Allow declaring override remotes on a RubyGems source#9515
Open
eileencodes wants to merge 1 commit intoruby:masterfrom
Open
Allow declaring override remotes on a RubyGems source#9515eileencodes wants to merge 1 commit intoruby:masterfrom
eileencodes wants to merge 1 commit intoruby:masterfrom
Conversation
tenderlove
reviewed
May 1, 2026
Member
tenderlove
left a comment
tenderlove
left a comment
There was a problem hiding this comment.
If I'm reading this correctly, it looks like we just emit a warning (and skip) if there's an override that doesn't exist in the main source. Shouldn't we raise an exception instead? It seems like a bug if there's an override but no canonical version
eileencodes
force-pushed
the
bundler-override-sources
branch
from
8447096 to
abcdb71
Compare
A `source` may declare one or more `overrides:` — secondary RubyGems-compatible repositories that supply alternate builds (for example, prebuilt binaries) of gems that already exist in the primary source. source "https://rubygems.org", overrides: ["https://build-farm.example.com"] Override remotes are consulted only for gems that are also present in the primary source; they cannot introduce new gems. When an override publishes a spec whose name and version match one in the primary source, that spec is preferred for installation if it is compatible with the local platform. If no matching build is available, or fetching the override fails (authentication, SSL, or network errors), Bundler falls back to the primary source. Override remotes are recorded in `Gemfile.lock` under `override:` lines: GEM remote: https://rubygems.org/ override: https://build-farm.example.com/ specs: IRL Testing: This can be exercised against Kou's precompiled-gems build farm hosted on Cloudsmith. The only build target currently published there is Ruby 4.0 on amd64 Ubuntu 24.04 — on any other platform the override is skipped and Bundler falls back to the primary source. source "https://rubygems.org", overrides: ["https://dl.cloudsmith.io/public/rubygems-precompiled-gems/ruby-4-0-amd64-ubuntu-24-04/ruby/"] # Precompiled binaries are available on the override remote: gem "json" gem "openc3" gem "io-event" # Not in the override; fall back to rubygems.org and compile # from source: gem "nokogiri" gem "rails"
eileencodes
force-pushed
the
bundler-override-sources
branch
from
abcdb71 to
1c11b7d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A
sourcemay declare one or moreoverrides:— secondary RubyGems-compatible repositories that supply alternate builds (for example, prebuilt binaries) of gems that already exist in the primary source.Override remotes are consulted only for gems that are also present in the primary source; they cannot introduce new gems. When an override publishes a spec whose name and version match one in the primary source, that spec is preferred for installation if it is compatible with the local platform. If no matching build is available, or fetching the override fails (authentication, SSL, or network errors), Bundler falls back to the primary source.
Override remotes are recorded in
Gemfile.lockunderoverride:lines:Questions
I don't know if
overridesis the correct name. We consideredmirrorbut it's not a true mirror. andbinary _sourcesbut that feels too specific. Open to ideas and changes. I decided not to spend more time on the name since we will end up discussing and debating on the PR anyway.What was the end-user or developer problem that led to this PR?
If we were going to build a build farm, we'd need a way to define those sources. We could use the source block format but that's not a super user-friendly API since users would need to know which gems are precompiled. We considered reintroducing top-level mulit-source but we've need to handle the security implications. We came up with this API that has a source that can't introduce new gems because they must be present in the primary source.
What is your fix for the problem, implemented in this PR?
See commit message
Make sure the following tasks are checked
cc/ @tenderlove @jenshenny