Gemfile.lock questions

Vít Ondruch vondruch at
Thu Apr 19 06:02:45 UTC 2012

Hi Ken,

Dne 19.4.2012 03:43, Ken Dreyer napsal(a):
> I have two more Ruby newbie questions :)
> I see a lot of Gems contain a "Gemfile.lock" file. From looking at the
> conventions in Fedora's packages, it's a good idea to not include the
> Gemfile.lock in RPMs. I'm trying to understand how Gemfile.lock
> relates to packaging.
> General question: Is Gemfile.lock only intended to be a convenience
> for Ruby Gem developers? I thought Gemfile.lock was only for
> development, but it seems like its contents can also affect an
> application's runtime...?

Regarding the Gemfile.lock, I would suggest you to read [1].

Otherwise, there is not straight forward answer. Rails applications 
definitely uses Bundler, which by default reads the Gemfile.lock. For 
other applications, it depends. My suggestion is not to hardly depend on 
Bundler, i.e. do not use "require 'bundler/setup'" or similar in your 
app. You can always run "bundle exec yourapp" instead.

> Packaging question: In preparation for packaging up Gitorious, I've
> found that I need to delete some entries from Gemfile.lock in order to
> use alternate Gem versions. Is it always safe to override the version
> numbers in Gemfile.lock like this?

I would suggest to remove Bundler dependency at all. Bundler will always 
use/create the Gemfile.lock. If you provide it by yourself and some 
component will get updated, the application fail. If you don't provide 
it, the application will try to create it but this will (at least should 
;) fail, due to limited rights. The version resolution which Bundler 
provides is not needed, since the dependencies are determined by RPM 
(and occasionally they may differ from original dependencies in 
upstream). The only thing you will miss without Bundler is initialized 
and restricted environment, e.g. at the start of the application, 
Bundler reads the Gemfile.lock and place immediately all the gems into 
Ruby's load path and there is not possible to load other gem from your 
application in the future.

I hope that somebody from Aeolus will chime in with their experience 
with Bundler and how they use it.

Note that there was already some discussion about Bundler and packaging 
guidelines [2], but at the end, we did not found sound statement how to 
handle it correctly. So if you succeed with Gitorius, your solution 
might become standard ;)



More information about the ruby-sig mailing list