v next unless v
case k.to_s case k.to_s
when "checksum" when "checksum"
next if Bundler.settings[:disable_checksum_validation]
begin begin
@checksum = Checksum.from_api(v.last, @spec_fetcher.uri) @checksum = Checksum.from_api(v.last, @spec_fetcher.uri)
rescue ArgumentError => e rescue ArgumentError => e

1
lib/bundler/lockfile_generator.rb
View File

@ -67,6 +67,7 @@ module Bundler
end end
def add_checksums def add_checksums
return unless definition.locked_checksums
checksums = definition.resolve.map do |spec| checksums = definition.resolve.map do |spec|
spec.source.checksum_store.to_lock(spec) spec.source.checksum_store.to_lock(spec)
end end

15
lib/bundler/lockfile_parser.rb
View File

@ -24,7 +24,15 @@ module Bundler
end end
end end
attr_reader :sources, :dependencies, :specs, :platforms, :bundler_version, :ruby_version, :checksums attr_reader(
:sources,
:dependencies,
:specs,
:platforms,
:bundler_version,
:ruby_version,
:checksums,
)
BUNDLED = "BUNDLED WITH" BUNDLED = "BUNDLED WITH"
DEPENDENCIES = "DEPENDENCIES" DEPENDENCIES = "DEPENDENCIES"
@ -111,6 +119,9 @@ module Bundler
elsif line == DEPENDENCIES elsif line == DEPENDENCIES
@parse_method = :parse_dependency @parse_method = :parse_dependency
elsif line == CHECKSUMS elsif line == CHECKSUMS
# This is a temporary solution to make this feature disabled by default
# for all gemfiles that don't already explicitly include the feature.
@checksums = true
@parse_method = :parse_checksum @parse_method = :parse_checksum
elsif line == PLATFORMS elsif line == PLATFORMS
@parse_method = :parse_platform @parse_method = :parse_platform
@ -228,8 +239,6 @@ module Bundler
version = Gem::Version.new(version) version = Gem::Version.new(version)
platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY platform = platform ? Gem::Platform.new(platform) : Gem::Platform::RUBY
full_name = Gem::NameTuple.new(name, version, platform).full_name full_name = Gem::NameTuple.new(name, version, platform).full_name
# Don't raise exception if there's a checksum for a gem that's not in the lockfile,
# we prefer to heal invalid lockfiles
return unless spec = @specs[full_name] return unless spec = @specs[full_name]
checksums.split(",") do |lock_checksum| checksums.split(",") do |lock_checksum|

10
lib/bundler/rubygems_gem_installer.rb
View File

@ -103,15 +103,7 @@ module Bundler
end end
def gem_checksum def gem_checksum
return nil if Bundler.settings[:disable_checksum_validation] Checksum.from_gem_package(@package)
return nil unless source = @package.instance_variable_get(:@gem)
return nil unless source.respond_to?(:with_read_io)
source.with_read_io do |io|
Checksum.from_gem(io, source.path)
ensure
io.rewind
end
end end
private private

40
spec/bundler/bundler/definition_spec.rb
View File

@ -56,6 +56,11 @@ RSpec.describe Bundler::Definition do
s.add_dependency "rack", "1.0" s.add_dependency "rack", "1.0"
end end
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo1, "rack", "1.0.0"
end
bundle :install, :env => { "DEBUG" => "1" } bundle :install, :env => { "DEBUG" => "1" }
expect(out).to match(/re-resolving dependencies/) expect(out).to match(/re-resolving dependencies/)
@ -76,11 +81,7 @@ RSpec.describe Bundler::Definition do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum "foo", "1.0"}
#{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -110,6 +111,11 @@ RSpec.describe Bundler::Definition do
s.add_development_dependency "net-ssh", "1.0" s.add_development_dependency "net-ssh", "1.0"
end end
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo1, "rack", "1.0.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo", :path => "#{lib_path("foo")}" gem "foo", :path => "#{lib_path("foo")}"
@ -135,17 +141,17 @@ RSpec.describe Bundler::Definition do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum "foo", "1.0"}
#{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "for a locked gem for another platform" do it "for a locked gem for another platform" do
checksums = checksums_section_when_existing do |c|
c.no_checksum "only_java", "1.1", "java"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "only_java", platform: :jruby gem "only_java", platform: :jruby
@ -166,16 +172,17 @@ RSpec.describe Bundler::Definition do
DEPENDENCIES DEPENDENCIES
only_java only_java
#{checksums}
CHECKSUMS
only_java (1.1-java)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "for a rubygems gem" do it "for a rubygems gem" do
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo1, "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo" gem "foo"
@ -195,10 +202,7 @@ RSpec.describe Bundler::Definition do
DEPENDENCIES DEPENDENCIES
foo foo
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo1, "foo", "1.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G

31
spec/bundler/cache/gems_spec.rb vendored
View File

@ -289,11 +289,24 @@ RSpec.describe "bundle cache" do
expect(cached_gem("rack-1.0.0")).to exist expect(cached_gem("rack-1.0.0")).to exist
end end
it "raises an error when the gem file is altered and produces a different checksum" do it "raises an error when the gem is altered and produces a different checksum" do
cached_gem("rack-1.0.0").rmtree cached_gem("rack-1.0.0").rmtree
build_gem "rack", "1.0.0", :path => bundled_app("vendor/cache") build_gem "rack", "1.0.0", :path => bundled_app("vendor/cache")
checksums = checksums_section do |c|
c.checksum gem_repo1, "rack", "1.0.0"
end
simulate_new_machine simulate_new_machine
lockfile <<-L
GEM
remote: #{file_uri_for(gem_repo2)}/
specs:
rack (1.0.0)
#{checksums}
L
bundle :install, :raise_on_error => false bundle :install, :raise_on_error => false
expect(exitstatus).to eq(37) expect(exitstatus).to eq(37)
expect(err).to include("Bundler found mismatched checksums.") expect(err).to include("Bundler found mismatched checksums.")
@ -305,6 +318,22 @@ RSpec.describe "bundle cache" do
expect(cached_gem("rack-1.0.0")).to exist expect(cached_gem("rack-1.0.0")).to exist
end end
it "installs a modified gem with a non-matching checksum when checksums is not opted in" do
cached_gem("rack-1.0.0").rmtree
build_gem "rack", "1.0.0", :path => bundled_app("vendor/cache")
simulate_new_machine
lockfile <<-L
GEM
remote: #{file_uri_for(gem_repo2)}/
specs:
rack (1.0.0)
L
bundle :install
expect(cached_gem("rack-1.0.0")).to exist
end
it "handles directories and non .gem files in the cache" do it "handles directories and non .gem files in the cache" do
bundled_app("vendor/cache/foo").mkdir bundled_app("vendor/cache/foo").mkdir
File.open(bundled_app("vendor/cache/bar"), "w") {|f| f.write("not a gem") } File.open(bundled_app("vendor/cache/bar"), "w") {|f| f.write("not a gem") }

25
spec/bundler/commands/check_spec.rb
View File

@ -406,6 +406,12 @@ RSpec.describe "bundle check" do
it "returns success when the Gemfile is satisfied and generates a correct lockfile" do it "returns success when the Gemfile is satisfied and generates a correct lockfile" do
system_gems "depends_on_rack-1.0", "rack-1.0", :gem_repo => gem_repo4, :path => default_bundle_path system_gems "depends_on_rack-1.0", "rack-1.0", :gem_repo => gem_repo4, :path => default_bundle_path
bundle :check bundle :check
checksums = checksums_section_when_existing do |c|
c.no_checksum "depends_on_rack", "1.0"
c.no_checksum "rack", "1.0"
end
expect(out).to include("The Gemfile's dependencies are satisfied") expect(out).to include("The Gemfile's dependencies are satisfied")
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
@ -424,11 +430,7 @@ RSpec.describe "bundle check" do
DEPENDENCIES DEPENDENCIES
depends_on_rack! depends_on_rack!
#{checksums}
CHECKSUMS
depends_on_rack (1.0)
rack (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -468,6 +470,12 @@ RSpec.describe "bundle check" do
bundle "check --verbose", :dir => tmp.join("bundle-check-issue") bundle "check --verbose", :dir => tmp.join("bundle-check-issue")
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "awesome_print", "1.0"
c.no_checksum "bundle-check-issue", "9999"
c.checksum gem_repo2, "dex-dispatch-engine", "1.0"
end
expect(File.read(tmp.join("bundle-check-issue/Gemfile.lock"))).to eq <<~L expect(File.read(tmp.join("bundle-check-issue/Gemfile.lock"))).to eq <<~L
PATH PATH
remote: . remote: .
@ -491,12 +499,7 @@ RSpec.describe "bundle check" do
DEPENDENCIES DEPENDENCIES
bundle-check-issue! bundle-check-issue!
dex-dispatch-engine! dex-dispatch-engine!
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "awesome_print", "1.0"}
bundle-check-issue (9999)
#{checksum_for_repo_gem gem_repo2, "dex-dispatch-engine", "1.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

43
spec/bundler/commands/install_spec.rb
View File

@ -622,6 +622,7 @@ RSpec.describe "bundle install with gem sources" do
end end
it "writes current Ruby version to Gemfile.lock" do it "writes current Ruby version to Gemfile.lock" do
checksums = checksums_section_when_existing
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -631,9 +632,7 @@ RSpec.describe "bundle install with gem sources" do
#{lockfile_platforms} #{lockfile_platforms}
DEPENDENCIES DEPENDENCIES
#{checksums}
CHECKSUMS
RUBY VERSION RUBY VERSION
#{Bundler::RubyVersion.system} #{Bundler::RubyVersion.system}
@ -648,6 +647,8 @@ RSpec.describe "bundle install with gem sources" do
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
G G
checksums = checksums_section_when_existing
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -657,9 +658,7 @@ RSpec.describe "bundle install with gem sources" do
#{lockfile_platforms} #{lockfile_platforms}
DEPENDENCIES DEPENDENCIES
#{checksums}
CHECKSUMS
RUBY VERSION RUBY VERSION
#{Bundler::RubyVersion.system} #{Bundler::RubyVersion.system}
@ -1074,11 +1073,11 @@ RSpec.describe "bundle install with gem sources" do
gem "loofah", "~> 2.12.0" gem "loofah", "~> 2.12.0"
G G
checksums = checksum_section do |c| checksums = checksums_section do |c|
c.repo_gem gem_repo4, "crass", "1.0.6" c.checksum gem_repo4, "crass", "1.0.6"
c.repo_gem gem_repo4, "loofah", "2.12.0" c.checksum gem_repo4, "loofah", "2.12.0"
c.repo_gem gem_repo4, "nokogiri", "1.12.4", "x86_64-darwin" c.checksum gem_repo4, "nokogiri", "1.12.4", "x86_64-darwin"
c.repo_gem gem_repo4, "racca", "1.5.2" c.checksum gem_repo4, "racca", "1.5.2"
end end
lockfile <<-L lockfile <<-L
@ -1099,10 +1098,7 @@ RSpec.describe "bundle install with gem sources" do
DEPENDENCIES DEPENDENCIES
loofah (~> 2.12.0) loofah (~> 2.12.0)
#{checksums}
CHECKSUMS
#{checksums}
RUBY VERSION RUBY VERSION
#{Bundler::RubyVersion.system} #{Bundler::RubyVersion.system}
@ -1118,12 +1114,12 @@ RSpec.describe "bundle install with gem sources" do
bundle "install", :artifice => "compact_index" bundle "install", :artifice => "compact_index"
end end
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "crass", "1.0.6" c.checksum gem_repo4, "crass", "1.0.6"
c.repo_gem gem_repo4, "loofah", "2.12.0" c.checksum gem_repo4, "loofah", "2.12.0"
c.repo_gem gem_repo4, "nokogiri", "1.12.4", "x86_64-darwin" c.checksum gem_repo4, "nokogiri", "1.12.4", "x86_64-darwin"
c.repo_gem gem_repo4, "nokogiri", "1.12.4", "x86_64-linux" c.checksum gem_repo4, "racca", "1.5.2"
c.repo_gem gem_repo4, "racca", "1.5.2" c.checksum gem_repo4, "nokogiri", "1.12.4", "x86_64-linux"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -1146,10 +1142,7 @@ RSpec.describe "bundle install with gem sources" do
DEPENDENCIES DEPENDENCIES
loofah (~> 2.12.0) loofah (~> 2.12.0)
#{checksums}
CHECKSUMS
#{expected_checksums}
RUBY VERSION RUBY VERSION
#{Bundler::RubyVersion.system} #{Bundler::RubyVersion.system}

