From d4e51dd7d74c534b969415a65a23f7d6ad1dde6c Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Thu, 23 Apr 2026 20:35:19 +0900
Subject: [PATCH 1/3] Skip bundler self-checksum for unreleased bundlers

Using `Bundler.gem_version.end_with?(".dev")` only skips the own
checksum on master, but patch releases run from a source checkout
(e.g., bumping bundler/lib/bundler/version.rb to 4.0.11 on a release
branch) still record the checksum, which is environment dependent on
the local gem cache and causes frozen-lock drift on CI.

Generalize the guard with `released_bundler?`, which returns false for
any prerelease version and for bundlers loaded outside of an installed
gem location (`/specifications/`), so dev workflows don't record
self-checksums while released installs still do.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 bundler/lib/bundler/lockfile_generator.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bundler/lib/bundler/lockfile_generator.rb b/bundler/lib/bundler/lockfile_generator.rb
index b56ae2e2b104..a877798ed92a 100644
--- a/bundler/lib/bundler/lockfile_generator.rb
+++ b/bundler/lib/bundler/lockfile_generator.rb
@@ -103,7 +103,7 @@ def add_section(name, value)
     end
 
     def bundler_checksum
-      return [] if Bundler.gem_version.to_s.end_with?(".dev")
+      return [] unless released_bundler?
 
       bundler_spec = definition.sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
       return [] unless File.exist?(bundler_spec.cache_file)
@@ -115,5 +115,11 @@ def bundler_checksum
 
       [definition.sources.metadata_source.checksum_store.to_lock(bundler_spec)]
     end
+
+    def released_bundler?
+      return false if Bundler.gem_version.prerelease?
+      # Released gem specs live under .../specifications/; source checkouts don't.
+      Gem.loaded_specs["bundler"]&.loaded_from.to_s.include?("/specifications/")
+    end
   end
 end

From 35d2ecd257152f71488fb0a811e9341249f4ad33 Mon Sep 17 00:00:00 2001
From: Edouard CHIN <chin.edouard@gmail.com>
Date: Fri, 24 Apr 2026 23:48:23 +0900
Subject: [PATCH 2/3] Revert "Skip bundler self-checksum for unreleased
 bundlers"

This reverts commit d4e51dd7d74c534b969415a65a23f7d6ad1dde6c.
---
 bundler/lib/bundler/lockfile_generator.rb | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/bundler/lib/bundler/lockfile_generator.rb b/bundler/lib/bundler/lockfile_generator.rb
index a877798ed92a..b56ae2e2b104 100644
--- a/bundler/lib/bundler/lockfile_generator.rb
+++ b/bundler/lib/bundler/lockfile_generator.rb
@@ -103,7 +103,7 @@ def add_section(name, value)
     end
 
     def bundler_checksum
-      return [] unless released_bundler?
+      return [] if Bundler.gem_version.to_s.end_with?(".dev")
 
       bundler_spec = definition.sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
       return [] unless File.exist?(bundler_spec.cache_file)
@@ -115,11 +115,5 @@ def bundler_checksum
 
       [definition.sources.metadata_source.checksum_store.to_lock(bundler_spec)]
     end
-
-    def released_bundler?
-      return false if Bundler.gem_version.prerelease?
-      # Released gem specs live under .../specifications/; source checkouts don't.
-      Gem.loaded_specs["bundler"]&.loaded_from.to_s.include?("/specifications/")
-    end
   end
 end

From 0dec7e27a124bd0e8461028366a981093328af5e Mon Sep 17 00:00:00 2001
From: Edouard CHIN <chin.edouard@gmail.com>
Date: Fri, 24 Apr 2026 23:55:40 +0900
Subject: [PATCH 3/3] Skip bundler checksum when running
 version:update_locked_bundler:

- Our development lockfile should not include the checksum of bundler
  itself. No matter if we are doing a release.
  The problem being that including a checksum in our development
  lockfile create issues as some rake tasks don't run the same way on
  CI.

  For example, some rake tasks, build bundler.gem and some other
  don't. I explained in more details the issue here 2c40b8d563f20d7cafdaefc6a60fb08566159cf2

  This commit here is motivated by the fact that when the release
  manager runs `version:update_locked_bundler`, if a
  `bundler-<VERSION>.gem` exists on its system (e.g it previously ran
  `rake bundler:install`), then the lockfile will include a checksum
  entry.
---
 Rakefile                                  | 1 +
 bundler/lib/bundler/lockfile_generator.rb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Rakefile b/Rakefile
index 2cb3b9583b2f..7f1b894c9a6a 100644
--- a/Rakefile
+++ b/Rakefile
@@ -32,6 +32,7 @@ namespace :version do
   task :update_locked_bundler do |_, _args|
     stdout = Spec::Rubygems.dev_bundle "--version"
     version = stdout.split(" ").last
+    ENV["SKIP_BUNDLER_CHECKSUM"] = "1"
 
     Dir.glob("{tool/bundler/*_gems.rb,spec/realworld/fixtures/*/Gemfile}").each do |file|
       Spec::Rubygems.dev_bundle("lock", "--update", "--bundler", version, gemfile: file)
diff --git a/bundler/lib/bundler/lockfile_generator.rb b/bundler/lib/bundler/lockfile_generator.rb
index b56ae2e2b104..2a3ad2248058 100644
--- a/bundler/lib/bundler/lockfile_generator.rb
+++ b/bundler/lib/bundler/lockfile_generator.rb
@@ -103,7 +103,7 @@ def add_section(name, value)
     end
 
     def bundler_checksum
-      return [] if Bundler.gem_version.to_s.end_with?(".dev")
+      return [] if Bundler.gem_version.to_s.end_with?(".dev") || ENV["SKIP_BUNDLER_CHECKSUM"]
 
       bundler_spec = definition.sources.metadata_source.specs.search(["bundler", Bundler.gem_version]).last
       return [] unless File.exist?(bundler_spec.cache_file)