New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can users use Gemfile support #1207

Closed
mpapis opened this Issue Mar 25, 2015 · 20 comments

Comments

Projects
None yet
6 participants
@mpapis
Contributor

mpapis commented Mar 25, 2015

@indirect asked me to not promote Gemfile support in Rubygems, I'm a bit confused, I thought it's already working (except few small bugs not relevant for most users as #1204).

So can users use Gemfile support and can I advertise it?

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 25, 2015

Member

It is possible to use the Gemfile support. It is recommended and currently supported to use Bundler instead.

Member

indirect commented Mar 25, 2015

It is possible to use the Gemfile support. It is recommended and currently supported to use Bundler instead.

@indirect indirect closed this Mar 25, 2015

@mpapis

This comment has been minimized.

Show comment
Hide comment
@mpapis

mpapis Mar 25, 2015

Contributor

can you point me to the documentation that recommends still using Bundler, I had to missed it in release notes / README

Contributor

mpapis commented Mar 25, 2015

can you point me to the documentation that recommends still using Bundler, I had to missed it in release notes / README

mpapis referenced this issue in rvm/rvm Mar 25, 2015

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Mar 26, 2015

Member

I think it is OK to use Gemfile support in RubyGems. Without users bugs will not be discovered and it will never be ready.

Member

drbrain commented Mar 26, 2015

I think it is OK to use Gemfile support in RubyGems. Without users bugs will not be discovered and it will never be ready.

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 26, 2015

Member

RubyGems' current Gemfile support does not have a solution for CVE-2013-0334, so I am very worried about the implications of saying it is production-ready. :(

Member

indirect commented Mar 26, 2015

RubyGems' current Gemfile support does not have a solution for CVE-2013-0334, so I am very worried about the implications of saying it is production-ready. :(

@mpapis mpapis referenced this issue Mar 26, 2015

Closed

CVE-2013-0334 #1211

@jirutka

This comment has been minimized.

Show comment
Hide comment
@jirutka

jirutka Mar 26, 2015

I thought it's already working (except few small bugs not relevant for most users as #1204)

What?! Few small bugs not relevant for most users? Well, let’s try the most basic use case, create a new gem…

$ bundle gem foo
      create  foo/Gemfile
      create  foo/Rakefile
      create  foo/LICENSE.txt
      create  foo/README.md
      create  foo/.gitignore
      create  foo/foo.gemspec
      create  foo/lib/foo.rb
      create  foo/lib/foo/version.rb
Initializing git repo in /Users/jimmy/Temp/foo
$ cd foo
$ gem install --file Gemfile
ERROR:  While executing gem ... (Gem::UnsatisfiableDependencyError)
    Unable to resolve dependency: user requested 'foo (= 0.0.1)'

Boom! Rubygems failed, because it’s trying to resolve the gem, we have just created, in the Rubygems repository! It obviously isn’t here and this behaviour obviously doesn’t make any sense.

You may blame bundle gem command, so to make it perfectly transparent, let’s create a minimal scaffold manually.

$ mkdir foo
$ cd foo
$ echo "Gem::Specification.new do |s|\n  s.name = 'foo'\n  s.version = '0.0.1'\n  s.add_runtime_dependency 'activesupport', '~> 4.2'\nend" > foo.gemspec
$ echo "source 'https://rubygems.org'\ngemspec" > Gemfile
$ gem install --file Gemfile
ERROR:  While executing gem ... (Gem::UnsatisfiableDependencyError)
    Unable to resolve dependency: user requested 'foo (= 0.0.1)'

Aaand no surprise, it doesn’t work either. Maybe we should not use Gemfile (it’s a figment of Bundler, right?), but install dependencies directly from gemspec…? Let’s try it.

$ gem install --file foo.gemspec

Hmm, no output at all, nothing installed. However, it created a lock file…

$ cat foo.gemspec.lock
PLATFORMS

DEPENDENCIES

And the lock file doesn’t contain any dependencies!

Rubygems bundle-like support fails even in the most simple example of creating a new gem. Strange that this simple use case apparently isn’t covered in your tests. However, when I look at this mess, it’s no surprise for me that you’ve forget to test it.

Exactly the same problem appears when you have already published gem, but you bump version for upcoming development. This is even more common and basic use case.

So you’re calling this a small meaningless bug and you have the courage to tell people that it’s working and they should use Rubygems instead of Bundler? Really?!

Don’t take me wrong, I would prefer to have Bundler functionality directly in Rubygems, but your attitude about this and lack of quality and testing is really shocking.

jirutka commented Mar 26, 2015

I thought it's already working (except few small bugs not relevant for most users as #1204)

What?! Few small bugs not relevant for most users? Well, let’s try the most basic use case, create a new gem…

$ bundle gem foo
      create  foo/Gemfile
      create  foo/Rakefile
      create  foo/LICENSE.txt
      create  foo/README.md
      create  foo/.gitignore
      create  foo/foo.gemspec
      create  foo/lib/foo.rb
      create  foo/lib/foo/version.rb
Initializing git repo in /Users/jimmy/Temp/foo
$ cd foo
$ gem install --file Gemfile
ERROR:  While executing gem ... (Gem::UnsatisfiableDependencyError)
    Unable to resolve dependency: user requested 'foo (= 0.0.1)'

Boom! Rubygems failed, because it’s trying to resolve the gem, we have just created, in the Rubygems repository! It obviously isn’t here and this behaviour obviously doesn’t make any sense.

You may blame bundle gem command, so to make it perfectly transparent, let’s create a minimal scaffold manually.

$ mkdir foo
$ cd foo
$ echo "Gem::Specification.new do |s|\n  s.name = 'foo'\n  s.version = '0.0.1'\n  s.add_runtime_dependency 'activesupport', '~> 4.2'\nend" > foo.gemspec
$ echo "source 'https://rubygems.org'\ngemspec" > Gemfile
$ gem install --file Gemfile
ERROR:  While executing gem ... (Gem::UnsatisfiableDependencyError)
    Unable to resolve dependency: user requested 'foo (= 0.0.1)'

Aaand no surprise, it doesn’t work either. Maybe we should not use Gemfile (it’s a figment of Bundler, right?), but install dependencies directly from gemspec…? Let’s try it.

$ gem install --file foo.gemspec

Hmm, no output at all, nothing installed. However, it created a lock file…

$ cat foo.gemspec.lock
PLATFORMS

DEPENDENCIES

And the lock file doesn’t contain any dependencies!

Rubygems bundle-like support fails even in the most simple example of creating a new gem. Strange that this simple use case apparently isn’t covered in your tests. However, when I look at this mess, it’s no surprise for me that you’ve forget to test it.

Exactly the same problem appears when you have already published gem, but you bump version for upcoming development. This is even more common and basic use case.

So you’re calling this a small meaningless bug and you have the courage to tell people that it’s working and they should use Rubygems instead of Bundler? Really?!

Don’t take me wrong, I would prefer to have Bundler functionality directly in Rubygems, but your attitude about this and lack of quality and testing is really shocking.

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Mar 26, 2015

Member

@jirutka I don't get paid to work on RubyGems.

I've fixed numerous other bugs for this feature and spend uncounted hours digging through bundler's source to create the interoperability that currently exists. While the Gemfile format is documented, Gemfile.lock's format is not, bundler's directory layout for supporting gems sourced from git is not, and probably one or two other critical components for interoperability.

Furthermore bundler has very few unit tests. Instead its tests are written more in an integration style where the API being tested is exercised by invoking bundle and seeing what the output is. This increases the difficulty of creating implementation parity, but I have a work-in-progress branch that allows me to run some of the bundler specs atop RubyGems using API and command shims.

I get around to fixing bugs as I have time and willingness which depends greatly on how appreciative I feel people will be for the work I've done and the demands they're making on my time.

If you'd like to help me with a test that fails you can look here for the current gem spec tests. (I even found the file as the third result from a repository search for test gemspec.)

Member

drbrain commented Mar 26, 2015

@jirutka I don't get paid to work on RubyGems.

I've fixed numerous other bugs for this feature and spend uncounted hours digging through bundler's source to create the interoperability that currently exists. While the Gemfile format is documented, Gemfile.lock's format is not, bundler's directory layout for supporting gems sourced from git is not, and probably one or two other critical components for interoperability.

Furthermore bundler has very few unit tests. Instead its tests are written more in an integration style where the API being tested is exercised by invoking bundle and seeing what the output is. This increases the difficulty of creating implementation parity, but I have a work-in-progress branch that allows me to run some of the bundler specs atop RubyGems using API and command shims.

I get around to fixing bugs as I have time and willingness which depends greatly on how appreciative I feel people will be for the work I've done and the demands they're making on my time.

If you'd like to help me with a test that fails you can look here for the current gem spec tests. (I even found the file as the third result from a repository search for test gemspec.)

@mpapis

This comment has been minimized.

Show comment
Hide comment
@mpapis

mpapis Mar 26, 2015

Contributor

oh maybe http://rubytogether.org could sponsor @drbrain ? and maybe @indirect could spent some time helping merging to eliminate duplication and save everyones time?

Contributor

mpapis commented Mar 26, 2015

oh maybe http://rubytogether.org could sponsor @drbrain ? and maybe @indirect could spent some time helping merging to eliminate duplication and save everyones time?

@segiddins

This comment has been minimized.