264
spec/bundler/commands/lock_spec.rb
View File

@ -11,16 +11,16 @@ RSpec.describe "bundle lock" do
gem "foo" gem "foo"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem repo, "actionmailer", "2.3.2" c.checksum repo, "actionmailer", "2.3.2"
c.repo_gem repo, "actionpack", "2.3.2" c.checksum repo, "actionpack", "2.3.2"
c.repo_gem repo, "activerecord", "2.3.2" c.checksum repo, "activerecord", "2.3.2"
c.repo_gem repo, "activeresource", "2.3.2" c.checksum repo, "activeresource", "2.3.2"
c.repo_gem repo, "activesupport", "2.3.2" c.checksum repo, "activesupport", "2.3.2"
c.repo_gem repo, "foo", "1.0" c.checksum repo, "foo", "1.0"
c.repo_gem repo, "rails", "2.3.2" c.checksum repo, "rails", "2.3.2"
c.repo_gem repo, "rake", "13.0.1" c.checksum repo, "rake", "13.0.1"
c.repo_gem repo, "weakling", "0.0.3" c.checksum repo, "weakling", "0.0.3"
end end
@lockfile = <<~L @lockfile = <<~L
@ -53,10 +53,7 @@ RSpec.describe "bundle lock" do
foo foo
rails rails
weakling weakling
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -65,12 +62,18 @@ RSpec.describe "bundle lock" do
it "prints a lockfile when there is no existing lockfile with --print" do it "prints a lockfile when there is no existing lockfile with --print" do
bundle "lock --print" bundle "lock --print"
# No checksums because no way to get them from a file uri source expect(out).to eq(@lockfile.chomp)
# + no existing lockfile that has them
expect(out).to eq(remove_checksums_from_lockfile(@lockfile.chomp))
end end
it "prints a lockfile when there is an existing lockfile with --print" do it "prints a lockfile when there is an existing lockfile with --print" do
lockfile remove_checksums_section_from_lockfile(@lockfile)
bundle "lock --print"
expect(out).to eq(remove_checksums_section_from_lockfile(@lockfile).chomp)
end
it "prints a lockfile when there is an existing checksums lockfile with --print" do
lockfile @lockfile lockfile @lockfile
bundle "lock --print" bundle "lock --print"
@ -81,26 +84,39 @@ RSpec.describe "bundle lock" do
it "writes a lockfile when there is no existing lockfile" do it "writes a lockfile when there is no existing lockfile" do
bundle "lock" bundle "lock"
# No checksums because no way to get them from a file uri source expect(read_lockfile).to eq(@lockfile)
# + no existing lockfile that has them end
expect(read_lockfile).to eq(remove_checksums_from_lockfile(@lockfile))
it "prints a lockfile without fetching new checksums if the existing lockfile had no checksums" do
lockfile remove_checksums_from_lockfile(@lockfile)
bundle "lock --print"
expect(out).to eq(remove_checksums_from_lockfile(@lockfile).chomp)
end end
it "writes a lockfile when there is an outdated lockfile using --update" do it "writes a lockfile when there is an outdated lockfile using --update" do
lockfile remove_checksums_from_lockfile(@lockfile.gsub("2.3.2", "2.3.1"), " (2.3.1)")
bundle "lock --update"
expect(read_lockfile).to eq(remove_checksums_from_lockfile(@lockfile))
end
it "writes a lockfile with checksums on --update when checksums exist" do
lockfile @lockfile.gsub("2.3.2", "2.3.1") lockfile @lockfile.gsub("2.3.2", "2.3.1")
bundle "lock --update" bundle "lock --update"
expect(read_lockfile).to eq(remove_checksums_from_lockfile(@lockfile, "(2.3.2)")) expect(read_lockfile).to eq(@lockfile)
end end
it "writes a lockfile when there is an outdated lockfile using a bundle is frozen" do it "writes a lockfile when there is an outdated lockfile and bundle is frozen" do
lockfile @lockfile.gsub("2.3.2", "2.3.1") lockfile @lockfile.gsub("2.3.2", "2.3.1")
bundle "lock --update", :env => { "BUNDLE_FROZEN" => "true" } bundle "lock --update", :env => { "BUNDLE_FROZEN" => "true" }
# No checksums for the updated gems expect(read_lockfile).to eq(@lockfile)
expect(read_lockfile).to eq(remove_checksums_from_lockfile(@lockfile, "(2.3.2)"))
end end
it "does not fetch remote specs when using the --local option" do it "does not fetch remote specs when using the --local option" do
@ -109,11 +125,24 @@ RSpec.describe "bundle lock" do
expect(err).to match(/locally installed gems/) expect(err).to match(/locally installed gems/)
end end
it "does not fetch remote checksums with --local" do
lockfile remove_checksums_from_lockfile(@lockfile)
bundle "lock --print --local"
# No checksums because --local prevents fetching them
expect(out).to eq(remove_checksums_from_lockfile(@lockfile).chomp)
end
it "works with --gemfile flag" do it "works with --gemfile flag" do
create_file "CustomGemfile", <<-G create_file "CustomGemfile", <<-G
source "#{file_uri_for(repo)}" source "#{file_uri_for(repo)}"
gem "foo" gem "foo"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
lockfile = <<~L lockfile = <<~L
GEM GEM
remote: #{file_uri_for(repo)}/ remote: #{file_uri_for(repo)}/
@ -125,10 +154,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
foo foo
#{checksums}
CHECKSUMS
#{gem_no_checksum "foo", "1.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -151,16 +177,16 @@ RSpec.describe "bundle lock" do
bundle "install" bundle "install"
bundle "lock --lockfile=lock" bundle "lock --lockfile=lock"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem repo, "actionmailer", "2.3.2" c.checksum repo, "actionmailer", "2.3.2"
c.repo_gem repo, "actionpack", "2.3.2" c.checksum repo, "actionpack", "2.3.2"
c.repo_gem repo, "activerecord", "2.3.2" c.checksum repo, "activerecord", "2.3.2"
c.repo_gem repo, "activeresource", "2.3.2" c.checksum repo, "activeresource", "2.3.2"
c.repo_gem repo, "activesupport", "2.3.2" c.checksum repo, "activesupport", "2.3.2"
c.repo_gem repo, "foo", "1.0" c.checksum repo, "foo", "1.0"
c.repo_gem repo, "rails", "2.3.2" c.checksum repo, "rails", "2.3.2"
c.repo_gem repo, "rake", "13.0.1" c.checksum repo, "rake", "13.0.1"
c.repo_gem repo, "weakling", "0.0.3" c.checksum repo, "weakling", "0.0.3"
end end
lockfile = <<~L lockfile = <<~L
@ -193,10 +219,7 @@ RSpec.describe "bundle lock" do
foo foo
rails rails
weakling weakling
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -510,6 +533,11 @@ RSpec.describe "bundle lock" do
end end
end end
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "nokogiri", "1.12.0"
c.checksum gem_repo4, "nokogiri", "1.12.0", "x86_64-darwin"
end
simulate_platform "x86_64-darwin-22" do simulate_platform "x86_64-darwin-22" do
install_gemfile <<~G install_gemfile <<~G
source "#{file_uri_for(gem_repo4)}" source "#{file_uri_for(gem_repo4)}"
@ -531,15 +559,13 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.12.0"}
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.12.0", "x86_64-darwin"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
checksums.delete("nokogiri", Gem::Platform::RUBY)
simulate_platform "x86_64-darwin-22" do simulate_platform "x86_64-darwin-22" do
bundle "lock --remove-platform ruby" bundle "lock --remove-platform ruby"
end end
@ -555,10 +581,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.12.0", "x86_64-darwin"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -606,6 +629,13 @@ RSpec.describe "bundle lock" do
gem "gssapi" gem "gssapi"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "ffi", "1.9.14", "x86-mingw32"
c.no_checksum "gssapi", "1.2.0"
c.no_checksum "mixlib-shellout", "2.2.6", "universal-mingw32"
c.no_checksum "win32-process", "0.8.3"
end
simulate_platform(x86_mingw32) { bundle :lock } simulate_platform(x86_mingw32) { bundle :lock }
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -626,13 +656,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
gssapi gssapi
mixlib-shellout mixlib-shellout
#{checksums}
CHECKSUMS
#{gem_no_checksum "ffi", "1.9.14", "x86-mingw32"}
#{gem_no_checksum "gssapi", "1.2.0"}
#{gem_no_checksum "mixlib-shellout", "2.2.6", "universal-mingw32"}
#{gem_no_checksum "win32-process", "0.8.3"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -640,6 +664,9 @@ RSpec.describe "bundle lock" do
bundle "config set --local force_ruby_platform true" bundle "config set --local force_ruby_platform true"
bundle :lock bundle :lock
checksums.no_checksum "ffi", "1.9.14"
checksums.no_checksum "mixlib-shellout", "2.2.6"
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -661,15 +688,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
gssapi gssapi
mixlib-shellout mixlib-shellout
#{checksums}
CHECKSUMS
#{gem_no_checksum "ffi", "1.9.14"}
#{gem_no_checksum "ffi", "1.9.14", "x86-mingw32"}
#{gem_no_checksum "gssapi", "1.2.0"}
#{gem_no_checksum "mixlib-shellout", "2.2.6"}
#{gem_no_checksum "mixlib-shellout", "2.2.6", "universal-mingw32"}
#{gem_no_checksum "win32-process", "0.8.3"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -735,6 +754,11 @@ RSpec.describe "bundle lock" do
simulate_platform(Gem::Platform.new("x86_64-darwin-19")) { bundle "lock" } simulate_platform(Gem::Platform.new("x86_64-darwin-19")) { bundle "lock" }
checksums = checksums_section_when_existing do |c|
c.no_checksum "libv8", "8.4.255.0", "x86_64-darwin-19"
c.no_checksum "libv8", "8.4.255.0", "x86_64-darwin-20"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -748,11 +772,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
libv8 libv8
#{checksums}
CHECKSUMS
#{gem_no_checksum "libv8", "8.4.255.0", "x86_64-darwin-19"}
#{gem_no_checksum "libv8", "8.4.255.0", "x86_64-darwin-20"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -769,6 +789,11 @@ RSpec.describe "bundle lock" do
end end
end end
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-19"
c.checksum gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-20"
end
gemfile <<-G gemfile <<-G
source "#{file_uri_for(gem_repo4)}" source "#{file_uri_for(gem_repo4)}"
@ -787,11 +812,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
libv8 libv8
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-19"}
#{checksum_for_repo_gem gem_repo4, "libv8", "8.4.255.0", "x86_64-darwin-20"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -960,16 +981,16 @@ RSpec.describe "bundle lock" do
it "does not implicitly update" do it "does not implicitly update" do
bundle "lock" bundle "lock"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem repo, "actionmailer", "2.3.2" c.checksum repo, "actionmailer", "2.3.2"
c.repo_gem repo, "actionpack", "2.3.2" c.checksum repo, "actionpack", "2.3.2"
c.repo_gem repo, "activerecord", "2.3.2" c.checksum repo, "activerecord", "2.3.2"
c.repo_gem repo, "activeresource", "2.3.2" c.checksum repo, "activeresource", "2.3.2"
c.repo_gem repo, "activesupport", "2.3.2" c.checksum repo, "activesupport", "2.3.2"
c.repo_gem repo, "foo", "1.0" c.checksum repo, "foo", "1.0"
c.repo_gem repo, "rails", "2.3.2" c.checksum repo, "rails", "2.3.2"
c.repo_gem repo, "rake", "13.0.1" c.checksum repo, "rake", "13.0.1"
c.repo_gem repo, "weakling", "0.0.3" c.checksum repo, "weakling", "0.0.3"
end end
expected_lockfile = <<~L expected_lockfile = <<~L
@ -1002,10 +1023,7 @@ RSpec.describe "bundle lock" do
foo foo
rails rails
weakling weakling
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1017,16 +1035,16 @@ RSpec.describe "bundle lock" do
gemfile gemfile.gsub('"foo"', '"foo", "2.0"') gemfile gemfile.gsub('"foo"', '"foo", "2.0"')
bundle "lock" bundle "lock"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem repo, "actionmailer", "2.3.2" c.checksum repo, "actionmailer", "2.3.2"
c.repo_gem repo, "actionpack", "2.3.2" c.checksum repo, "actionpack", "2.3.2"
c.repo_gem repo, "activerecord", "2.3.2" c.checksum repo, "activerecord", "2.3.2"
c.repo_gem repo, "activeresource", "2.3.2" c.checksum repo, "activeresource", "2.3.2"
c.repo_gem repo, "activesupport", "2.3.2" c.checksum repo, "activesupport", "2.3.2"
c.no_checksum "foo", "2.0" c.no_checksum "foo", "2.0"
c.repo_gem repo, "rails", "2.3.2" c.checksum repo, "rails", "2.3.2"
c.repo_gem repo, "rake", "13.0.1" c.checksum repo, "rake", "13.0.1"
c.repo_gem repo, "weakling", "0.0.3" c.checksum repo, "weakling", "0.0.3"
end end
expected_lockfile = <<~L expected_lockfile = <<~L
@ -1059,10 +1077,7 @@ RSpec.describe "bundle lock" do
foo (= 2.0) foo (= 2.0)
rails rails
weakling weakling
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1111,9 +1126,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
debug debug
#{checksums_section}
CHECKSUMS
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1122,6 +1135,11 @@ RSpec.describe "bundle lock" do
bundle "lock" bundle "lock"
end end
checksums = checksums_section do |c|
c.no_checksum "debug", "1.6.3"
c.no_checksum "irb", "1.5.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -1136,11 +1154,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
debug debug
#{checksums}
CHECKSUMS
#{gem_no_checksum "debug", "1.6.3"}
#{gem_no_checksum "irb", "1.5.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1422,6 +1436,11 @@ RSpec.describe "bundle lock" do
end end
it "locks ruby specs" do it "locks ruby specs" do
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.no_checksum "nokogiri", "1.14.2"
end
simulate_platform "x86_64-linux" do simulate_platform "x86_64-linux" do
bundle "lock" bundle "lock"
end end
@ -1443,11 +1462,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum "foo", "1.0"}
#{gem_no_checksum "nokogiri", "1.14.2"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1508,6 +1523,13 @@ RSpec.describe "bundle lock" do
end end
it "does not downgrade top level dependencies" do it "does not downgrade top level dependencies" do
checksums = checksums_section_when_existing do |c|
c.no_checksum "actionpack", "7.0.4.3"
c.no_checksum "activesupport", "7.0.4.3"
c.no_checksum "govuk_app_config", "4.13.0"
c.no_checksum "railties", "7.0.4.3"
end
simulate_platform "arm64-darwin-22" do simulate_platform "arm64-darwin-22" do
bundle "lock" bundle "lock"
end end
@ -1530,13 +1552,7 @@ RSpec.describe "bundle lock" do
DEPENDENCIES DEPENDENCIES
activesupport (= 7.0.4.3) activesupport (= 7.0.4.3)
govuk_app_config govuk_app_config
#{checksums}
CHECKSUMS
#{gem_no_checksum "actionpack", "7.0.4.3"}
#{gem_no_checksum "activesupport", "7.0.4.3"}
#{gem_no_checksum "govuk_app_config", "4.13.0"}
#{gem_no_checksum "railties", "7.0.4.3"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

