1BUNDLE-INSTALL(1) BUNDLE-INSTALL(1)
2
3
4
6 bundle-install - Install the dependencies specified in your Gemfile
7
9 bundle install [--binstubs[=DIRECTORY]] [--clean] [--deployment]
10 [--frozen] [--full-index] [--gemfile=GEMFILE] [--jobs=NUMBER] [--local]
11 [--no-cache] [--no-prune] [--path PATH] [--quiet] [--redownload]
12 [--retry=NUMBER] [--shebang] [--standalone[=GROUP[ GROUP...]]] [--sys‐
13 tem] [--trust-policy=POLICY] [--with=GROUP[ GROUP...]] [--with‐
14 out=GROUP[ GROUP...]]
15
17 Install the gems specified in your Gemfile(5). If this is the first
18 time you run bundle install (and a Gemfile.lock does not exist),
19 Bundler will fetch all remote sources, resolve dependencies and install
20 all needed gems.
21
22 If a Gemfile.lock does exist, and you have not updated your Gemfile(5),
23 Bundler will fetch all remote sources, but use the dependencies speci‐
24 fied in the Gemfile.lock instead of resolving dependencies.
25
26 If a Gemfile.lock does exist, and you have updated your Gemfile(5),
27 Bundler will use the dependencies in the Gemfile.lock for all gems that
28 you did not update, but will re-resolve the dependencies of gems that
29 you did update. You can find more information about this update process
30 below under CONSERVATIVE UPDATING.
31
33 The --clean, --deployment, --frozen, --no-prune, --path, --shebang,
34 --system, --without and --with options are deprecated because they only
35 make sense if they are applied to every subsequent bundle install run
36 automatically and that requires bundler to silently remember them.
37 Since bundler will no longer remember CLI flags in future versions,
38 bundle config (see bundle-config(1)) should be used to apply them per‐
39 manently.
40
41 --binstubs[=<directory>]
42 Binstubs are scripts that wrap around executables. Bundler cre‐
43 ates a small Ruby file (a binstub) that loads Bundler, runs the
44 command, and puts it in bin/. This lets you link the binstub in‐
45 side of an application to the exact gem version the application
46 needs.
47
48 Creates a directory (defaults to ~/bin) and places any executa‐
49 bles from the gem there. These executables run in Bundler´s con‐
50 text. If used, you might add this directory to your environ‐
51 ment´s PATH variable. For instance, if the rails gem comes with
52 a rails executable, this flag will create a bin/rails executable
53 that ensures that all referred dependencies will be resolved us‐
54 ing the bundled gems.
55
56 --clean
57 On finishing the installation Bundler is going to remove any
58 gems not present in the current Gemfile(5). Don´t worry, gems
59 currently in use will not be removed.
60
61 This option is deprecated in favor of the clean setting.
62
63 --deployment
64 In deployment mode, Bundler will ´roll-out´ the bundle for pro‐
65 duction or CI use. Please check carefully if you want to have
66 this option enabled in your development environment.
67
68 This option is deprecated in favor of the deployment setting.
69
70 --redownload
71 Force download every gem, even if the required versions are al‐
72 ready available locally.
73
74 --frozen
75 Do not allow the Gemfile.lock to be updated after this install.
76 Exits non-zero if there are going to be changes to the Gem‐
77 file.lock.
78
79 This option is deprecated in favor of the frozen setting.
80
81 --full-index
82 Bundler will not call Rubygems´ API endpoint (default) but down‐
83 load and cache a (currently big) index file of all gems. Perfor‐
84 mance can be improved for large bundles that seldom change by
85 enabling this option.
86
87 --gemfile=<gemfile>
88 The location of the Gemfile(5) which Bundler should use. This
89 defaults to a Gemfile(5) in the current working directory. In
90 general, Bundler will assume that the location of the Gemfile(5)
91 is also the project´s root and will try to find Gemfile.lock and
92 vendor/cache relative to this location.
93
94 --jobs=[<number>], -j[<number>]
95 The maximum number of parallel download and install jobs. The
96 default is the number of available processors.
