-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Bundler 2.1.0 does not expose executables from gems without "bundle exec", while 2.0.2 does #7494
Comments
This sounds like a bug to me, I'll have a look. |
But, I think it's not about exposing executables from gems (I don't think they were never exposed like that), but about bundler plugins (I assume |
@deivid-rodriguez However, after digging a bit deeper into this, Bundler 2.1.0 does behave in a new way. Any gems it installs, do not become part of the global list of gems. For example with 2.0.2 Basically, it seems that as of 2.1.0, Bundler installs gems into a special bundler-only area, separate from the global set of gems. Here's some of the additional checks I did:
|
Interesting, thanks for the thorough testing, that makes sense, yeah. I'll get to this as soon as I can, butt can you check which version of |
So both containers were using
I've updated both Dockerfiles to
And trying to uninstall Bundler 2.1.0 yields an error because it's a default gem:
And needless to say, this means the 2.0.2 container has the same issues as the 2.1.0 container, cause they're both now running Bundler 2.1.0 :) Dockerfiles
FROM ruby:2.6.5-alpine
WORKDIR /app
RUN echo 'source "https://rubygems.org/"' > Gemfile
RUN echo 'gem "bundler-audit"' >> Gemfile
RUN echo 'gem "brakeman"' >> Gemfile
RUN gem update --system 3.1.1
RUN gem install bundler -v '2.0.2' && bundle install
CMD bundle audit
FROM ruby:2.6.5-alpine
WORKDIR /app
RUN echo 'source "https://rubygems.org/"' > Gemfile
RUN echo 'gem "bundler-audit"' >> Gemfile
RUN echo 'gem "brakeman"' >> Gemfile
RUN gem update --system 3.1.1
RUN gem install bundler -v '2.1.0' && bundle install
CMD bundle audit P.S. I've changed the base image from |
Thanks so much, I'm taking this next since you made it very easy to reproduce :) |
+1 |
Ok. So:
I think the better fix here would be to change the official ruby images like this: diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index dd9f0d8..dd9ee4a 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -128,7 +128,7 @@ ENV BUNDLE_PATH="$GEM_HOME" \
BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
# path recommendation: https://github.com/bundler/bundler/pull/6469#issuecomment-383235438
-ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/gems/bin:$PATH
+ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/ruby/${RUBY_MAJOR}.0/bin:$PATH
# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
# (BUNDLE_PATH = GEM_HOME, no need to mkdir/chown both) As a matter of fact, I think the previous I tried this myself and it seems to work, but if you can confirm, it'd be great. I'll bring this now to https://github.com/docker-library/ruby. They're usually very helpful and quick with these issues, so I think we'll be able to get a fix out soon. |
7501: Delay appending `ruby/<ABI_VERSION>` to `$BUNDLE_PATH` r=indirect a=deivid-rodriguez ### What was the end-user problem that led to this PR? The problem was that #7163 broke several things regarding official docker ruby images. ### What was your diagnosis of the problem? My diagnosis was that appending `ruby/<ABI_VERSION>` to `$BUNDLE_PATH` break things there because gems nor executables are no longer installed at a location that `rubygems` now about. ### What is your fix for the problem, implemented in this PR? My fix is to revert the offending PR for the time being. ### Why did you choose this fix out of the possible options? I chose this fix because it's quick. I think the better fix would be to get `BUNDLE_PATH__SYSTEM=true` working as expected and upstream that change to the docker images, because I think that's exactly the use case for the docker images. But I need more time for that, and I want to restore working behavior. /cc @indirect Sorry, you were right about this being dangerous 😳 Closes #7197. Closes #7494. Co-authored-by: David Rodríguez <deivid.rodriguez@riseup.net>
Well, I gave it another thought and since I want to fix this ASAP, I'm proposing to revert the offending PR for the time being. Please see #7501 and let me know if it works for you. Will ask other maintainers too for their opinion. |
@deivid-rodriguez reverting the offending changes temporarily sounds reasonable to me :) In my case your suggested fix to the In case it's of any help to you, here's some more detail:
|
Yeah, I don't know what I did initially but I later realized it was not so simple, indeed, and got the same you got. Changing the path makes the binstub findable, but Anyways, this is why I decided to revert for now, because I need to think of a proper fix to propose upstream. If you can try the revert though, that'd be great. |
Sure thing, I'll give the revert PR a try :) And I actually got your suggestion to work by also setting ENV GEM_PATH $GEM_HOME:$BUNDLE_PATH/ruby/${RUBY_MAJOR}.0
|
Oh yeah, great idea! That, plus properly modifying @indirect What do you think? We might want to upstream these changes to the docker images instead? The bug fix that originated this problem came up a few times, since it makes |
@deivid-rodriguez FYI, the revert PR also works :)
FROM ruby:2.6.5-alpine as builder
RUN apk add --no-cache build-base git libffi-dev
WORKDIR /src
RUN set -e && \
git clone --depth=1 \
--single-branch --branch delay_appending_ruby_scope \
https://github.com/bundler/bundler.git bundler && \
cd bundler && \
gem build *.gemspec
FROM ruby:2.6.5-alpine
WORKDIR /app
RUN echo 'source "https://rubygems.org/"' > Gemfile
RUN echo 'gem "bundler-audit"' >> Gemfile
RUN echo 'gem "brakeman"' >> Gemfile
COPY --from=builder /src/bundler/*.gem /src/
RUN gem install /src/*.gem && bundle install
CMD bundle audit check --update |
If this impacts basically only docker, it seems fine to upstream the fix since existing images won’t be broken by our change :) |
@deivid-rodriguez @indirect I'm not gonna pretend my opinion holds much weight here, but if I've understood things correctly, I believe reverting the changines is probably right way to go, rather than updating the official Ruby docker images. I believe so beacuse it seems like the behavior in question is not backwards compatible for anyone using Bundler and setting the However if it is deemed as breaking backwards compatibility, and if Bundler follows Semantic Versioning (I don't know if it does), then 2.1.0 should probably have been released as 3.0.0. Obviously please feel to ignore me and/or tell me why I'm wrong if that's the case. Just thought I'd throw my two cents into the mix here :) |