97
spec/bundler/commands/update_spec.rb
View File

@ -275,6 +275,11 @@ RSpec.describe "bundle update" do
gem "countries" gem "countries"
G G
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo4, "countries", "3.1.0")
c.checksum(gem_repo4, "country_select", "5.1.0")
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -289,11 +294,7 @@ RSpec.describe "bundle update" do
DEPENDENCIES DEPENDENCIES
countries countries
country_select country_select
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "countries", "3.1.0")}
#{checksum_for_repo_gem(gem_repo4, "country_select", "5.1.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -509,9 +510,9 @@ RSpec.describe "bundle update" do
original_lockfile = lockfile original_lockfile = lockfile
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "activesupport", "6.0.4.1" c.checksum gem_repo4, "activesupport", "6.0.4.1"
c.repo_gem gem_repo4, "tzinfo", "1.2.9" c.checksum gem_repo4, "tzinfo", "1.2.9"
end end
expected_lockfile = <<~L expected_lockfile = <<~L
@ -527,10 +528,7 @@ RSpec.describe "bundle update" do
DEPENDENCIES DEPENDENCIES
activesupport (~> 6.0.0) activesupport (~> 6.0.0)
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1152,9 +1150,10 @@ RSpec.describe "bundle update --ruby" do
G G
gemfile <<-G gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
G G
end end
it "removes the Ruby from the Gemfile.lock" do it "removes the Ruby from the Gemfile.lock" do
bundle "update --ruby" bundle "update --ruby"
@ -1168,8 +1167,6 @@ RSpec.describe "bundle update --ruby" do
DEPENDENCIES DEPENDENCIES
CHECKSUMS
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1184,30 +1181,29 @@ RSpec.describe "bundle update --ruby" do
G G
gemfile <<-G gemfile <<-G
ruby '~> #{current_ruby_minor}' ruby '~> #{current_ruby_minor}'
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
G G
end end
it "updates the Gemfile.lock with the latest version" do it "updates the Gemfile.lock with the latest version" do
bundle "update --ruby" bundle "update --ruby"
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
specs: specs:
PLATFORMS PLATFORMS
#{lockfile_platforms} #{lockfile_platforms}
DEPENDENCIES DEPENDENCIES
CHECKSUMS RUBY VERSION
#{Bundler::RubyVersion.system}
RUBY VERSION BUNDLED WITH
#{Bundler::RubyVersion.system} #{Bundler::VERSION}
BUNDLED WITH
#{Bundler::VERSION}
L L
end end
end end
@ -1257,6 +1253,7 @@ RSpec.describe "bundle update --ruby" do
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
G G
end end
it "updates the Gemfile.lock with the latest version" do it "updates the Gemfile.lock with the latest version" do
bundle "update --ruby" bundle "update --ruby"
@ -1288,11 +1285,14 @@ RSpec.describe "bundle update --bundler" do
build_gem "rack", "1.0" build_gem "rack", "1.0"
end end
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo4, "rack", "1.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo4)}" source "#{file_uri_for(gem_repo4)}"
gem "rack" gem "rack"
G G
expected_checksum = checksum_for_repo_gem(gem_repo4, "rack", "1.0")
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -1304,10 +1304,7 @@ RSpec.describe "bundle update --bundler" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{expected_checksum}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1327,10 +1324,7 @@ RSpec.describe "bundle update --bundler" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{expected_checksum}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1351,6 +1345,10 @@ RSpec.describe "bundle update --bundler" do
G G
lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.9") lockfile lockfile.sub(/(^\s*)#{Bundler::VERSION}($)/, "2.3.9")
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo4, "rack", "1.0")
end
bundle :update, :bundler => true, :artifice => "compact_index", :verbose => true bundle :update, :bundler => true, :artifice => "compact_index", :verbose => true
expect(out).to include("Using bundler #{Bundler::VERSION}") expect(out).to include("Using bundler #{Bundler::VERSION}")
@ -1365,10 +1363,7 @@ RSpec.describe "bundle update --bundler" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "rack", "1.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1458,8 +1453,11 @@ RSpec.describe "bundle update --bundler" do
bundle :update, :bundler => "2.3.0.dev", :verbose => "true" bundle :update, :bundler => "2.3.0.dev", :verbose => "true"
# Only updates properly on modern RubyGems. # Only updates properly on modern RubyGems.
if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev") if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo4, "rack", "1.0")
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -1471,10 +1469,7 @@ RSpec.describe "bundle update --bundler" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "rack", "1.0")}
BUNDLED WITH BUNDLED WITH
2.3.0.dev 2.3.0.dev
L L
@ -1500,6 +1495,9 @@ RSpec.describe "bundle update --bundler" do
expect(out).not_to include("Fetching gem metadata from https://rubygems.org/") expect(out).not_to include("Fetching gem metadata from https://rubygems.org/")
# Only updates properly on modern RubyGems. # Only updates properly on modern RubyGems.
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo4, "rack", "1.0")
end
if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev") if Gem.rubygems_version >= Gem::Version.new("3.3.0.dev")
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -1513,10 +1511,7 @@ RSpec.describe "bundle update --bundler" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "rack", "1.0")}
BUNDLED WITH BUNDLED WITH
2.3.9 2.3.9
L L

89
spec/bundler/install/gemfile/gemspec_spec.rb
View File

@ -28,14 +28,14 @@ RSpec.describe "bundle install from an existing gemspec" do
x64_mingw_archs.join("\n ") x64_mingw_archs.join("\n ")
end end
let(:x64_mingw_checksums) do def x64_mingw_checksums(checksums)
x64_mingw_archs.map do |arch| x64_mingw_archs.each do |arch|
if arch == "x64-mingw-ucrt" if arch == "x64-mingw-ucrt"
gem_no_checksum "platform_specific", "1.0", arch checksums.no_checksum "platform_specific", "1.0", arch
else else
checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", arch checksums.checksum gem_repo2, "platform_specific", "1.0", arch
end end
end.join("\n ") end
end end
it "should install runtime and development dependencies" do it "should install runtime and development dependencies" do
@ -368,6 +368,10 @@ RSpec.describe "bundle install from an existing gemspec" do
gemspec :path => "../foo" gemspec :path => "../foo"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
lockfile <<-L lockfile <<-L
PATH PATH
remote: ../foo remote: ../foo
@ -385,7 +389,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -459,6 +463,13 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY" expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0", "java"
x64_mingw_checksums(c)
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
PATH PATH
remote: . remote: .
@ -480,13 +491,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
#{x64_mingw_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -499,6 +504,13 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY" expect(the_bundle).to include_gems "foo 1.0", "platform_specific 1.0 RUBY"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0", "java"
x64_mingw_checksums(c)
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
PATH PATH
remote: . remote: .
@ -520,13 +532,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
foo! foo!
platform_specific platform_specific
#{checksums}
CHECKSUMS
foo (1.0)
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
#{x64_mingw_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -540,6 +546,14 @@ RSpec.describe "bundle install from an existing gemspec" do
it "keeps all platform dependencies in the lockfile" do it "keeps all platform dependencies in the lockfile" do
expect(the_bundle).to include_gems "foo 1.0", "indirect_platform_specific 1.0", "platform_specific 1.0 RUBY" expect(the_bundle).to include_gems "foo 1.0", "indirect_platform_specific 1.0", "platform_specific 1.0 RUBY"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo2, "indirect_platform_specific", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0"
c.checksum gem_repo2, "platform_specific", "1.0", "java"
x64_mingw_checksums(c)
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
PATH PATH
remote: . remote: .
@ -563,14 +577,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
foo! foo!
indirect_platform_specific indirect_platform_specific
#{checksums}
CHECKSUMS
foo (1.0)
#{checksum_for_repo_gem gem_repo2, "indirect_platform_specific", "1.0"}
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0"}
#{checksum_for_repo_gem gem_repo2, "platform_specific", "1.0", "java"}
#{x64_mingw_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -634,6 +641,12 @@ RSpec.describe "bundle install from an existing gemspec" do
gemspec :path => "../chef" gemspec :path => "../chef"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "chef", "17.1.17"
c.no_checksum "chef", "17.1.17", "universal-mingw32"
c.checksum gem_repo4, "win32-api", "1.5.3", "universal-mingw32"
end
initial_lockfile = <<~L initial_lockfile = <<~L
PATH PATH
remote: ../chef remote: ../chef
@ -654,12 +667,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
chef! chef!
#{checksums}
CHECKSUMS
chef (17.1.17)
chef (17.1.17-universal-mingw32)
#{checksum_for_repo_gem gem_repo4, "win32-api", "1.5.3", "universal-mingw32"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -697,6 +705,12 @@ RSpec.describe "bundle install from an existing gemspec" do
end end
it "does not remove the platform specific specs from the lockfile when re-resolving due to gemspec changes" do it "does not remove the platform specific specs from the lockfile when re-resolving due to gemspec changes" do
checksums = checksums_section_when_existing do |c|
c.no_checksum "activeadmin", "2.9.0"
c.no_checksum "jruby-openssl", "0.10.7", "java"
c.checksum gem_repo4, "railties", "6.1.4"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
PATH PATH
remote: ../activeadmin remote: ../activeadmin
@ -716,12 +730,7 @@ RSpec.describe "bundle install from an existing gemspec" do
DEPENDENCIES DEPENDENCIES
activeadmin! activeadmin!
jruby-openssl jruby-openssl
#{checksums}
CHECKSUMS
activeadmin (2.9.0)
jruby-openssl (0.10.7-java)
#{checksum_for_repo_gem gem_repo4, "railties", "6.1.4"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

