blob: 27a14b1b99671cec1500597f4706ed3f7247abfc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
---
date: "2006-12-13T02:28:09Z"
title: 'Package Signing: A Rake Patch and a RubyGems Shortcut'
---
<p>I threw together a quick <acronym title='Pretty Good Privacy'>PGP</acronym> package signing patch for <a href="http://www.rubyrake.org/" title="Ruby Make">Rake</a>. The
details are in the <a href="http://rubyforge.org/pipermail/rake-devel/2006-December/000270.html" title="Description of my PGP signing patch for Rake.">email I sent to rake-devel</a> earlier this
evening. Here are the patches (one against the development version, and
one against 0.7.1, the latest stable release):</p>
<ul>
<li><a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff" title="PGP signing patch for the development version of Rake.">Patch against Rake trunk</a> (<a href="http://pablotron.org/files/rake-20061212-pkg_pgp_sign.diff.asc" title="PGP signature for patch against development version.">Signature</a>)</li>
<li><a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff" title="PGP signing patch for the stable version of Rake.">Patch against Rake 0.7.1</a> (<a href="http://pablotron.org/files/rake-0.7.1-pkg_pgp_sign.diff.asc" title="PGP signature for patch against stable version.">Signature</a>)</li>
</ul>
<p>This next bit has nothing to do with the patch above, but it's signing-related
so I'll throw it in this post too. If you're <a href="http://rubygems.org/read/chapter/21" title="Chapter on package signing in RubyGems manual.">using RubyGem's built-in package signing</a> to sign
your gems (if you're not, <em>why not?</em>), here's a handy little idiom
to add to your <code>Rakefile</code> or <code>.gemspec</code>:</p>
<pre><code># package signing
if ((key = ENV['GEM_SIGNING_KEY']) && (chain = ENV['GEM_SIGNING_CHAIN']))
spec.signing_key = File.expand_path(key)
spec.cert_chain = chain.split(',').map { |path| File.expand_path(path) }
end
</code></pre>
<p>Then, add this to your <code>~/.bashrc</code> (be sure to replace <code>.secure</code> with
the directory containing your signing key and certificate):</p>
<pre><code># rubygems signing key and comma-delimited list of
# certificates in rubygems signing cert chain
GEM_SIGNING_KEY=~/.secure/sign.key
GEM_SIGNING_CHAIN=~/.secure/ca.crt,~/.gem/signing/sign.crt
# export both!
export GEM_SIGNING_KEY GEM_SIGNING_CHAIN
</code></pre>
<p>Voila! From now on you can automagically sign gems when you build them
without hard-coding paths or doing any other heavy lifting.</p>
|