Bundle install --deployment fails with Gemfile.lock is corrupt

[trevorturk]

This is a followup re: #4467, #5006, and #5008 with steps to reproduce the issue I'm seeing that I don't believe has been fixed by version 1.13.2:

https://github.com/trevorturk/bundler-test-5006

The issue can be worked around by replacing sinatra-sequel with my forked gem rtomayko/sinatra-sequel@master...trevorturk:no-bacon that removes an add_development_dependency line which seems to be causing the error. The change to the Gemfile would be:

gem 'sinatra-sequel', github: 'trevorturk/sinatra-sequel', branch: 'no-bacon'

[indirect]

@segiddins my best theory at the moment is that this is a result of the development dependencies change you made to gemspec recently, let me know if you have time to investigate.

[trevorturk]

Thanks, all -- let me know if I can be of any further assistance debugging etc. I'm more than happy to help if I can.

[segiddins]

Confirmed, thanks for the repro case!

[segiddins]

So my one question is, how did you get this lockfile? Since if I rm Gemfile.lock && bundle install, it generates a correct lockfile (as bacon is indeed a runtime dependency of sinatra-sequel and it is missing in the lockfile in the repro repo)

[indirect]

@segiddins based on comments from an earlier ticket, I believe this lockfile was generated by Bundler 1.11

[segiddins]

Then it would appear that we fixed a bug in the meantime -- the error is correct, that lockfile is wrong

[trevorturk]

I'm still seeing the issue, here's a demo:

/tmp/bundler-test-5006 (master) $ git st
On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working tree clean
/tmp/bundler-test-5006 (master) $ ruby -v
ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-darwin15.0]
/tmp/bundler-test-5006 (master) $ bundler -v
Bundler version 1.13.2
/tmp/bundler-test-5006 (master) $ rm Gemfile.lock
/tmp/bundler-test-5006 (master *) $ bundle install
Fetching gem metadata from https://rubygems.org/..........
Fetching version metadata from https://rubygems.org/.
Resolving dependencies...
Using rack 1.6.4
Using sequel 4.39.0
Using tilt 2.0.5
Using bundler 1.13.2
Using rack-protection 1.5.3
Using sinatra 1.4.7
Using sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 7 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
/tmp/bundler-test-5006 (master *) $ git diff
diff --git a/Gemfile.lock b/Gemfile.lock
index 965985f..46e151a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,18 +1,18 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    rack (1.6.0)
+    rack (1.6.4)
     rack-protection (1.5.3)
       rack
     sequel (4.39.0)
-    sinatra (1.4.6)
-      rack (~> 1.4)
+    sinatra (1.4.7)
+      rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
     sinatra-sequel (0.9.0)
       sequel (>= 3.2.0)
       sinatra (>= 0.9.4)
-    tilt (2.0.1)
+    tilt (2.0.5)

 PLATFORMS
   ruby
/tmp/bundler-test-5006 (master *) $ bundle install --deployment
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Installing rack 1.6.4
Installing sequel 4.39.0
Installing tilt 2.0.5
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

[indirect]

@segiddins even if we fixed a bug, we need to ensure that actually working lockfiles continue to actually work 👍

[segiddins]

@trevorturk you need to install with the fixed version of bundler

@indirect the point of that check is that those lock files always were broken

[trevorturk]

Can you have a closer look at that demo I posted in the comments here? I believe I am installing with the version of bundler you want:

/tmp/bundler-test-5006 (master) $ bundler -v
Bundler version 1.13.2

[segiddins]

but it's not changing the version in the lockfile, which has me suspicious. When I rm Gemfile.lock && bundle install, it succeeds for me

[indirect]

Okay... this is super weird. @trevorturk, this is working for me too.

here's a transcript of me cloning your demo and using Bundler 1.13.2 to run the same commands... but it works

$ git clone https://github.com/trevorturk/bundler-test-5006
Cloning into 'bundler-test-5006'...
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 11 (delta 3), reused 10 (delta 2), pack-reused 0
Unpacking objects: 100% (11/11), done.
Checking connectivity... done.