15
spec/bundler/install/gemfile/install_if_spec.rb
View File

@ -18,6 +18,13 @@ RSpec.describe "bundle install with install_if conditionals" do
expect(the_bundle).not_to include_gems("thin") expect(the_bundle).not_to include_gems("thin")
expect(the_bundle).not_to include_gems("foo") expect(the_bundle).not_to include_gems("foo")
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo1, "activesupport", "2.3.5"
c.no_checksum "foo", "1.0"
c.checksum gem_repo1, "rack", "1.0.0"
c.no_checksum "thin", "1.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -36,13 +43,7 @@ RSpec.describe "bundle install with install_if conditionals" do
foo foo
rack rack
thin thin
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo1, "activesupport", "2.3.5"}
#{gem_no_checksum "foo", "1.0"}
#{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
#{gem_no_checksum "thin", "1.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

73
spec/bundler/install/gemfile/path_spec.rb
View File

@ -98,6 +98,11 @@ RSpec.describe "bundle install with explicit source paths" do
gem "aaa", :path => "./aaa" gem "aaa", :path => "./aaa"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "aaa", "1.0"
c.no_checksum "demo", "1.0"
end
lockfile = <<~L lockfile = <<~L
PATH PATH
remote: . remote: .
@ -119,11 +124,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
aaa! aaa!
demo! demo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("aaa", "1.0")}
#{gem_no_checksum("demo", "1.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -345,6 +346,11 @@ RSpec.describe "bundle install with explicit source paths" do
lockfile_path = lib_path("foo/Gemfile.lock") lockfile_path = lib_path("foo/Gemfile.lock")
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "0.1.0"
c.checksum gem_repo4, "graphql", "2.0.15"
end
original_lockfile = <<~L original_lockfile = <<~L
PATH PATH
remote: . remote: .
@ -362,11 +368,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "0.1.0")}
#{checksum_for_repo_gem(gem_repo4, "graphql", "2.0.15")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -673,6 +675,11 @@ RSpec.describe "bundle install with explicit source paths" do
expect(the_bundle).to include_gems "rack 0.9.1" expect(the_bundle).to include_gems "rack 0.9.1"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo1, "rack", "0.9.1"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PATH PATH
remote: #{lib_path("foo")} remote: #{lib_path("foo")}
@ -690,11 +697,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "1.0")}
#{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -722,11 +725,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "1.0")}
#{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -743,6 +742,11 @@ RSpec.describe "bundle install with explicit source paths" do
expect(the_bundle).to include_gems "rack 0.9.1" expect(the_bundle).to include_gems "rack 0.9.1"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.checksum gem_repo1, "rack", "0.9.1"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PATH PATH
remote: #{lib_path("foo")} remote: #{lib_path("foo")}
@ -760,11 +764,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "1.0")}
#{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -776,6 +776,8 @@ RSpec.describe "bundle install with explicit source paths" do
bundle "install" bundle "install"
checksums.checksum gem_repo1, "rake", "13.0.1"
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PATH PATH
remote: #{lib_path("foo")} remote: #{lib_path("foo")}
@ -795,12 +797,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "1.0")}
#{checksum_for_repo_gem(gem_repo1, "rack", "0.9.1")}
#{checksum_for_repo_gem(gem_repo1, "rake", "13.0.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -813,6 +810,10 @@ RSpec.describe "bundle install with explicit source paths" do
s.add_dependency "rack", "0.9.1" s.add_dependency "rack", "0.9.1"
end end
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
lockfile <<~L lockfile <<~L
PATH PATH
remote: #{lib_path("foo")} remote: #{lib_path("foo")}
@ -824,13 +825,15 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
bundle "lock" bundle "lock"
checksums.no_checksum "rack", "0.9.1"
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PATH PATH
remote: #{lib_path("foo")} remote: #{lib_path("foo")}
@ -848,11 +851,7 @@ RSpec.describe "bundle install with explicit source paths" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
#{gem_no_checksum("foo", "1.0")}
#{gem_no_checksum("rack", "0.9.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G

58
spec/bundler/install/gemfile/platform_spec.rb
View File

@ -203,6 +203,15 @@ RSpec.describe "bundle install across platforms" do
gem "pry" gem "pry"
G G
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "coderay", "1.1.2"
c.checksum gem_repo4, "empyrean", "0.1.0"
c.checksum gem_repo4, "ffi", "1.9.23", "java"
c.checksum gem_repo4, "method_source", "0.9.0"
c.checksum gem_repo4, "pry", "0.11.3", "java"
c.checksum gem_repo4, "spoon", "0.0.6"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -224,15 +233,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES DEPENDENCIES
empyrean (= 0.1.0) empyrean (= 0.1.0)
pry pry
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
#{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
#{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
#{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
#{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
#{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -264,16 +265,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES DEPENDENCIES
empyrean (= 0.1.0) empyrean (= 0.1.0)
pry pry
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
#{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
#{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
#{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
pry (0.11.3)
#{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
#{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -306,15 +298,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES DEPENDENCIES
empyrean (= 0.1.0) empyrean (= 0.1.0)
pry pry
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "coderay", "1.1.2"}
#{checksum_for_repo_gem gem_repo4, "empyrean", "0.1.0"}
#{checksum_for_repo_gem gem_repo4, "ffi", "1.9.23", "java"}
#{checksum_for_repo_gem gem_repo4, "method_source", "0.9.0"}
#{checksum_for_repo_gem gem_repo4, "pry", "0.11.3", "java"}
#{checksum_for_repo_gem gem_repo4, "spoon", "0.0.6"}
BUNDLED WITH BUNDLED WITH
1.16.1 1.16.1
L L
@ -388,6 +372,11 @@ RSpec.describe "bundle install across platforms" do
end end
it "keeps existing platforms when installing with force_ruby_platform" do it "keeps existing platforms when installing with force_ruby_platform" do
checksums = checksums_section do |c|
c.no_checksum "platform_specific", "1.0"
c.no_checksum "platform_specific", "1.0", "java"
end
lockfile <<-G lockfile <<-G
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -399,6 +388,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES DEPENDENCIES
platform_specific platform_specific
#{checksums}
G G
bundle "config set --local force_ruby_platform true" bundle "config set --local force_ruby_platform true"
@ -408,6 +398,8 @@ RSpec.describe "bundle install across platforms" do
gem "platform_specific" gem "platform_specific"
G G
checksums.checksum gem_repo1, "platform_specific", "1.0"
expect(the_bundle).to include_gem "platform_specific 1.0 RUBY" expect(the_bundle).to include_gem "platform_specific 1.0 RUBY"
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -423,11 +415,7 @@ RSpec.describe "bundle install across platforms" do
DEPENDENCIES DEPENDENCIES
platform_specific platform_specific
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo1, "platform_specific", "1.0")}
#{gem_no_checksum "platform_specific", "1.0", "java"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -596,9 +584,7 @@ RSpec.describe "bundle install with platform conditionals" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums_section_when_existing}
CHECKSUMS
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

