`BUNDLE_FROZEN=1 bundle check` exits 0 when some CHECKSUMS entry is missing

[ybiquitous]

Describe the problem as clearly as you can

BUNDLE_FROZEN=1 bundle check exits with 0 status, even when some CHECKSUMS entry is missing in Gemfile.lock.

Did you try upgrading rubygems & bundler?

Yes, the issue occurs in the latest Bundler 4.0.11.

Post steps to reproduce the problem

Dockerfile:

FROM rubylang/ruby:4.0.4

ARG BUNDLER_VERSION=4.0.11

RUN gem install bundler:${BUNDLER_VERSION} --no-document

RUN useradd --create-home --shell /bin/bash app \
 && mkdir -p /app && chown app:app /app
USER app
WORKDIR /app

RUN cat > Gemfile <<'EOF'
source "https://rubygems.org"
gem "rake", "13.2.1"
EOF

RUN bundle config set --local path 'vendor/bundle' \
 && bundle install \
 && bundle lock --add-checksums

# Drop the rake CHECKSUMS line to simulate a missing entry in Gemfile.lock
RUN sed -i.bak '/rake (13.2.1) sha256=/d' Gemfile.lock

CMD set +e; \
    echo "=== BUNDLE_FROZEN=${BUNDLE_FROZEN} ==="; echo; \
    echo "=== bundle --version ==="; bundle --version; echo; \
    echo "=== bundle check ===";     bundle check; echo "=> exit=$?"; echo; \
    echo "=== bundle install ===";   bundle install; echo "=> exit=$?"

Build and run:

podman build -t bundler-repro .
podman run --rm --env BUNDLE_FROZEN=1 bundler-repro

(Instead of podman, the docker command should also work.)

Output:

=== BUNDLE_FROZEN=1 ===

=== bundle --version ===
4.0.11

=== bundle check ===
The Gemfile's dependencies are satisfied
Cannot write a changed lockfile while frozen.
=> exit=0

=== bundle install ===
Your lockfile is missing a CHECKSUMS entry for "rake", but can't be updated
because frozen mode is set

Run `bundle install` elsewhere and add the updated Gemfile.lock to version
control.
=> exit=16

Please note that => exit=0 with bundle check.

Gemfile.lock diff:

--- Gemfile.lock.bak    2026-05-14 13:33:24.000000000 +0000
+++ Gemfile.lock        2026-05-14 13:41:18.000000000 +0000
@@ -12,7 +12,6 @@

 CHECKSUMS
   bundler (4.0.11) sha256=5bcec0fb78302e48d02ee46f10ee6e6942be647ba5b44a6d1ddfda9a240ce785
-  rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d

 BUNDLED WITH
   4.0.11

Note

The same issue is reproduced against Bundler 2.7.2 with podman build --build-arg BUNDLER_VERSION=2.7.2.

Which command did you run?

BUNDLE_FROZEN=1 bundle check

What were you expecting to happen?

bundle check should exit non-zero in the frozen mode if CHECKSUMS is invalid, like exit=16 with bundle install.

What happened instead?

Like the example above, the command outputs the following and exits 0:

The Gemfile's dependencies are satisfied
Cannot write a changed lockfile while frozen.

If not included with the output of your command, run bundle env and paste the output below

I think the info above is sufficient, but you can get the similar info via:

podman run --rm --env BUNDLE_FROZEN=1 bundler-repro bundle env