--- date: "2006-12-13T02:28:09Z" title: 'Package Signing: A Rake Patch and a RubyGems Shortcut' ---

I threw together a quick PGP package signing patch for Rake. The details are in the email I sent to rake-devel earlier this evening. Here are the patches (one against the development version, and one against 0.7.1, the latest stable release):

This next bit has nothing to do with the patch above, but it's signing-related so I'll throw it in this post too. If you're using RubyGem's built-in package signing to sign your gems (if you're not, why not?), here's a handy little idiom to add to your Rakefile or .gemspec:

# package signing
if ((key = ENV['GEM_SIGNING_KEY']) && (chain = ENV['GEM_SIGNING_CHAIN']))
  spec.signing_key = File.expand_path(key)
  spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
end

Then, add this to your ~/.bashrc (be sure to replace .secure with the directory containing your signing key and certificate):

# rubygems signing key and comma-delimited list of 
# certificates in rubygems signing cert chain
GEM_SIGNING_KEY=~/.secure/sign.key
GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt

# export both!
export GEM_SIGNING_KEY GEM_SIGNING_CHAIN

Voila! From now on you can automagically sign gems when you build them without hard-coding paths or doing any other heavy lifting.