Exception: Bundler::ChecksumMismatchError

Inherits:
SecurityError show all
Defined in:
lib/bundler/errors.rb

Instance Method Summary collapse

Methods inherited from BundlerError

all_errors, status_code

Constructor Details

#initialize(lock_name, existing, checksum) ⇒ ChecksumMismatchError

Returns a new instance of ChecksumMismatchError.


56
57
58
59
60
# File 'lib/bundler/errors.rb', line 56

def initialize(lock_name, existing, checksum)
  @lock_name = lock_name
  @existing = existing
  @checksum = checksum
end

Instance Method Details

#messageObject


62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/bundler/errors.rb', line 62

def message
  <<~MESSAGE
    Bundler found mismatched checksums. This is a potential security risk.
      #{@lock_name} #{@existing.to_lock}
        from #{@existing.sources.join("\n    and ")}
      #{@lock_name} #{@checksum.to_lock}
        from #{@checksum.sources.join("\n    and ")}

    #{mismatch_resolution_instructions}
    To ignore checksum security warnings, disable checksum validation with
      `bundle config set --local disable_checksum_validation true`
  MESSAGE
end

#mismatch_resolution_instructionsObject


76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/bundler/errors.rb', line 76

def mismatch_resolution_instructions
  removable, remote = [@existing, @checksum].partition(&:removable?)
  case removable.size
  when 0
    msg = +"Mismatched checksums each have an authoritative source:\n"
    msg << "  1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
    msg << "  2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n"
    msg << "You may need to alter your Gemfile sources to resolve this issue.\n"
  when 1
    msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n"
    msg << removable.first.removal_instructions
  when 2
    msg = +"To resolve this issue you can either:\n"
    msg << @checksum.removal_instructions
    msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n"
    msg << @existing.removal_instructions
  end
end