Show comment
Hide comment
@segiddins

segiddins Mar 26, 2015

Member

@mpapis people spend countless hours working on RubyGems and Bundler without getting paid a cent. If you want to offer to ponder drbrain or work on RubyGems yourself, that's great. But a negative attitude doesn't help anyone, and it actively discourages people from working on open source. At the end of the day, nobody is forcing you to use anything.

Member

segiddins commented Mar 26, 2015

@mpapis people spend countless hours working on RubyGems and Bundler without getting paid a cent. If you want to offer to ponder drbrain or work on RubyGems yourself, that's great. But a negative attitude doesn't help anyone, and it actively discourages people from working on open source. At the end of the day, nobody is forcing you to use anything.

@andremedeiros

This comment has been minimized.

Show comment
Hide comment
@andremedeiros

andremedeiros Mar 26, 2015

Member

Guys, sarcasm won't solve anything. We do take contributions in the form of PRs, however. As such, I'd like to ask everyone to stay in point, be constructive, and if possible contribute with code.

Member

andremedeiros commented Mar 26, 2015

Guys, sarcasm won't solve anything. We do take contributions in the form of PRs, however. As such, I'd like to ask everyone to stay in point, be constructive, and if possible contribute with code.

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 26, 2015

Member

@drbrain thank you for all the work you've done (and continue to do) on RubyGems. I'm really looking forward to the day when we have everything merged and working together harmoniously.

@jirutka Please file bugs when you find bugs, and please write tests if you have time. Insulting @drbrain or insulting the code that he wrote and maintains for free is not okay. Stop.

@mpapis Ruby Together is funding work to reduce duplication. That's what is going to happen. Please chill out and have some patience.

Member

indirect commented Mar 26, 2015

@drbrain thank you for all the work you've done (and continue to do) on RubyGems. I'm really looking forward to the day when we have everything merged and working together harmoniously.

@jirutka Please file bugs when you find bugs, and please write tests if you have time. Insulting @drbrain or insulting the code that he wrote and maintains for free is not okay. Stop.

@mpapis Ruby Together is funding work to reduce duplication. That's what is going to happen. Please chill out and have some patience.

@jirutka

This comment has been minimized.

Show comment
Hide comment
@jirutka

jirutka Mar 26, 2015

To be perfectly clear in my attitude, as I see it, @mpapis keeps telling that Gemfile support in Rubygems already works and advises users to use it instead of Bundler. But as I demonstrated above it doesn’t work in the most basic use cases, so this isn’t even alpha version. This means that it’s not usable for average users, and in no case in production! The implication (as I see it) is that @mpapis isn’t telling truth. This is the thing that really bothers me, that’s why I’ve written my comment in this tone. Is it understandable?

jirutka commented Mar 26, 2015

To be perfectly clear in my attitude, as I see it, @mpapis keeps telling that Gemfile support in Rubygems already works and advises users to use it instead of Bundler. But as I demonstrated above it doesn’t work in the most basic use cases, so this isn’t even alpha version. This means that it’s not usable for average users, and in no case in production! The implication (as I see it) is that @mpapis isn’t telling truth. This is the thing that really bothers me, that’s why I’ve written my comment in this tone. Is it understandable?

@mpapis

This comment has been minimized.

Show comment
Hide comment
@mpapis

mpapis Mar 26, 2015

Contributor

@segiddins I have spent countless hours on fixing Ruby and Rubygems myself, I have more commits on RG then ... - please check first before you throw such claims

@indirect I hope you fulfill that promise, because so far I only see you work on Bundler instead of Rubygems - in fact it's the only reason I did not yet jumped on sponsoring as I love the idea to get Rubygems work sponsored

@jirutka basic use case is gem rails and it works, what does not work is gem development and it's not basic use case, it's a level further.

Contributor

mpapis commented Mar 26, 2015

@segiddins I have spent countless hours on fixing Ruby and Rubygems myself, I have more commits on RG then ... - please check first before you throw such claims

@indirect I hope you fulfill that promise, because so far I only see you work on Bundler instead of Rubygems - in fact it's the only reason I did not yet jumped on sponsoring as I love the idea to get Rubygems work sponsored

@jirutka basic use case is gem rails and it works, what does not work is gem development and it's not basic use case, it's a level further.

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Mar 26, 2015

Member

I disagree that library authors are the most basic use case.

Based on bugs reported, most people appear to be using bundler (and trying gem install -G) with applications, not as library authors.

Member

drbrain commented Mar 26, 2015

I disagree that library authors are the most basic use case.

Based on bugs reported, most people appear to be using bundler (and trying gem install -G) with applications, not as library authors.

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 26, 2015

Member

Okay, I've talked with @drbrain and we have an official position on RubyGems support for Gemfiles:

RubyGems currently supports installing Gemfiles via gem install -G. RubyGems does not (and currently has no plans to) support Gemfiles in the way that is required to boot Rails applications.

