authorize_action 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ea616d0e04fe1d10782138a9703afd606c193fd8
-  data.tar.gz: 5b0e67d8cb38d9863cd5336871f4351057241662
+  metadata.gz: a968ff7c861dd07d4c584a18944a2dff098ad831
+  data.tar.gz: 81e4ee0ba13c6b8c320eb973951789c7cabd5a41
 SHA512:
-  metadata.gz: af325e32de44eacb20318980a019f6725ba5e0e69e109e4e8c7e5b4f52417d71a09c127d4b69248c0a70f8f913a500a678ee0c187fa11b7f9c417b16822ea768
-  data.tar.gz: d0089969c565d7dc1d3860a3e329c0a9287f5c62efaa1b49b640315aff10cc4520408be5cff15d30eb8d551918815889a1e204ef535d798feac0be9e57964109
+  metadata.gz: 2118a88d9d44f4eeb8b9952d2c6e72f892415cd3004cf2b82ba616c58e7afeda6d29738534dc5095f16a8b56fc9f58aca426b7d47552d1f66a47e4c846851cc5
+  data.tar.gz: 5ac369a27f657698e97827915693e094b6dc1de104ba7178f688f175649b7255f6bfea98e90e6e58f5acf135e6b6c36d092692721f3ebcfe1438db1f781ea022

data.tar.gz.sig

@@ -0,0 +1 @@
+F����n���)���4�2�����̋�lFh�N!r��D���R�?�����pO��l*�ѐQ$�&��K�a�b�KҲ��3�oV0K2ə]�8/`K%���?c���:��w��m I`[׺�1IB���ʰ����;B[!���lp���_�����n7�B�;⧌�ȯ|ᬔ<$��0�pɨ1R0Z��Y��LMK�C�`^d�Y����#

data/CHANGES.md

@@ -1,3 +1,7 @@
+### 1.1.0 - 2015/07/08
+
+* Sign gem cryptographically and calculate checksum.
+
 ### 1.0.0 - 2015/07/05
 
 * Initial release.

data/README.md

@@ -59,21 +59,32 @@ compared to all the rest:
     it's going to follow [Semantic Versioning](http://semver.org/),
     which adds some additional guarantees to developers.
 
+* Is cryptographically **signed**
+  * _authorize_action_ is one of these few gems which are cryptographically signed so you can be sure
+    that the code you're running is signed by me. In addition, I have a [calculated checksum](https://github.com/jarmo/authorize_action/tree/master/checksum) for each gem
+    version to be extra sure.
+
 ## Installation
 
-Add this line to your application's Gemfile:
+_authorize_action_ is cryptographically signed. To be sure the gem you install hasn’t been tampered with:
+
+* Add my public key (if you haven’t already) as a trusted certificate:
+
+`$ gem cert --add <(curl -Ls https://raw.github.com/jarmo/authorize_action/master/certs/jarmo.pem)`
+
+* Add this line to your application's Gemfile:
 
 ```ruby
 gem 'authorize_action'
 ```
 
-And then execute:
-
-    $ bundle
+* And then execute:
+ 
+`$ bundle install --trust-policy HighSecurity`
 
-Or install it yourself as:
+* Or install it yourself as:
 
-    $ gem install authorize_action
+`$ gem install authorize_action --trust-policy HighSecurity`
 
