1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
bundle-install(1) -- Install the dependencies specified in your Gemfile
=======================================================================
## SYNOPSIS
`bundle install` [--force]
[--full-index]
[--gemfile=GEMFILE]
[--jobs=NUMBER]
[--local]
[--quiet]
[--retry=NUMBER]
[--standalone[=GROUP[ GROUP...]]]
[--trust-policy=POLICY]
## DESCRIPTION
Install the gems specified in your Gemfile(5). If this is the first
time you run bundle install (and a `Gemfile.lock` does not exist),
Bundler will fetch all remote sources, resolve dependencies and
install all needed gems.
If a `Gemfile.lock` does exist, and you have not updated your Gemfile(5),
Bundler will fetch all remote sources, but use the dependencies
specified in the `Gemfile.lock` instead of resolving dependencies.
If a `Gemfile.lock` does exist, and you have updated your Gemfile(5),
Bundler will use the dependencies in the `Gemfile.lock` for all gems
that you did not update, but will re-resolve the dependencies of
gems that you did update. You can find more information about this
update process below under [CONSERVATIVE UPDATING][].
## OPTIONS
* `--force`:
Force downloads every gem, even if the required versions are already available
locally.
* `--full-index`:
Bundler will not call Rubygems' API endpoint (default) but download and cache
a (currently big) index file of all gems. Performance can be improved for
large bundles that seldom change by enabling this option.
* `--gemfile=<gemfile>`:
The location of the Gemfile(5) which Bundler should use. This defaults
to a Gemfile(5) in the current working directory. In general, Bundler
will assume that the location of the Gemfile(5) is also the project's
root and will try to find `Gemfile.lock` and `vendor/cache` relative
to this location.
* `--jobs=[<number>]`, `-j[<number>]`:
The maximum number of parallel download and install jobs. The default
is `1`.
* `--local`:
Do not attempt to connect to `rubygems.org`. Instead, Bundler will use the
gems already present in Rubygems' cache or in `vendor/cache`. Note that if a
appropriate platform-specific gem exists on `rubygems.org` it will not be
found.
* `--quiet`:
Do not print progress information to the standard output. Instead, Bundler
will exit using a status code (`$?`).
* `--retry=[<number>]`:
Retries failed network or git requests for <number> times.
* `--standalone[=<list>]`:
Makes a bundle that can work without depending on Rubygems or Bundler at
runtime. A space separated list of groups to install has to be specified.
Bundler creates a directory named `bundle` and installs the bundle there. It
also generates a `bundle/bundler/setup.rb` file to replace Bundler's own setup
in the manner required. Using this option implicitly sets `path`, which is a
[remembered option][REMEMBERED OPTIONS].
* `--trust-policy=[<policy>]`:
Applies the Rubygems security policy <policy>, where policy is one of
`HighSecurity`, `MediumSecurity`, `LowSecurity`, `AlmostNoSecurity`, or
`NoSecurity`. For more details, please see the Rubygems signing documentation
linked below in [SEE ALSO][].
## SUDO USAGE
By default, Bundler installs gems to the same location as `gem install`.
In some cases, that location may not be writable by an unprivileged user. In
that case, Bundler will stage everything in a temporary directory,
then ask you for your `sudo` password in order to copy the gems into
their system location.
From your perspective, this is identical to installing the gems
directly into the system.
You should never use `sudo bundle install`. This is because several
other steps in `bundle install` must be performed as the current user:
* Updating your `Gemfile.lock`
* Updating your `vendor/cache`, if necessary
* Checking out private git repositories using your user's SSH keys
Of these three, the first two could theoretically be performed by
`chown`ing the resulting files to `$SUDO_USER`. The third, however,
can only be performed by invoking the `git` command as
the current user. Therefore, git gems are downloaded and installed
into `~/.bundle` rather than $GEM_HOME or $BUNDLE_PATH.
As a result, you should run `bundle install` as the current user,
and Bundler will ask for your password if it is needed to put the
gems into their final location.
## INSTALLING GROUPS
By default, `bundle install` will install all gems in all groups
in your Gemfile(5), except those declared for a different platform
than the platform your installing your gems into.
However, you can explicitly tell Bundler to skip installing
certain groups with the `without` config. This config takes
a space-separated list of groups.
$ bundle config set without test development
While the `without` config will skip _installing_ the gems in the
specified groups, it will still _download_ those gems and use them to
resolve the dependencies of every gem in your Gemfile(5).
This is so that installing a different set of groups on another
machine (such as a production server) will not change the
gems and versions that you have already developed and tested against.
Bundler offers a guarantee that the third-party code you are
running in development and testing is also the third-party code
you are running in production. You can choose to exclude some of
that code in different environments, but you will never be caught
flat-footed by different versions of third-party code being used
in different environments.
For a simple illustration, consider the following Gemfile(5):
source 'https://rubygems.org'
gem 'sinatra'
group :production do
gem 'rack-perftools-profiler'
end
In this case, `sinatra` depends on any version of Rack (`>= 1.0`), while
`rack-perftools-profiler` depends on Rack 1.x (`~> 1.0`).
