ruby – 使用自定义gem源的Bundler“无法找到gem …”错误

gem 'very-secret-gem',source:'https://foo.example.com/'

捆绑安装完成正常：

$bundle install
Fetching source index from https://foo.example.com/
Fetching source index from https://foo.example.com/
Fetching gem metadata from https://rubygems.org/........
…
Resolving dependencies...
…
Installing very-secret-gem 1.5.1
…
Bundle complete! 47 Gemfile dependencies,116 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

但运行使用ruby的命令失败(这里为空Rakefile)：

$bundle exec rake -T
Could not find gem 'very-secret-gem (>= 0) ruby' in rubygems repository https://foo.example.com/.
Source does not contain any versions of 'very-secret-gem (>= 0) ruby'
Run `bundle install` to install missing gems.

根据错误消息中的建议,此时运行bundle install将无济于事.

为什么,以及如何解决它？

如果我在源块中指定gem,它就会失败：

source 'https://foo.example.com/' do
  gem 'very-secret-gem'
end

更有趣的是,如果我在文件的开头指定源,而不是绑定任何宝石,它可以正常工作：

source 'https://rubygems.org'
source 'https://foo.example.com/'
gem 'very-secret-gem'

…但捆绑者提出反对意见：

Warning: this Gemfile contains multiple primary sources. Using `source`
more than once without a block is a security risk,and may result in
installing unexpected gems. To resolve this warning,use a block to
indicate which gems should come from the secondary source. To upgrade
this warning to an error,run `bundle config disable_multisource true`.

版本：

$ruby -v    # => ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-darwin14]
$gem -v     # => 2.4.5
$bundle -v  # => Bundler version 1.8.2

更新

看起来像捆绑器bug.另一个宝石的存在：路径似乎是触发它的原因.测试应用程序在这里：https://github.com/kch/bundler-source-bug

捆绑商的GH问题在这里：https://github.com/bundler/bundler/issues/3417