"Could not find gem …" error with bundler using custom gem source

Question

In my Gemfile I require a gem from a custom source with this line:

gem 'very-secret-gem', source:'https://foo.example.com/'

bundle install completes fine:

$ bundle install
Fetching source index from https://foo.example.com/
Fetching source index from https://foo.example.com/
Fetching gem metadata from https://rubygems.org/........
…
Resolving dependencies...
…
Installing very-secret-gem 1.5.1
…
Bundle complete! 47 Gemfile dependencies, 116 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

But running commands that use ruby fail (empty Rakefile here):

$ bundle exec rake -T
Could not find gem 'very-secret-gem (>= 0) ruby' in rubygems repository https://foo.example.com/.
Source does not contain any versions of 'very-secret-gem (>= 0) ruby'
Run `bundle install` to install missing gems.

Running bundle install at this point as advised in the error message will not help.

Why is it, and how to fix it?

If I specify the gem in a source block, it fails just the same:

source 'https://foo.example.com/' do
  gem 'very-secret-gem'
end

More interestingly, if I specify the sources at the beginning of the file, not tied to any gems, it works fine:

source 'https://rubygems.org'
source 'https://foo.example.com/'
gem 'very-secret-gem'

…but bundler advises against it:

Warning: this Gemfile contains multiple primary sources. Using `source`
more than once without a block is a security risk, and may result in
installing unexpected gems. To resolve this warning, use a block to
indicate which gems should come from the secondary source. To upgrade
this warning to an error, run `bundle config disable_multisource true`.

Versions:

$ ruby -v    # => ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-darwin14]
$ gem -v     # => 2.4.5
$ bundle -v  # => Bundler version 1.8.2

Update

Seems like a bundler bug. The presence of another gem with :path seems to be what triggers it. A test app is here: https://github.com/kch/bundler-source-bug

GH issue for bundler here: https://github.com/bundler/bundler/issues/3417

Answer 1

This should be fixed in Bundler 1.8.3 (released today).