[katello-devel] Own gem repo

Justin Sherrill jsherril at redhat.com
Mon Jul 11 15:53:48 UTC 2011 

On 07/11/2011 11:01 AM, Lukas Zapletal wrote:
> On 07/11/2011 04:28 PM, Justin Sherrill wrote:
>> Generally when you do a bundle install the Gemfile.lock file will be
>> updated with all of the newest gems from the repo.
>
> Is this really true? Because on my box:
>
> # bundle install -> no change to the .lock file
>
> # bundle update -> change to the .lock file
>
> The same in the Bundler documentation.
>

So I wasn't able to reproduce the 'bundle install', but I can assure you 
it was an issue a while back.  See internal discussion around march of 
this year and you'll see a lot of issues with 'bundle install'.  I'm 
very certain it was an issue.

I'm still very against moving back to rubygems.org.  The way we have it 
now if a developer adds a gem as a requirement for katello they either 
have to add it to build an rpm for it (for production), or add it to our 
private gem repo (for development).  If one of these does not happen 
then the issue becomes very apparent (which it did for you) and 
hopefullycan be fixed early.

If we rely on rubygems.org the issue would not become apparent right 
away and it may take a few days for QA to hit it (because devs would 
just be blindly running 'bundle install').


Actually I think i remember what the issue is.  User A decides to add a 
new gem foo-1.1.  He adds  'foo' to Gemfile.  and does a bundle 
install.  foo-1.1 gets added to Gemfile.lock.  He then builds an rpm 
appropriately and adds it to the spec file.

User B comes in a week or so later and does a bundle install.   But 
wait! A newer version of foo (1.2) has been added to the rubygems 
repository.  Since user b does not have foo installed at all, it will 
pull the latest (1.2) and update the Gemfile.lock.  Gemfile.lock simply 
dictates what versions rails needs to run, not what will be installed by 
bundler.  User B, not knowing that he had updated anything does his work 
and commits Gemfile.lock without really knowing it and breaks everyone else.

This may seem like a rare situation, but it was happening almost weekly 
prior to us moving to our private repo.


-Justin

More information about the katello-devel mailing list