$ cd bundler-test-5006/

$ ruby -v
ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-darwin15.0]

$ bundler -v
Bundler version 1.13.2

$ rm Gemfile.lock

$ bundle install --path .bundle
Fetching gem metadata from https://rubygems.org/..........
Fetching version metadata from https://rubygems.org/.
Resolving dependencies...
Using bundler 1.13.2
Installing bacon 1.2.0
Installing tilt 2.0.5
Installing rack 1.6.4
Installing sequel 4.39.0
Installing rack-protection 1.5.3
Installing sinatra 1.4.7
Installing sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 8 gems now installed.
Bundled gems are installed into ./.bundle.

$ git diff
diff --git a/Gemfile.lock b/Gemfile.lock
index 965985f..2f362f9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,18 +1,20 @@
GEM
remote: https://rubygems.org/
specs:

• rack (1.6.0)
• bacon (1.2.0)
• rack (1.6.4)
  rack-protection (1.5.3)
  rack
  sequel (4.39.0)
• sinatra (1.4.6)

•  rack (~> 1.4)
  

• sinatra (1.4.7)

•  rack (~> 1.5)
  

  rack-protection (~> 1.4)
  tilt (>= 1.3, < 3)
  sinatra-sequel (0.9.0)

•  bacon
  

  sequel (>= 3.2.0)
  sinatra (>= 0.9.4)
• tilt (2.0.1)
• tilt (2.0.5)

PLATFORMS
ruby

$ bundle install --deployment
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Using bundler 1.13.2
Installing bacon 1.2.0
Installing tilt 2.0.5
Installing rack 1.6.4
Installing sequel 4.39.0
Installing rack-protection 1.5.3
Installing sinatra 1.4.7
Installing sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 8 gems now installed.
Bundled gems are installed into ./vendor/bundle.

[indirect]

hoooo boy. okay, this is pretty fucking weird. @segiddins, this only reproduces with both --system and --deployment... and from that point on, install will always raise, until you pass --no-deployment.

here's a demo

$ git clone https://github.com/trevorturk/bundler-test-5006
Cloning into 'bundler-test-5006'...
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 11 (delta 3), reused 10 (delta 2), pack-reused 0
Unpacking objects: 100% (11/11), done.
Checking connectivity... done.

$ cd bundler-test-5006/

$ ruby -v
ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-darwin15.0]

$ gem -v
2.2.5

$ bundle -v
Bundler version 1.13.2

$ bundle install
Using rack 1.6.0
Using sequel 4.39.0
Using tilt 2.0.1
Using bundler 1.13.2
Using rack-protection 1.5.3
Using sinatra 1.4.6
Using sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 7 gems now installed.
Use bundle show [gemname] to see where a bundled gem is installed.

$ bundle install --deployment
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Installing tilt 2.0.1
Installing rack 1.6.0
Installing sequel 4.39.0
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

$ bundle install
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Using rack 1.6.0
Using sequel 4.39.0
Using tilt 2.0.1
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

$ bundle install --path .bundle
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Installing tilt 2.0.1
Installing rack 1.6.0
Installing sequel 4.39.0
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

$ bundle install --no-deployment
Using rack 1.6.0
Using sequel 4.39.0
Using tilt 2.0.1
Using bundler 1.13.2
Using rack-protection 1.5.3
Using sinatra 1.4.6
Using sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 7 gems now installed.
Use bundle show [gemname] to see where a bundled gem is installed.

[indirect]

Lockfiles that raise exceptions only when --deployment is passed are definitely a bug, one way or another.

