github
diff --git a/‎lib/bundler/checksum.rb
Lines changed: 21 additions & 11 deletions b/‎lib/bundler/checksum.rb
Lines changed: 21 additions & 11 deletions
diff --git a/‎lib/bundler/compact_index_client/cache.rb
Lines changed: 1 addition & 1 deletion b/‎lib/bundler/compact_index_client/cache.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/bundler/compact_index_client/gem_parser.rb
Lines changed: 0 additions & 32 deletions b/‎lib/bundler/compact_index_client/gem_parser.rb
Lines changed: 0 additions & 32 deletions
diff --git a/‎lib/bundler/compact_index_client/parser.rb
Lines changed: 1 addition & 1 deletion b/‎lib/bundler/compact_index_client/parser.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/bundler/definition.rb
Lines changed: 53 additions & 47 deletions b/‎lib/bundler/definition.rb
Lines changed: 53 additions & 47 deletions
diff --git a/‎lib/bundler/dsl.rb
Lines changed: 2 additions & 3 deletions b/‎lib/bundler/dsl.rb
Lines changed: 2 additions & 3 deletions
diff --git a/‎lib/bundler/lazy_specification.rb
Lines changed: 9 additions & 1 deletion b/‎lib/bundler/lazy_specification.rb
Lines changed: 9 additions & 1 deletion
diff --git a/‎lib/bundler/lockfile_parser.rb
Lines changed: 8 additions & 5 deletions b/‎lib/bundler/lockfile_parser.rb
Lines changed: 8 additions & 5 deletions
@@ -190,7 +190,7 @@ def inspect
       def replace(spec, checksum)
         return unless checksum
 
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         @store_mutex.synchronize do
           existing = fetch_checksum(lock_name, checksum.algo)
           if !existing || existing.same_source?(checksum)
@@ -201,10 +201,12 @@ def replace(spec, checksum)
         end
       end
 
-      def register(spec, checksum)
-        return unless checksum
+      def missing?(spec)
+        @store[spec.lock_name].nil?
+      end
 
-        register_checksum(spec.name_tuple.lock_name, checksum)
+      def register(spec, checksum)
+        register_checksum(spec.lock_name, checksum)
       end
 
       def merge!(other)
@@ -216,9 +218,9 @@ def merge!(other)
       end
 
       def to_lock(spec)
-        lock_name = spec.name_tuple.lock_name
+        lock_name = spec.lock_name
         checksums = @store[lock_name]
-        if checksums
+        if checksums&.any?
           "#{lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}"
         else
           lock_name
@@ -229,11 +231,15 @@ def to_lock(spec)
 
       def register_checksum(lock_name, checksum)
         @store_mutex.synchronize do
-          existing = fetch_checksum(lock_name, checksum.algo)
-          if existing
-            merge_checksum(lock_name, checksum, existing)
+          if checksum
+            existing = fetch_checksum(lock_name, checksum.algo)
+            if existing
+              merge_checksum(lock_name, checksum, existing)
+            else
+              store_checksum(lock_name, checksum)
+            end
           else
-            store_checksum(lock_name, checksum)
+            init_checksum(lock_name)
           end
         end
       end
@@ -243,7 +249,11 @@ def merge_checksum(lock_name, checksum, existing)
       end
 
       def store_checksum(lock_name, checksum)
-        (@store[lock_name] ||= {})[checksum.algo] = checksum
+        init_checksum(lock_name)[checksum.algo] = checksum
+      end
+
+      def init_checksum(lock_name)
+        @store[lock_name] ||= {}
       end
 
       def fetch_checksum(lock_name, algo)
 
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "gem_parser"
+require "rubygems/resolver/api_set/gem_parser"
 
 module Bundler
   class CompactIndexClient
 
@@ -64,7 +64,7 @@ def lines(data)
       end
 
       def gem_parser
-        @gem_parser ||= GemParser.new
+        @gem_parser ||= Gem::Resolver::APISet::GemParser.new
       end
 
