RubyGems - authorize_action - Versions diffs - 1.0.0 → 1.1.0 - Mend

authorize_action 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ea616d0e04fe1d10782138a9703afd606c193fd8
-  data.tar.gz: 5b0e67d8cb38d9863cd5336871f4351057241662
+  metadata.gz: a968ff7c861dd07d4c584a18944a2dff098ad831
+  data.tar.gz: 81e4ee0ba13c6b8c320eb973951789c7cabd5a41
 SHA512:
-  metadata.gz: af325e32de44eacb20318980a019f6725ba5e0e69e109e4e8c7e5b4f52417d71a09c127d4b69248c0a70f8f913a500a678ee0c187fa11b7f9c417b16822ea768
-  data.tar.gz: d0089969c565d7dc1d3860a3e329c0a9287f5c62efaa1b49b640315aff10cc4520408be5cff15d30eb8d551918815889a1e204ef535d798feac0be9e57964109
+  metadata.gz: 2118a88d9d44f4eeb8b9952d2c6e72f892415cd3004cf2b82ba616c58e7afeda6d29738534dc5095f16a8b56fc9f58aca426b7d47552d1f66a47e4c846851cc5
+  data.tar.gz: 5ac369a27f657698e97827915693e094b6dc1de104ba7178f688f175649b7255f6bfea98e90e6e58f5acf135e6b6c36d092692721f3ebcfe1438db1f781ea022

checksums.yaml.gz.sig ADDED Viewed

Binary file

data.tar.gz.sig ADDED Viewed

	@@ -0,0 +1 @@
1	+ F��n��)��4�2��̋�lFh�N!r��D��R�?��pO��l*�ѐQ$�&��K�a�b�KҲ��3�oV0K2ə]�8/`K%��?c��:��w��m I`[׺�1IB��ʰ��;B[!��lp��_��n7�B�;⧌�ȯ\|ᬔ<$��0�pɨ1R0Z��Y��LMK�C�`^d�Y��#

data/CHANGES.md CHANGED Viewed

@@ -1,3 +1,7 @@
+### 1.1.0 - 2015/07/08
+* Sign gem cryptographically and calculate checksum.
 ### 1.0.0 - 2015/07/05
 * Initial release.

