Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-19012

Artifactory retrieves the latest Gem package without considering the installed Ruby version

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Done
    • Priority: 4 - Normal
    • Resolution: Done
    • Affects Version/s: 6.9.1
    • Fix Version/s: 6.23.13, 7.15.3
    • Component/s: None
    • Labels:
    • Epic Name:
      RubyGems compact index support

      Description

      Take the package 'dry-validation' for example.
      For version 0.13.1, you must have Ruby version >=2.4.0 to install this version, as mentioned here: https://rubygems.org/gems/dry-validation/versions/0.13.1
      For version 0.13.0, on the other hand, you can have any Ruby version installed (>=0), as mentioned here: https://rubygems.org/gems/dry-validation/versions/0.13.0

      Follow these steps:
      1. Install Ruby version < 2.4.0 (for example 2.3.1)
      2. Create a Gemfile with this content:

      source 'https://rubygems.org'
      
      ruby '2.3.1'
      gem 'dry-validation', '~> 0.10'
      

      3. Run bundle install:
      bundle install --verbose

      Result:

      $ sudo bundle install
      Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
      Fetching gem metadata from https://rubygems.org/....
      Resolving dependencies...
      Using bundler 2.0.1
      Using concurrent-ruby 1.1.5
      Using dry-core 0.4.7
      Using dry-configurable 0.8.2
      Using dry-container 0.7.0
      Using dry-equalizer 0.2.2
      Using dry-inflector 0.1.2
      Using dry-logic 0.6.0
      Using dry-types 0.15.0
      Fetching dry-validation 0.13.0
      Installing dry-validation 0.13.0
      Bundle complete! 1 Gemfile dependency, 10 gems now installed.
      
      • Working directly with https://rubygems.org, you'll get the latest version that is compatible with your installed Ruby version, which is 0.13.0.

      Now, working with Artifactory:
      1. Remove the auto created Gemfile.lock in the working directory
      2. Remove the installed Gems and clean the local cache
      3. Change the Gemfile first line to work with Artifactory:

      http://admin:password@localhost:8081/artifactory/api/gems/gems-remote/

      4. Run bundle install:

      bundle install --verbose

      Result:

      $ sudo bundle install
      Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
      Fetching gem metadata from http://localhost:8081/artifactory/api/gems/gems-remote/.....
      Resolving dependencies...
      Using bundler 2.0.1
      Using concurrent-ruby 1.1.5
      Fetching dry-core 0.4.7
      Installing dry-core 0.4.7
      Fetching dry-configurable 0.8.2
      Installing dry-configurable 0.8.2
      Fetching dry-container 0.7.0
      Installing dry-container 0.7.0
      Fetching dry-equalizer 0.2.2
      Installing dry-equalizer 0.2.2
      Fetching dry-inflector 0.1.2
      Installing dry-inflector 0.1.2
      Fetching dry-logic 0.6.0
      Installing dry-logic 0.6.0
      Fetching dry-types 0.14.1
      Installing dry-types 0.14.1
      Fetching dry-validation 0.13.1
      Installing dry-validation 0.13.1
      Gem::InstallError: dry-validation requires Ruby version >= 2.4.0.
      An error occurred while installing dry-validation (0.13.1), and Bundler cannot continue.
      Make sure that `gem install dry-validation -v '0.13.1' --source 'http://admin:password@localhost:8081/artifactory/api/gems/gems-remote/'` succeeds before bundling.
      
      • Working against Artifactory, it tries to retrieve the latest version of the Gem package (0.13.1) without taking the installed Ruby version into consideration, resulting in client error.

      Additional Description

      Artifactory need to support new index mechanism named compact index to support two new api calls.

      for example those call against rubygems.org 

      '/versions'  -> https://rubygems.org/versions (the repository index)

      '/info/<package name>' -> https://rubygems.org/info/dry-validation (the package index)

      the repository index is a histogram of the changes happed in the repository this file may explode and his size might grow to hundreds of megabytes.

      We supporting it now for local remote and virtual repositories, those must be tested against various bundler clients.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rotemk Rotem Kfir
              Reporter:
              avivb Aviv Blonder
              Votes:
              8 Vote for this issue
              Watchers:
              17 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-19012 -
                  SYNCHRONIZED
                  • Last Sync Date: