Fix bundle lock --add-checksums

Due to a typo in the spec, the issue was not caught initially. If
Bundler does not need to re-resolve, `bundle lock` is a noop so Bundler
does not add checksums.

To fix the issue, we do something similar to what `bundle install` does,
just without actually installation. First set the domain (local or
remote) according to whether a re-resolve is necessary, and then
materialize lazy specifications into real specifications, so that
checksums are actually fetched from each source.

Author: deivid-rodriguez

bundler/lib/bundler/cli/lock.rb

@@ -40,7 +40,7 @@ def run
 
       Bundler.settings.temporary(frozen: false) do
         definition = Bundler.definition(update, file)
-        definition.locked_checksums = true if options["add-checksums"]
+        definition.add_checksums if options["add-checksums"]
 
         Bundler::CLI::Common.configure_gem_version_promoter(definition, options) if options[:update]
 

bundler/lib/bundler/definition.rb

@@ -13,6 +13,7 @@ class << self
 
     attr_reader(
       :dependencies,
+      :locked_checksums,
       :locked_deps,
       :locked_gems,
       :platforms,
@@ -22,8 +23,6 @@ class << self
       :sources
     )
 
-    attr_accessor :locked_checksums
-
     # Given a gemfile and lockfile creates a Bundler definition
     #
     # @param gemfile [Pathname] Path to Gemfile
@@ -182,7 +181,7 @@ def check!
     #
     # @return [Boolean] Whether fetching remote information will be necessary or not
     #
-    def setup_domain!(options)
+    def setup_domain!(options = {})
       prefer_local! if options[:"prefer-local"]
 
       if options[:local] || (no_resolve_needed? && !missing_specs?)
@@ -541,6 +540,14 @@ def unlocking?
 
     attr_writer :source_requirements
 
+    def add_checksums
+      @locked_checksums = true
+
+      setup_domain!
+
+      specs # force materialization to real specifications, so that checksums are fetched
+    end
+
     private
 
     def should_add_extra_platforms?

bundler/spec/commands/lock_spec.rb

@@ -1772,7 +1772,7 @@
     expect(err).not_to include("ERROR REPORT TEMPLATE")
   end
 
-  it "adds checksums to an existing lockfile" do
+  it "adds checksums to an existing lockfile, when re-resolving is necessary" do
     build_repo4 do
       build_gem "nokogiri", "1.14.2"
       build_gem "nokogiri", "1.14.2" do |s|
@@ -1786,6 +1786,8 @@
       gem "nokogiri"
     G
 
+    # lockfile has a typo (nogokiri) in the dependencies section, so Bundler
+    # sees dependencies have changed, and re-resolves
     lockfile <<~L
       GEM
         remote: https://gem.repo4/
@@ -1832,6 +1834,66 @@
     L
   end
 
+  it "adds checksums to an existing lockfile, when no re-resolve is necessary" do
+    build_repo4 do
+      build_gem "nokogiri", "1.14.2"
+      build_gem "nokogiri", "1.14.2" do |s|
+        s.platform = "x86_64-linux"
+      end
+    end
+
+    gemfile <<-G
+      source "https://gem.repo4"
+
+      gem "nokogiri"
+    G
+
+    lockfile <<~L
+      GEM
+        remote: https://gem.repo4/
+        specs:
+          nokogiri (1.14.2)
+          nokogiri (1.14.2-x86_64-linux)
+
+      PLATFORMS
+        ruby
+        x86_64-linux
+
+      DEPENDENCIES
+        nokogiri
+
+      BUNDLED WITH
+         #{Bundler::VERSION}
+    L
+
+    simulate_platform "x86_64-linux" do
+      bundle "lock --add-checksums"
+    end
+
+    checksums = checksums_section do |c|
+      c.checksum gem_repo4, "nokogiri", "1.14.2"
+      c.checksum gem_repo4, "nokogiri", "1.14.2", "x86_64-linux"
+    end
+
+    expect(lockfile).to eq <<~L
+      GEM
+        remote: https://gem.repo4/
+        specs:
+          nokogiri (1.14.2)
+          nokogiri (1.14.2-x86_64-linux)
+
+      PLATFORMS
+        ruby
+        x86_64-linux
+
+      DEPENDENCIES
+        nokogiri
+      #{checksums}
+      BUNDLED WITH
+         #{Bundler::VERSION}
+    L
+  end
+
   it "generates checksums by default if configured to do so" do
     build_repo4 do
       build_gem "nokogiri", "1.14.2"