[katello-devel] Bundler vs rpm-gems

Bryan Kearney bkearney at redhat.com
Wed Aug 22 12:12:28 UTC 2012 

On 08/22/2012 04:54 AM, Dmitri Dolguikh wrote:
> On 22/08/12 09:39 AM, Petr Chalupa wrote:
>> Hi,
>>
>> as Ivan and Lukas said on mail-list, I had some ideas how to solve our
>> bundler/rpm issues. Then I had discussion with Ivan and Mirek and here
>> is the proposed solution.
>>
>> == Requirements
>>
>> When installing on fedora/rhel in production. Do not mess with the
>> production setup, rpm gems are used, 'bundle install' wont install
>> anything else.
>>
>> When installing on fedora/rhel in development. 'bundle install'
>> prefers rpm-gems even if there is a newer gem in our gem-repo [2].
>> Additional development dependencies are installed.
>>
>> When installing on any other system (Debian, Ubuntu, Mac, ...) in
>> development. 'bundle install' installs the same versions of gems as
>> would be installed on fedora. Optionally (at least made it possible in
>> the future) 'bundle install' installs not only the same versions but
>> also gems including security fixes included in rpm-gems.
>>
>> == Proposal
>>
>> I'll add monkey patch to katello/master for bundler which will ensure
>> that rpm-gems are preferred (even if they are older than gems in a
>> gem-repo). It's based on bkabrda's patch [1].
>>
>> I'll ensure that our gem repo [2] contains all gems needed for katello
>> development (some are still missing). This enables katello (rails app)
>> to be installed on any system without rubygems.org.
>>
>> I would like to work on this in the next iteration. Also I would like
>> to explore how difficult would be to create gem versions with security
>> patches (which is important for non fedora development - me).
>>
>> We also discussed it would be nice to move our gem-repo to github a
>> publish it on pages.github. The repo would be more visible. It would
>> allow us to use pull-requests for tracking new gem-dependencies. It
>> would be on one place.
> I'm going to suggest that we stop maintaining katello-specific gem
> repository, and for a few reasons:
>   - it's redundant
>   - we should make more effort to work with upstream, esp. if this
> concerns security issues
>   - current katello gem repository is not sufficient to be used with
> bundler, as it lacks some of the gems
>

I agree... except that we will want to ensure that we stay on a specific 
version of the gems so we are not always repackaging.

- bk

More information about the katello-devel mailing list