data/README.md CHANGED Viewed

@@ -59,21 +59,32 @@ compared to all the rest:
     it's going to follow [Semantic Versioning](http://semver.org/),
     which adds some additional guarantees to developers.
+* Is cryptographically **signed**
+  * _authorize_action_ is one of these few gems which are cryptographically signed so you can be sure
+    that the code you're running is signed by me. In addition, I have a [calculated checksum](https://github.com/jarmo/authorize_action/tree/master/checksum) for each gem
+    version to be extra sure.
 ## Installation
-Add this line to your application's Gemfile:
+_authorize_action_ is cryptographically signed. To be sure the gem you install hasn’t been tampered with:
+* Add my public key (if you haven’t already) as a trusted certificate:
+`$ gem cert --add <(curl -Ls https://raw.github.com/jarmo/authorize_action/master/certs/jarmo.pem)`
+* Add this line to your application's Gemfile:
 ```ruby
 gem 'authorize_action'
 ```
-And then execute:
-    $ bundle
+* And then execute:
+`$ bundle install --trust-policy HighSecurity`
-Or install it yourself as:
+* Or install it yourself as:
-    $ gem install authorize_action
+`$ gem install authorize_action --trust-policy HighSecurity`
 ## Usage
@@ -256,7 +267,7 @@ Here's an example:
 # views/posts/edit.html.erb
 <% if current_user.admin? %>
-  <%= link_to "Delete", @post, method: :delete
+  <%= link_to "Delete", @post, method: :delete %>
 <% end %>
 ```

data/Rakefile CHANGED Viewed

@@ -4,4 +4,18 @@ require "rspec/core/rake_task"
 RSpec::Core::RakeTask.new(:spec)
 task default: :spec
-task build: :spec
+task "release:guard_clean" do
+  calculate_checksum
+end
+def calculate_checksum
+  require "digest/sha2"
+  gem_spec = Gem::Specification.load(Dir.glob("*.gemspec")[0])
+  gem_file_name = "#{gem_spec.name}-#{gem_spec.version}.gem"
+  checksum = Digest::SHA512.new.hexdigest(File.read("pkg/#{gem_file_name}"))
+  FileUtils.mkdir_p("checksum")
+  checksum_file_path = "checksum/#{gem_file_name}.sha512"
+  File.open(checksum_file_path, "w" ) {|f| f.write(checksum) }
+  `git commit -m "Add checksum for #{gem_file_name}. #{checksum_file_path}"`
+end

data/authorize_action.gemspec CHANGED Viewed

@@ -4,13 +4,17 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |spec|
   spec.name          = "authorize_action"
-  spec.version       = "1.0.0"
+  spec.version       = "1.1.0"
   spec.authors       = ["Jarmo Pertman"]
   spec.email         = ["jarmo.p@gmail.com"]
-  spec.summary       = %q{Really secure and simple authorization library for your Rails, Sinatra or whatever web framework, which doesn't suck.}
+  spec.description   = %q{Really secure and simple authorization library for your Rails, Sinatra or whatever web framework, which doesn't suck.}
+  spec.summary       = %q{Really secure and simple authorization library.}
   spec.homepage      = "https://github.com/jarmo/authorize_action"
   spec.license       = "MIT"
+  spec.cert_chain    = ["certs/jarmo.pem"]
+  spec.signing_key   = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
@@ -18,5 +22,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.1.0"
+  spec.add_development_dependency "rspec", "~> 3.1"
 end

data/certs/jarmo.pem ADDED Viewed

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdqYXJt
+by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+HhcNMTUwNzA4MTEyNTE5WhcNMTYwNzA3MTEyNTE5WjA+MRAwDgYDVQQDDAdqYXJt
+by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN725qGiA4YOxay5z6YpDk
