diff options
author | hiren mistry <hiren.mistry@chai-monsters.com> | 2016-10-24 09:52:20 -0700 |
---|---|---|
committer | hiren mistry <hiren.mistry@chai-monsters.com> | 2016-11-17 11:32:32 -0800 |
commit | 3fe56839d85b3f706858cc4697303b7118178ac6 (patch) | |
tree | 1f3880df77730e5e7cf1606d5f7ef795f497ccbb /lib/bundler/rubygems_gem_installer.rb | |
parent | 4b254177b709cee2c485ee60216ba4c442441dd7 (diff) | |
download | bundler-3fe56839d85b3f706858cc4697303b7118178ac6.tar.gz |
Converted message strings into HEREDOC for better readability.
Diffstat (limited to 'lib/bundler/rubygems_gem_installer.rb')
-rw-r--r-- | lib/bundler/rubygems_gem_installer.rb | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb index caa671d163..6ef6b3606b 100644 --- a/lib/bundler/rubygems_gem_installer.rb +++ b/lib/bundler/rubygems_gem_installer.rb @@ -31,20 +31,24 @@ module Bundler send(checksum_type(checksum), digest) end unless digest == checksum - raise SecurityError, - "Bundler cannot continue installing #{spec.name} (#{spec.version}).\n" \ - "The checksum for the downloaded `#{spec.full_name}.gem` does not match " \ - "the checksum given by the server. This means the contents of the downloaded " \ - "gem is different from what was uploaded to the server, and could be a potential security issue.\n\n" \ - "To resolve this issue:\n" \ - "1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`\n" \ - "2. run `bundle install`\n\n" \ - "If you wish to continue installing the downloaded gem, and are certain it does not pose a " \ - "security issue despite the mismatching checksum, do the following:\n" \ - "1. run `bundle config disable.checksum_validaiton true` to turn off checksum verification\n" \ - "2. run `bundle install`\n\n" \ - "(More info: The expected SHA256 checksum was #{checksum.inspect}, but the " \ - "checksum for the downloaded gem was #{digest.inspect}.)\n" \ + raise SecurityError, <<-MESSAGE + Bundler cannot continue installing #{spec.name} (#{spec.version}). + The checksum for the downloaded `#{spec.full_name}.gem` does not match \ + the checksum given by the server. This means the contents of the downloaded \ + gem is different from what was uploaded to the server, and could be a potential security issue. + + To resolve this issue: + 1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem` + 2. run `bundle install` + + If you wish to continue installing the downloaded gem, and are certain it does not pose a \ + security issue despite the mismatching checksum, do the following: + 1. run `bundle config disable.checksum_validaiton true` to turn off checksum verification + 2. run `bundle install` + + (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \ + checksum for the downloaded gem was #{digest.inspect}.) + MESSAGE end true end |