在我的Gemfile中,我需要一个来自自定义源的宝石,其中包含以下行:
gem 'very-secret-gem', source:'https://foo.example.com/'
bundle install
完成得很好:
$ bundle install
Fetching source index from https://foo.example.com/
Fetching source index from https://foo.example.com/
Fetching gem metadata from https://rubygems.org/........
…
Resolving dependencies...
…
Installing very-secret-gem 1.5.1
…
Bundle complete! 47 Gemfile dependencies, 116 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
但是运行使用ruby的命令失败(这里是空的Rakefile):
$ bundle exec rake -T
Could not find gem 'very-secret-gem (>= 0) ruby' in rubygems repository https://foo.example.com/.
Source does not contain any versions of 'very-secret-gem (>= 0) ruby'
Run `bundle install` to install missing gems.
根据错误消息中的建议,此时运行bundle install
将无济于事。
为什么,以及如何解决?
如果我在源块中指定gem,它就会失败:
source 'https://foo.example.com/' do
gem 'very-secret-gem'
end
更有趣的是,如果我在文件开头指定源代码,而不是绑定任何宝石,那么它可以正常工作:
source 'https://rubygems.org'
source 'https://foo.example.com/'
gem 'very-secret-gem'
...但是捆绑者建议反对它:
Warning: this Gemfile contains multiple primary sources. Using `source`
more than once without a block is a security risk, and may result in
installing unexpected gems. To resolve this warning, use a block to
indicate which gems should come from the secondary source. To upgrade
this warning to an error, run `bundle config disable_multisource true`.
$ ruby -v # => ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-darwin14]
$ gem -v # => 2.4.5
$ bundle -v # => Bundler version 1.8.2
似乎是一个捆绑错误。另一个gem
与:path
的存在似乎是触发它的原因。测试应用程序位于:https://github.com/kch/bundler-source-bug
答案 0 :(得分:1)
这应该在Bundler 1.8.3(今天发布)中修复。
答案 1 :(得分:1)
我建议升级到每个this issue至少 bundler 1.8.5 ,这不仅会出现多个来源的问题,还会出现自定义路径问题 - 这样您就不会被锁定到特定的gemfile中使用bundler,自定义源和bundle exec解决bug的语法。
我整个上午都在与依赖问题作斗争并围绕语法跳舞,
gem update bundler
就是我所需要的,我所有的问题都消失了。
关注changelog,最近似乎有不少小补丁。