Add sha prefix to checksum format

Thong Kuah · Thong Kuah · commit f9310b59c438 · 2022-11-21T11:49:07.000+13:00
diff --git a/bundler/lib/bundler/checksum.rb b/bundler/lib/bundler/checksum.rb
@@ -5,11 +5,17 @@ class Checksum
     attr_reader :name, :version, :platform
     attr_accessor :checksum
 
+    SHA256 = /\Asha256-[a-z0-9]{64}\z/
+
     def initialize(name, version, platform, checksum = nil)
       @name     = name
       @version  = version
       @platform = platform || Gem::Platform::RUBY
       @checksum = checksum
+
+      if @checksum && @checksum !~ SHA256
+        raise ArgumentError, "invalid checksum (#{@checksum})"
+      end
     end
 
     def match_spec?(spec)
diff --git a/bundler/lib/bundler/lockfile_parser.rb b/bundler/lib/bundler/lockfile_parser.rb
@@ -158,7 +158,7 @@ def parse_source(line)
       (?:#{space}\(([^-]*)                               # Space, followed by version
       (?:-(.*))?\))?                                     # Optional platform
       (!)?                                               # Optional pinned marker
-      (?:#{space}([a-z0-9]*))?                           # Optional checksum
+      (?:#{space}(.*))?                                  # Optional checksum
       $                                                  # Line end
     /xo.freeze
 
diff --git a/bundler/lib/bundler/rubygems_ext.rb b/bundler/lib/bundler/rubygems_ext.rb
@@ -119,7 +119,8 @@ def to_checksum
         File.open(cache_file) do |f|
           digest = Bundler::SharedHelpers.digest(:SHA256).new
           digest << f.read(16_384) until f.eof?
-          digest.hexdigest!
+
+          "sha256-#{digest.hexdigest!}"
         end
       end
 
diff --git a/bundler/spec/support/checksums.rb b/bundler/spec/support/checksums.rb
@@ -28,7 +28,8 @@ def sha256_checksum(file)
         File.open(file) do |f|
           digest = Bundler::SharedHelpers.digest(:SHA256).new
           digest << f.read(16_384) until f.eof?
-          digest.hexdigest!
+
+          "sha256-#{digest.hexdigest!}"
         end
       end
     end
diff --git a/bundler/tool/bundler/dev_gems.rb.lock b/bundler/tool/bundler/dev_gems.rb.lock
@@ -53,23 +53,23 @@ DEPENDENCIES
   webrick (~> 1.6)
 
 CHECKSUMS
-  diff-lcs (1.5.0) 49b934001c8c6aedb37ba19daec5c634da27b318a7a3c654ae979d6ba1929b67
-  hpricot (0.8.6) dfe8f4b3414ba8377d7626030f3aa605caadee9de87cffbeadf8a50359eac8ca
-  mustache (1.1.1) 90891fdd50b53919ca334c8c1031eada1215e78d226d5795e523d6123a2717d0
-  parallel (1.19.2) 54dc19bef898b700b6f51ac1a025b0d310708a5e1c1b127ec35ed4dafb11619d
-  parallel_tests (2.32.0) f1d3470b169e365642ec12d2a8c7fbab2d3cfa14df0574c2c7087ba9b59d7e6e
-  power_assert (2.0.1) 25723bc66bc9a98570e092243c7613c4c736672e0c2496ddb766e5124e25e407
-  rake (13.0.6) 5ce4bf5037b4196c24ac62834d8db1ce175470391026bd9e557d669beeb19097
-  rdiscount (2.2.0.2) ef886926dd97d5b4ff37c80f8ba27a780d951629465303bd53d47a941972599b
-  rdoc (6.2.0) 292ec1e7cc1ac2dc7828bbd66180c53d64800a660105907ea22f93d607d307be
-  ronn (0.7.3) 82df6fd4a3aa91734866710d2811a6387e50a7513fc528ce6c7d95ee7ad7f41e
-  rspec-core (3.11.0) 46317850396fea47e6793dd5a7606c0816aa38f5149f4cd5de308495b89b1085
-  rspec-expectations (3.11.0) a3c0859805bdfd88bef90bf050cbb4a04f01fe9e0ad24e5b77571e1abd823100
-  rspec-mocks (3.11.1) 5537dc069afabcea5cbc199a1432a2772ba3a465f3233f40d04695daba7c6a1f
-  rspec-support (3.11.0) 03284a86b74afbbdeff6c3dc19ac2e0fe650453a96b89f860d459ca3e825d375
-  test-unit (3.5.3) 9c51e9f11f6e65ac6aa7c31e6fa00fe4a7a32a227096bab439cabde746bc0f40
-  uri (0.10.1) 6012e3661ee30c53573b6709158e8b04c194c504ea5b290eccf6f96b7058c4b9
-  webrick (1.7.0) 87e9b8e39947b7925338a5eb55427b11ce1f2b25a3645770ec9f39d8ebdb8cb4
+  diff-lcs (1.5.0) sha256-49b934001c8c6aedb37ba19daec5c634da27b318a7a3c654ae979d6ba1929b67
+  hpricot (0.8.6) sha256-dfe8f4b3414ba8377d7626030f3aa605caadee9de87cffbeadf8a50359eac8ca
+  mustache (1.1.1) sha256-90891fdd50b53919ca334c8c1031eada1215e78d226d5795e523d6123a2717d0
+  parallel (1.19.2) sha256-54dc19bef898b700b6f51ac1a025b0d310708a5e1c1b127ec35ed4dafb11619d
+  parallel_tests (2.32.0) sha256-f1d3470b169e365642ec12d2a8c7fbab2d3cfa14df0574c2c7087ba9b59d7e6e
+  power_assert (2.0.1) sha256-25723bc66bc9a98570e092243c7613c4c736672e0c2496ddb766e5124e25e407
+  rake (13.0.6) sha256-5ce4bf5037b4196c24ac62834d8db1ce175470391026bd9e557d669beeb19097
+  rdiscount (2.2.0.2) sha256-ef886926dd97d5b4ff37c80f8ba27a780d951629465303bd53d47a941972599b
+  rdoc (6.2.0) sha256-292ec1e7cc1ac2dc7828bbd66180c53d64800a660105907ea22f93d607d307be
+  ronn (0.7.3) sha256-82df6fd4a3aa91734866710d2811a6387e50a7513fc528ce6c7d95ee7ad7f41e
+  rspec-core (3.11.0) sha256-46317850396fea47e6793dd5a7606c0816aa38f5149f4cd5de308495b89b1085
+  rspec-expectations (3.11.0) sha256-a3c0859805bdfd88bef90bf050cbb4a04f01fe9e0ad24e5b77571e1abd823100
+  rspec-mocks (3.11.1) sha256-5537dc069afabcea5cbc199a1432a2772ba3a465f3233f40d04695daba7c6a1f
+  rspec-support (3.11.0) sha256-03284a86b74afbbdeff6c3dc19ac2e0fe650453a96b89f860d459ca3e825d375
+  test-unit (3.5.3) sha256-9c51e9f11f6e65ac6aa7c31e6fa00fe4a7a32a227096bab439cabde746bc0f40
+  uri (0.10.1) sha256-6012e3661ee30c53573b6709158e8b04c194c504ea5b290eccf6f96b7058c4b9
+  webrick (1.7.0) sha256-87e9b8e39947b7925338a5eb55427b11ce1f2b25a3645770ec9f39d8ebdb8cb4
 
