1

I would like to replicate an older app, but bundle install fails since Gemfile became outdated and does not catch compatible versions anymore. I guess I can try correct Gemfile by err and trial, yet can I somehow use Gemfile.lock automatically generated in another older and working installation for information about compatible versions?

Is there way to generate a Gemfile (with precise versions) from the Gemfile.lock or update the existing one? It looks like this file uses a different syntax from a Gemfile.

Update. I did not find any script to build Gemfile from Gemfile.lock, however after I copied Gemfile.lock from a working installation build install worked

Serge
  • 3,387
  • 3
  • 16
  • 34
  • I'm unclear on your situation. Please show the error you're getting. If your Gemfile is missing you'll see "Could not locate Gemfile" when you `bundle install`, so I don't know how you'd get as far as a gem version not found error. If gem versions in your Gemfile.lock aren't in your gem sources, generating a Gemfile won't change that; you need to find the gem versions or use different ones. – Dave Schweisguth Oct 13 '21 at 20:25
  • I am not sure from what error to start. I assume Gemfile.lock in an existing installation have working/passable gem versions for given ruby version. So my hope is to build a Gemfile with the same version. Renaming Gemfile.lock into Gemfile did not work, `bundle install` reports a syntax error. – Serge Oct 14 '21 at 01:45
  • 1
    No, that's not how a Gemfile.lock works. If you didn't vendor your gems with Bundler, then all the Gemfile.lock does is specify what versions you *need*, not what you have. – Todd A. Jacobs Oct 14 '21 at 07:50
  • Not sure I understand word vendor. Does it stand for installed by `bundle install` command? – Serge Oct 14 '21 at 16:53
  • According to documentation, After developing your application for a while, check in the application together with the Gemfile and Gemfile.lock snapshot. Now, your repository has a record of the exact versions of all of the gems that you used the last time you know for sure that the application worked... – Serge Oct 14 '21 at 16:54
  • It sounds like "bundle install fails since latest versions of some files are unavailable" is incorrect. I infer that`bundle install` fails since there is no Gemfile (aside from your experiment with just renaming Gemfile.lock). – Dave Schweisguth Oct 14 '21 at 18:47
  • Does the app run? If so, run `gem list` to see what gems are installed, and compare that to Gemfile.lock. If they match, Gemfile.lock is good and you can reverse engineer a Gemfile from it. – Dave Schweisguth Oct 14 '21 at 18:48
  • app used to run (two folders), not sure what broke, perhaps some sw updates/path changes etc, but I am trying to rerun bundle install. Is there some script to mod Gemfile.lock into Gemfile, or update Gemfile with specific versions – Serge Oct 14 '21 at 19:44

1 Answers1

1

Use the Source, Luke!

If you have source control, look back into your history to find your Gemfile or the gemspec for your application or gem. If you just have a Gemfile.lock, then you should be able to build the application with bundle install as long as Bundler has valid gem sources it can access.

You can also grep your source code for the require keyword, and at least identify what modules you're looking for. You can also look at the top-level items in your Gemfile.lock to see what was in your Gemfile or gemspec when the lockfile was built.

As an example, part of the Gemfile.lock for Sinatra lists the following dependencies:

DEPENDENCIES
  activesupport (~> 5.1.6)
  json
  minitest (~> 5.0)
  nokogiri (!= 1.5.0)
  puma
  rack!
  rack-protection!
  rack-test (>= 0.6.2)
  rake
  sinatra!
  sinatra-contrib!
  twitter-text (= 1.14.7)
  yard

The other sections have to do with sources, constraints, and other dependencies that get pulled in as a result of the core dependencies. Everything you need to rebuild a Gemfile is there, but there's no tool that I know of that will do it for you since a Gemfile.lock is built from a Gemfile, not the other way around.

While there's no easy way to reverse-engineer a Gemfile.lock into a Gemfile or gemspec, you can certainly build one from the top-level entries under the specs: keys, as well as the DEPENDENCIES key.

See Also

Todd A. Jacobs
  • 81,402
  • 15
  • 141
  • 199