class Bundler::ChecksumMismatchError
def initialize(lock_name, existing, checksum)
def initialize(lock_name, existing, checksum) @lock_name = lock_name @existing = existing @checksum = checksum end
def message
def message <<~MESSAGE Bundler found mismatched checksums. This is a potential security risk. #{@lock_name} #{@existing.to_lock} from #{@existing.sources.join("\n and ")} #{@lock_name} #{@checksum.to_lock} from #{@checksum.sources.join("\n and ")} #{mismatch_resolution_instructions} To ignore checksum security warnings, disable checksum validation with `bundle config set --local disable_checksum_validation true` MESSAGE end
def mismatch_resolution_instructions
def mismatch_resolution_instructions removable, remote = [@existing, @checksum].partition(&:removable?) case removable.size when 0 msg = +"Mismatched checksums each have an authoritative source:\n" msg << " 1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n" msg << " 2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n" msg << "You may need to alter your Gemfile sources to resolve this issue.\n" when 1 msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n" msg << removable.first.removal_instructions when 2 msg = +"To resolve this issue you can either:\n" msg << @checksum.removal_instructions msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n" msg << @existing.removal_instructions end end