--- date: "2006-12-13T02:28:09Z" title: 'Package Signing: A Rake Patch and a RubyGems Shortcut' ---
I threw together a quick PGP package signing patch for Rake. The details are in the email I sent to rake-devel earlier this evening. Here are the patches (one against the development version, and one against 0.7.1, the latest stable release):
This next bit has nothing to do with the patch above, but it's signing-related
so I'll throw it in this post too. If you're using RubyGem's built-in package signing to sign
your gems (if you're not, why not?), here's a handy little idiom
to add to your Rakefile
or .gemspec
:
# package signing
if ((key = ENV['GEM_SIGNING_KEY']) && (chain = ENV['GEM_SIGNING_CHAIN']))
spec.signing_key = File.expand_path(key)
spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
end
Then, add this to your ~/.bashrc
(be sure to replace .secure
with
the directory containing your signing key and certificate):
# rubygems signing key and comma-delimited list of
# certificates in rubygems signing cert chain
GEM_SIGNING_KEY=~/.secure/sign.key
GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt
# export both!
export GEM_SIGNING_KEY GEM_SIGNING_CHAIN
Voila! From now on you can automagically sign gems when you build them without hard-coding paths or doing any other heavy lifting.