class Bundler::RubyGemsGemInstaller

def validate_bundler_checksum(checksum)
  return true if Bundler.settings[:disable_checksum_validation]
  return true unless checksum
  return true unless source = @package.instance_variable_get(:@gem)
  return true unless source.respond_to?(:with_read_io)
  digest = source.with_read_io do |io|
    digest = SharedHelpers.digest(:SHA256).new
    digest << io.read(16_384) until io.eof?
    io.rewind
    send(checksum_type(checksum), digest)
  end
  unless digest == checksum
    raise SecurityError, <<-MESSAGE
      Bundler cannot continue installing #{spec.name} (#{spec.version}).
      The checksum for the downloaded `#{spec.full_name}.gem` does not match \
      the checksum given by the server. This means the contents of the downloaded \
      gem is different from what was uploaded to the server, and could be a potential security issue.
      To resolve this issue:
      1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`
      2. run `bundle install`
      If you wish to continue installing the downloaded gem, and are certain it does not pose a \
      security issue despite the mismatching checksum, do the following:
      1. run `bundle config set --local disable_checksum_validation true` to turn off checksum verification
      2. run `bundle install`
      (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \
      checksum for the downloaded gem was #{digest.inspect}.)
      MESSAGE
  end
  true
end