why is gem still outdated after bundle update - ruby

I am working on a gem and it's on github.
When I include the gem in an application, do a capistrano deploy, and (on the server) run:
bundle outdated
I see:
* authengine (0.0.1 d8baa49 > 0.0.1 de43dfa)
which tells me that a more recent commit is available. Why doesn't the bundle update (part of capistrano deploy) pull the more recent version? There is no version constraint in the Gemfile of the host application, and anyway they have the same version number, just different commits.
Even if I log into the server and run
bundle update authengine
I get the same "outdated" result afterwards.
What am I missing here?

One thing I've found that can cause this is if other gems in the bundle make requirements on gems by version that are incompatible. Bundler tries to reconcile these by selecting versions of gems such that their requirements can all be satisfied. The result is that it quietly refuses to update gems.
The way to check this is to set an explicit version requirement in your Gemfile. Something like
gem "authengine", "> 0.0.2" #(you'll need to bump the version to make this work)
#or
gem "authengine", :ref => "d8baa49"
Then run
bundle update authengine
You should see something like (this is taken from my particular case):
Bundler could not find compatible versions for gem "json": In
Gemfile:
chef (> 10.8) ruby depends on
json (<= 1.6.1, >= 1.4.4) ruby
logical-construct (>= 0) ruby depends on
json (1.7.5)
So, in my case it's a problem with explicitly requiring a newer version of json.

The author, André Arko, stated in 2014 that:
The Bundler resolver is definitely a work in progress, and we adjust
the tradeoffs between specific versions and resolving quickly based on
user feedback.
Bundler has consistently not provided the newest possible version of
every gem for the entirety of its existence, and it does result in a
lot of tickets being opened. In most cases, it turns out to be the
result of Bundler having to pick between the newest version of one gem
or a different gem, and Bundler picks the gem the user doesn’t care
about having the newest version of. That’s why it’s so important to
make your Gemfile version requirements accurately reflect your actual
requirements.
I recognize that your assumption that Bundler would give you the
newest possible version seemed valid at the time, but the docs only
say that you will get a version that meets your requirements, not the
latest. Is there anywhere we could expand the docs to make it clearer
that the newest versions of everything simply isn’t feasible?

What is the output returned when you run bundle update authengine? Does it actually say it updated the gem? Or does it ignore the gem?
You can try using the --source parameter to specifically tell Bundler to use the git repository. That, or your
bundle update authengine --source https://github.com/mustardseeddatabase/authengine.git
Also, when unexpected things like this happen, I like to clean up my gemlist in general. It could be that you still have older versions of the gem laying around, not using in bundler.
So you could do:
gem list
gem check
gem cleanup
Or do a complete reinstall
gem uninstall authengine
bundle install

Related

Bundler could not find compatible versions for gem "sysrandom"

After installing PentestBox for installing penetration testing tools on windows 10 It was working great but some of the tools was outdated like metasploit, so I tried updating all using PentestBox Update Manager, but after finishing the update msfconsole keeps giving me this error
Bundler could not find compatible versions for gem "sysrandom":
In Gemfile:
metasploit-framework x86-mingw32 was resolved to 5.0.0, which depends on sysrandom x86-mingw32
Could not find gem 'sysrandom', which is required by gem 'metasploit-framework', in any of the sources.
and i literally suck in ruby language on general so what should i do ?
The version of metasploit you linked to doesn't appear to have been updated in a few years. It doesn't list sysrandom as a dependency in the Gemfile.
There's a newer version which does have sysrandom as a dependency, here:
https://github.com/rapid7/metasploit-framework/blob/master/metasploit-framework.gemspec#L106
I'm not sure why pentestbox is using such an old version, but I'm assuming the "update" actually updates to the rapid7 version of metasploit (because it's looking for sysrandom which only exists there).
There are a few things you can try:
bundle install should install all the dependencies (without using the console tool built for pentestbox)
Deleting the Gemfile.lock and running bundle install. I don't usually recommend this but if there seems to be a version mismatch somewhere and sometimes this resolves dependencies errors. You should be able to re-check this file out again (assuming it's versioned locally)
If you can post the git commit hash of the metasploit version you've downloaded that might help provide additional suggestions for resolving.

force ruby gem to use alternative gem source

I have a gem that I one of the owner/authors (hyperloop) that depends on another gem (opal-rails) which depends on another gem (opal-jquery).
All gems depend on the gem opal. The problem is the current released version of opal-query is locked to an older version of the opal gem.
The version of opal-jquery on master is okay. For whatever reason the author(s) have not pushed ruby gems, so I have to work around this.
The work around is that I have to say
gem 'hyperloop'
gem "opal-jquery", git: "https://github.com/opal/opal-jquery.git", branch: "master"
in the application Gemfile.
I am hoping somebody can give a workaround that could be embedded in the hyperloop gemspec, so that the problem is taken care of there.
I thought if I added
gem "opal-jquery", git: "https://github.com/opal/opal-jquery.git", branch: "master"
to the hyperloop Gemfile this would take care of it, but apparently not.
There isn't really a way to manage the dependencies of your dependencies. You have 2 options here:
1) Use an older version of opal
2) Clone the opal-jquery gem and modify its Gemfile, pointing to the version of opal you want it to use, then, in your Gemfile, point the opal-jquery gem to pull from your cloned version of the repo
Neither of these is really ideal and you'd have issues if you ever decided to upgrade to a newer version of opal-jquery if you go with the second route

how to manage ruby's bundler own version?

I use bundler to manage my dependencies' versions.
The question I am asking myself now, is: how to manage bundler's version itself. I mean, "bundler install/update/outdated" helps me understand what I am holding back, update them optimistically or pessimistically ... but I am not sure what's the best practice / procedure to decide about bundler itself.
In other words, is there a gem- or bundler-based workflow that ensures that I and my coworkers do use the latest (or the to-be-specified) version. Bundler gives us this workflow for all the other gems, but what about bundler itself ?
I hope this might be of some help to you here.
First, you need to install the appropriate version of bundler:
% gem install bundler -v '~> 1.12.5'
Successfully installed bundler-1.12.5
Then force RubyGems to use the version you want.
% bundle _1.12.5_ install
This pattern gem-binary _gem-version_ works for any gem binary.
You can check the available versions for Bundler from here.

Can I see my gem version history?

I ran bundle update, and something broke in my app because of one specific gem. I want to revert back to whatever version of that gem I was using before, but I don't know what the version number was. Is there a way I can check what gem versions I was using previously?
The Gemfile.lock that is generated by bundler stores the gem version numbers along with all of its dependencies version numbers.

Is there a way to use Bundler for production gems?

I tried searching for this several times, but if this question has been answered already I didn't find it.
So, let's say I've developed a plain old gem (not a Rails app). I already know how to use Bundler for development, so I have a Gemfile and everything in my repository. However, I want this gem to use Bundler for dependency resolution when I install it, not just when I work on it.
Is there a way to do so, or would I have to resort to running its commands from a git checkout with bundle exec?
Bundler resolves dependencies not only for development. Just run bundle install on production server after deployment and it will install all needed gems there too.
If you need to install gems from several repositories, add row in you Gemfile:
source 'http://you_repository.com

Resources