Sprockets is a Ruby library for compiling and deploying web assets. Ironically, Redmine itself does not use the library at all. But due to Ruby’s dependency, it is installed with it.
What’s the problem?
The Sprockets developers have released a new major release. Rails has Sprockets as a dependency and does not prevent the installation of a new major release. Redmine depends on Rails, so Redmine automatically inherited the dependency problem with sprockets. This means that Redmine is no longer executable (i.e. it will not start) until the dependencies are consistent with each other.
Who is affected?
- anyone who installs Redmine 4 in a version older than 4.0.6 and installs after October 8, 2019.
- anyone installing a Redmine plugin after October 8th, 2019 which requires additional Gem packages.
- anyone who updates an existing Redmine installation (with or without Redmine plugins) with bundle update after October 8, 2019.
Who is responsible?
How or who could have prevented the problem?
Sprockets Developer
No. They have invested a lot of work and have provided a new feature release.
Rails Developer
Yes, at the level of Rails one should have prevented the new Sprockets version from being included. An important reason for this is that the new Sprockets version also increases the minimum requirement of Ruby to 2.5.0. The minimum requirements should only change with major releases.
Redmine (Core) Developer
Yes and no. Since we don’t really expect the minimum requirements to change, no precautions have been taken at the Redmine level to prevent the new Sprockets version from running.
But since Rails itself now allows the new sprockets version, the problem has to be solved on the Redmine level:
- either by disabling the new sprockets version,
- or by adapting Redmine to make the new Sprockets version work.
Redmine Plugin Developer
No.
What are the solutions?
a) Update to Redmine 4.0.6 or newer
This is the solution we recommend to solve the problem. Starting with Redmine version 4.0.6, it prevents the error from continuing to occur.
b) Prevent new sprockets version by Gemfile.local
If there is no possibility to upgrade to a newer version of Redmine, you can prevent sprockets from being installed in an incompatible version by creating a file named Gemfile.local.
The content of the Gemfile.local could look like this:
gem 'bundler', '>= 1.12.0'
gem 'sprockets', '~> 3.7.2'
After Redmine has been updated to a newer version, these entries should be removed.
Conclusion
Unfortunately, such a case can always occur again. There is no general solution to prevent this. Due to the complex dependencies, it will not be possible to prevent this from happening in the future. It is simply the Rails/ Redmine/ Redmine-Plugin architecture that brings this problem with it.
Further information
- On Github: https://github.com/rails/sprocketsthere do already exist some issues on this topic: #32223, #32300, #32839, #32841