Extend bundler-checksum lint to check correctness of checksum
In #414374 (closed), we created lint
to check for existence
of a checksum for a gem
This creates a false success when a gem is updated.
Proposal
Extend lint
to also compare the stored checksum in Gemfile.checksum
with the checksum we have for the .gem
file that is stored in bundler cache
Implementation Guide
To get the checksum of the cached gem
file, could be something like:
definition = Bundler.definition
definition.validate_runtime!
definition.resolve_only_locally!
specs = definition.specs
specs.each do |spec|
next unless spec.source.is_a?(Bundler::Source::Rubygems)
cache_file_checksum = calculate_sha256(spec.cache_file) # there are helpers in bundler to do so.
end
Edited by Peter Leitzen