When you configure Bundler to exclude `production` with
`bundle config set without production` and run `bundle install`
in development, we look at the dependencies of `rack-perftools-profiler`
as well. That way, you do not spend all your time developing against
Rack 2.0, using new APIs unavailable in Rack 1.x, only to have
Bundler switch to Rack 1.2 when the `production` group _is_ used.
This should not cause any problems in practice, because we do not
attempt to `install` the gems in the excluded groups, and only evaluate
as part of the dependency resolution process.
This also means that you cannot include different versions of the same
gem in different groups, because doing so would result in different
sets of dependencies used in development and production. Because of
the vagaries of the dependency resolution process, this usually
affects more than the gems you list in your Gemfile(5), and can
(surprisingly) radically change the gems you are using.
## THE GEMFILE.LOCK
When you run `bundle install`, Bundler will persist the full names
and versions of all gems that you used (including dependencies of
the gems specified in the Gemfile(5)) into a file called `Gemfile.lock`.
Bundler uses this file in all subsequent calls to `bundle install`,
which guarantees that you always use the same exact code, even
as your application moves across machines.
Because of the way dependency resolution works, even a
seemingly small change (for instance, an update to a point-release
of a dependency of a gem in your Gemfile(5)) can result in radically
different gems being needed to satisfy all dependencies.
As a result, you `SHOULD` check your `Gemfile.lock` into version
control. If you do not, every machine that checks out your
repository (including your production server) will resolve all
dependencies again, which will result in different versions of
third-party code being used if `any` of the gems in the Gemfile(5)
or any of their dependencies have been updated.
## CONSERVATIVE UPDATING
When you make a change to the Gemfile(5) and then run `bundle install`,
Bundler will update only the gems that you modified.
In other words, if a gem that you did not modify worked before
you called `bundle install`, it will continue to use the exact
same versions of all dependencies as it used before the update.
Let's take a look at an example. Here's your original Gemfile(5):
source 'https://rubygems.org'
gem 'actionpack', '2.3.8'
gem 'activemerchant'
In this case, both `actionpack` and `activemerchant` depend on
`activesupport`. The `actionpack` gem depends on `activesupport 2.3.8`
and `rack ~> 1.1.0`, while the `activemerchant` gem depends on
`activesupport >= 2.3.2`, `braintree >= 2.0.0`, and `builder >= 2.0.0`.
When the dependencies are first resolved, Bundler will select
`activesupport 2.3.8`, which satisfies the requirements of both
gems in your Gemfile(5).
Next, you modify your Gemfile(5) to:
source 'https://rubygems.org'
gem 'actionpack', '3.0.0.rc'
gem 'activemerchant'
The `actionpack 3.0.0.rc` gem has a number of new dependencies,
and updates the `activesupport` dependency to `= 3.0.0.rc` and
the `rack` dependency to `~> 1.2.1`.
When you run `bundle install`, Bundler notices that you changed
the `actionpack` gem, but not the `activemerchant` gem. It
evaluates the gems currently being used to satisfy its requirements:
* `activesupport 2.3.8`:
also used to satisfy a dependency in `activemerchant`,
which is not being updated
* `rack ~> 1.1.0`:
not currently being used to satisfy another dependency
Because you did not explicitly ask to update `activemerchant`,
you would not expect it to suddenly stop working after updating
`actionpack`. However, satisfying the new `activesupport 3.0.0.rc`
dependency of actionpack requires updating one of its dependencies.
Even though `activemerchant` declares a very loose dependency
that theoretically matches `activesupport 3.0.0.rc`, Bundler treats
gems in your Gemfile(5) that have not changed as an atomic unit
together with their dependencies. In this case, the `activemerchant`
dependency is treated as `activemerchant 1.7.1 + activesupport 2.3.8`,
so `bundle install` will report that it cannot update `actionpack`.
To explicitly update `actionpack`, including its dependencies
which other gems in the Gemfile(5) still depend on, run
`bundle update actionpack` (see `bundle update(1)`).
`Summary`: In general, after making a change to the Gemfile(5) , you
should first try to run `bundle install`, which will guarantee that no
other gem in the Gemfile(5) is impacted by the change. If that
does not work, run [bundle update(1)][bundle-update].
## Transitioning from Bundler 1
Bundler 2 has removed several options from the CLI that are configurable
through the [bundle config(1)][bundle-config] command.
The `path`, `with`, `without`, `frozen`, `deployment`, `shebang`, `clean`
options can be set by using `bundle config`:
$ bundle config set without development:test
Note: The `system` option is configured through the `path.system` option
### Binstubs
The `binstub` option has been removed from the CLI and no option exists
as a replacement. Instead use the [bundle-binstub(1)](bundle-binstub)
command to generate binstubs.
## SEE ALSO
* [Gem install docs](http://guides.rubygems.org/rubygems-basics/#installing-gems)
* [Rubygems signing docs](http://guides.rubygems.org/security/)
|
