diff options
| author | Samuel Giddins <segiddins@segiddins.me> | 2023-08-09 13:45:56 -0700 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-10-23 13:59:01 +0900 |
| commit | c5fd94073ff2e22b6eea29c242c7e4a12ed7c865 (patch) | |
| tree | 327479235e44b16b1dd927b3d6b8b53b36bdc8c8 /lib/rubygems | |
| parent | 69d7e9a12eb6e3dbfa1b1021b73c2afcbf7d4a46 (diff) | |
| download | ruby-c5fd94073ff2e22b6eea29c242c7e4a12ed7c865.tar.gz | |
[rubygems/rubygems] Refactor to checksums stored via source
This gets the specs passing, and handles the fact that we expect
checkums to be pinned only to a particular source
This also avoids reading in .gem files during lockfile generation,
instead allowing us to query the source for each resolved gem to grab
the checksum
Finally, this opens up a route to having user-stored checksum databases,
similar to how other package managers do this!
Add checksums to dev lockfiles
Handle full name conflicts from different original_platforms when adding checksums to store from compact index
Specs passing on Bundler 3
https://github.com/rubygems/rubygems/commit/86c7084e1c
Diffstat (limited to 'lib/rubygems')
| -rw-r--r-- | lib/rubygems/specification.rb | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index 8af62cced7..6f69ee22ce 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -761,8 +761,6 @@ class Gem::Specification < Gem::BasicSpecification attr_accessor :specification_version - attr_reader :checksum - def self._all # :nodoc: @@all ||= Gem.loaded_specs.values | stubs.map(&:to_spec) end @@ -2740,22 +2738,4 @@ class Gem::Specification < Gem::BasicSpecification def raw_require_paths # :nodoc: @require_paths end - - def add_checksum(checksum) - @checksum ||= checksum - end - - # if we don't get the checksum from the server - # calculating the checksum from the file on disk still provides some measure of security - # if it changes from install to install, that is cause for concern - def to_checksum - return Bundler::Checksum.new(name, version, platform, ["sha256-#{checksum}"]) if checksum - return Bundler::Checksum.new(name, version, platform) unless File.exist?(cache_file) - - require "rubygems/package" - package = Gem::Package.new(cache_file) - digest = Bundler::Checksum.digest_from_file_source(package.gem) - calculated_checksum = digest.hexdigest! - Bundler::Checksum.new(name, version, platform, ["sha256-#{calculated_checksum}"]) if calculated_checksum - end end |