192
spec/bundler/install/gemfile/sources_spec.rb
View File

@ -28,15 +28,32 @@ RSpec.describe "bundle install with gems on multiple sources" do
end end
it "refuses to install mismatched checksum because one gem has been tampered with", :bundler => "< 3" do it "refuses to install mismatched checksum because one gem has been tampered with", :bundler => "< 3" do
lockfile <<~L
GEM
remote: https://gem.repo3/
remote: https://gem.repo1/
specs:
rack (1.0.0)
PLATFORMS
#{local_platform}
DEPENDENCIES
depends_on_rack!
BUNDLED WITH
#{Bundler::VERSION}
L
bundle :install, :artifice => "compact_index", :raise_on_error => false bundle :install, :artifice => "compact_index", :raise_on_error => false
expect(exitstatus).to eq(37) expect(exitstatus).to eq(37)
expect(err).to eq <<~E.strip expect(err).to eq <<~E.strip
[DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. [DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source.
Bundler found mismatched checksums. This is a potential security risk. Bundler found mismatched checksums. This is a potential security risk.
#{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")} #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the API at https://gem.repo1/ from the API at https://gem.repo1/
#{checksum_for_repo_gem(gem_repo3, "rack", "1.0.0")} #{checksum_to_lock(gem_repo3, "rack", "1.0.0")}
from the API at https://gem.repo3/ from the API at https://gem.repo3/
Mismatched checksums each have an authoritative source: Mismatched checksums each have an authoritative source:
@ -129,7 +146,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
end end
it "works in standalone mode", :bundler => "< 3" do it "works in standalone mode", :bundler => "< 3" do
gem_checksum = checksum_for_repo_gem(gem_repo4, "foo", "1.0").split(Bundler::Checksum::ALGO_SEPARATOR).last gem_checksum = checksum_digest(gem_repo4, "foo", "1.0")
bundle "install --standalone", :artifice => "compact_index", :env => { "BUNDLER_SPEC_FOO_CHECKSUM" => gem_checksum } bundle "install --standalone", :artifice => "compact_index", :env => { "BUNDLER_SPEC_FOO_CHECKSUM" => gem_checksum }
end end
end end
@ -314,9 +331,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(err).to eq(<<~E.strip) expect(err).to eq(<<~E.strip)
[DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source. [DEPRECATED] Your Gemfile contains multiple global sources. Using `source` more than once without a block is a security risk, and may result in installing unexpected gems. To resolve this warning, use a block to indicate which gems should come from the secondary source.
Bundler found mismatched checksums. This is a potential security risk. Bundler found mismatched checksums. This is a potential security risk.
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")} #{checksum_to_lock(gem_repo2, "rack", "1.0.0")}
from the API at https://gem.repo2/ from the API at https://gem.repo2/
#{checksum_for_repo_gem(gem_repo1, "rack", "1.0.0")} #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the API at https://gem.repo1/ from the API at https://gem.repo1/
Mismatched checksums each have an authoritative source: Mismatched checksums each have an authoritative source:
@ -340,7 +357,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
rack (1.0.0) sha256=#{rack_checksum} rack (1.0.0) sha256=#{rack_checksum}
from the API at https://gem.repo2/ from the API at https://gem.repo2/
and the API at https://gem.repo1/ and the API at https://gem.repo1/
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")} #{checksum_to_lock(gem_repo2, "rack", "1.0.0")}
from the gem at #{default_bundle_path("cache", "rack-1.0.0.gem")} from the gem at #{default_bundle_path("cache", "rack-1.0.0.gem")}
If you trust the API at https://gem.repo2/, to resolve this issue you can: If you trust the API at https://gem.repo2/, to resolve this issue you can:
@ -354,15 +371,15 @@ RSpec.describe "bundle install with gems on multiple sources" do
end end
it "installs from the other source and warns about ambiguous gems when the sources have the same checksum", :bundler => "< 3" do it "installs from the other source and warns about ambiguous gems when the sources have the same checksum", :bundler => "< 3" do
gem_checksum = checksum_for_repo_gem(gem_repo2, "rack", "1.0.0").split(Bundler::Checksum::ALGO_SEPARATOR).last gem_checksum = checksum_digest(gem_repo2, "rack", "1.0.0")
bundle :install, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => gem_checksum, "DEBUG" => "1" } bundle :install, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => gem_checksum, "DEBUG" => "1" }
expect(err).to include("Warning: the gem 'rack' was found in multiple sources.") expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
expect(err).to include("Installed from: https://gem.repo2") expect(err).to include("Installed from: https://gem.repo2")
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo3, "depends_on_rack", "1.0.1" c.checksum gem_repo3, "depends_on_rack", "1.0.1"
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -383,10 +400,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
depends_on_rack! depends_on_rack!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -403,7 +417,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(err).to include("Warning: the gem 'rack' was found in multiple sources.") expect(err).to include("Warning: the gem 'rack' was found in multiple sources.")
expect(err).to include("Installed from: https://gem.repo2") expect(err).to include("Installed from: https://gem.repo2")
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.no_checksum "depends_on_rack", "1.0.1" c.no_checksum "depends_on_rack", "1.0.1"
c.no_checksum "rack", "1.0.0" c.no_checksum "rack", "1.0.0"
end end
@ -426,10 +440,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
depends_on_rack! depends_on_rack!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -772,6 +783,21 @@ RSpec.describe "bundle install with gems on multiple sources" do
end end
G G
@locked_checksums = checksums_section_when_existing do |c|
c.checksum gem_repo2, "activesupport", "6.0.3.4"
c.checksum gem_repo2, "concurrent-ruby", "1.1.8"
c.checksum gem_repo2, "connection_pool", "2.2.3"
c.checksum gem_repo2, "i18n", "1.8.9"
c.checksum gem_repo2, "minitest", "5.14.3"
c.checksum gem_repo2, "rack", "2.2.3"
c.checksum gem_repo2, "redis", "4.2.5"
c.checksum gem_repo2, "sidekiq", "6.1.3"
c.checksum gem_repo3, "sidekiq-pro", "5.2.1"
c.checksum gem_repo2, "thread_safe", "0.3.6"
c.checksum gem_repo2, "tzinfo", "1.2.9"
c.checksum gem_repo2, "zeitwerk", "2.4.2"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: https://gem.repo2/ remote: https://gem.repo2/
@ -808,7 +834,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
activesupport activesupport
sidekiq-pro! sidekiq-pro!
#{@locked_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -825,21 +851,6 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).to include_gems("concurrent-ruby 1.1.8") expect(the_bundle).to include_gems("concurrent-ruby 1.1.8")
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9") expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.9")
expected_checksums = checksum_section do |c|
c.repo_gem gem_repo2, "activesupport", "6.0.3.4"
c.repo_gem gem_repo2, "concurrent-ruby", "1.1.8"
c.repo_gem gem_repo2, "connection_pool", "2.2.3"
c.repo_gem gem_repo2, "i18n", "1.8.9"
c.repo_gem gem_repo2, "minitest", "5.14.3"
c.repo_gem gem_repo2, "rack", "2.2.3"
c.repo_gem gem_repo2, "redis", "4.2.5"
c.repo_gem gem_repo2, "sidekiq", "6.1.3"
c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
c.repo_gem gem_repo2, "thread_safe", "0.3.6"
c.repo_gem gem_repo2, "tzinfo", "1.2.9"
c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: https://gem.repo2/ remote: https://gem.repo2/
@ -879,10 +890,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
activesupport activesupport
sidekiq-pro! sidekiq-pro!
#{@locked_checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -923,24 +931,16 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).not_to include_gems("activesupport 6.0.3.4") expect(the_bundle).not_to include_gems("activesupport 6.0.3.4")
expect(the_bundle).to include_gems("activesupport 6.1.2.1") expect(the_bundle).to include_gems("activesupport 6.1.2.1")
@locked_checksums.checksum gem_repo2, "activesupport", "6.1.2.1"
expect(the_bundle).not_to include_gems("tzinfo 1.2.9") expect(the_bundle).not_to include_gems("tzinfo 1.2.9")
expect(the_bundle).to include_gems("tzinfo 2.0.4") expect(the_bundle).to include_gems("tzinfo 2.0.4")
@locked_checksums.checksum gem_repo2, "tzinfo", "2.0.4"
@locked_checksums.delete "thread_safe"
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8") expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8")
expect(the_bundle).to include_gems("concurrent-ruby 1.1.9") expect(the_bundle).to include_gems("concurrent-ruby 1.1.9")
@locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9"
expected_checksums = checksum_section do |c|
c.repo_gem gem_repo2, "activesupport", "6.1.2.1"
c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9"
c.repo_gem gem_repo2, "connection_pool", "2.2.3"
c.repo_gem gem_repo2, "i18n", "1.8.9"
c.repo_gem gem_repo2, "minitest", "5.14.3"
c.repo_gem gem_repo2, "rack", "2.2.3"
c.repo_gem gem_repo2, "redis", "4.2.5"
c.repo_gem gem_repo2, "sidekiq", "6.1.3"
c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
c.repo_gem gem_repo2, "tzinfo", "2.0.4"
c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
@ -980,10 +980,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
activesupport activesupport
sidekiq-pro! sidekiq-pro!
#{@locked_checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1000,20 +997,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
expect(the_bundle).to include_gems("concurrent-ruby 1.1.9") expect(the_bundle).to include_gems("concurrent-ruby 1.1.9")
expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8") expect(the_bundle).not_to include_gems("concurrent-ruby 1.1.8")
expected_checksums = checksum_section do |c| @locked_checksums.checksum gem_repo2, "concurrent-ruby", "1.1.9"
c.repo_gem gem_repo2, "activesupport", "6.0.3.4"
c.repo_gem gem_repo2, "concurrent-ruby", "1.1.9"
c.repo_gem gem_repo2, "connection_pool", "2.2.3"
c.repo_gem gem_repo2, "i18n", "1.8.9"
c.repo_gem gem_repo2, "minitest", "5.14.3"
c.repo_gem gem_repo2, "rack", "2.2.3"
c.repo_gem gem_repo2, "redis", "4.2.5"
c.repo_gem gem_repo2, "sidekiq", "6.1.3"
c.repo_gem gem_repo3, "sidekiq-pro", "5.2.1"
c.repo_gem gem_repo2, "thread_safe", "0.3.6"
c.repo_gem gem_repo2, "tzinfo", "1.2.9"
c.repo_gem gem_repo2, "zeitwerk", "2.4.2"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
@ -1054,10 +1038,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
activesupport activesupport
sidekiq-pro! sidekiq-pro!
#{@locked_checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1125,10 +1106,10 @@ RSpec.describe "bundle install with gems on multiple sources" do
end end
it "installs from the default source without any warnings or errors and generates a proper lockfile" do it "installs from the default source without any warnings or errors and generates a proper lockfile" do
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo3, "handsoap", "0.2.5.5" c.checksum gem_repo3, "handsoap", "0.2.5.5"
c.repo_gem gem_repo2, "nokogiri", "1.11.1" c.checksum gem_repo2, "nokogiri", "1.11.1"
c.repo_gem gem_repo2, "racca", "1.5.2" c.checksum gem_repo2, "racca", "1.5.2"
end end
expected_lockfile = <<~L expected_lockfile = <<~L
@ -1151,10 +1132,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
handsoap! handsoap!
nokogiri nokogiri
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1243,7 +1221,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
rack! rack!
#{checksums_section}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1302,8 +1280,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
bundle "install", :artifice => "compact_index", :raise_on_error => false bundle "install", :artifice => "compact_index", :raise_on_error => false
api_checksum1 = checksum_for_repo_gem(gem_repo1, "rack", "0.9.1").split("sha256=").last api_checksum1 = checksum_digest(gem_repo1, "rack", "0.9.1")
api_checksum3 = checksum_for_repo_gem(gem_repo3, "rack", "0.9.1").split("sha256=").last api_checksum3 = checksum_digest(gem_repo3, "rack", "0.9.1")
expect(exitstatus).to eq(37) expect(exitstatus).to eq(37)
expect(err).to eq(<<~E.strip) expect(err).to eq(<<~E.strip)
@ -1712,9 +1690,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "upgrades the lockfile correctly" do it "upgrades the lockfile correctly" do
bundle "lock --update", :artifice => "compact_index" bundle "lock --update", :artifice => "compact_index"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "capybara", "2.5.0" c.checksum gem_repo2, "capybara", "2.5.0"
c.repo_gem gem_repo4, "mime-types", "3.0.0" c.checksum gem_repo4, "mime-types", "3.0.0"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -1735,10 +1713,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
capybara (~> 2.5.0) capybara (~> 2.5.0)
mime-types (~> 3.0)! mime-types (~> 3.0)!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1774,6 +1749,11 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do it "handles that fine" do
bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "pdf-writer", "1.1.8"
c.checksum gem_repo2, "ruport", "1.7.0.3"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: https://localgemserver.test/ remote: https://localgemserver.test/
@ -1791,11 +1771,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
ruport (= 1.7.0.3)! ruport (= 1.7.0.3)!
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "pdf-writer", "1.1.8"}
#{checksum_for_repo_gem gem_repo2, "ruport", "1.7.0.3"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1831,9 +1807,9 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do it "handles that fine" do
bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } bundle "install", :artifice => "compact_index_extra", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "pdf-writer", "1.1.8" c.checksum gem_repo4, "pdf-writer", "1.1.8"
c.repo_gem gem_repo2, "ruport", "1.7.0.3" c.checksum gem_repo2, "ruport", "1.7.0.3"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -1853,10 +1829,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
ruport (= 1.7.0.3)! ruport (= 1.7.0.3)!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1886,8 +1859,8 @@ RSpec.describe "bundle install with gems on multiple sources" do
it "handles that fine" do it "handles that fine" do
bundle "install --verbose", :artifice => "endpoint", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } bundle "install --verbose", :artifice => "endpoint", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "pdf-writer", "1.1.8" c.checksum gem_repo4, "pdf-writer", "1.1.8"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -1901,10 +1874,7 @@ RSpec.describe "bundle install with gems on multiple sources" do
DEPENDENCIES DEPENDENCIES
pdf-writer (= 1.1.8) pdf-writer (= 1.1.8)
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