+APkZJJndeO1TPqqjCl6zWqNClym8Pn+Sng5cNnmGO/Ug/MOkB4tTY/xe8a5aKOWJ
+lsWPQcVI0KwTc9CbgnIkCRAB8munJ32aRks92nhkt6dBlG+8KNU/ymeQAU3tlT5c
+lGgH89xwLJ0hKkTYqUU5s46BAUiYERSWpvIwlluTH6hFO48DC3I7HY4bsdJgShO0
+Jt9OzfXNRfrMHkNCjZbPDlrrLHUA23xJ+gY/gSrdl3SD8I+xnfPNKeJadOCYkYWv
+WvAzR31PSQ4HAxRDtrYZTBWpcWfdX0K1vtPvISzjEPtLDg3GGfTAFwix6tl+V1NR
+AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQpovKb
+ePGj5UadJGVBc3brVW6IOjAcBgNVHREEFTATgRFqYXJtby5wQGdtYWlsLmNvbTAc
+BgNVHRIEFTATgRFqYXJtby5wQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+SJaAQsG8JwwHZ56dgT/ob94BJCD278vFB13ZRv6AxSLw6dtgXSKjkvh3d49Bq6ZS
+FzjEtga69jMkRezfasbMOI8aUTW0GGblY5TGIwm5B/vrvnMpnEAvyYKs2MnnHGUA
+kX7cRxBGEzzsV6Na6IWPG8ut/0E1U28BklPlYEFZtXY47mG+rPQ+URy8jJKhhYyM
+vgtL23FIe4DqnUrJKQ6fkGh5FgtSwbtXG5yGoSWt/NjeU+Y/F53qDDo3jVEqEOrW
+kNODmkT2c/u7RD1KhdbnJpupOH0YR/1HY2Mb0mX6OUbhtYST2dbHu0KcbVtT/VPB
+qlb/zDlcR8hD6AbtoW7Ceg==
+-----END CERTIFICATE-----

data/checksum/.keep ADDED Viewed

File without changes

metadata CHANGED Viewed

@@ -1,14 +1,36 @@
 --- !ruby/object:Gem::Specification
 name: authorize_action
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Jarmo Pertman
 autorequire:
 bindir: bin
-cert_chain: []
-date: 2015-07-05 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdqYXJt
+  by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  HhcNMTUwNzA4MTEyNTE5WhcNMTYwNzA3MTEyNTE5WjA+MRAwDgYDVQQDDAdqYXJt
+  by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN725qGiA4YOxay5z6YpDk
+  APkZJJndeO1TPqqjCl6zWqNClym8Pn+Sng5cNnmGO/Ug/MOkB4tTY/xe8a5aKOWJ
+  lsWPQcVI0KwTc9CbgnIkCRAB8munJ32aRks92nhkt6dBlG+8KNU/ymeQAU3tlT5c
+  lGgH89xwLJ0hKkTYqUU5s46BAUiYERSWpvIwlluTH6hFO48DC3I7HY4bsdJgShO0
+  Jt9OzfXNRfrMHkNCjZbPDlrrLHUA23xJ+gY/gSrdl3SD8I+xnfPNKeJadOCYkYWv
+  WvAzR31PSQ4HAxRDtrYZTBWpcWfdX0K1vtPvISzjEPtLDg3GGfTAFwix6tl+V1NR
+  AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQpovKb
+  ePGj5UadJGVBc3brVW6IOjAcBgNVHREEFTATgRFqYXJtby5wQGdtYWlsLmNvbTAc
+  BgNVHRIEFTATgRFqYXJtby5wQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+  SJaAQsG8JwwHZ56dgT/ob94BJCD278vFB13ZRv6AxSLw6dtgXSKjkvh3d49Bq6ZS
+  FzjEtga69jMkRezfasbMOI8aUTW0GGblY5TGIwm5B/vrvnMpnEAvyYKs2MnnHGUA
+  kX7cRxBGEzzsV6Na6IWPG8ut/0E1U28BklPlYEFZtXY47mG+rPQ+URy8jJKhhYyM
+  vgtL23FIe4DqnUrJKQ6fkGh5FgtSwbtXG5yGoSWt/NjeU+Y/F53qDDo3jVEqEOrW
+  kNODmkT2c/u7RD1KhdbnJpupOH0YR/1HY2Mb0mX6OUbhtYST2dbHu0KcbVtT/VPB
+  qlb/zDlcR8hD6AbtoW7Ceg==
+  -----END CERTIFICATE-----
+date: 2015-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,15 +66,16 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
-description:
+        version: '3.1'
+description: Really secure and simple authorization library for your Rails, Sinatra
+  or whatever web framework, which doesn't suck.
 email:
 - jarmo.p@gmail.com
 executables: []
@@ -67,6 +90,8 @@ files:
 - README.md
 - Rakefile
 - authorize_action.gemspec
+- certs/jarmo.pem
+- checksum/.keep
 - lib/authorize_action.rb
 - lib/authorize_action/rails.rb
 - lib/authorize_action/sinatra.rb
@@ -97,8 +122,7 @@ rubyforge_project:
 rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
-summary: Really secure and simple authorization library for your Rails, Sinatra or
-  whatever web framework, which doesn't suck.
+summary: Really secure and simple authorization library.
 test_files:
 - spec/authorize_action/rails_spec.rb
 - spec/authorize_action/sinatra_spec.rb

metadata.gz.sig ADDED Viewed

	@@ -0,0 +1 @@
1	+ ��Il�z�1�$F�l�8�_��oĺ��!8<�H��S3��˽_�Pg��:�teAGج��F� �0�UX��R�U~F� 1.�(ū7O#��D��Dj�P��UM�B��G)�s&�$'�>;Y��Gm�"7��+�y��p[�e<ԧ/&k ��h�Y�*a