NAME¶
bundle-install - Install the dependencies specified in your Gemfile
SYNOPSIS¶
bundle install [--gemfile=GEMFILE] [--path PATH] [--system]
[--without=GROUP1[ GROUP2...]] [--local] [--deployment]
[--binstubs[=DIRECTORY]] [--standalone[=GROUP1[ GROUP2...]]]
[--trust-policy=POLICY] [--jobs=SIZE] [--retry=TRIES] [--no-cache] [--quiet]
[--clean] [--full-index] [--no-prune] [--shebang]
DESCRIPTION¶
Install the gems specified in your Gemfile(5). If this is the first time you run
bundle install (and a
Gemfile.lock does not exist), bundler will fetch
all remote sources, resolve dependencies and install all needed gems.
If a
Gemfile.lock does exist, and you have not updated your Gemfile(5),
bundler will fetch all remote sources, but use the dependencies specified in
the
Gemfile.lock instead of resolving dependencies.
If a
Gemfile.lock does exist, and you have updated your Gemfile(5),
bundler will use the dependencies in the
Gemfile.lock for all gems that
you did not update, but will re-resolve the dependencies of gems that you did
update. You can find more information about this update process below under
CONSERVATIVE UPDATING.
OPTIONS¶
- --gemfile=<gemfile>
- The location of the Gemfile(5) that bundler should use. This defaults to a
gemfile in the current working directory. In general, bundler will assume
that the location of the Gemfile(5) is also the project root, and will
look for the Gemfile.lock and vendor/cache relative to
it.
- --path=<path>
- The location to install the gems in the bundle to. This defaults to
Rubygems´ gem home, which is also the default location where gem
install installs gems. This means that, by default, gems installed
without a --path setting will show up in gem list. This
setting is a remembered option.
- --system
- Installs the gems in the bundle to the system location. This overrides any
previous remembered use of --path.
- --without=<list>
- A space-separated list of groups to skip installing. This is a
remembered option.
- --local
- Do not attempt to connect to rubygems.org, instead using just the
gems already present in Rubygems´ cache or in vendor/cache.
Note that if a more appropriate platform-specific gem exists on
rubygems.org, it will not be found.
- --deployment
- Switches bundler´s defaults into deployment mode. Do not use
this flag on development machines.
- --binstubs[=<directory>]
- Create a directory (defaults to bin) containing an executable that
runs in the context of the bundle. For instance, if the rails gem
comes with a rails executable, this flag will create a
bin/rails executable that ensures that all dependencies used come
from the bundled gems.
- --shebang ruby-install-name
- Uses the ruby executable (usually ruby) provided to execute the
scripts created with --binstubs. For instance, if you use --binstubs with
--shebang jruby, all executables will be created to use jruby
instead.
- --standalone[=<list>]
- Make a bundle that can work without Ruby Gems or Bundler at runtime. It
takes a space separated list of groups to install. It creates a
bundle directory and installs the bundle there. It also generates a
bundle/bundler/setup.rb file to replace Bundler´s own
setup.
- --trust-policy=[<policy>]
- Apply the Rubygems security policy named policy, where policy is
one of HighSecurity, MediumSecurity, LowSecurity, AlmostNoSecurity, or
NoSecurity. For more detail, see the Rubygems signing documentation,
linked below in SEE ALSO.
- --jobs=[<size>]
- Install gems parallely by starting size number of parallel
workers.
- --retry[<tries]
- Retries failed network or git requests tries times.
- --no-cache
- Do not update the cache in vendor/cache with the newly bundled
gems. This does not remove any existing cached gems, only stops the newly
bundled gems from being cached during the install.
- --quiet
- Do not print progress information to stdout. Instead, communicate the
success of the install operation via exit status code.
- --clean
- Run bundle clean automatically after install.
- --full-index
- Use the rubygems modern index instead of the API endpoint.
- --no-prune
- Don´t remove stale gems from the cache.
DEPLOYMENT MODE¶
Bundler´s defaults are optimized for development. To switch to defaults
optimized for deployment, use the
--deployment flag. Do not activate
deployment mode on development machines, as it will cause in an error when the
Gemfile is modified.