164
spec/bundler/install/gemfile/specific_platform_spec.rb
View File

@ -66,6 +66,10 @@ RSpec.describe "bundle install with specific platforms" do
gemfile google_protobuf gemfile google_protobuf
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.4.0"
end
# simulate lockfile created with old bundler, which only locks for ruby platform # simulate lockfile created with old bundler, which only locks for ruby platform
lockfile <<-L lockfile <<-L
GEM GEM
@ -78,16 +82,15 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
google-protobuf google-protobuf
#{checksums}
CHECKSUMS
google-protobuf (3.0.0.alpha.4.0)
BUNDLED WITH BUNDLED WITH
2.1.4 2.1.4
L L
bundle "update", :env => { "BUNDLER_VERSION" => Bundler::VERSION } bundle "update", :env => { "BUNDLER_VERSION" => Bundler::VERSION }
checksums.checksum gem_repo2, "google-protobuf", "3.0.0.alpha.5.0.5.1"
# make sure the platform that the platform specific dependency is used, since we're only locked to ruby # make sure the platform that the platform specific dependency is used, since we're only locked to ruby
expect(the_bundle).to include_gem("google-protobuf 3.0.0.alpha.5.0.5.1 universal-darwin") expect(the_bundle).to include_gem("google-protobuf 3.0.0.alpha.5.0.5.1 universal-darwin")
@ -103,10 +106,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
google-protobuf google-protobuf
#{checksums}
CHECKSUMS
google-protobuf (3.0.0.alpha.5.0.5.1)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -528,11 +528,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update" bundle "update"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "sorbet", "0.5.10160" c.checksum gem_repo4, "sorbet", "0.5.10160"
c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160" c.checksum gem_repo4, "sorbet-runtime", "0.5.10160"
c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160" c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -552,10 +552,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
sorbet-static-and-runtime sorbet-static-and-runtime
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -587,6 +584,11 @@ RSpec.describe "bundle install with specific platforms" do
G G
end end
checksums = checksums_section_when_existing do |c|
c.no_checksum "nokogiri", "1.13.0", "x86_64-darwin"
c.no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -602,7 +604,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
sorbet-static sorbet-static
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -624,11 +626,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
sorbet-static sorbet-static
#{checksums}
CHECKSUMS
#{gem_no_checksum "nokogiri", "1.13.0", "x86_64-darwin"}
#{gem_no_checksum "sorbet-static", "0.5.10601", "x86_64-darwin"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -682,11 +680,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update" bundle "update"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "sorbet", "0.5.10160" c.checksum gem_repo4, "sorbet", "0.5.10160"
c.repo_gem gem_repo4, "sorbet-runtime", "0.5.10160" c.checksum gem_repo4, "sorbet-runtime", "0.5.10160"
c.repo_gem gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local c.checksum gem_repo4, "sorbet-static", "0.5.10160", Gem::Platform.local
c.repo_gem gem_repo4, "sorbet-static-and-runtime", "0.5.10160" c.checksum gem_repo4, "sorbet-static-and-runtime", "0.5.10160"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -706,10 +704,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
sorbet-static-and-runtime sorbet-static-and-runtime
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -760,9 +755,9 @@ RSpec.describe "bundle install with specific platforms" do
bundle "update" bundle "update"
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "nokogiri", "1.14.0", "x86_64-linux" c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux"
c.repo_gem gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux" c.checksum gem_repo4, "sorbet-static", "0.5.10696", "x86_64-linux"
end end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
@ -778,10 +773,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
sorbet-static sorbet-static
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -807,6 +799,11 @@ RSpec.describe "bundle install with specific platforms" do
gem "sorbet-static", "= 0.5.10549" gem "sorbet-static", "= 0.5.10549"
G G
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"
c.checksum gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21"
end
# Make sure the lockfile is missing sorbet-static-0.5.10549-universal-darwin-21 # Make sure the lockfile is missing sorbet-static-0.5.10549-universal-darwin-21
lockfile <<~L lockfile <<~L
GEM GEM
@ -819,17 +816,15 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
sorbet-static (= 0.5.10549) sorbet-static (= 0.5.10549)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"}
#{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-21"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
bundle "install" bundle "install"
checksums.no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21"
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -842,11 +837,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
sorbet-static (= 0.5.10549) sorbet-static (= 0.5.10549)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "sorbet-static", "0.5.10549", "universal-darwin-20"}
#{gem_no_checksum "sorbet-static", "0.5.10549", "universal-darwin-21"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -893,6 +884,11 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock --update" bundle "lock --update"
checksums = checksums_section_when_existing do |c|
c.no_checksum "nokogiri", "1.13.8"
c.no_checksum "nokogiri", "1.13.8", Gem::Platform.local
end
updated_lockfile = <<~L updated_lockfile = <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -906,11 +902,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
tzinfo (~> 1.2) tzinfo (~> 1.2)
#{checksums}
CHECKSUMS
#{gem_no_checksum "nokogiri", "1.13.8"}
#{gem_no_checksum "nokogiri", "1.13.8", Gem::Platform.local}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -931,6 +923,11 @@ RSpec.describe "bundle install with specific platforms" do
gem "rack" gem "rack"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "concurrent-ruby", "1.2.2"
c.no_checksum "rack", "3.0.7"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -942,7 +939,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
concurrent-ruby concurrent-ruby
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -962,11 +959,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
concurrent-ruby concurrent-ruby
rack rack
#{checksums}
CHECKSUMS
#{gem_no_checksum "concurrent-ruby", "1.2.2"}
#{gem_no_checksum "rack", "3.0.7"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1029,6 +1022,10 @@ RSpec.describe "bundle install with specific platforms" do
gem "nokogiri", "1.14.0" gem "nokogiri", "1.14.0"
G G
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "nokogiri", "1.14.0", "x86_64-linux"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -1040,13 +1037,17 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri (= 1.14.0) nokogiri (= 1.14.0)
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
bundle :install bundle :install
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo4, "nokogiri", "1.14.0"
end
expect(lockfile).to eq(<<~L) expect(lockfile).to eq(<<~L)
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -1058,10 +1059,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri (= 1.14.0) nokogiri (= 1.14.0)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.14.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1101,6 +1099,12 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock" bundle "lock"
checksums = checksums_section_when_existing do |c|
c.no_checksum "nokogiri", "1.14.0"
c.no_checksum "nokogiri", "1.14.0", "arm-linux"
c.no_checksum "nokogiri", "1.14.0", "x86_64-linux"
end
# locks all compatible platforms, excluding Java and Windows # locks all compatible platforms, excluding Java and Windows
expect(lockfile).to eq(<<~L) expect(lockfile).to eq(<<~L)
GEM GEM
@ -1117,12 +1121,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
#{checksums}
CHECKSUMS
#{gem_no_checksum "nokogiri", "1.14.0"}
#{gem_no_checksum "nokogiri", "1.14.0", "arm-linux"}
#{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1138,6 +1137,10 @@ RSpec.describe "bundle install with specific platforms" do
bundle "lock" bundle "lock"
checksums.delete "nokogiri", "arm-linux"
checksums.no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22"
checksums.no_checksum "sorbet-static", "0.5.10696", "x86_64-linux"
# locks only platforms compatible with all gems in the bundle # locks only platforms compatible with all gems in the bundle
expect(lockfile).to eq(<<~L) expect(lockfile).to eq(<<~L)
GEM GEM
@ -1155,13 +1158,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
sorbet-static sorbet-static
#{checksums}
CHECKSUMS
#{gem_no_checksum "nokogiri", "1.14.0"}
#{gem_no_checksum "nokogiri", "1.14.0", "x86_64-linux"}
#{gem_no_checksum "sorbet-static", "0.5.10696", "universal-darwin-22"}
#{gem_no_checksum "sorbet-static", "0.5.10696", "x86_64-linux"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1191,10 +1188,10 @@ RSpec.describe "bundle install with specific platforms" do
gem "sass-embedded" gem "sass-embedded"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo4, "nokogiri", "1.15.5" c.checksum gem_repo4, "nokogiri", "1.15.5"
c.no_checksum "sass-embedded", "1.69.5" c.no_checksum "sass-embedded", "1.69.5"
c.repo_gem gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu" c.checksum gem_repo4, "sass-embedded", "1.69.5", "x86_64-linux-gnu"
end end
simulate_platform "x86_64-linux" do simulate_platform "x86_64-linux" do
@ -1216,10 +1213,7 @@ RSpec.describe "bundle install with specific platforms" do
DEPENDENCIES DEPENDENCIES
nokogiri nokogiri
sass-embedded sass-embedded
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

26
spec/bundler/install/gems/compact_index_spec.rb
View File

@ -961,8 +961,25 @@ RSpec.describe "compact index api" do
end end
describe "checksum validation" do describe "checksum validation" do
before do
lockfile <<-L
GEM
remote: #{source_uri}
specs:
rack (1.0.0)
PLATFORMS
ruby
DEPENDENCIES
#{checksums_section}
BUNDLED WITH
#{Bundler::VERSION}
L
end
it "handles checksums from the server in base64" do it "handles checksums from the server in base64" do
api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last api_checksum = checksum_digest(gem_repo1, "rack", "1.0.0")
rack_checksum = [[api_checksum].pack("H*")].pack("m0") rack_checksum = [[api_checksum].pack("H*")].pack("m0")
install_gemfile <<-G, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => rack_checksum } install_gemfile <<-G, :artifice => "compact_index", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => rack_checksum }
source "#{source_uri}" source "#{source_uri}"
@ -979,8 +996,6 @@ RSpec.describe "compact index api" do
gem "rack" gem "rack"
G G
api_checksum = checksum_for_repo_gem(gem_repo1, "rack", "1.0.0").split("sha256=").last
gem_path = if Bundler.feature_flag.global_gem_cache? gem_path = if Bundler.feature_flag.global_gem_cache?
default_cache_path.dirname.join("cache", "gems", "localgemserver.test.80.dd34752a738ee965a2a4298dc16db6c5", "rack-1.0.0.gem") default_cache_path.dirname.join("cache", "gems", "localgemserver.test.80.dd34752a738ee965a2a4298dc16db6c5", "rack-1.0.0.gem")
else else
@ -992,7 +1007,7 @@ RSpec.describe "compact index api" do
Bundler found mismatched checksums. This is a potential security risk. Bundler found mismatched checksums. This is a potential security risk.
rack (1.0.0) sha256=2222222222222222222222222222222222222222222222222222222222222222 rack (1.0.0) sha256=2222222222222222222222222222222222222222222222222222222222222222
from the API at http://localgemserver.test/ from the API at http://localgemserver.test/
rack (1.0.0) sha256=#{api_checksum} #{checksum_to_lock(gem_repo1, "rack", "1.0.0")}
from the gem at #{gem_path} from the gem at #{gem_path}
If you trust the API at http://localgemserver.test/, to resolve this issue you can: If you trust the API at http://localgemserver.test/, to resolve this issue you can:
@ -1057,6 +1072,7 @@ Running `bundle update rails` should fix the problem.
G G
gem_command "uninstall activemerchant" gem_command "uninstall activemerchant"
bundle "update rails", :artifice => "compact_index" bundle "update rails", :artifice => "compact_index"
expect(lockfile.scan(/activemerchant \(/).size).to eq(2) # Once in the specs, and once in CHECKSUMS count = lockfile.match?("CHECKSUMS") ? 2 : 1 # Once in the specs, and once in CHECKSUMS
expect(lockfile.scan(/activemerchant \(/).size).to eq(count)
end end
end end

20
spec/bundler/install/gems/flex_spec.rb
View File

@ -268,6 +268,11 @@ RSpec.describe "bundle flex_install" do
it "should work when you install" do it "should work when you install" do
bundle "install" bundle "install"
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo1, "rack", "0.9.1"
c.checksum gem_repo1, "rack-obama", "1.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -282,11 +287,7 @@ RSpec.describe "bundle flex_install" do
DEPENDENCIES DEPENDENCIES
rack (= 0.9.1) rack (= 0.9.1)
rack-obama rack-obama
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo1, "rack", "0.9.1"}
#{checksum_for_repo_gem gem_repo1, "rack-obama", "1.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -312,6 +313,10 @@ RSpec.describe "bundle flex_install" do
gem "rack" gem "rack"
G G
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo1, "rack", "1.0.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -327,10 +332,7 @@ RSpec.describe "bundle flex_install" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

33
spec/bundler/install/gems/resolving_spec.rb
View File

@ -256,6 +256,10 @@ RSpec.describe "bundle install with install-time dependencies" do
gem 'parallel_tests' gem 'parallel_tests'
G G
checksums = checksums_section do |c|
c.checksum gem_repo2, "parallel_tests", "3.8.0"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: http://localgemserver.test/ remote: http://localgemserver.test/
@ -267,7 +271,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES DEPENDENCIES
parallel_tests parallel_tests
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -276,6 +280,10 @@ RSpec.describe "bundle install with install-time dependencies" do
it "automatically updates lockfile to use the older version" do it "automatically updates lockfile to use the older version" do
bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo2, "parallel_tests", "3.7.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: http://localgemserver.test/ remote: http://localgemserver.test/
@ -287,10 +295,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES DEPENDENCIES
parallel_tests parallel_tests
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo2, "parallel_tests", "3.7.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -335,6 +340,11 @@ RSpec.describe "bundle install with install-time dependencies" do
gem 'rubocop' gem 'rubocop'
G G
checksums = checksums_section do |c|
c.checksum gem_repo2, "rubocop", "1.35.0"
c.checksum gem_repo2, "rubocop-ast", "1.21.0"
end
lockfile <<~L lockfile <<~L
GEM GEM
remote: http://localgemserver.test/ remote: http://localgemserver.test/
@ -348,7 +358,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES DEPENDENCIES
parallel_tests parallel_tests
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -357,6 +367,11 @@ RSpec.describe "bundle install with install-time dependencies" do
it "automatically updates lockfile to use the older compatible versions" do it "automatically updates lockfile to use the older compatible versions" do
bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s } bundle "install --verbose", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo2.to_s }
checksums = checksums_section_when_existing do |c|
c.checksum gem_repo2, "rubocop", "1.28.2"
c.checksum gem_repo2, "rubocop-ast", "1.17.0"
end
expect(lockfile).to eq <<~L expect(lockfile).to eq <<~L
GEM GEM
remote: http://localgemserver.test/ remote: http://localgemserver.test/
@ -370,11 +385,7 @@ RSpec.describe "bundle install with install-time dependencies" do
DEPENDENCIES DEPENDENCIES
rubocop rubocop
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo2, "rubocop", "1.28.2"}
#{checksum_for_repo_gem gem_repo2, "rubocop-ast", "1.17.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

