Validate checksum via `bundle-checksum lint` (!127219) · Merge requests · GitLab.org / GitLab

Peter Leitzen requested to merge pl-bundler-checksum-lint-validate into master Jul 21, 2023

What does this MR do and why?

This MR enhances the command bundler-checksum lint to also verify gem's checksum which is useful when upgrading gems.

Resolves #419326 (closed).

How to set up and validate locally

# Change checksum of `unf` in `Gemfile.checksum`

$ bundle exec bundler-checksum lint
ERROR: Invalid checksum for gem `unf` (0.1.4 ruby)

Expected: 4999517a531f2a955750f8831941891f6158498ec9b6cb1c81ce89388e63022X
  Actual: 4999517a531f2a955750f8831941891f6158498ec9b6cb1c81ce89388e63022e

Please run `bundle exec bundler-checksum init` to add correct checksums.

# Remove platform-specific entry for `unf` from `Gemfile.checksum`

$ bundle exec bundler-checksum lint
ERROR: Missing checksum for gem `unf` (0.1.4 ruby)

Please run `bundle exec bundler-checksum init` to add correct checksums.

# Downgrade default gem `ipaddr` to `1.2.1` in `Gemfile` and run `bundle`

$ bundle exec bundler-checksum lint
ERROR: Missing checksum for gem `ipaddr` (1.2.1 ruby)

Please run `bundle exec bundler-checksum init` to add correct checksums.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 21, 2023 by Peter Leitzen

Validate checksum via `bundle-checksum lint`

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports