core: Allow insecure RubyGems for plugins [GH-3610]

CHANGELOG.md

@@ -67,6 +67,8 @@ BUG FIXES:
 
   - core: Adding a box from a network share on Windows works again. [GH-3279]
   - commands/plugin/install: Specific versions are now locked in.
+  - commands/plugin/install: If insecure RubyGems.org is specified as a
+      source, use that. [GH-3610]
   - commands/rsync-auto: Interrupt exits properly. [GH-3552]
   - commands/rsync-auto: Run properly on Windows. [GH-3547]
   - providers/virtualbox: VirtalBox detection works properly again on

lib/vagrant/bundler.rb

@@ -167,11 +167,15 @@ module Vagrant
     #
     # @return [Tempfile]
     def build_gemfile(plugins)
+      sources = plugins.values.map { |p| p["sources"] }.flatten.compact.uniq
+
       f = File.open(Tempfile.new("vagrant").path + "2", "w+")
       f.tap do |gemfile|
+        if !sources.include?("http://rubygems.org")
           gemfile.puts(%Q[source "https://rubygems.org"])
+        end
+
         gemfile.puts(%Q[source "http://gems.hashicorp.com"])
-        sources = plugins.values.map { |p| p["sources"] }.flatten.compact.uniq
         sources.each do |source|
           next if source == ""
           gemfile.puts(%Q[source "#{source}"])