/ Ruby
/
method

validate_bundler_checksum

ruby latest stable - Class: Bundler::RubyGemsGemInstaller

Method not available on this version

This method is only available on newer versions. The first available version (v2_6_3) is shown here.

validate_bundler_checksum(checksum)
private

No documentation available.

# File lib/bundler/rubygems_gem_installer.rb, line 45
    def validate_bundler_checksum(checksum)
      return true if Bundler.settings[:disable_checksum_validation]
      return true unless checksum
      return true unless source = @package.instance_variable_get(:@gem)
      return true unless source.respond_to?(:with_read_io)
      digest = source.with_read_io do |io|
        digest = SharedHelpers.digest(:SHA256).new
        digest << io.read(16_384) until io.eof?
        io.rewind
        send(checksum_type(checksum), digest)
      end
      unless digest == checksum
        raise SecurityError,           Bundler cannot continue installing #{spec.name} (#{spec.version}).          The checksum for the downloaded `#{spec.full_name}.gem` does not match \          the checksum given by the server. This means the contents of the downloaded \          gem is different from what was uploaded to the server, and could be a potential security issue.          To resolve this issue:          1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`          2. run `bundle install`          If you wish to continue installing the downloaded gem, and are certain it does not pose a \          security issue despite the mismatching checksum, do the following:          1. run `bundle config disable_checksum_validation true` to turn off checksum verification          2. run `bundle install`          (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \          checksum for the downloaded gem was #{digest.inspect}.)
      end
      true
    end