From 44a4f88159127e8d49bd3dfddcaa32233f57dd85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <2887858+deivid-rodriguez@users.noreply.github.com> Date: Tue, 9 Sep 2025 19:20:53 +0200 Subject: [PATCH] [rubygems/rubygems] Switch `lockfile_checksums` to be true by default https://github.com/rubygems/rubygems/commit/47c3dc19ee Co-authored-by: Jonathan Barquero --- lib/bundler/definition.rb | 2 +- lib/bundler/feature_flag.rb | 1 - lib/bundler/man/bundle-config.1 | 2 +- lib/bundler/man/bundle-config.1.ronn | 2 +- lib/bundler/settings.rb | 1 + spec/bundler/commands/lock_spec.rb | 41 ++++++++++++++++++++++++++-- spec/bundler/support/checksums.rb | 2 +- 7 files changed, 43 insertions(+), 8 deletions(-) diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index 32dd13399e..49627cc562 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -136,7 +136,7 @@ module Bundler @locked_sources = [] @originally_locked_specs = @locked_specs @originally_locked_sources = @locked_sources - @locked_checksums = Bundler.feature_flag.lockfile_checksums? + @locked_checksums = Bundler.settings[:lockfile_checksums] end @unlocking_ruby ||= if @ruby_version && locked_ruby_version_object diff --git a/lib/bundler/feature_flag.rb b/lib/bundler/feature_flag.rb index 73e6ddcc68..09a0ae593d 100644 --- a/lib/bundler/feature_flag.rb +++ b/lib/bundler/feature_flag.rb @@ -29,7 +29,6 @@ module Bundler settings_flag(:cache_all) { bundler_4_mode? } settings_flag(:global_gem_cache) { bundler_5_mode? } - settings_flag(:lockfile_checksums) { bundler_4_mode? } settings_flag(:plugins) { @bundler_version >= Gem::Version.new("1.14") } settings_flag(:update_requires_all_flag) { bundler_5_mode? } diff --git a/lib/bundler/man/bundle-config.1 b/lib/bundler/man/bundle-config.1 index b7276daa89..29e830a3b0 100644 --- a/lib/bundler/man/bundle-config.1 +++ b/lib/bundler/man/bundle-config.1 @@ -146,7 +146,7 @@ Generate a \fBgems\.rb\fR instead of a \fBGemfile\fR when running \fBbundle init The number of gems Bundler can install in parallel\. Defaults to the number of available processors\. .TP \fBlockfile_checksums\fR (\fBBUNDLE_LOCKFILE_CHECKSUMS\fR) -Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources\. +Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources\. Defaults to true\. .TP \fBno_install\fR (\fBBUNDLE_NO_INSTALL\fR) Whether \fBbundle package\fR should skip installing gems\. diff --git a/lib/bundler/man/bundle-config.1.ronn b/lib/bundler/man/bundle-config.1.ronn index 18260c6c93..62fce8fa91 100644 --- a/lib/bundler/man/bundle-config.1.ronn +++ b/lib/bundler/man/bundle-config.1.ronn @@ -190,7 +190,7 @@ learn more about their operation in [bundle install(1)](bundle-install.1.html). The number of gems Bundler can install in parallel. Defaults to the number of available processors. * `lockfile_checksums` (`BUNDLE_LOCKFILE_CHECKSUMS`): - Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources. + Whether Bundler should include a checksums section in new lockfiles, to protect from compromised gem sources. Defaults to true. * `no_install` (`BUNDLE_NO_INSTALL`): Whether `bundle package` should skip installing gems. * `no_prune` (`BUNDLE_NO_PRUNE`): diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb index ecc3ee8080..bfd6869082 100644 --- a/lib/bundler/settings.rb +++ b/lib/bundler/settings.rb @@ -81,6 +81,7 @@ module Bundler "BUNDLE_RETRY" => 3, "BUNDLE_TIMEOUT" => 10, "BUNDLE_VERSION" => "lockfile", + "BUNDLE_LOCKFILE_CHECKSUMS" => true, }.freeze def initialize(root = nil) diff --git a/spec/bundler/commands/lock_spec.rb b/spec/bundler/commands/lock_spec.rb index 5a31d1733a..a7460ed695 100644 --- a/spec/bundler/commands/lock_spec.rb +++ b/spec/bundler/commands/lock_spec.rb @@ -2097,7 +2097,7 @@ RSpec.describe "bundle lock" do L end - it "generates checksums by default if configured to do so" do + it "generates checksums by default" do build_repo4 do build_gem "nokogiri", "1.14.2" build_gem "nokogiri", "1.14.2" do |s| @@ -2105,8 +2105,6 @@ RSpec.describe "bundle lock" do end end - bundle "config lockfile_checksums true" - simulate_platform "x86_64-linux" do install_gemfile <<-G source "https://gem.repo4" @@ -2139,6 +2137,43 @@ RSpec.describe "bundle lock" do L end + it "disables checksums if configured to do so" do + build_repo4 do + build_gem "nokogiri", "1.14.2" + build_gem "nokogiri", "1.14.2" do |s| + s.platform = "x86_64-linux" + end + end + + bundle "config lockfile_checksums false" + + simulate_platform "x86_64-linux" do + install_gemfile <<-G + source "https://gem.repo4" + + gem "nokogiri" + G + end + + expect(lockfile).to eq <<~L + GEM + remote: https://gem.repo4/ + specs: + nokogiri (1.14.2) + nokogiri (1.14.2-x86_64-linux) + + PLATFORMS + ruby + x86_64-linux + + DEPENDENCIES + nokogiri + + BUNDLED WITH + #{Bundler::VERSION} + L + end + context "when re-resolving to include prereleases" do before do build_repo4 do diff --git a/spec/bundler/support/checksums.rb b/spec/bundler/support/checksums.rb index 8e0dea4a71..cf8ea417d6 100644 --- a/spec/bundler/support/checksums.rb +++ b/spec/bundler/support/checksums.rb @@ -58,7 +58,7 @@ module Spec begin enabled = (target_lockfile || lockfile).match?(/^CHECKSUMS$/) rescue Errno::ENOENT - enabled = Bundler.feature_flag.bundler_4_mode? + enabled = true end checksums_section(enabled, &block) end