97
98 --local
99 Do not attempt to connect to rubygems.org. Instead, Bundler will
100 use the gems already present in Rubygems´ cache or in ven‐
101 dor/cache. Note that if an appropriate platform-specific gem ex‐
102 ists on rubygems.org it will not be found.
103
104 --prefer-local
105 Force using locally installed gems, or gems already present in
106 Rubygems´ cache or in vendor/cache, when resolving, even if
107 newer versions are available remotely. Only attempt to connect
108 to rubygems.org for gems that are not present locally.
109
110 --no-cache
111 Do not update the cache in vendor/cache with the newly bundled
112 gems. This does not remove any gems in the cache but keeps the
113 newly bundled gems from being cached during the install.
114
115 --no-prune
116 Don´t remove stale gems from the cache when the installation
117 finishes.
118
119 This option is deprecated in favor of the no_prune setting.
120
121 --path=<path>
122 The location to install the specified gems to. This defaults to
123 Rubygems´ setting. Bundler shares this location with Rubygems,
124 gem install ... will have gem installed there, too. Therefore,
125 gems installed without a --path ... setting will show up by
126 calling gem list. Accordingly, gems installed to other locations
127 will not get listed.
128
129 This option is deprecated in favor of the path setting.
130
131 --quiet
132 Do not print progress information to the standard output. In‐
133 stead, Bundler will exit using a status code ($?).
134
135 --retry=[<number>]
136 Retry failed network or git requests for number times.
137
138 --shebang=<ruby-executable>
139 Uses the specified ruby executable (usually ruby) to execute the
140 scripts created with --binstubs. In addition, if you use --bin‐
141 stubs together with --shebang jruby these executables will be
142 changed to execute jruby instead.
143
144 This option is deprecated in favor of the shebang setting.
145
146 --standalone[=<list>]
147 Makes a bundle that can work without depending on Rubygems or
148 Bundler at runtime. A space separated list of groups to install
149 has to be specified. Bundler creates a directory named bundle
150 and installs the bundle there. It also generates a bun‐
151 dle/bundler/setup.rb file to replace Bundler´s own setup in the
152 manner required. Using this option implicitly sets path, which
153 is a [remembered option][REMEMBERED OPTIONS].
154
155 --system
156 Installs the gems specified in the bundle to the system´s
157 Rubygems location. This overrides any previous configuration of
158 --path.
159
160 This option is deprecated in favor of the system setting.
161
162 --trust-policy=[<policy>]
163 Apply the Rubygems security policy policy, where policy is one
164 of HighSecurity, MediumSecurity, LowSecurity, AlmostNoSecurity,
165 or NoSecurity. For more details, please see the Rubygems signing
166 documentation linked below in SEE ALSO.
167
168 --with=<list>
169 A space-separated list of groups referencing gems to install. If
170 an optional group is given it is installed. If a group is given
171 that is in the remembered list of groups given to --without, it
172 is removed from that list.
173
174 This option is deprecated in favor of the with setting.
175
176 --without=<list>
177 A space-separated list of groups referencing gems to skip during
178 installation. If a group is given that is in the remembered list
179 of groups given to --with, it is removed from that list.
180
181 This option is deprecated in favor of the without setting.
182
184 Bundler´s defaults are optimized for development. To switch to defaults
185 optimized for deployment and for CI, use the --deployment flag. Do not
186 activate deployment mode on development machines, as it will cause an
187 error when the Gemfile(5) is modified.
188
189 1. A Gemfile.lock is required.
190
191 To ensure that the same versions of the gems you developed with and
192 tested with are also used in deployments, a Gemfile.lock is re‐
193 quired.
194
195 This is mainly to ensure that you remember to check your Gem‐
196 file.lock into version control.
197
198 2. The Gemfile.lock must be up to date
199
200 In development, you can modify your Gemfile(5) and re-run bundle
201 install to conservatively update your Gemfile.lock snapshot.
202
203 In deployment, your Gemfile.lock should be up-to-date with changes
204 made in your Gemfile(5).