- 1.
- A Gemfile.lock is required.
- To ensure that the same versions of the gems you developed with and tested
with are also used in deployments, a Gemfile.lock is required.
- This is mainly to ensure that you remember to check your
Gemfile.lock into version control.
- 2.
- The Gemfile.lock must be up to date
- In development, you can modify your Gemfile(5) and re-run bundle
install to conservatively update your Gemfile.lock
snapshot.
- In deployment, your Gemfile.lock should be up-to-date with changes
made in your Gemfile(5).
- 3.
- Gems are installed to vendor/bundle not your default system
location
- In development, it´s convenient to share the gems used in your
application with other applications and other scripts run on the
system.
- In deployment, isolation is a more important default. In addition, the
user deploying the application may not have permission to install gems to
the system, or the web server may not have permission to read them.
- As a result, bundle install --deployment installs gems to the
vendor/bundle directory in the application. This may be overridden
using the --path option.
-
SUDO USAGE¶
By default, bundler installs gems to the same location as
gem install.
In some cases, that location may not be writable by your Unix user. In that
case, bundler will stage everything in a temporary directory, then ask you for
your
sudo password in order to copy the gems into their system
location.
From your perspective, this is identical to installing them gems directly into
the system.
You should never use
sudo bundle install. This is because several other
steps in
bundle install must be performed as the current user:
- •
- Updating your Gemfile.lock
- •
- Updating your vendor/cache, if necessary
- •
- Checking out private git repositories using your user´s SSH
keys
-
Of these three, the first two could theoretically be performed by
chowning the resulting files to
$SUDO_USER. The third, however,
can only be performed by actually invoking the
git command as the
current user. Therefore, git gems are downloaded and installed into
~/.bundle rather than $GEM_HOME or $BUNDLE_PATH.
As a result, you should run
bundle install as the current user, and
bundler will ask for your password if it is needed to put the gems into their
final location.
INSTALLING GROUPS¶
By default,
bundle install will install all gems in all groups in your
Gemfile(5), except those declared for a different platform.
However, you can explicitly tell bundler to skip installing certain groups with
the
--without option. This option takes a space-separated list of
groups.
While the
--without option will skip
installing the gems in the
specified groups, it will still
download those gems and use them to
resolve the dependencies of every gem in your Gemfile(5).
This is so that installing a different set of groups on another machine (such as
a production server) will not change the gems and versions that you have
already developed and tested against.
Bundler offers a rock-solid guarantee that the third-party code you are
running in development and testing is also the third-party code you are
running in production. You can choose to exclude some of that code in
different environments, but you will never be caught flat-footed by different
versions of third-party code being used in different environments.
For a simple illustration, consider the following Gemfile(5):
-
-
source "https://rubygems.org"
gem "sinatra"
group :production do
gem "rack-perftools-profiler"
end
-
In this case,
sinatra depends on any version of Rack (
>= 1.0,
while
rack-perftools-profiler depends on 1.x (
~> 1.0).
When you run
bundle install --without production in development, we look
at the dependencies of
rack-perftools-profiler as well. That way, you
do not spend all your time developing against Rack 2.0, using new APIs
unavailable in Rack 1.x, only to have bundler switch to Rack 1.2 when the
production group
is used.
This should not cause any problems in practice, because we do not attempt to
install the gems in the excluded groups, and only evaluate as part of
the dependency resolution process.
This also means that you cannot include different versions of the same gem in
different groups, because doing so would result in different sets of
dependencies used in development and production. Because of the vagaries of
the dependency resolution process, this usually affects more than just the
gems you list in your Gemfile(5), and can (surprisingly) radically change the
gems you are using.
REMEMBERED OPTIONS¶
Some options (marked above in the
OPTIONS section) are remembered between
calls to
bundle install, and by the Bundler runtime.
For instance, if you run
bundle install --without test, a subsequent call
to
bundle install that does not include a
--without flag will
remember your previous choice.
In addition, a call to
Bundler.setup will not attempt to make the gems in
those groups available on the Ruby load path, as they were not installed.