[indirect]

@segiddins note further that this happens even after using Bundler 1.13.2 to generate a completely new lock from scratch:

$ rm Gemfile.lock

$ bundle install --system
Using rack 1.6.4
Using sequel 4.39.0
Using tilt 2.0.5
Using bundler 1.13.2
Using rack-protection 1.5.3
Using sinatra 1.4.7
Using sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 7 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

$ bundle install --deployment
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Using sequel 4.39.0
Installing tilt 2.0.5
Installing rack 1.6.4
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

[trevorturk]

Hmm, I don't know what could be different about my setup. Here's my env:

/tmp/bundler-test-5006 (master) $ bundle env
Environment

    Bundler   1.13.2
    Rubygems  2.5.2
    Ruby      2.1.10p492 (2016-04-01 revision 54464) [x86_64-darwin15.0]
    Git       2.10.0

Bundler settings

    build.eventmachine
      Set for the current user (/Users/trevorturk/.bundle/config): "--with-cppflags=-I/usr/local/opt/openssl/include"
    build.puma
      Set for the current user (/Users/trevorturk/.bundle/config): "--with-cppflags=-I/usr/local/opt/openssl/include"

Gemfile

    source 'https://rubygems.org'
    ruby '2.1.10'

    gem 'sinatra-sequel'

Gemfile.lock

    GEM
      remote: https://rubygems.org/
      specs:
        rack (1.6.0)
        rack-protection (1.5.3)
          rack
        sequel (4.39.0)
        sinatra (1.4.6)
          rack (~> 1.4)
          rack-protection (~> 1.4)
          tilt (>= 1.3, < 3)
        sinatra-sequel (0.9.0)
          sequel (>= 3.2.0)
          sinatra (>= 0.9.4)
        tilt (2.0.1)

    PLATFORMS
      ruby

    DEPENDENCIES
      sinatra-sequel

    RUBY VERSION
       ruby 2.1.10p492

    BUNDLED WITH
       1.13.2

The repo I linked to has the lock file set to 1.13.2 so I wouldn't expect it to change the version in the lock file.

[indirect]

@trevorturk thanks for bearing with us while we figured out exactly how to reproduce it. git bisect points the finger at c539a4c, which makes sense. Now we just need to figure out why it's only broken sometimes!

[indirect]

Possibly-related discovery by @segiddins: according to rubygems.org, the sinatra-sequel gem somehow depends on bacon as both a runtime and development dependency, separately. https://rubygems.org/gems/sinatra-sequel/versions/0.9.0

[trevorturk]

Hmm... I'm not sure what else to try w/r/t identifying what's different about my env. I tested updating my rubygems and I can still reproduce:

/tmp/bundler-test-5006 (master) $ gem update --system
[...]
/tmp/bundler-test-5006 (master) $ gem --version
2.6.7
/tmp/bundler-test-5006 (master) $ bundle install
Using rack 1.6.0
Using sequel 4.39.0
Using tilt 2.0.1
Using bundler 1.13.2
Using rack-protection 1.5.3
Using sinatra 1.4.6
Using sinatra-sequel 0.9.0
Bundle complete! 1 Gemfile dependency, 7 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
/tmp/bundler-test-5006 (master) $ bundle install --deployment
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/.
Installing rack 1.6.0
Installing sequel 4.39.0
Installing tilt 2.0.1
Your Gemfile.lock is corrupt. The following gem is missing from the DEPENDENCIES section: 'bacon'

I'm using rbenv, in case that might be a difference with my setup:

/tmp/bundler-test-5006 (master) $ ruby -v
ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-darwin15.0]
/tmp/bundler-test-5006 (master) $ rbenv version
2.1.10 (set by /tmp/bundler-test-5006/.ruby-version)
/tmp/bundler-test-5006 (master) $ which ruby
/usr/local/var/rbenv/shims/ruby

If you have any other ideas, I'm happy to test. I mentioned this before, but I'm also happy to screen share etc if that might help. Thanks again for continuing this hunt. I sure hope I'm not doing something stupid and sending us on a wild goose chase! 😅

[chrismo]

reminder to <