Please feel free to try RubyGems Gemfile support, but it may not work for you. If it does not work for you, please file a bug describing the issue, or better yet send a pull request with a test demonstrating the issue.

In the future, Bundler and RubyGems will ship as a single piece of software that will support Gemfiles and Rails applications. We've started working on it, and we'll let everyone know (very excitedly) when it's done.

Member

indirect commented Mar 26, 2015

Okay, I've talked with @drbrain and we have an official position on RubyGems support for Gemfiles:

RubyGems currently supports installing Gemfiles via gem install -G. RubyGems does not (and currently has no plans to) support Gemfiles in the way that is required to boot Rails applications.

Please feel free to try RubyGems Gemfile support, but it may not work for you. If it does not work for you, please file a bug describing the issue, or better yet send a pull request with a test demonstrating the issue.

In the future, Bundler and RubyGems will ship as a single piece of software that will support Gemfiles and Rails applications. We've started working on it, and we'll let everyone know (very excitedly) when it's done.

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 26, 2015

Member

@mpapis please note that Rails applications all require Bundler to be installed, even if the gems for that application are initially installed with RubyGems.

Member

indirect commented Mar 26, 2015

@mpapis please note that Rails applications all require Bundler to be installed, even if the gems for that application are initially installed with RubyGems.

@mpapis

This comment has been minimized.

Show comment
Hide comment
@mpapis

mpapis Mar 26, 2015

Contributor

rails has flag --skip-bundle and it can be used to fully embrace Rubygems flow - just tested it and it works just fine with gem i -g

Contributor

mpapis commented Mar 26, 2015

rails has flag --skip-bundle and it can be used to fully embrace Rubygems flow - just tested it and it works just fine with gem i -g

@jirutka

This comment has been minimized.

Show comment
Hide comment
@jirutka

jirutka Mar 26, 2015

Well, this is perhaps a good point, I’ve forgotten to distinguish between plain users and developers.

So I’ve tried to run gem install --file Gemfile on gitlabhq, well known Rails-based application. I’ve interrupted it after 2 minutes with no output in console. When I run it in verbose mode, then I can see that it’s communicating with RubyGems API. However, average user would just tell that it’s not doing anything. I still don’t see it as ready for adoption.

jirutka commented Mar 26, 2015

Well, this is perhaps a good point, I’ve forgotten to distinguish between plain users and developers.

So I’ve tried to run gem install --file Gemfile on gitlabhq, well known Rails-based application. I’ve interrupted it after 2 minutes with no output in console. When I run it in verbose mode, then I can see that it’s communicating with RubyGems API. However, average user would just tell that it’s not doing anything. I still don’t see it as ready for adoption.

@mpapis

This comment has been minimized.

Show comment
Hide comment
@mpapis

mpapis Mar 26, 2015

Contributor

@jirutka I hope you did open a ticket for it - this is what myself and @drbrain want to archive - wider adoption and reporting all the small things that make it actually work, without that the work will be never done

Contributor

mpapis commented Mar 26, 2015

@jirutka I hope you did open a ticket for it - this is what myself and @drbrain want to archive - wider adoption and reporting all the small things that make it actually work, without that the work will be never done

@jirutka

This comment has been minimized.

Show comment
Hide comment
@jirutka

jirutka Mar 26, 2015

@mpapis I’m just writing it, give me a min…

jirutka commented Mar 26, 2015

@mpapis I’m just writing it, give me a min…

@indirect

This comment has been minimized.

Show comment
Hide comment
@indirect

indirect Mar 26, 2015

Member

rails has flag --skip-bundle and it can be used to fully embrace Rubygems flow - just tested it and it works just fine with gem i -g

@mpapis Rails applications are unable to boot without Bundler. According to @drbrain, RubyGems does not have and has no plans to add the functions that are required for Rails applications to boot. Please stop saying "it works fine" when that is not actually true.

Since discussion on this ticket has drifted very far away from the original question of whether it is okay to use RubyGems' Gemfile support, I'm going to lock this ticket. Please file new issues without insults that describe bugs.

Member

indirect commented Mar 26, 2015

rails has flag --skip-bundle and it can be used to fully embrace Rubygems flow - just tested it and it works just fine with gem i -g

@mpapis Rails applications are unable to boot without Bundler. According to @drbrain, RubyGems does not have and has no plans to add the functions that are required for Rails applications to boot. Please stop saying "it works fine" when that is not actually true.

Since discussion on this ticket has drifted very far away from the original question of whether it is okay to use RubyGems' Gemfile support, I'm going to lock this ticket. Please file new issues without insults that describe bugs.

@rubygems rubygems locked and limited conversation to collaborators Mar 26, 2015

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.