 ## Usage
 
@@ -256,7 +267,7 @@ Here's an example:
 # views/posts/edit.html.erb
 
 <% if current_user.admin? %>
-  <%= link_to "Delete", @post, method: :delete
+  <%= link_to "Delete", @post, method: :delete %>
 <% end %>
 ```
 

data/Rakefile

@@ -4,4 +4,18 @@ require "rspec/core/rake_task"
 RSpec::Core::RakeTask.new(:spec)
 
 task default: :spec
-task build: :spec
+
+task "release:guard_clean" do
+  calculate_checksum
+end
+
+def calculate_checksum
+  require "digest/sha2"
+  gem_spec = Gem::Specification.load(Dir.glob("*.gemspec")[0])
+  gem_file_name = "#{gem_spec.name}-#{gem_spec.version}.gem"
+  checksum = Digest::SHA512.new.hexdigest(File.read("pkg/#{gem_file_name}"))
+  FileUtils.mkdir_p("checksum")
+  checksum_file_path = "checksum/#{gem_file_name}.sha512"
+  File.open(checksum_file_path, "w" ) {|f| f.write(checksum) }
+  `git commit -m "Add checksum for #{gem_file_name}. #{checksum_file_path}"`
+end

data/authorize_action.gemspec

@@ -4,13 +4,17 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "authorize_action"
-  spec.version       = "1.0.0"
+  spec.version       = "1.1.0"
   spec.authors       = ["Jarmo Pertman"]
   spec.email         = ["jarmo.p@gmail.com"]
-  spec.summary       = %q{Really secure and simple authorization library for your Rails, Sinatra or whatever web framework, which doesn't suck.}
+  spec.description   = %q{Really secure and simple authorization library for your Rails, Sinatra or whatever web framework, which doesn't suck.}
+  spec.summary       = %q{Really secure and simple authorization library.}
   spec.homepage      = "https://github.com/jarmo/authorize_action"
   spec.license       = "MIT"
 
+  spec.cert_chain    = ["certs/jarmo.pem"]
+  spec.signing_key   = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
+
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
@@ -18,5 +22,5 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.1.0"
+  spec.add_development_dependency "rspec", "~> 3.1"
 end

data/certs/jarmo.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdqYXJt
+by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+HhcNMTUwNzA4MTEyNTE5WhcNMTYwNzA3MTEyNTE5WjA+MRAwDgYDVQQDDAdqYXJt
+by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN725qGiA4YOxay5z6YpDk
+APkZJJndeO1TPqqjCl6zWqNClym8Pn+Sng5cNnmGO/Ug/MOkB4tTY/xe8a5aKOWJ
+lsWPQcVI0KwTc9CbgnIkCRAB8munJ32aRks92nhkt6dBlG+8KNU/ymeQAU3tlT5c
+lGgH89xwLJ0hKkTYqUU5s46BAUiYERSWpvIwlluTH6hFO48DC3I7HY4bsdJgShO0
+Jt9OzfXNRfrMHkNCjZbPDlrrLHUA23xJ+gY/gSrdl3SD8I+xnfPNKeJadOCYkYWv
+WvAzR31PSQ4HAxRDtrYZTBWpcWfdX0K1vtPvISzjEPtLDg3GGfTAFwix6tl+V1NR
+AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQpovKb
+ePGj5UadJGVBc3brVW6IOjAcBgNVHREEFTATgRFqYXJtby5wQGdtYWlsLmNvbTAc
+BgNVHRIEFTATgRFqYXJtby5wQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+SJaAQsG8JwwHZ56dgT/ob94BJCD278vFB13ZRv6AxSLw6dtgXSKjkvh3d49Bq6ZS
+FzjEtga69jMkRezfasbMOI8aUTW0GGblY5TGIwm5B/vrvnMpnEAvyYKs2MnnHGUA
+kX7cRxBGEzzsV6Na6IWPG8ut/0E1U28BklPlYEFZtXY47mG+rPQ+URy8jJKhhYyM
+vgtL23FIe4DqnUrJKQ6fkGh5FgtSwbtXG5yGoSWt/NjeU+Y/F53qDDo3jVEqEOrW
+kNODmkT2c/u7RD1KhdbnJpupOH0YR/1HY2Mb0mX6OUbhtYST2dbHu0KcbVtT/VPB
+qlb/zDlcR8hD6AbtoW7Ceg==
+-----END CERTIFICATE-----

metadata

@@ -1,14 +1,36 @@
 --- !ruby/object:Gem::Specification
 name: authorize_action
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Jarmo Pertman
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2015-07-05 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdqYXJt
+  by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  HhcNMTUwNzA4MTEyNTE5WhcNMTYwNzA3MTEyNTE5WjA+MRAwDgYDVQQDDAdqYXJt
+  by5wMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN725qGiA4YOxay5z6YpDk
+  APkZJJndeO1TPqqjCl6zWqNClym8Pn+Sng5cNnmGO/Ug/MOkB4tTY/xe8a5aKOWJ
+  lsWPQcVI0KwTc9CbgnIkCRAB8munJ32aRks92nhkt6dBlG+8KNU/ymeQAU3tlT5c
+  lGgH89xwLJ0hKkTYqUU5s46BAUiYERSWpvIwlluTH6hFO48DC3I7HY4bsdJgShO0
+  Jt9OzfXNRfrMHkNCjZbPDlrrLHUA23xJ+gY/gSrdl3SD8I+xnfPNKeJadOCYkYWv
+  WvAzR31PSQ4HAxRDtrYZTBWpcWfdX0K1vtPvISzjEPtLDg3GGfTAFwix6tl+V1NR
+  AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQpovKb
+  ePGj5UadJGVBc3brVW6IOjAcBgNVHREEFTATgRFqYXJtby5wQGdtYWlsLmNvbTAc
+  BgNVHRIEFTATgRFqYXJtby5wQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+  SJaAQsG8JwwHZ56dgT/ob94BJCD278vFB13ZRv6AxSLw6dtgXSKjkvh3d49Bq6ZS
+  FzjEtga69jMkRezfasbMOI8aUTW0GGblY5TGIwm5B/vrvnMpnEAvyYKs2MnnHGUA
+  kX7cRxBGEzzsV6Na6IWPG8ut/0E1U28BklPlYEFZtXY47mG+rPQ+URy8jJKhhYyM
+  vgtL23FIe4DqnUrJKQ6fkGh5FgtSwbtXG5yGoSWt/NjeU+Y/F53qDDo3jVEqEOrW
+  kNODmkT2c/u7RD1KhdbnJpupOH0YR/1HY2Mb0mX6OUbhtYST2dbHu0KcbVtT/VPB
+  qlb/zDlcR8hD6AbtoW7Ceg==
+  -----END CERTIFICATE-----
+date: 2015-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,15 +66,16 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.1.0
-description: 
+        version: '3.1'
+description: Really secure and simple authorization library for your Rails, Sinatra
+  or whatever web framework, which doesn't suck.
 email:
 - jarmo.p@gmail.com
 executables: []
@@ -67,6 +90,8 @@ files:
 - README.md
 - Rakefile
 - authorize_action.gemspec
+- certs/jarmo.pem
+- checksum/.keep
 - lib/authorize_action.rb
 - lib/authorize_action/rails.rb
 - lib/authorize_action/sinatra.rb
@@ -97,8 +122,7 @@ rubyforge_project:
 rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
-summary: Really secure and simple authorization library for your Rails, Sinatra or
-  whatever web framework, which doesn't suck.
+summary: Really secure and simple authorization library.
 test_files:
 - spec/authorize_action/rails_spec.rb
 - spec/authorize_action/sinatra_spec.rb

metadata.gz.sig

@@ -0,0 +1 @@
+����Il�z�1�$F�l�8�_���o�!8<
�H�����S3���˽_�Pg���:�teAGج���F�	�0�UX����R�U~F� 1.�(ū7O#��D���������Dj�P��UM�B��G)�s&�$'�>;Y��Gm�"7����+�y���p[�e<ԧ/&k	��h�Y�*a�™