The settings that are remembered are:
- --deployment
- At runtime, this remembered setting will also result in Bundler raising an
exception if the Gemfile.lock is out of date.
- --path
- Subsequent calls to bundle install will install gems to the
directory originally passed to --path. The Bundler runtime will
look for gems in that location. You can revert this option by running
bundle install --system.
- --binstubs
- Bundler will update the executables every subsequent call to bundle
install.
- --without
- As described above, Bundler will skip the gems specified by
--without in subsequent calls to bundle install. The Bundler
runtime will also not try to make the gems in the skipped groups
available.
THE GEMFILE.LOCK¶
When you run
bundle install, Bundler will persist the full names and
versions of all gems that you used (including dependencies of the gems
specified in the Gemfile(5)) into a file called
Gemfile.lock.
Bundler uses this file in all subsequent calls to
bundle install, which
guarantees that you always use the same exact code, even as your application
moves across machines.
Because of the way dependency resolution works, even a seemingly small change
(for instance, an update to a point-release of a dependency of a gem in your
Gemfile(5)) can result in radically different gems being needed to satisfy all
dependencies.
As a result, you
SHOULD check your
Gemfile.lock into version
control. If you do not, every machine that checks out your repository
(including your production server) will resolve all dependencies again, which
will result in different versions of third-party code being used if
any
of the gems in the Gemfile(5) or any of their dependencies have been updated.
CONSERVATIVE UPDATING¶
When you make a change to the Gemfile(5) and then run
bundle install,
Bundler will update only the gems that you modified.
In other words, if a gem that you
did not modify worked before you called
bundle install, it will continue to use the exact same versions of all
dependencies as it used before the update.
Let´s take a look at an example. Here´s your original Gemfile(5):
-
-
source "https://rubygems.org"
gem "actionpack", "2.3.8"
gem "activemerchant"
-
In this case, both
actionpack and
activemerchant depend on
activesupport. The
actionpack gem depends on
activesupport
2.3.8 and
rack ~> 1.1.0, while the
activemerchant gem
depends on
activesupport >= 2.3.2,
braintree >= 2.0.0, and
builder >= 2.0.0.
When the dependencies are first resolved, Bundler will select
activesupport
2.3.8, which satisfies the requirements of both gems in your Gemfile(5).
Next, you modify your Gemfile(5) to:
-
-
source "https://rubygems.org"
gem "actionpack", "3.0.0.rc"
gem "activemerchant"
-
The
actionpack 3.0.0.rc gem has a number of new dependencies, and updates
the
activesupport dependency to
= 3.0.0.rc and the
rack
dependency to
~> 1.2.1.
When you run
bundle install, Bundler notices that you changed the
actionpack gem, but not the
activemerchant gem. It evaluates the
gems currently being used to satisfy its requirements:
- activesupport 2.3.8
- also used to satisfy a dependency in activemerchant, which is not
being updated
- rack ~> 1.1.0
- not currently being used to satisfy another dependency
Because you did not explicitly ask to update
activemerchant, you would
not expect it to suddenly stop working after updating
actionpack.
However, satisfying the new
activesupport 3.0.0.rc dependency of
actionpack requires updating one of its dependencies.
Even though
activemerchant declares a very loose dependency that
theoretically matches
activesupport 3.0.0.rc, bundler treats gems in
your Gemfile(5) that have not changed as an atomic unit together with their
dependencies. In this case, the
activemerchant dependency is treated as
activemerchant 1.7.1 + activesupport 2.3.8, so
bundle install
will report that it cannot update
actionpack.
To explicitly update
actionpack, including its dependencies which other
gems in the Gemfile(5) still depend on, run
bundle update actionpack
(see
bundle update(1)).
Summary: In general, after making a change to the Gemfile(5) , you should
first try to run
bundle install, which will guarantee that no other
gems in the Gemfile(5) are impacted by the change. If that does not work, run
bundle update(1)
bundle-update.1.html.
SEE ALSO¶
- •
- Gem install docs:
http://guides.rubygems.org/rubygems-basics/#installing-gems
- •
- Rubygems signing docs: http://guides.rubygems.org/security/
-
-