       # This is mostly the same as `split(" ", 3)` but it avoids allocating extra objects.
 
@@ -95,6 +95,7 @@ def initialize(lockfile, dependencies, sources, unlock, ruby_version = nil, opti
       @locked_ruby_version = nil
       @new_platforms = []
       @removed_platforms = []
+      @originally_invalid_platforms = []
 
       if lockfile_exists?
         @lockfile_contents = Bundler.read_file(lockfile)
@@ -147,9 +148,8 @@ def initialize(lockfile, dependencies, sources, unlock, ruby_version = nil, opti
 
       @current_platform_missing = add_current_platform unless Bundler.frozen_bundle?
 
-      converge_path_sources_to_gemspec_sources
-      @path_changes = converge_paths
       @source_changes = converge_sources
+      @path_changes = converge_paths
 
       if conservative
         @gems_to_unlock = @explicit_unlocks.any? ? @explicit_unlocks : @dependencies.map(&:name)
@@ -539,12 +539,13 @@ def lockfile_changes_summary(update_refused_reason)
 
       reason = resolve_needed? ? change_reason : "some dependencies were deleted from your gemfile"
 
-      msg = String.new
-      msg << "#{reason.capitalize.strip}, but the lockfile can't be updated because #{update_refused_reason}"
+      msg = String.new("#{reason.capitalize.strip}, but ")
+      msg << "the lockfile " unless msg.start_with?("Your lockfile")
+      msg << "can't be updated because #{update_refused_reason}"
       msg << "\n\nYou have added to the Gemfile:\n" << added.join("\n") if added.any?
       msg << "\n\nYou have deleted from the Gemfile:\n" << deleted.join("\n") if deleted.any?
       msg << "\n\nYou have changed in the Gemfile:\n" << changed.join("\n") if changed.any?
-      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_gemfile_path} to version control.\n" unless unlocking?
+      msg << "\n\nRun `bundle install` elsewhere and add the updated #{SharedHelpers.relative_lockfile_path} to version control.\n" unless unlocking?
       msg
     end
 
@@ -563,6 +564,7 @@ def something_changed?
         @local_changes ||
         @missing_lockfile_dep ||
         @unlocking_bundler ||
+        @locked_spec_with_missing_checksums ||
         @locked_spec_with_missing_deps ||
         @locked_spec_with_invalid_deps
     end
@@ -759,7 +761,11 @@ def start_resolution
         end
       end
 
-      @platforms = result.add_extra_platforms!(platforms) if should_add_extra_platforms?
+      if should_add_extra_platforms?
+        result.add_extra_platforms!(platforms)
+      elsif @originally_invalid_platforms.any?
+        result.add_originally_invalid_platforms!(platforms, @originally_invalid_platforms)
+      end
 
       SpecSet.new(result.for(dependencies, @platforms | [Gem::Platform::RUBY]))
     end
@@ -809,13 +815,14 @@ def change_reason
       [
         [@source_changes, "the list of sources changed"],
         [@dependency_changes, "the dependencies in your gemfile changed"],
-        [@current_platform_missing, "your lockfile does not include the current platform"],
+        [@current_platform_missing, "your lockfile is missing the current platform"],
         [@new_platforms.any?, "you are adding a new platform to your lockfile"],
         [@path_changes, "the gemspecs for path gems changed"],
         [@local_changes, "the gemspecs for git local gems changed"],
-        [@missing_lockfile_dep, "your lock file is missing \"#{@missing_lockfile_dep}\""],
+        [@missing_lockfile_dep, "your lockfile is missing \"#{@missing_lockfile_dep}\""],
         [@unlocking_bundler, "an update to the version of Bundler itself was requested"],
-        [@locked_spec_with_missing_deps, "your lock file includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
+        [@locked_spec_with_missing_checksums, "your lockfile is missing a CHECKSUMS entry for \"#{@locked_spec_with_missing_checksums}\""],
+        [@locked_spec_with_missing_deps, "your lockfile includes \"#{@locked_spec_with_missing_deps}\" but not some of its dependencies"],
         [@locked_spec_with_invalid_deps, "your lockfile does not satisfy dependencies of \"#{@locked_spec_with_invalid_deps}\""],
       ].select(&:first).map(&:last).join(", ")
     end
@@ -832,16 +839,16 @@ def specs_changed?(source)
       !locked || dependencies_for_source_changed?(source, locked) || specs_for_source_changed?(source)
     end
 
