Read more

Bundler: Gemfile.lock is corrupt & gems are missing from the DEPENDENCIES section

Henning Koch
December 14, 2016Software engineer at makandra GmbH

So you're getting this failure when running bundle install on an older project:

Your Gemfile.lock is corrupt. The following gems are missing from the DEPENDENCIES section: 'archive-tar-minitar' 'hoe' 'rcov'
Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

This happens when you are using a new version of Bundler with a project that was bundled with a very old version of Bundler. For reasons unknown, the Bundler dependency API returns different dependencies for some gems (like ruby-debug or rainpress) than the dependencies found in the downloaded gemspecs. While old versions of Bundler will accept this, newer versions of Bundler will fail with the error message above.

There are multiple solutions to this issue.

Option 0: Use Bundler 1.14

It might fix Show archive.org snapshot this issue, or at least print some helpful hints.

Unfortunately Bundler 1.14.2 dumps core on corrupt Gemfiles with Ruby 1.8.7.

Option 1: Make bundle install succeed now, but leave it broken for future installs

This parameter will make the installation pass on your machine:

bundle install --full-index

You will no longer have issues on your local machine unless you delete required gems or reinstall ruby. Unfortunately you will leave the situation broken for future bundle install runs on other servers or workstations.

Option 2: Add the missing gems to your Gemfile (your best bet)

Add the gems listed in the error message to your Gemfile. Also add a comment explaining why these unneeded dependencies exist:

# Required to work with modern Bundler. See https://makandracards.com/makandra/43292
gem 'archive-tar-minitar'
gem 'hoe'
gem 'rcov'

Now run bundle install and commit the changes to Gemfile and Gemfile.lock.

You now have a couple of weird dependencies in your app, but the project will sucessfully bundle on both your PC and other machines.

Option 3: Downgrade Bundler

If you're OK with using an ancient version of Bundler forever, you can downgrade Bundler to an old version that doesn't mind the dependency conflict:

gem uninstall -a bundler && gem install bundler -v 1.9.10

In case this doesn't resolve the issue, delete all gems (including bundler itself) or re-install your Ruby. Ruby 1.8.7 users should also note that there is a maximum version of Rubygems that is still compatible with 1.8.7.

Posted by Henning Koch to makandra dev (2016-12-14 14:13)