Add latest changes from gitlab-org/gitlab@master

1 files changed, 35 insertions, 1 deletions

diff --git a/doc/development/gemfile.md b/doc/development/gemfile.md
index dd687763356..7d3531afb49 100644
--- a/doc/development/gemfile.md
+++ b/doc/development/gemfile.md
@@ -6,9 +6,43 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Gemfile guidelines
 
-When adding a new entry to `Gemfile` or upgrading an existing dependency pay
+When adding a new entry to `Gemfile`, or upgrading an existing dependency pay
 attention to the following rules.
 
+## Bundler checksum verification
+
+In [GitLab 15.5 and later](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98508), gem
+checksums are checked before installation. This verification is still
+experimental so it is only active for CI.
+
+If the downloaded gem's checksum does not match the checksum record in
+`Gemfile.checksum`, you will see an error saying that Bundler cannot continue
+installing a gem because there is a potential security issue.
+
+You will see this error as well if you updated, or added a new gem without
+updating `Gemfile.checksum`. To fix this error,
+[update the Gemfile.checksum](#updating-the-checksum-file).
+
+You can opt-in to this verification locally by setting the
+`BUNDLER_CHECKSUM_VERIFICATION_OPT_IN` environment variable:
+
+```shell
+export BUNDLER_CHECKSUM_VERIFICATION_OPT_IN=1
+bundle install
+```
+
+### Updating the checksum file
+
+This needs to be done for any new, or updated gems.
+
+1. When updating `Gemfile.lock`, make sure to also update `Gemfile.checksum` with:
+
+   ```shell
+   bundle exec bundler-checksum init
+   ```
+
+1. Check and commit the changes for `Gemfile.checksum`.
+
 ## No gems fetched from Git repositories
 
 We do not allow gems that are fetched from Git repositories. All gems have