diff options
Diffstat (limited to 'vendor/gems/bundler-checksum/lib')
3 files changed, 19 insertions, 8 deletions
diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum.rb index b3d36521f24..083082c0ab1 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum.rb @@ -41,12 +41,18 @@ module Bundler raise "#{@package.inspect} does not have :@gem" unless source raise "#{source.inspect} does not respond to :with_read_io" unless source.respond_to?(:with_read_io) - digest = source.with_read_io do |io| - digest = SharedHelpers.digest(:SHA256).new - digest << io.read(16_384) until io.eof? - io.rewind - send(checksum_type(checksum), digest) - end + digest = + if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.5.0") + gem_checksum.digest + else + source.with_read_io do |io| + digest = SharedHelpers.digest(:SHA256).new + digest << io.read(16_384) until io.eof? + io.rewind + send(checksum_type(checksum), digest) + end + end + unless digest == checksum raise SecurityError, <<-MESSAGE Bundler cannot continue installing #{spec.name} (#{spec.version}). diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb index 1d8db7d78fa..7b4b29acf4f 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/init.rb @@ -11,8 +11,13 @@ module BundlerChecksum::Command checksums = [] + require "bundler/vendored_uri" + args = [nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil] + # gem_remote_fetcher added in https://github.com/rubygems/rubygems/pull/7092/ + args << nil if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.5.0") + compact_index_cache = Bundler::Fetcher::CompactIndex - .new(nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil) + .new(*args) .send(:compact_index_client) .instance_variable_get(:@cache) diff --git a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb index 0f1249dcf71..a515a6d31ea 100644 --- a/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb +++ b/vendor/gems/bundler-checksum/lib/bundler_checksum/command/lint.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require 'set' +require 'set' # rubocop:disable Lint/RedundantRequireStatement -- Ruby 3.1 and earlier needs this. Drop this line after Ruby 3.2+ is only supported. module BundlerChecksum::Command module Lint |