CPK 5.0.10 missing dependencies in rubygems.org dependencies API
28 views
Skip to first unread message
Rhett Sutphin
Nov 23, 2012, 2:23:44 AM11/23/12
to compos...@googlegroups.com
Hi,
I noticed that after CPK 5.0.10 was released, Bundler would always select it for a clean resolve[1] of a project no matter what ActiveRecord version the project was using. I.e., on a project using AR 3.1, Bundler would have selected CPK 4.1.2 prior to the release of 5.0.10, but after the release of 5.0.10, 5.0.10 was selected by Bundler even though CPK 5.0.10 is only supposed to work with AR 3.2.9 and above.
I investigated and found that:
* The CPK 5.0.10 gem metadata as published in the rubygems.org web UI correctly says that it must be used with AR >= 3.2.9.
* The metadata.gz in the .gem package is similarly correct.
* The gemspec installed into $GEM_HOME/specifications when you install CPK 5.0.10 is also correct.
* However, the special dependency request API that Bundler uses to speed up resolves is not correct.
That API[2] gives the following results[3] for CPK 5.0.10 and 5.0.9:
{:name=>"composite_primary_keys",
:number=>"5.0.10",
:platform=>"ruby",
:dependencies=>[]},
{:name=>"composite_primary_keys",
:number=>"5.0.9",
:platform=>"ruby",
:dependencies=>[["activerecord", ">= 3.2.8, ~> 3.2.0"]]}
So, 5.0.9 is fine but 5.0.10 shows no dependencies. It seems that the upshot of this is that Bundler decides that CPK 5.0.10 is compatible with anything and chooses it.
I believe that this is something that would need to be fixed at the level of rubygems.org, so I plan to file a bug there. I send this message so that others who have this problem don't have to spend time tracking it down themselves.
Rhett
[1]: By "clean resolve" I mean running `bundle update` when there is no Gemfile.lock for the project and there are no gems installed.
[2]: http://rubygems.org/api/v1/dependencies?gems={}
[3]: This is the script that produced that output: https://gist.github.com/4134308
I noticed that after CPK 5.0.10 was released, Bundler would always select it for a clean resolve[1] of a project no matter what ActiveRecord version the project was using. I.e., on a project using AR 3.1, Bundler would have selected CPK 4.1.2 prior to the release of 5.0.10, but after the release of 5.0.10, 5.0.10 was selected by Bundler even though CPK 5.0.10 is only supposed to work with AR 3.2.9 and above.
I investigated and found that:
* The CPK 5.0.10 gem metadata as published in the rubygems.org web UI correctly says that it must be used with AR >= 3.2.9.
* The metadata.gz in the .gem package is similarly correct.
* The gemspec installed into $GEM_HOME/specifications when you install CPK 5.0.10 is also correct.
* However, the special dependency request API that Bundler uses to speed up resolves is not correct.
That API[2] gives the following results[3] for CPK 5.0.10 and 5.0.9:
{:name=>"composite_primary_keys",
:number=>"5.0.10",
:platform=>"ruby",
:dependencies=>[]},
{:name=>"composite_primary_keys",
:number=>"5.0.9",
:platform=>"ruby",
:dependencies=>[["activerecord", ">= 3.2.8, ~> 3.2.0"]]}
So, 5.0.9 is fine but 5.0.10 shows no dependencies. It seems that the upshot of this is that Bundler decides that CPK 5.0.10 is compatible with anything and chooses it.
I believe that this is something that would need to be fixed at the level of rubygems.org, so I plan to file a bug there. I send this message so that others who have this problem don't have to spend time tracking it down themselves.
Rhett
[1]: By "clean resolve" I mean running `bundle update` when there is no Gemfile.lock for the project and there are no gems installed.
[2]: http://rubygems.org/api/v1/dependencies?gems={}
[3]: This is the script that produced that output: https://gist.github.com/4134308
Charlie Savage
Nov 23, 2012, 2:38:28 AM11/23/12
to compos...@googlegroups.com, Rhett Sutphin
Hi Rhett,
That is strange, I don't think I did anything different with this
release than any other. Thanks for looking into it - is there a ticket
# for the issue you submitted?
Charlie
That is strange, I don't think I did anything different with this
release than any other. Thanks for looking into it - is there a ticket
# for the issue you submitted?
Charlie
Rhett Sutphin
Nov 23, 2012, 2:42:30 AM11/23/12
to Charlie Savage, compos...@googlegroups.com
Hi,
On Nov 23, 2012, at 1:38 AM, Charlie Savage wrote:
> Hi Rhett,
>
> That is strange, I don't think I did anything different with this release than any other.
I agree -- the packaged gem looks just like 5.0.9 structurally. Seems like it's probably a rubygems.org hiccup.
> Thanks for looking into it - is there a ticket # for the issue you submitted?
There is now: https://github.com/rubygems/rubygems.org/issues/493
Rhett
On Nov 23, 2012, at 1:38 AM, Charlie Savage wrote:
> Hi Rhett,
>
> That is strange, I don't think I did anything different with this release than any other.
> Thanks for looking into it - is there a ticket # for the issue you submitted?
Rhett
Rhett Sutphin
Nov 27, 2012, 10:55:08 PM11/27/12
to compos...@googlegroups.com
An update: this has been fixed as of today. There is more discussion of it here:
https://github.com/rubygems/bundler-api/issues/17
Rhett
https://github.com/rubygems/bundler-api/issues/17
Rhett
Reply all
Reply to author
Forward
0 new messages