From 7f4b271a61a11b0254304b78db72fd2c954a4370 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Wed, 13 Dec 2023 11:15:51 -0800 Subject: [PATCH] [rubygems/rubygems] Store Checksum::Store indexed by spec.lock_name https://github.com/rubygems/rubygems/commit/34d6c6c72f --- lib/bundler/checksum.rb | 32 ++++++++++++++++---------------- lib/bundler/errors.rb | 8 ++++---- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/lib/bundler/checksum.rb b/lib/bundler/checksum.rb index abc635bd4dcb2a..633aab5f10e01c 100644 --- a/lib/bundler/checksum.rb +++ b/lib/bundler/checksum.rb @@ -165,8 +165,8 @@ def initialize def initialize_copy(other) @store = {} - other.store.each do |name_tuple, checksums| - store[name_tuple] = checksums.dup + other.store.each do |lock_name, checksums| + store[lock_name] = checksums.dup end end @@ -175,7 +175,7 @@ def inspect end def fetch(spec, algo = DEFAULT_ALGORITHM) - store[spec.name_tuple]&.fetch(algo, nil) + store[spec.name_tuple.lock_name]&.fetch(algo, nil) end # Replace when the new checksum is from the same source. @@ -191,45 +191,45 @@ def fetch(spec, algo = DEFAULT_ALGORITHM) def replace(spec, checksum) return unless checksum - name_tuple = spec.name_tuple - checksums = (store[name_tuple] ||= {}) + lock_name = spec.name_tuple.lock_name + checksums = (store[lock_name] ||= {}) existing = checksums[checksum.algo] # we assume only one source because this is used while building the index if !existing || existing.sources.first == checksum.sources.first checksums[checksum.algo] = checksum else - register_checksum(name_tuple, checksum) + register_checksum(lock_name, checksum) end end def register(spec, checksum) return unless checksum - register_checksum(spec.name_tuple, checksum) + register_checksum(spec.name_tuple.lock_name, checksum) end def merge!(other) - other.store.each do |name_tuple, checksums| + other.store.each do |lock_name, checksums| checksums.each do |_algo, checksum| - register_checksum(name_tuple, checksum) + register_checksum(lock_name, checksum) end end end def to_lock(spec) - name_tuple = spec.name_tuple - if checksums = store[name_tuple] - "#{name_tuple.lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}" + lock_name = spec.name_tuple.lock_name + if checksums = store[lock_name] + "#{lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}" else - name_tuple.lock_name + lock_name end end private - def register_checksum(name_tuple, checksum) + def register_checksum(lock_name, checksum) return unless checksum - checksums = (store[name_tuple] ||= {}) + checksums = (store[lock_name] ||= {}) existing = checksums[checksum.algo] if !existing @@ -237,7 +237,7 @@ def register_checksum(name_tuple, checksum) elsif existing.merge!(checksum) checksum else - raise ChecksumMismatchError.new(name_tuple, existing, checksum) + raise ChecksumMismatchError.new(lock_name, existing, checksum) end end end diff --git a/lib/bundler/errors.rb b/lib/bundler/errors.rb index eec72b16928bc2..b6a11cc7219518 100644 --- a/lib/bundler/errors.rb +++ b/lib/bundler/errors.rb @@ -53,8 +53,8 @@ class GemfileEvalError < GemfileError; end class MarshalError < StandardError; end class ChecksumMismatchError < SecurityError - def initialize(name_tuple, existing, checksum) - @name_tuple = name_tuple + def initialize(lock_name, existing, checksum) + @lock_name = lock_name @existing = existing @checksum = checksum end @@ -62,9 +62,9 @@ def initialize(name_tuple, existing, checksum) def message <<~MESSAGE Bundler found mismatched checksums. This is a potential security risk. - #{@name_tuple.lock_name} #{@existing.to_lock} + #{@lock_name} #{@existing.to_lock} from #{@existing.sources.join("\n and ")} - #{@name_tuple.lock_name} #{@checksum.to_lock} + #{@lock_name} #{@checksum.to_lock} from #{@checksum.sources.join("\n and ")} #{mismatch_resolution_instructions}