diff options
author | Samuel Giddins <segiddins@segiddins.me> | 2016-08-10 12:41:05 -0500 |
---|---|---|
committer | Samuel Giddins <segiddins@segiddins.me> | 2016-08-22 11:57:30 -0500 |
commit | 3cdccbfce68cf6b947e6c6cf6521eb2957bfc82e (patch) | |
tree | dca6f2656102b88b0b59bd4cfc42ed7a85dc5bd1 | |
parent | df5ad43ee9ca5ee0647f962a948f281057785174 (diff) | |
download | bundler-3cdccbfce68cf6b947e6c6cf6521eb2957bfc82e.tar.gz |
Allow disabling checksum validation
-rw-r--r-- | lib/bundler/rubygems_gem_installer.rb | 1 | ||||
-rw-r--r-- | lib/bundler/settings.rb | 1 | ||||
-rw-r--r-- | spec/install/gems/compact_index_spec.rb | 11 |
3 files changed, 12 insertions, 1 deletions
diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb index cccd28e294..c0088e9091 100644 --- a/lib/bundler/rubygems_gem_installer.rb +++ b/lib/bundler/rubygems_gem_installer.rb @@ -20,6 +20,7 @@ module Bundler private def validate_bundler_checksum(checksum) + return true if Bundler.settings[:disable_checksum_validation] return true unless checksum return true unless source = @package.instance_variable_get(:@gem) return true unless source.respond_to?(:with_read_io) diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb index 365d20adda..c5fd46d440 100644 --- a/lib/bundler/settings.rb +++ b/lib/bundler/settings.rb @@ -6,6 +6,7 @@ module Bundler BOOL_KEYS = %w( allow_offline_install cache_all + disable_checksum_validation disable_exec_load disable_local_branch_check disable_shared_gems diff --git a/spec/install/gems/compact_index_spec.rb b/spec/install/gems/compact_index_spec.rb index 74d0987f77..ba438e5f06 100644 --- a/spec/install/gems/compact_index_spec.rb +++ b/spec/install/gems/compact_index_spec.rb @@ -702,11 +702,20 @@ The checksum of /versions does not match the checksum provided by the server! So source "#{source_uri}" gem "rack" G + expect(exitstatus).to eq(19) if exitstatus expect(out). to include("The checksum for the downloaded `rack-1.0.0.gem` did not match the checksum given by the API."). and include("This means that the contents of the gem appear to be different from what was uploaded, and could be an indicator of a security issue."). - and match(/\(The expected SHA256 checksum was "checksum!", but the checksum for the downloaded gem was "[\w\\+=]+"\.\)/). + and match(/\(The expected SHA256 checksum was "checksum!", but the checksum for the downloaded gem was ".+?"\.\)/). and include("Bundler cannot continue installing rack (1.0.0).") end + + it "does not raise when disable_checksum_validation is set" do + bundle! "config disable_checksum_validation true" + install_gemfile! <<-G, :artifice => "compact_index_wrong_gem_checksum" + source "#{source_uri}" + gem "rack" + G + end end end |