205
206 3. Gems are installed to vendor/bundle not your default system loca‐
207 tion
208
209 In development, it´s convenient to share the gems used in your ap‐
210 plication with other applications and other scripts that run on the
211 system.
212
213 In deployment, isolation is a more important default. In addition,
214 the user deploying the application may not have permission to in‐
215 stall gems to the system, or the web server may not have permission
216 to read them.
217
218 As a result, bundle install --deployment installs gems to the ven‐
219 dor/bundle directory in the application. This may be overridden us‐
220 ing the --path option.
221
222
223
225 By default, Bundler installs gems to the same location as gem install.
226
227 In some cases, that location may not be writable by your Unix user. In
228 that case, Bundler will stage everything in a temporary directory, then
229 ask you for your sudo password in order to copy the gems into their
230 system location.
231
232 From your perspective, this is identical to installing the gems di‐
233 rectly into the system.
234
235 You should never use sudo bundle install. This is because several other
236 steps in bundle install must be performed as the current user:
237
238 • Updating your Gemfile.lock
239
240 • Updating your vendor/cache, if necessary
241
242 • Checking out private git repositories using your user´s SSH keys
243
244
245
246 Of these three, the first two could theoretically be performed by
247 chowning the resulting files to $SUDO_USER. The third, however, can
248 only be performed by invoking the git command as the current user.
249 Therefore, git gems are downloaded and installed into ~/.bundle rather
250 than $GEM_HOME or $BUNDLE_PATH.
251
252 As a result, you should run bundle install as the current user, and
253 Bundler will ask for your password if it is needed to put the gems into
254 their final location.
255
257 By default, bundle install will install all gems in all groups in your
258 Gemfile(5), except those declared for a different platform.
259
260 However, you can explicitly tell Bundler to skip installing certain
261 groups with the --without option. This option takes a space-separated
262 list of groups.
263
264 While the --without option will skip installing the gems in the speci‐
265 fied groups, it will still download those gems and use them to resolve
266 the dependencies of every gem in your Gemfile(5).
267
268 This is so that installing a different set of groups on another machine
269 (such as a production server) will not change the gems and versions
270 that you have already developed and tested against.
271
272 Bundler offers a rock-solid guarantee that the third-party code you are
273 running in development and testing is also the third-party code you are
274 running in production. You can choose to exclude some of that code in
275 different environments, but you will never be caught flat-footed by
276 different versions of third-party code being used in different environ‐
277 ments.
278
279 For a simple illustration, consider the following Gemfile(5):
280
281
282
283 source ´https://rubygems.org´
284
285 gem ´sinatra´
286
287 group :production do
288 gem ´rack-perftools-profiler´
289 end
290
291
292
293 In this case, sinatra depends on any version of Rack (>= 1.0), while
294 rack-perftools-profiler depends on 1.x (~> 1.0).
295
296 When you run bundle install --without production in development, we
297 look at the dependencies of rack-perftools-profiler as well. That way,
298 you do not spend all your time developing against Rack 2.0, using new
299 APIs unavailable in Rack 1.x, only to have Bundler switch to Rack 1.2
300 when the production group is used.
301
302 This should not cause any problems in practice, because we do not at‐
303 tempt to install the gems in the excluded groups, and only evaluate as
304 part of the dependency resolution process.
305
306 This also means that you cannot include different versions of the same
307 gem in different groups, because doing so would result in different
308 sets of dependencies used in development and production. Because of the
309 vagaries of the dependency resolution process, this usually affects
310 more than the gems you list in your Gemfile(5), and can (surprisingly)
311 radically change the gems you are using.
312
314 When you run bundle install, Bundler will persist the full names and
315 versions of all gems that you used (including dependencies of the gems
316 specified in the Gemfile(5)) into a file called Gemfile.lock.
317
318 Bundler uses this file in all subsequent calls to bundle install, which
319 guarantees that you always use the same exact code, even as your appli‐
320 cation moves across machines.
321
322 Because of the way dependency resolution works, even a seemingly small
323 change (for instance, an update to a point-release of a dependency of a
324 gem in your Gemfile(5)) can result in radically different gems being
325 needed to satisfy all dependencies.