4
spec/bundler/install/yanked_spec.rb
View File

@ -160,10 +160,6 @@ RSpec.context "when resolving a bundle that includes yanked gems, but unlocking
bar bar
foo foo
CHECKSUMS
#{gem_no_checksum "bar", "2.0.0"}
#{gem_no_checksum "foo", "9.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

353
spec/bundler/lock/lockfile_spec.rb
View File

@ -6,6 +6,10 @@ RSpec.describe "the lockfile format" do
end end
it "generates a simple lockfile for a single source, gem" do it "generates a simple lockfile for a single source, gem" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "1.0.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}" source "#{file_uri_for(gem_repo2)}"
@ -23,10 +27,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -78,9 +79,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -134,6 +132,10 @@ RSpec.describe "the lockfile format" do
it "does not update the lockfile's bundler version if nothing changed during bundle install, and uses the latest version", :rubygems => "< 3.3.0.a" do it "does not update the lockfile's bundler version if nothing changed during bundle install, and uses the latest version", :rubygems => "< 3.3.0.a" do
version = "#{Bundler::VERSION.split(".").first}.0.0.a" version = "#{Bundler::VERSION.split(".").first}.0.0.a"
checksums = checksums_section do |c|
c.checksum(gem_repo2, "rack", "1.0.0")
end
lockfile <<-L lockfile <<-L
GEM GEM
remote: #{file_uri_for(gem_repo2)}/ remote: #{file_uri_for(gem_repo2)}/
@ -145,10 +147,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{version} #{version}
L L
@ -173,10 +172,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{version} #{version}
G G
@ -214,9 +210,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack (> 0) rack (> 0)
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -264,9 +257,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{current_version} #{current_version}
G G
@ -279,9 +269,9 @@ RSpec.describe "the lockfile format" do
gem "rack-obama" gem "rack-obama"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -297,10 +287,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack-obama rack-obama
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -313,9 +300,9 @@ RSpec.describe "the lockfile format" do
gem "rack-obama", ">= 1.0" gem "rack-obama", ">= 1.0"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -331,10 +318,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack-obama (>= 1.0) rack-obama (>= 1.0)
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -355,9 +339,9 @@ RSpec.describe "the lockfile format" do
end end
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -381,10 +365,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack-obama (>= 1.0)! rack-obama (>= 1.0)!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -396,9 +377,9 @@ RSpec.describe "the lockfile format" do
gem "net-sftp" gem "net-sftp"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "net-sftp", "1.1.1" c.checksum gem_repo2, "net-sftp", "1.1.1"
c.repo_gem gem_repo2, "net-ssh", "1.0" c.checksum gem_repo2, "net-ssh", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -414,10 +395,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
net-sftp net-sftp
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -433,6 +411,10 @@ RSpec.describe "the lockfile format" do
gem "foo", :git => "#{lib_path("foo-1.0")}" gem "foo", :git => "#{lib_path("foo-1.0")}"
G G
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
GIT GIT
remote: #{lib_path("foo-1.0")} remote: #{lib_path("foo-1.0")}
@ -449,10 +431,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -500,6 +479,10 @@ RSpec.describe "the lockfile format" do
it "serializes global git sources" do it "serializes global git sources" do
git = build_git "foo" git = build_git "foo"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
git "#{lib_path("foo-1.0")}" do git "#{lib_path("foo-1.0")}" do
@ -523,10 +506,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -536,6 +516,10 @@ RSpec.describe "the lockfile format" do
git = build_git "foo" git = build_git "foo"
update_git "foo", :branch => "omg" update_git "foo", :branch => "omg"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo", :git => "#{lib_path("foo-1.0")}", :branch => "omg" gem "foo", :git => "#{lib_path("foo-1.0")}", :branch => "omg"
@ -558,10 +542,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -571,6 +552,10 @@ RSpec.describe "the lockfile format" do
git = build_git "foo" git = build_git "foo"
update_git "foo", :tag => "omg" update_git "foo", :tag => "omg"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo", :git => "#{lib_path("foo-1.0")}", :tag => "omg" gem "foo", :git => "#{lib_path("foo-1.0")}", :tag => "omg"
@ -593,10 +578,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -683,10 +665,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
ckeditor! ckeditor!
CHECKSUMS
#{gem_no_checksum "ckeditor", "4.0.8"}
#{gem_no_checksum "orm_adapter", "0.4.1"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -695,6 +673,10 @@ RSpec.describe "the lockfile format" do
it "serializes pinned path sources to the lockfile" do it "serializes pinned path sources to the lockfile" do
build_lib "foo" build_lib "foo"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo", :path => "#{lib_path("foo-1.0")}" gem "foo", :path => "#{lib_path("foo-1.0")}"
@ -715,10 +697,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -727,6 +706,10 @@ RSpec.describe "the lockfile format" do
it "serializes pinned path sources to the lockfile even when packaging" do it "serializes pinned path sources to the lockfile even when packaging" do
build_lib "foo" build_lib "foo"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gem "foo", :path => "#{lib_path("foo-1.0")}" gem "foo", :path => "#{lib_path("foo-1.0")}"
@ -751,10 +734,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -764,6 +744,12 @@ RSpec.describe "the lockfile format" do
build_lib "foo" build_lib "foo"
bar = build_git "bar" bar = build_git "bar"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
c.no_checksum "bar", "1.0"
c.checksum gem_repo2, "rack", "1.0.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
@ -796,12 +782,7 @@ RSpec.describe "the lockfile format" do
bar! bar!
foo! foo!
rack rack
#{checksums}
CHECKSUMS
bar (1.0)
foo (1.0)
#{checksum_for_repo_gem gem_repo2, "rack", "1.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -814,8 +795,8 @@ RSpec.describe "the lockfile format" do
gem "rack", :source => "#{file_uri_for(gem_repo2)}/" gem "rack", :source => "#{file_uri_for(gem_repo2)}/"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -829,10 +810,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack! rack!
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -847,12 +825,12 @@ RSpec.describe "the lockfile format" do
gem "rack-obama" gem "rack-obama"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "actionpack", "2.3.2" c.checksum gem_repo2, "actionpack", "2.3.2"
c.repo_gem gem_repo2, "activesupport", "2.3.2" c.checksum gem_repo2, "activesupport", "2.3.2"
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
c.repo_gem gem_repo2, "thin", "1.0" c.checksum gem_repo2, "thin", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -875,10 +853,7 @@ RSpec.describe "the lockfile format" do
actionpack actionpack
rack-obama rack-obama
thin thin
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -891,14 +866,14 @@ RSpec.describe "the lockfile format" do
gem "rails" gem "rails"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "actionmailer", "2.3.2" c.checksum gem_repo2, "actionmailer", "2.3.2"
c.repo_gem gem_repo2, "actionpack", "2.3.2" c.checksum gem_repo2, "actionpack", "2.3.2"
c.repo_gem gem_repo2, "activerecord", "2.3.2" c.checksum gem_repo2, "activerecord", "2.3.2"
c.repo_gem gem_repo2, "activeresource", "2.3.2" c.checksum gem_repo2, "activeresource", "2.3.2"
c.repo_gem gem_repo2, "activesupport", "2.3.2" c.checksum gem_repo2, "activesupport", "2.3.2"
c.repo_gem gem_repo2, "rails", "2.3.2" c.checksum gem_repo2, "rails", "2.3.2"
c.repo_gem gem_repo2, "rake", "13.0.1" c.checksum gem_repo2, "rake", "13.0.1"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -927,10 +902,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rails rails
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -952,9 +924,9 @@ RSpec.describe "the lockfile format" do
gem 'double_deps' gem 'double_deps'
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "double_deps", "1.0" c.checksum gem_repo2, "double_deps", "1.0"
c.repo_gem gem_repo2, "net-ssh", "1.0" c.checksum gem_repo2, "net-ssh", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -971,10 +943,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
double_deps double_deps
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -987,9 +956,9 @@ RSpec.describe "the lockfile format" do
gem "rack-obama", ">= 1.0", :require => "rack/obama" gem "rack-obama", ">= 1.0", :require => "rack/obama"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -1005,10 +974,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack-obama (>= 1.0) rack-obama (>= 1.0)
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1021,9 +987,9 @@ RSpec.describe "the lockfile format" do
gem "rack-obama", ">= 1.0", :group => :test gem "rack-obama", ">= 1.0", :group => :test
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "rack", "1.0.0" c.checksum gem_repo2, "rack", "1.0.0"
c.repo_gem gem_repo2, "rack-obama", "1.0" c.checksum gem_repo2, "rack-obama", "1.0"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -1039,10 +1005,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack-obama (>= 1.0) rack-obama (>= 1.0)
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1051,6 +1014,10 @@ RSpec.describe "the lockfile format" do
it "stores relative paths when the path is provided in a relative fashion and in Gemfile dir" do it "stores relative paths when the path is provided in a relative fashion and in Gemfile dir" do
build_lib "foo", :path => bundled_app("foo") build_lib "foo", :path => bundled_app("foo")
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
path "foo" do path "foo" do
@ -1073,10 +1040,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1085,6 +1049,10 @@ RSpec.describe "the lockfile format" do
it "stores relative paths when the path is provided in a relative fashion and is above Gemfile dir" do it "stores relative paths when the path is provided in a relative fashion and is above Gemfile dir" do
build_lib "foo", :path => bundled_app(File.join("..", "foo")) build_lib "foo", :path => bundled_app(File.join("..", "foo"))
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
path "../foo" do path "../foo" do
@ -1107,10 +1075,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1119,6 +1084,10 @@ RSpec.describe "the lockfile format" do
it "stores relative paths when the path is provided in an absolute fashion but is relative" do it "stores relative paths when the path is provided in an absolute fashion but is relative" do
build_lib "foo", :path => bundled_app("foo") build_lib "foo", :path => bundled_app("foo")
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
path File.expand_path("foo", __dir__) do path File.expand_path("foo", __dir__) do
@ -1141,10 +1110,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1153,6 +1119,10 @@ RSpec.describe "the lockfile format" do
it "stores relative paths when the path is provided for gemspec" do it "stores relative paths when the path is provided for gemspec" do
build_lib("foo", :path => tmp.join("foo")) build_lib("foo", :path => tmp.join("foo"))
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "1.0"
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo1)}" source "#{file_uri_for(gem_repo1)}"
gemspec :path => "../foo" gemspec :path => "../foo"
@ -1173,16 +1143,17 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
foo! foo!
#{checksums}
CHECKSUMS
foo (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "keeps existing platforms in the lockfile" do it "keeps existing platforms in the lockfile" do
checksums = checksums_section_when_existing do |c|
c.no_checksum "rack", "1.0.0"
end
lockfile <<-G lockfile <<-G
GEM GEM
remote: #{file_uri_for(gem_repo2)}/ remote: #{file_uri_for(gem_repo2)}/
@ -1194,7 +1165,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1205,6 +1176,8 @@ RSpec.describe "the lockfile format" do
gem "rack" gem "rack"
G G
checksums.checksum(gem_repo2, "rack", "1.0.0")
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
GEM GEM
remote: #{file_uri_for(gem_repo2)}/ remote: #{file_uri_for(gem_repo2)}/
@ -1216,10 +1189,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1239,8 +1209,8 @@ RSpec.describe "the lockfile format" do
gem "platform_specific" gem "platform_specific"
G G
expected_checksums = checksum_section do |c| checksums = checksums_section_when_existing do |c|
c.repo_gem gem_repo2, "platform_specific", "1.0", "universal-java-16" c.checksum gem_repo2, "platform_specific", "1.0", "universal-java-16"
end end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
@ -1254,16 +1224,18 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
platform_specific platform_specific
#{checksums}
CHECKSUMS
#{expected_checksums}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "does not add duplicate gems" do it "does not add duplicate gems" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "activesupport", "2.3.5")
c.checksum(gem_repo2, "rack", "1.0.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
gem "rack" gem "rack"
@ -1288,17 +1260,17 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
activesupport activesupport
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "activesupport", "2.3.5")}
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "does not add duplicate dependencies" do it "does not add duplicate dependencies" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "1.0.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
gem "rack" gem "rack"
@ -1316,16 +1288,17 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "does not add duplicate dependencies with versions" do it "does not add duplicate dependencies with versions" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "1.0.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
gem "rack", "1.0" gem "rack", "1.0"
@ -1343,16 +1316,17 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack (= 1.0) rack (= 1.0)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "does not add duplicate dependencies in different groups" do it "does not add duplicate dependencies in different groups" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "1.0.0")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
gem "rack", "1.0", :group => :one gem "rack", "1.0", :group => :one
@ -1370,10 +1344,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack (= 1.0) rack (= 1.0)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "1.0.0")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1402,6 +1373,10 @@ RSpec.describe "the lockfile format" do
end end
it "works correctly with multiple version dependencies" do it "works correctly with multiple version dependencies" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "0.9.1")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
gem "rack", "> 0.9", "< 1.0" gem "rack", "> 0.9", "< 1.0"
@ -1418,16 +1393,17 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack (> 0.9, < 1.0) rack (> 0.9, < 1.0)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "0.9.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
end end
it "captures the Ruby version in the lockfile" do it "captures the Ruby version in the lockfile" do
checksums = checksums_section_when_existing do |c|
c.checksum(gem_repo2, "rack", "0.9.1")
end
install_gemfile <<-G install_gemfile <<-G
source "#{file_uri_for(gem_repo2)}/" source "#{file_uri_for(gem_repo2)}/"
ruby '#{Gem.ruby_version}' ruby '#{Gem.ruby_version}'
@ -1445,10 +1421,7 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
rack (> 0.9, < 1.0) rack (> 0.9, < 1.0)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem(gem_repo2, "rack", "0.9.1")}
RUBY VERSION RUBY VERSION
#{Bundler::RubyVersion.system} #{Bundler::RubyVersion.system}
@ -1526,10 +1499,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
direct_dependency direct_dependency
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "direct_dependency", "4.5.6")}
#{checksum_for_repo_gem(gem_repo4, "indirect_dependency", "1.2.3")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -1584,10 +1553,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
minitest-bisect minitest-bisect
CHECKSUMS
#{checksum_for_repo_gem(gem_repo4, "minitest-bisect", "1.6.0")}
#{checksum_for_repo_gem(gem_repo4, "path_expander", "1.1.1")}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L
@ -1654,10 +1619,6 @@ RSpec.describe "the lockfile format" do
DEPENDENCIES DEPENDENCIES
minitest-bisect minitest-bisect
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "minitest-bisect", "1.6.0"}
#{checksum_for_repo_gem gem_repo4, "path_expander", "1.1.1"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

