diff options
Diffstat (limited to 'content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html')
| -rw-r--r-- | content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html new file mode 100644 index 0000000..27a14b1 --- /dev/null +++ b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html @@ -0,0 +1,43 @@ +--- +date: "2006-12-13T02:28:09Z" +title: 'Package Signing: A Rake Patch and a RubyGems Shortcut' +--- + +<p>I threw together a quick <acronym title='Pretty Good Privacy'>PGP</acronym> package signing patch for <a href="http://www.rubyrake.org/" title="Ruby Make">Rake</a>. The +details are in the <a href="http://rubyforge.org/pipermail/rake-devel/2006-December/000270.html" title="Description of my PGP signing patch for Rake.">email I sent to rake-devel</a> earlier this +evening. Here are the patches (one against the development version, and +one against 0.7.1, the latest stable release):</p> + +<ul> +<li><a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff" title="PGP signing patch for the development version of Rake.">Patch against Rake trunk</a> (<a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff.asc" title="PGP signature for patch against development version.">Signature</a>)</li> +<li><a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff" title="PGP signing patch for the stable version of Rake.">Patch against Rake 0.7.1</a> (<a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff.asc" title="PGP signature for patch against stable version.">Signature</a>)</li> +</ul> + +<p>This next bit has nothing to do with the patch above, but it's signing-related +so I'll throw it in this post too. If you're <a href="http://rubygems.org/read/chapter/21" title="Chapter on package signing in RubyGems manual.">using RubyGem's built-in package signing</a> to sign +your gems (if you're not, <em>why not?</em>), here's a handy little idiom +to add to your <code>Rakefile</code> or <code>.gemspec</code>:</p> + +<pre><code># package signing +if ((key = ENV['GEM_SIGNING_KEY']) && (chain = ENV['GEM_SIGNING_CHAIN'])) + spec.signing_key = File.expand_path(key) + spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) } +end +</code></pre> + +<p>Then, add this to your <code>~/.bashrc</code> (be sure to replace <code>.secure</code> with +the directory containing your signing key and certificate):</p> + +<pre><code># rubygems signing key and comma-delimited list of +# certificates in rubygems signing cert chain +GEM_SIGNING_KEY=~/.secure/sign.key +GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt + +# export both! +export GEM_SIGNING_KEY GEM_SIGNING_CHAIN +</code></pre> + +<p>Voila! From now on you can automagically sign gems when you build them +without hard-coding paths or doing any other heavy lifting.</p> + + |