326
327 As a result, you SHOULD check your Gemfile.lock into version control,
328 in both applications and gems. If you do not, every machine that checks
329 out your repository (including your production server) will resolve all
330 dependencies again, which will result in different versions of
331 third-party code being used if any of the gems in the Gemfile(5) or any
332 of their dependencies have been updated.
333
334 When Bundler first shipped, the Gemfile.lock was included in the .git‐
335 ignore file included with generated gems. Over time, however, it became
336 clear that this practice forces the pain of broken dependencies onto
337 new contributors, while leaving existing contributors potentially un‐
338 aware of the problem. Since bundle install is usually the first step
339 towards a contribution, the pain of broken dependencies would discour‐
340 age new contributors from contributing. As a result, we have revised
341 our guidance for gem authors to now recommend checking in the lock for
342 gems.
343
345 When you make a change to the Gemfile(5) and then run bundle install,
346 Bundler will update only the gems that you modified.
347
348 In other words, if a gem that you did not modify worked before you
349 called bundle install, it will continue to use the exact same versions
350 of all dependencies as it used before the update.
351
352 Let´s take a look at an example. Here´s your original Gemfile(5):
353
354
355
356 source ´https://rubygems.org´
357
358 gem ´actionpack´, ´2.3.8´
359 gem ´activemerchant´
360
361
362
363 In this case, both actionpack and activemerchant depend on activesup‐
364 port. The actionpack gem depends on activesupport 2.3.8 and rack ~>
365 1.1.0, while the activemerchant gem depends on activesupport >= 2.3.2,
366 braintree >= 2.0.0, and builder >= 2.0.0.
367
368 When the dependencies are first resolved, Bundler will select ac‐
369 tivesupport 2.3.8, which satisfies the requirements of both gems in
370 your Gemfile(5).
371
372 Next, you modify your Gemfile(5) to:
373
374
375
376 source ´https://rubygems.org´
377
378 gem ´actionpack´, ´3.0.0.rc´
379 gem ´activemerchant´
380
381
382
383 The actionpack 3.0.0.rc gem has a number of new dependencies, and up‐
384 dates the activesupport dependency to = 3.0.0.rc and the rack depen‐
385 dency to ~> 1.2.1.
386
387 When you run bundle install, Bundler notices that you changed the ac‐
388 tionpack gem, but not the activemerchant gem. It evaluates the gems
389 currently being used to satisfy its requirements:
390
391 activesupport 2.3.8
392 also used to satisfy a dependency in activemerchant, which is
393 not being updated
394
395 rack ~> 1.1.0
396 not currently being used to satisfy another dependency
397
398 Because you did not explicitly ask to update activemerchant, you would
399 not expect it to suddenly stop working after updating actionpack. How‐
400 ever, satisfying the new activesupport 3.0.0.rc dependency of action‐
401 pack requires updating one of its dependencies.
402
403 Even though activemerchant declares a very loose dependency that theo‐
404 retically matches activesupport 3.0.0.rc, Bundler treats gems in your
405 Gemfile(5) that have not changed as an atomic unit together with their
406 dependencies. In this case, the activemerchant dependency is treated as
407 activemerchant 1.7.1 + activesupport 2.3.8, so bundle install will re‐
408 port that it cannot update actionpack.
409
410 To explicitly update actionpack, including its dependencies which other
411 gems in the Gemfile(5) still depend on, run bundle update actionpack
412 (see bundle update(1)).
413
414 Summary: In general, after making a change to the Gemfile(5) , you
415 should first try to run bundle install, which will guarantee that no
416 other gem in the Gemfile(5) is impacted by the change. If that does not
417 work, run bundle update(1) bundle-update.1.html.
418
420 • Gem install docs http://guides.rubygems.org/rubygems-basics/#in‐
421 stalling-gems
422
423 • Rubygems signing docs http://guides.rubygems.org/security/
424
425
426
427
428
429
430 October 2022 BUNDLE-INSTALL(1)