18
spec/bundler/plugins/source/example_spec.rb
View File

@ -70,6 +70,10 @@ RSpec.describe "real source plugins" do
it "writes to lock file" do it "writes to lock file" do
bundle "install" bundle "install"
checksums = checksums_section_when_existing do |c|
c.no_checksum "a-path-gem", "1.0"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PLUGIN SOURCE PLUGIN SOURCE
remote: #{lib_path("a-path-gem-1.0")} remote: #{lib_path("a-path-gem-1.0")}
@ -86,10 +90,7 @@ RSpec.describe "real source plugins" do
DEPENDENCIES DEPENDENCIES
a-path-gem! a-path-gem!
#{checksums}
CHECKSUMS
a-path-gem (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G
@ -339,6 +340,10 @@ RSpec.describe "real source plugins" do
revision = revision_for(lib_path("ma-gitp-gem-1.0")) revision = revision_for(lib_path("ma-gitp-gem-1.0"))
bundle "install" bundle "install"
checksums = checksums_section_when_existing do |c|
c.no_checksum "ma-gitp-gem", "1.0"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
PLUGIN SOURCE PLUGIN SOURCE
remote: #{file_uri_for(lib_path("ma-gitp-gem-1.0"))} remote: #{file_uri_for(lib_path("ma-gitp-gem-1.0"))}
@ -356,10 +361,7 @@ RSpec.describe "real source plugins" do
DEPENDENCIES DEPENDENCIES
ma-gitp-gem! ma-gitp-gem!
#{checksums}
CHECKSUMS
ma-gitp-gem (1.0)
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G

15
spec/bundler/runtime/platform_spec.rb
View File

@ -73,6 +73,13 @@ RSpec.describe "Bundler.setup with multi platform stuff" do
build_gem "racca", "1.5.2" build_gem "racca", "1.5.2"
end end
checksums = checksums_section do |c|
c.checksum gem_repo4, "mini_portile2", "2.5.0"
c.checksum gem_repo4, "nokogiri", "1.11.1"
c.checksum gem_repo4, "nokogiri", "1.11.1", Bundler.local_platform
c.checksum gem_repo4, "racca", "1.5.2"
end
good_lockfile = <<~L good_lockfile = <<~L
GEM GEM
remote: #{file_uri_for(gem_repo4)}/ remote: #{file_uri_for(gem_repo4)}/
@ -90,13 +97,7 @@ RSpec.describe "Bundler.setup with multi platform stuff" do
DEPENDENCIES DEPENDENCIES
nokogiri (~> 1.11) nokogiri (~> 1.11)
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo4, "mini_portile2", "2.5.0"}
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.11.1"}
#{checksum_for_repo_gem gem_repo4, "nokogiri", "1.11.1", Bundler.local_platform}
#{checksum_for_repo_gem gem_repo4, "racca", "1.5.2"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
L L

8
spec/bundler/runtime/setup_spec.rb
View File

@ -1216,6 +1216,10 @@ end
let(:ruby_version) { nil } let(:ruby_version) { nil }
def lock_with(ruby_version = nil) def lock_with(ruby_version = nil)
checksums = checksums_section do |c|
c.checksum gem_repo1, "rack", "1.0.0"
end
lock = <<~L lock = <<~L
GEM GEM
remote: #{file_uri_for(gem_repo1)}/ remote: #{file_uri_for(gem_repo1)}/
@ -1227,9 +1231,7 @@ end
DEPENDENCIES DEPENDENCIES
rack rack
#{checksums}
CHECKSUMS
#{checksum_for_repo_gem gem_repo1, "rack", "1.0.0"}
L L
if ruby_version if ruby_version

68
spec/bundler/support/checksums.rb
View File

@ -3,46 +3,74 @@
module Spec module Spec
module Checksums module Checksums
class ChecksumsBuilder class ChecksumsBuilder
def initialize(&block) def initialize(enabled = true, &block)
@enabled = enabled
@checksums = {} @checksums = {}
yield self if block_given? yield self if block_given?
end end
def repo_gem(repo, name, version, platform = Gem::Platform::RUBY) def initialize_copy(original)
super
@checksums = @checksums.dup
end
def checksum(repo, name, version, platform = Gem::Platform::RUBY)
name_tuple = Gem::NameTuple.new(name, version, platform) name_tuple = Gem::NameTuple.new(name, version, platform)
gem_file = File.join(repo, "gems", "#{name_tuple.full_name}.gem") gem_file = File.join(repo, "gems", "#{name_tuple.full_name}.gem")
File.open(gem_file, "rb") do |f| File.open(gem_file, "rb") do |f|
@checksums[name_tuple] = Bundler::Checksum.from_gem(f, "#{gem_file} (via ChecksumsBuilder#repo_gem)") register(name_tuple, Bundler::Checksum.from_gem(f, "#{gem_file} (via ChecksumsBuilder#checksum)"))
end end
end end
def no_checksum(name, version, platform = Gem::Platform::RUBY) def no_checksum(name, version, platform = Gem::Platform::RUBY)
name_tuple = Gem::NameTuple.new(name, version, platform) name_tuple = Gem::NameTuple.new(name, version, platform)
@checksums[name_tuple] = nil register(name_tuple, nil)
end end
def to_lock def delete(name, platform = nil)
@checksums.map do |name_tuple, checksum| @checksums.reject! {|k, _| k.name == name && (platform.nil? || k.platform == platform) }
end
def to_s
return "" unless @enabled
locked_checksums = @checksums.map do |name_tuple, checksum|
checksum &&= " #{checksum.to_lock}" checksum &&= " #{checksum.to_lock}"
" #{name_tuple.lock_name}#{checksum}\n" " #{name_tuple.lock_name}#{checksum}\n"
end.sort.join.strip end
"\nCHECKSUMS\n#{locked_checksums.sort.join}"
end
private
def register(name_tuple, checksum)
delete(name_tuple.name, name_tuple.platform)
@checksums[name_tuple] = checksum
end end
end end
def checksum_section(&block) def checksums_section(enabled = true, &block)
ChecksumsBuilder.new(&block).to_lock ChecksumsBuilder.new(enabled, &block)
end end
def checksum_for_repo_gem(*args) def checksums_section_when_existing(&block)
checksum_section do |c| begin
c.repo_gem(*args) enabled = lockfile.match?(/^CHECKSUMS$/)
rescue Errno::ENOENT
enabled = false
end end
checksums_section(enabled, &block)
end end
def gem_no_checksum(*args) def checksum_to_lock(*args)
checksum_section do |c| checksums_section do |c|
c.no_checksum(*args) c.checksum(*args)
end end.to_s.sub(/^CHECKSUMS\n/, "").strip
end
def checksum_digest(*args)
checksum_to_lock(*args).split(Bundler::Checksum::ALGO_SEPARATOR, 2).last
end end
# if prefixes is given, removes all checksums where the line # if prefixes is given, removes all checksums where the line
@ -50,6 +78,7 @@ module Spec
# otherwise, removes all checksums from the lockfile # otherwise, removes all checksums from the lockfile
def remove_checksums_from_lockfile(lockfile, *prefixes) def remove_checksums_from_lockfile(lockfile, *prefixes)
head, remaining = lockfile.split(/^CHECKSUMS$/, 2) head, remaining = lockfile.split(/^CHECKSUMS$/, 2)
return lockfile unless remaining
checksums, tail = remaining.split("\n\n", 2) checksums, tail = remaining.split("\n\n", 2)
prefixes = prefixes =
@ -74,5 +103,12 @@ module Spec
tail tail
) )
end end
def remove_checksums_section_from_lockfile(lockfile)
head, remaining = lockfile.split(/^CHECKSUMS$/, 2)
return lockfile unless remaining
_checksums, tail = remaining.split("\n\n", 2)
head.concat(tail)
end
end end
end end

11
spec/bundler/update/git_spec.rb
View File

@ -309,6 +309,11 @@ RSpec.describe "bundle update" do
bundle "update --source bar" bundle "update --source bar"
checksums = checksums_section_when_existing do |c|
c.no_checksum "foo", "2.0"
c.checksum gem_repo2, "rack", "1.0.0"
end
expect(lockfile).to eq <<~G expect(lockfile).to eq <<~G
GIT GIT
remote: #{@git.path} remote: #{@git.path}
@ -327,11 +332,7 @@ RSpec.describe "bundle update" do
DEPENDENCIES DEPENDENCIES
foo! foo!
rack rack
#{checksums}
CHECKSUMS
foo (2.0)
#{checksum_for_repo_gem gem_repo2, "rack", "1.0.0"}
BUNDLED WITH BUNDLED WITH
#{Bundler::VERSION} #{Bundler::VERSION}
G G