Meaning of new block "git_source(:github)" in Gemfile
Recently I created a new Rails 5 app, without a git repository. The auto-generated Gemfile contains a new block I had not seen before:
git_source(:github) do |repo_name|
repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
"https://github.com/#{repo_name}.git"
end
What's the meaning of it? Is it mandatory for every new app?
Answer
Its a workaround for a bug in Bundler which can cause sources from github to be loaded via HTTP and not HTTPS - which makes it vulnerable to man in the middle attacks.
git_source adds a source which you can use so that the gem is downloaded from a git repository instead of a package from rubygems.org.
git_source(:github) do |repo_name|
repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
"https://github.com/#{repo_name}.git"
end
Would make it so that when you declare:
gem 'foo_bar', :github => 'foo/bar'
Bundler would attempt to download the gem from https://github.com/foo/bar.git.
Since fixing this would be a breaking change as it would invalidate any existing Gemfile.lock it is fixed in Bundler 2.x. At that point it should be safe to remove this workaround.