aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html')
-rw-r--r--content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html43
1 files changed, 43 insertions, 0 deletions
diff --git a/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html
new file mode 100644
index 0000000..27a14b1
--- /dev/null
+++ b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html
@@ -0,0 +1,43 @@
+---
+date: "2006-12-13T02:28:09Z"
+title: 'Package Signing: A Rake Patch and a RubyGems Shortcut'
+---
+
+<p>I threw together a quick <acronym title='Pretty Good Privacy'>PGP</acronym> package signing patch for <a href="http://www.rubyrake.org/" title="Ruby Make">Rake</a>. The
+details are in the <a href="http://rubyforge.org/pipermail/rake-devel/2006-December/000270.html" title="Description of my PGP signing patch for Rake.">email I sent to rake-devel</a> earlier this
+evening. Here are the patches (one against the development version, and
+one against 0.7.1, the latest stable release):</p>
+
+<ul>
+<li><a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff" title="PGP signing patch for the development version of Rake.">Patch against Rake trunk</a> (<a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff.asc" title="PGP signature for patch against development version.">Signature</a>)</li>
+<li><a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff" title="PGP signing patch for the stable version of Rake.">Patch against Rake 0.7.1</a> (<a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff.asc" title="PGP signature for patch against stable version.">Signature</a>)</li>
+</ul>
+
+<p>This next bit has nothing to do with the patch above, but it's signing-related
+so I'll throw it in this post too. If you're <a href="http://rubygems.org/read/chapter/21" title="Chapter on package signing in RubyGems manual.">using RubyGem's built-in package signing</a> to sign
+your gems (if you're not, <em>why not?</em>), here's a handy little idiom
+to add to your <code>Rakefile</code> or <code>.gemspec</code>:</p>
+
+<pre><code># package signing
+if ((key = ENV['GEM_SIGNING_KEY']) &amp;&amp; (chain = ENV['GEM_SIGNING_CHAIN']))
+ spec.signing_key = File.expand_path(key)
+ spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
+end
+</code></pre>
+
+<p>Then, add this to your <code>~/.bashrc</code> (be sure to replace <code>.secure</code> with
+the directory containing your signing key and certificate):</p>
+
+<pre><code># rubygems signing key and comma-delimited list of
+# certificates in rubygems signing cert chain
+GEM_SIGNING_KEY=~/.secure/sign.key
+GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt
+
+# export both!
+export GEM_SIGNING_KEY GEM_SIGNING_CHAIN
+</code></pre>
+
+<p>Voila! From now on you can automagically sign gems when you build them
+without hard-coding paths or doing any other heavy lifting.</p>
+
+