From 4b6c0e31385f5f27a151088c0a2b614495c4e589 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Thu, 14 Oct 2021 12:47:50 -0400 Subject: initial commit, including theme --- ...gning-a-rake-patch-and-a-rubygems-shortcut.html | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html (limited to 'content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html') diff --git a/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html new file mode 100644 index 0000000..27a14b1 --- /dev/null +++ b/content/posts/2006-12-13-package-signing-a-rake-patch-and-a-rubygems-shortcut.html @@ -0,0 +1,43 @@ +--- +date: "2006-12-13T02:28:09Z" +title: 'Package Signing: A Rake Patch and a RubyGems Shortcut' +--- + +

I threw together a quick PGP package signing patch for Rake. The +details are in the email I sent to rake-devel earlier this +evening. Here are the patches (one against the development version, and +one against 0.7.1, the latest stable release):

+ + + +

This next bit has nothing to do with the patch above, but it's signing-related +so I'll throw it in this post too. If you're using RubyGem's built-in package signing to sign +your gems (if you're not, why not?), here's a handy little idiom +to add to your Rakefile or .gemspec:

+ +
# package signing
+if ((key = ENV['GEM_SIGNING_KEY']) && (chain = ENV['GEM_SIGNING_CHAIN']))
+  spec.signing_key = File.expand_path(key)
+  spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
+end
+
+ +

Then, add this to your ~/.bashrc (be sure to replace .secure with +the directory containing your signing key and certificate):

+ +
# rubygems signing key and comma-delimited list of 
+# certificates in rubygems signing cert chain
+GEM_SIGNING_KEY=~/.secure/sign.key
+GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt
+
+# export both!
+export GEM_SIGNING_KEY GEM_SIGNING_CHAIN
+
+ +

Voila! From now on you can automagically sign gems when you build them +without hard-coding paths or doing any other heavy lifting.

+ + -- cgit v1.2.3