 BUNDLED WITH
    2.4.0.dev
diff --git a/bundler/tool/bundler/lint_gems.rb.lock b/bundler/tool/bundler/lint_gems.rb.lock
@@ -39,17 +39,17 @@ DEPENDENCIES
   rubocop-performance (~> 1.14)
 
 CHECKSUMS
-  ast (2.4.2) 1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
-  parallel (1.22.1) ebdf1f0c51f182df38522f70ba770214940bef998cdb6e00f36492b29699761f
-  parser (3.1.2.0) eda4d7b49bbfddad3b6ca9cdfb23302eec6cf73c2e808b6d5b0cc9161f7c0e76
-  rainbow (3.1.1) 039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
-  regexp_parser (2.5.0) a076d2d35ab8d11feab5fecf8aa09ec6df68c2429810748cba079f7b021ecde5
-  rexml (3.2.5) a33c3bf95fda7983ec7f05054f3a985af41dbc25a0339843bd2479e93cabb123
-  rubocop (1.30.1) e1fcbed368d823ff8bbda00819f0abf0d522a914dfe62499884fcb6df0ff1d21
-  rubocop-ast (1.18.0) f4fa69a90e9c75145e344c5c4be3f0306a483932c5970a37c27e4a643c2777ac
-  rubocop-performance (1.14.2) 551afc2df245c3d745d69296707e0b0192ea2b593574f7b264404be30f86ccb4
-  ruby-progressbar (1.11.0) cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a
-  unicode-display_width (2.1.0) b6ff8c329fdbfcf67e4e6de642ba3df0f5e1e05935be9a2203333a0875aa5233
+  ast (2.4.2) sha256-1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
+  parallel (1.22.1) sha256-ebdf1f0c51f182df38522f70ba770214940bef998cdb6e00f36492b29699761f
+  parser (3.1.2.0) sha256-eda4d7b49bbfddad3b6ca9cdfb23302eec6cf73c2e808b6d5b0cc9161f7c0e76
+  rainbow (3.1.1) sha256-039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
+  regexp_parser (2.5.0) sha256-a076d2d35ab8d11feab5fecf8aa09ec6df68c2429810748cba079f7b021ecde5
+  rexml (3.2.5) sha256-a33c3bf95fda7983ec7f05054f3a985af41dbc25a0339843bd2479e93cabb123
+  rubocop (1.30.1) sha256-e1fcbed368d823ff8bbda00819f0abf0d522a914dfe62499884fcb6df0ff1d21
+  rubocop-ast (1.18.0) sha256-f4fa69a90e9c75145e344c5c4be3f0306a483932c5970a37c27e4a643c2777ac
+  rubocop-performance (1.14.2) sha256-551afc2df245c3d745d69296707e0b0192ea2b593574f7b264404be30f86ccb4
+  ruby-progressbar (1.11.0) sha256-cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a
+  unicode-display_width (2.1.0) sha256-b6ff8c329fdbfcf67e4e6de642ba3df0f5e1e05935be9a2203333a0875aa5233
 
 BUNDLED WITH
    2.4.0.dev
