Packaging guidelines - Bundler

Vít Ondruch vondruch at redhat.com
Tue Jan 3 18:18:14 UTC 2012


Dne 3.1.2012 18:40, Michael Stahnke napsal(a):
>
>
> On Tue, Jan 3, 2012 at 7:21 AM, Vít Ondruch <vondruch at redhat.com 
> <mailto:vondruch at redhat.com>> wrote:
>
>     Hi everybody,
>
>     I am wondering if we should mention Bundler in Ruby's packaging
>     guidelines and what should be recommendations? Or should we leave
>     it in gray area of guidelines?
>
>     Thinking about it again and again, I believe that we should
>     discourage usage of Bundler in Fedora. What is your opinion?
>
>
> I really dislike bundler.  However, from the Ruby ecosystem point of 
> view, it's there and it's not going anywhere.  It featured on every 
> rubygem page.  It certainly conflicts with the bundled library 
> viewpoint Fedora has, but without it, many many applications built 
> upon Ruby won't make it into Fedora.  This is especially true since 
> rpm by design cannot have multiple versions of the same package 
> installed; whereas gem can.
>
> So, I hate  bundler, and I don't think we should allow it.  We should 
> however, be aware of how that will hinder Fedora as a ruby development 
> and deployment platform.


My intention was not in a sense of "retire Bundler", definitely not. 
However, I would like  to clarify what is our position and suggestions 
for packagers.

For example, something along the lines:

1) If test suite is designed to run with Bundler, please run "$ sed -i 
-e 's|require "bundler"||' spec/spec_helper.rb" and "$ sed -i -e 
's|Bundler.setup||' spec/spec_helper.rb" to remove the dependency and 
run the test suite without it.

2) If Rails application uses Bundler, remove the dependency by deleting 
the Gemfile and Gemfile.lock and the dependency initialization move into 
some Rails app initializer (not sure if this approach is feasible). 
Gemfile and Gemfile.lock *must not* be included in package.


I can imagine other variants of the second point like:

2a) Provide specific Gemfile.lock for each Fedora version. However this 
is fragile, since update of one gem may break the application.

2b) Delete Gemfile.lock from package and run the application for the 
first time with root privileges.

2c) After first execution, Gemfile.lock is created in some world 
writable directory, probably somewhere in /var. However this would need 
patched version of Bundler.


As you can see, there is a lot of options, neither one ideal. Question 
is which one we should pick?


 From developer's point of view, I believe that Bundler has its 
advantages and I support its usage (may be not for 100% but I see some 
use-cases). The adjustments necessary for Fedora should be done by 
packager. If they are done sensitively and in collaboration with 
upstream, then it is ideal.


Does anybody knows what is Debian's view of Bundler for example?


Vit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/ruby-sig/attachments/20120103/5956b986/attachment.html>


More information about the ruby-sig mailing list