Gemfile.lock questions
Vít Ondruch
vondruch at redhat.com
Thu Apr 19 06:02:45 UTC 2012
Hi Ken,
Dne 19.4.2012 03:43, Ken Dreyer napsal(a):
> I have two more Ruby newbie questions :)
>
> I see a lot of Gems contain a "Gemfile.lock" file. From looking at the
> conventions in Fedora's packages, it's a good idea to not include the
> Gemfile.lock in RPMs. I'm trying to understand how Gemfile.lock
> relates to packaging.
>
> General question: Is Gemfile.lock only intended to be a convenience
> for Ruby Gem developers? I thought Gemfile.lock was only for
> development, but it seems like its contents can also affect an
> application's runtime...?
Regarding the Gemfile.lock, I would suggest you to read [1].
Otherwise, there is not straight forward answer. Rails applications
definitely uses Bundler, which by default reads the Gemfile.lock. For
other applications, it depends. My suggestion is not to hardly depend on
Bundler, i.e. do not use "require 'bundler/setup'" or similar in your
app. You can always run "bundle exec yourapp" instead.
>
> Packaging question: In preparation for packaging up Gitorious, I've
> found that I need to delete some entries from Gemfile.lock in order to
> use alternate Gem versions. Is it always safe to override the version
> numbers in Gemfile.lock like this?
I would suggest to remove Bundler dependency at all. Bundler will always
use/create the Gemfile.lock. If you provide it by yourself and some
component will get updated, the application fail. If you don't provide
it, the application will try to create it but this will (at least should
;) fail, due to limited rights. The version resolution which Bundler
provides is not needed, since the dependencies are determined by RPM
(and occasionally they may differ from original dependencies in
upstream). The only thing you will miss without Bundler is initialized
and restricted environment, e.g. at the start of the application,
Bundler reads the Gemfile.lock and place immediately all the gems into
Ruby's load path and there is not possible to load other gem from your
application in the future.
I hope that somebody from Aeolus will chime in with their experience
with Bundler and how they use it.
Note that there was already some discussion about Bundler and packaging
guidelines [2], but at the end, we did not found sound statement how to
handle it correctly. So if you succeed with Gitorius, your solution
might become standard ;)
Vit
[1]
http://yehudakatz.com/2011/05/30/gem-versioning-and-bundler-doing-it-right/
[2]
http://lists.fedoraproject.org/pipermail/ruby-sig/2012-January/000759.html
More information about the ruby-sig
mailing list