-    def dependencies_for_source_changed?(source, locked_source = source)
-      deps_for_source = @dependencies.select {|s| s.source == source }
+    def dependencies_for_source_changed?(source, locked_source)
+      deps_for_source = @dependencies.select {|dep| dep.source == source }
       locked_deps_for_source = locked_dependencies.select {|dep| dep.source == locked_source }
 
       deps_for_source.uniq.sort != locked_deps_for_source.sort
     end
 
     def specs_for_source_changed?(source)
       locked_index = Index.new
-      locked_index.use(@locked_specs.select {|s| source.can_lock?(s) })
+      locked_index.use(@locked_specs.select {|s| s.replace_source_with!(source) })
 
       !locked_index.subset?(source.specs)
     rescue PathError, GitError => e
@@ -873,21 +880,27 @@ def converge_locals
     def check_lockfile
       @locked_spec_with_invalid_deps = nil
       @locked_spec_with_missing_deps = nil
+      @locked_spec_with_missing_checksums = nil
 
-      missing = []
+      missing_deps = []
+      missing_checksums = []
       invalid = []
 
       @locked_specs.each do |s|
+        missing_checksums << s if @locked_checksums && s.source.checksum_store.missing?(s)
+
         validation = @locked_specs.validate_deps(s)
 
-        missing << s if validation == :missing
+        missing_deps << s if validation == :missing
         invalid << s if validation == :invalid
       end
 
-      if missing.any?
-        @locked_specs.delete(missing)
+      @locked_spec_with_missing_checksums = missing_checksums.first.name if missing_checksums.any?
 
-        @locked_spec_with_missing_deps = missing.first.name
+      if missing_deps.any?
+        @locked_specs.delete(missing_deps)
+
+        @locked_spec_with_missing_deps = missing_deps.first.name
       end
 
       if invalid.any?
@@ -903,24 +916,6 @@ def converge_paths
       end
     end
 
-    def converge_path_source_to_gemspec_source(source)
-      return source unless source.instance_of?(Source::Path)
-      gemspec_source = sources.path_sources.find {|s| s.is_a?(Source::Gemspec) && s.as_path_source == source }
-      gemspec_source || source
-    end
-
-    def converge_path_sources_to_gemspec_sources
-      @locked_sources.map! do |source|
-        converge_path_source_to_gemspec_source(source)
-      end
-      @locked_specs.each do |spec|
-        spec.source &&= converge_path_source_to_gemspec_source(spec.source)
-      end
-      @locked_deps.each do |_, dep|
-        dep.source &&= converge_path_source_to_gemspec_source(dep.source)
-      end
-    end
-
     def converge_sources
       # Replace the sources from the Gemfile with the sources from the Gemfile.lock,
       # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent
@@ -963,11 +958,17 @@ def converge_dependencies
         unless name == "bundler"
           locked_specs = @originally_locked_specs[name]
 
-          if locked_specs.any? && !dep.matches_spec?(locked_specs.first)
-            @gems_to_unlock << name
-            dep_changed = true
-          elsif locked_specs.empty? && dep_changed == false
-            @missing_lockfile_dep = name
+          if locked_specs.empty?
+            @missing_lockfile_dep = name if dep_changed == false
+          else
+            if locked_specs.map(&:source).uniq.size > 1
+              @locked_specs.delete(locked_specs.select {|s| s.source != dep.source })
+            end
+
+            unless dep.matches_spec?(locked_specs.first)
+              @gems_to_unlock << name
+              dep_changed = true
+            end
           end
         end
 
@@ -1141,16 +1142,21 @@ def dup_for_full_unlock
     def remove_invalid_platforms!
       return if Bundler.frozen_bundle?
 
