---
date: "2006-12-13T02:28:09Z"
title: 'Package Signing: A Rake Patch and a RubyGems Shortcut'
---

<p>I threw together a quick <acronym title='Pretty Good Privacy'>PGP</acronym> package signing patch for <a href="http://www.rubyrake.org/" title="Ruby Make">Rake</a>.  The
details are in the <a href="http://rubyforge.org/pipermail/rake-devel/2006-December/000270.html" title="Description of my PGP signing patch for Rake.">email I sent to rake-devel</a> earlier this
evening.  Here are the patches (one against the development version, and
one against 0.7.1, the latest stable release):</p>

<ul>
<li><a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff" title="PGP signing patch for the development version of Rake.">Patch against Rake trunk</a> (<a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff.asc" title="PGP signature for patch against development version.">Signature</a>)</li>
<li><a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff" title="PGP signing patch for the stable version of Rake.">Patch against Rake 0.7.1</a> (<a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff.asc" title="PGP signature for patch against stable version.">Signature</a>)</li>
</ul>

<p>This next bit has nothing to do with the patch above, but it's signing-related 
so I'll throw it in this post too.  If you're <a href="http://rubygems.org/read/chapter/21" title="Chapter on package signing in RubyGems manual.">using RubyGem's built-in package signing</a> to sign
your gems (if you're not, <em>why not?</em>), here's a handy little idiom
to add to your <code>Rakefile</code> or <code>.gemspec</code>:</p>

<pre><code># package signing
if ((key = ENV['GEM_SIGNING_KEY']) &amp;&amp; (chain = ENV['GEM_SIGNING_CHAIN']))
  spec.signing_key = File.expand_path(key)
  spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
end
</code></pre>

<p>Then, add this to your <code>~/.bashrc</code> (be sure to replace <code>.secure</code> with
the directory containing your signing key and certificate):</p>

<pre><code># rubygems signing key and comma-delimited list of 
# certificates in rubygems signing cert chain
GEM_SIGNING_KEY=~/.secure/sign.key
GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt

# export both!
export GEM_SIGNING_KEY GEM_SIGNING_CHAIN
</code></pre>

<p>Voila!  From now on you can automagically sign gems when you build them
without hard-coding paths or doing any other heavy lifting.</p>