diff options
| author | hiren mistry <hiren.mistry@chai-monsters.com> | 2016-10-24 09:52:20 -0700 |
|---|---|---|
| committer | hiren mistry <hiren.mistry@chai-monsters.com> | 2016-11-17 11:32:32 -0800 |
| commit | 3fe56839d85b3f706858cc4697303b7118178ac6 (patch) | |
| tree | 1f3880df77730e5e7cf1606d5f7ef795f497ccbb | |
| parent | 4b254177b709cee2c485ee60216ba4c442441dd7 (diff) | |
| download | bundler-3fe56839d85b3f706858cc4697303b7118178ac6.tar.gz | |
Converted message strings into HEREDOC for better readability.
| -rw-r--r-- | lib/bundler/rubygems_gem_installer.rb | 32 | ||||
| -rw-r--r-- | spec/install/gems/compact_index_spec.rb | 2 |
2 files changed, 19 insertions, 15 deletions
diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb index caa671d163..6ef6b3606b 100644 --- a/lib/bundler/rubygems_gem_installer.rb +++ b/lib/bundler/rubygems_gem_installer.rb @@ -31,20 +31,24 @@ module Bundler send(checksum_type(checksum), digest) end unless digest == checksum - raise SecurityError, - "Bundler cannot continue installing #{spec.name} (#{spec.version}).\n" \ - "The checksum for the downloaded `#{spec.full_name}.gem` does not match " \ - "the checksum given by the server. This means the contents of the downloaded " \ - "gem is different from what was uploaded to the server, and could be a potential security issue.\n\n" \ - "To resolve this issue:\n" \ - "1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`\n" \ - "2. run `bundle install`\n\n" \ - "If you wish to continue installing the downloaded gem, and are certain it does not pose a " \ - "security issue despite the mismatching checksum, do the following:\n" \ - "1. run `bundle config disable.checksum_validaiton true` to turn off checksum verification\n" \ - "2. run `bundle install`\n\n" \ - "(More info: The expected SHA256 checksum was #{checksum.inspect}, but the " \ - "checksum for the downloaded gem was #{digest.inspect}.)\n" \ + raise SecurityError, <<-MESSAGE + Bundler cannot continue installing #{spec.name} (#{spec.version}). + The checksum for the downloaded `#{spec.full_name}.gem` does not match \ + the checksum given by the server. This means the contents of the downloaded \ + gem is different from what was uploaded to the server, and could be a potential security issue. + + To resolve this issue: + 1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem` + 2. run `bundle install` + + If you wish to continue installing the downloaded gem, and are certain it does not pose a \ + security issue despite the mismatching checksum, do the following: + 1. run `bundle config disable.checksum_validaiton true` to turn off checksum verification + 2. run `bundle install` + + (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \ + checksum for the downloaded gem was #{digest.inspect}.) + MESSAGE end true end diff --git a/spec/install/gems/compact_index_spec.rb b/spec/install/gems/compact_index_spec.rb index e0138cdf46..3c5fc54cf6 100644 --- a/spec/install/gems/compact_index_spec.rb +++ b/spec/install/gems/compact_index_spec.rb @@ -716,7 +716,7 @@ The checksum of /versions does not match the checksum provided by the server! So expect(exitstatus).to eq(19) if exitstatus expect(out). - to include("Bundler cannot continue installing rack (1.0.0).\n"). + to include("Bundler cannot continue installing rack (1.0.0)."). and include("The checksum for the downloaded `rack-1.0.0.gem` does not match the checksum given by the server."). and include("This means the contents of the downloaded gem is different from what was uploaded to the server, and could be a potential security issue."). and include("To resolve this issue:"). |