-      platforms.reverse_each do |platform|
+      @originally_invalid_platforms = platforms.select do |platform|
         next if local_platform == platform ||
-                @new_platforms.include?(platform) ||
-                @path_changes ||
-                @dependency_changes ||
-                @locked_spec_with_invalid_deps ||
-                !spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
+                @new_platforms.include?(platform)
 
-        remove_platform(platform)
+        # We should probably avoid removing non-ruby platforms, since that means
+        # lockfile will no longer install on those platforms, so a error to give
+        # heads up to the user may be better. However, we have tests expecting
+        # non ruby platform autoremoval to work, so leaving that in place for
+        # now.
+        next if @dependency_changes && platform != Gem::Platform::RUBY
+
+        spec_set_incomplete_for_platform?(@originally_locked_specs, platform)
       end
+
+      @platforms -= @originally_invalid_platforms
     end
 
     def spec_set_incomplete_for_platform?(spec_set, platform)
 
@@ -77,7 +77,7 @@ def gemspec(opts = nil)
 
         @gemspecs << spec
 
-        path path, "glob" => glob, "name" => spec.name do
+        path path, "glob" => glob, "name" => spec.name, "gemspec" => spec do
           add_dependency spec.name
         end
 
@@ -141,8 +141,7 @@ def git_source(name, &block)
     def path(path, options = {}, &blk)
       source_options = normalize_hash(options).merge(
         "path" => Pathname.new(path),
-        "root_path" => gemfile_root,
-        "gemspec" => gemspecs.find {|g| g.name == options["name"] }
+        "root_path" => gemfile_root
       )
 
       source_options["global"] = true unless block_given?
 
@@ -175,6 +175,14 @@ def force_ruby_platform!
       @force_ruby_platform = true
 
+    def replace_source_with!(gemfile_source)
+      return unless gemfile_source.can_lock?(self)
+
+      @source = gemfile_source
+
+      true
+    end
+
     private
 
     def use_exact_resolved_specifications?
@@ -196,7 +204,7 @@ def materialize(query)
 
     # If in frozen mode, we fallback to a non-installable candidate because by
     # doing this we avoid re-resolving and potentially end up changing the
-    # lock file, which is not allowed. In that case, we will give a proper error
+    # lockfile, which is not allowed. In that case, we will give a proper error
     # about the mismatch higher up the stack, right before trying to install the
     # bad gem.
     def choose_compatible(candidates, fallback_to_non_installable: Bundler.frozen_bundle?)
 
@@ -239,7 +239,6 @@ def parse_checksum(line)
       spaces = $1
       return unless spaces.size == 2
       checksums = $6
-      return unless checksums
       name = $2
       version = $3
       platform = $4
@@ -249,10 +248,14 @@ def parse_checksum(line)
       full_name = Gem::NameTuple.new(name, version, platform).full_name
       return unless spec = @specs[full_name]
 
-      checksums.split(",") do |lock_checksum|
-        column = line.index(lock_checksum) + 1
-        checksum = Checksum.from_lock(lock_checksum, "#{@lockfile_path}:#{@pos.line}:#{column}")
-        spec.source.checksum_store.register(spec, checksum)
+      if checksums
+        checksums.split(&
6E24
quot;,") do |lock_checksum|
+          column = line.index(lock_checksum) + 1
+          checksum = Checksum.from_lock(lock_checksum, "#{@lockfile_path}:#{@pos.line}:#{column}")
+          spec.source.checksum_store.register(spec, checksum)
+        end
+      else
+        spec.source.checksum_store.register(spec, nil)
       end
     end