summaryrefslogtreecommitdiff
path: root/lib/rubygems/specification.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/rubygems/specification.rb')
-rw-r--r--lib/rubygems/specification.rb20
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb
index 6f69ee22ce..8af62cced7 100644
--- a/lib/rubygems/specification.rb
+++ b/lib/rubygems/specification.rb
@@ -761,6 +761,8 @@ class Gem::Specification < Gem::BasicSpecification
attr_accessor :specification_version
+ attr_reader :checksum
+
def self._all # :nodoc:
@@all ||= Gem.loaded_specs.values | stubs.map(&:to_spec)
end
@@ -2738,4 +2740,22 @@ class Gem::Specification < Gem::BasicSpecification
def raw_require_paths # :nodoc:
@require_paths
end
+
+ def add_checksum(checksum)
+ @checksum ||= checksum
+ end
+
+ # if we don't get the checksum from the server
+ # calculating the checksum from the file on disk still provides some measure of security
+ # if it changes from install to install, that is cause for concern
+ def to_checksum
+ return Bundler::Checksum.new(name, version, platform, ["sha256-#{checksum}"]) if checksum
+ return Bundler::Checksum.new(name, version, platform) unless File.exist?(cache_file)
+
+ require "rubygems/package"
+ package = Gem::Package.new(cache_file)
+ digest = Bundler::Checksum.digest_from_file_source(package.gem)
+ calculated_checksum = digest.hexdigest!
+ Bundler::Checksum.new(name, version, platform, ["sha256-#{calculated_checksum}"]) if calculated_checksum
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-28 02:14:36 +0000