That’s a really good point, this is technically breaking. I’d be happiest to revert this and fix the |
All of these should be equivalent and set gems to be installed to Sadly, every bugfix is a backwards incompatible change for everybody relying on the bug... 😞. You just have to make a compromise sometimes. In this case I thought nobody would be relying on the bug, but I missed the case of docker images and how they are setup. This is just to try and explain the situation, I'm good with reverting. I just hope nobody had opt-in into the bugfix, and now removed the configuration to opt-in (because of not being need anymore). If someone did that, 2.1.1 will reintroduce the bug for them. |
@deivid-rodriguez Ah, I was not aware that In that case, as it’s less of a breaking change and more of fixing a long-standing bug and inconsistency, my vote falls on leaving the fix in. And fixing the docker images by modifying the But I would say that it needs an explanation in the changelog with some clear info on how you might be affected if you are manually setting |
Hei, I didn't forget about this :) For starters I'm adding some tests to the docker official images repo, so we can catch these things in the future. See docker-library/official-images#7166. |
@deivid-rodriguez awesome :) May I suggest a additional test that ensures that gems installed via bundler also appear under Also, if you want/need any additional help on this aside from my rants here, I should have a few hours of free time this weekend. |
There is an issue with bundler 2.1.0 which is mitigated by always running `bundle exec` before commands. See similar issue here: rubygems/bundler#7494
Eep! This bug is currently breaking several test and staging environments for me and would also be breaking our production environments except that we haven't deployed them without using cached layers in the last few days. Thank you so much for identifying and looking at this, @jimeh and @deivid-rodriguez! It sounds like a fix may be on the way? Or can someone clarify what the best solution would be? (Should we be preparing this use case for a bundler 3.0 update in some way rather than waiting for a fix?) |
Hei! The current workaround is to set
Still haven't decided whether to fix this by upstreaming these environment variables changes to the official images, or by reverting the bug fix that caused this issue. Will come to a decision in the next few days, once I also get input from the official images maintainers. |
There was a bug fixed in Bundler 2.1.0 that the official ruby docker image was relying on. This is the recommended approach to mitigate the issue until it can be fixed, most likely in the docker image. See: rubygems/bundler#7494
There was a bug fixed in Bundler 2.1.0 that the official ruby docker image was relying on. This is the recommended approach to mitigate the issue until it can be fixed, most likely in the docker image. See: rubygems/bundler#7494
There was a bug fixed in Bundler 2.1.0 that the official ruby docker image was relying on. This is the recommended approach to mitigate the issue until it can be fixed, most likely in the docker image. See: rubygems/bundler#7494
Ok, so after giving this some more thought, I think the right choice at the moment is to proceed with the revert. Bundler already has an option to do what the docker images are trying to do: always install gems to the However, the change had to be reverted because it conflicts with the So, my conclusion is that the long term fix for this is to merge Since this fix might take time and also require a migration path from I also added docker-library/official-images#7188 to check for any issues with the |
I'm sorry for going in circles here, but after some more thought, I think I changed my mind again. For two reasons:
So, maybe we want to change the images after all. 😳 |
@deivid-rodriguez With all the cards on the table, I agree with you that fixing the docker images is probably the approach to take. And on that topic, I was wondering if there's a specific reason that the docker images use the |
There were some changes in bundler 2.0.2 to 2.1.0 and official ruby images that was causing issue with ruby gems executables. This is what causing our build process to fail. There are some fixes coming up in ruby 2.7 image and next bundler release, but for now let's lock the bundler version to 2.0.0. Related: rubygems/bundler#7494 Fixes: #46
There were some changes in bundler 2.0.2 to 2.1.0 and official ruby images that was causing issue with ruby gems executables. This is what causing our build process to fail. There are some fixes coming up in ruby 2.7 image and next bundler release, but for now let's lock the bundler version to 2.0.0. Related: rubygems/bundler#7494 Fixes: #46
Hei @jimeh, sorry for the delay getting back to this, I took a week off for Christmas. I'll start moving things forward again now. Regarding your question about why the docker images set |
@jimeh After all, I think your approach is the best thing to do. I digged into the history of the images repo and I see no issues. so I created docker-library/ruby#306. Hopefully we can fix this for good. |
@deivid-rodriguez awesome, it does indeed sound like I’ve been off work and AFK most of this week, but I should be around again as of today. |
Fixed images were released at docker-library/official-images#7239, so closing this issue and fingers crossed 🤞. |
All working for @jimeh and I now :) |
@deivid-rodriguez thanks for all your effort and help with this :) |
Working great for me as well! Thank you very much 🙏 |
Apologies if this is intended and documented behavior in 2.1.0. I've had a quick look at the release and can't find anything that seems directly related to it. Hence I'm reporting it here so it can either be addressed, or documented better if it is intended behavior.
In short, I can no longer run
bundle audit
when installing thebundler-audit
gem viabundle install
. I have to runbundle exec bundle audit
(orbundle exec bundle-audit
). While if I install the gem withgem install bundler-audit
, the gem's executables are installed just fine.Demo
Setup
Dockerfile.bundler202
:Dockerfile.bundler210
:Running
WIth Bundler 2.0.2 it works fine:
While with Bundler 2.1.0 it fails:
To dig a bit deeper, using
which
with Bundler 2.0.2:And using
which
with Bundler 2.1.0:The text was updated successfully, but these errors were encountered: