echoe 2.3 → 2.4

data.tar.gz.sig

@@ -0,0 +1,2 @@
+�.k4+�5�|^4V�z�tnG͗�!��X젲�
+��-�:�,8ZzP���@2��n`җ}X>l��R�Y�kcæL0�ǰ��҄��m.U߾���-�p�M

data/CHANGELOG

@@ -1,4 +1,6 @@
 
+v2.4. Sign gems automatically if ENV['GEM_PRIVATE_KEY'] is present; add certificate_chain and private_key accessors.
+
 v2.3. Work around metadependencies issue by including gemspecs instead of Rakefiles by default; include_gemspec and include_rakefile accessors.
 
 v2.2. Need_gem option; announce task.

data/README

@@ -7,10 +7,13 @@ Echoe is a simple tool for working with Rubygems. It generates Rake tasks for do
 
 Copyright 2007 Cloudburst, LLC. See the included LICENSE file. Portions copyright 2006 Ryan Davis/Zen Spider Software and used with permission. See the included MIT-LICENSE file.
 
+The public certificate for this gem is at http://rubyforge.org/frs/download.php/25331/evan_weaver-original-public_cert.pem.
+
 == Features
 
 * simple configuration
 * comprehensive gem deployment
+* signed gem support
 * automatic changeset parsing
 * documentation upload to any host
 
@@ -84,6 +87,7 @@ Upload:
 
 * <tt>publish_docs</tt> -  Publish documentation to the web.
 * <tt>release</tt> -  Package and upload the latest release to Rubyforge.
+* <tt>announce</tt> - Generate a release announcement, edit it, and post it to Rubyforge.
 
 Cleaning:
 
@@ -91,7 +95,12 @@ Cleaning:
 * <tt>redocs</tt> -  Force a rebuild of the Rdoc files.
 * <tt>repackage</tt> -  Force a rebuild of the package files.
 
-== Further resources
+== Reporting problems
 
-* http://blog.evanweaver.com/pages/code#echoe
 * http://rubyforge.org/forum/forum.php?forum_id=13986
+
+Patches and contributions are very welcome. Please note that contributors are required to assign copyright for their additions to Cloudburst, LLC.
+
+== Further resources
+
+* http://blog.evanweaver.com/articles/2007/01/10/if-you-dont-want-to-hoe-echoe

data/Rakefile

@@ -6,11 +6,12 @@ Echoe.new('echoe') do |p|
   p.author = 'Evan Weaver'
   p.summary = 'A tool for packaging Ruby gems.'
   p.url = 'http://blog.evanweaver.com/pages/code#echoe'
-  p.docs_host = 'blog.evanweaver.com:~/www/snax/public/files/doc/'
+  p.docs_host = 'blog.evanweaver.com:~/www/bax/public/files/doc/'
   p.dependencies = ['rake', 'rubyforge >=0.4.3', 'highline']
+  p.require_signed = true
 
   # Echoe is self-dependent
   p.include_gemspec = false
-  p.include_rakefile = true
+  p.include_rakefile = true    
 end
 

data/lib/echoe.rb

@@ -25,6 +25,26 @@ For example, a simple <tt>Rakefile</tt> might look like this:
     p.docs_host = "uncapitalizer.com:~/www/files/doc/"
     p.dependencies = ["string_tools >=1.4.0"]
   end
+
+== Signing gems
+
+Echoe supports signing gems. First, create yourself a public and private key:
+  gem cert --build you@yourmail.com
+
+Move them somewhere secret, and add the following environment variables in your <tt>.bash_profile</tt> or similar:
+  export GEM_PRIVATE_KEY='/secret/path/to/gem-private_key.pem'
+  export GEM_CERTIFICATE_CHAIN='/secret/path/to/gem-public_cert.pem'
+
+Make sure your environment is up-to-date:
+  source ~/.bash_profile
+
+Upload your <tt>public_cert.pem</tt> file to your website or Rubyforge project, and tell your users to add that certificate to their system via:
+  gem cert --add /path/to/public_cert.pem
+  
+Finally, package and release your project as normal. Now users can install your gem via:
+  sudo gem install gemname -P HighSecurity
+
+Note that you can also set the key and certificate locations in the Rakefile itself. Finally, you can add <tt>p.require_signed = true</tt> to your <tt>Rakefile</tt> so that you don't accidentally release an unsigned gem if your key is missing.
   
 == Metadependencies
 
@@ -60,15 +80,20 @@ Packaging options:
 * <tt>include_gemspec</tt> - Include the generated gemspec file within the package. Default <tt>true</tt>.
 * <tt>include_rakefile</tt> - Include the Rakefile within the package. Default <tt>false</tt>.
 
+Security options:
+
+* <tt>private_key</tt> - The path to your gem private key. Defaults to ENV['GEM_PRIVATE_KEY'], if available. This accessor is not published in the resulting gemspec.
+* <tt>certificate_chain</tt> - An array representing your certificate authorization chain. If no one else has signed your certificate, just set it to your own cert. Defaults to ENV['GEM_CERTIFICATE_CHAIN'], if available. This accessor is not published in the resulting gemspec.
+* <tt>require_signed</tt> - Force Echoe to refuse to package your gem if it's not properly signed. Default false.
+
 Publishing options:
 
 * <tt>project</tt> - The name of the Rubyforge project to upload to (defaults to the name of the gem).
 * <tt>docs_host</tt> - A host and filesystem path to publish the documentation to (defaults to the Rubyforge project).
-* <tt>announce</tt> - Generate a release announcement, edit it, and post it to Rubyforge.
 
 Documentation options:
 
-* <tt>rdoc_pattern</tt> - A regex for filenames that should be passed to RDoc.
+* <tt>rdoc_files</tt> - An array or regex for filenames that should be passed to RDoc.
 * <tt>rdoc_template</tt> - A path to an RDoc template (defaults to the generic template).
 
 =end
@@ -91,13 +116,13 @@ class Echoe
   FILTER = ENV['FILTER'] # for tests (eg FILTER="-n test_blah")
   
   # user-configurable
-  attr_accessor :author, :changes, :clean_pattern, :description, :email, :dependencies, :need_tgz, :need_tar_gz, :need_gem, :need_zip, :rdoc_pattern, :project, :summary, :test_pattern, :url, :version, :docs_host, :rdoc_template, :manifest_name, :install_message, :extensions
+  attr_accessor :author, :changes, :clean_pattern, :description, :email, :dependencies, :need_tgz, :need_tar_gz, :need_gem, :need_zip, :rdoc_files, :project, :summary, :test_pattern, :url, :version, :docs_host, :rdoc_template, :manifest_name, :install_message, :extensions, :private_key, :certificate_chain, :require_signed
   
   # best left alone
-  attr_accessor :name, :lib_files, :test_files, :bin_files, :spec, :rdoc_options, :rubyforge_name, :has_rdoc, :include_gemspec, :include_rakefile, :gemspec_name
+  attr_accessor :name, :lib_files, :test_files, :bin_files, :spec, :rdoc_options, :rubyforge_name, :has_rdoc, :include_gemspec, :include_rakefile, :gemspec_name, :eval
   
   # legacy
-  attr_accessor :extra_deps
+  attr_accessor :extra_deps, :rdoc_pattern
   
   def initialize(name, version = nil)
     # Defaults
@@ -128,11 +153,14 @@ class Echoe
     self.summary = ""
     self.install_message = nil
     self.has_rdoc = true
-    self.rdoc_pattern = /^(lib|bin|tasks)|^README|^CHANGELOG|^TODO|^LICENSE$/
+    self.rdoc_files = /^(lib|bin|tasks)|^README|^CHANGELOG|^TODO|^LICENSE$/
     self.rdoc_options = ['--line-numbers', '--inline-source']
     self.dependencies = []
     self.manifest_name = "Manifest"
     self.extensions = ["ext/extconf.rb"] if File.exist?("ext/extconf.rb")
+    self.private_key = ENV['GEM_PRIVATE_KEY']
+    self.require_signed = false
+    self.certificate_chain = ENV['GEM_CERTIFICATE_CHAIN'].to_s.split(/\,\s*/).compact
 
     self.need_gem = true
     self.need_tar_gz = true
@@ -146,12 +174,14 @@ class Echoe
     yield self if block_given?
     
     # set some post-defaults
+    self.certificate_chain = Array(certificate_chain)
     self.description = summary if description.empty?
     self.summary = description if summary.empty?
     
     # legacy compatibility
     self.dependencies = extra_deps if extra_deps and dependencies.empty?
     self.project = rubyforge_name if rubyforge_name
+    self.rdoc_files = rdoc_pattern if rdoc_pattern
 
     define_tasks
   end
@@ -169,6 +199,19 @@ class Echoe
       s.homepage = url
       s.rubyforge_project = project
       s.post_install_message = install_message if install_message
+      
+      if private_key and File.exist? private_key
+        s.signing_key = private_key
+        s.cert_chain = certificate_chain
+        puts "Signing gem."
+        puts "Certificate chain is:"
+        certificate_chain.each do |cert|
+          puts "  #{cert}"
+        end
+      else
+        puts "Missing private key; gem will not be signed."
+        raise "Signed gem required. Maybe you forget to set ENV['GEM_PRIVATE_KEY']." if require_signed
+      end
 
       s.description = description
 
@@ -199,6 +242,11 @@ class Echoe
       else
         s.test_files = Dir[*test_pattern]
       end
+      
+      if eval
+        self.instance_eval &eval
+      end
+      
     end
 
     self.lib_files = spec.files.grep(/^lib/)
@@ -216,11 +264,15 @@ class Echoe
       if include_gemspec
         File.open(gemspec_name, 'w') do |f|          
           f.puts "\n# Gem::Specification for #{name.capitalize}-#{version}\n# Originally generated by Echoe\n\n"
-          f.puts spec.to_ruby
+          spec.to_ruby.split("\n").each do |line|
+            # Don't publish any information about the private key or certificate chain
+            f.puts line unless line =~ /signing_key|cert_chain|\.pem/
+          end
           
           f.puts "\n\n# # Original Rakefile source (requires the Echoe gem):\n# \n"
           File.open("Rakefile").readlines.each do |line|
-            f.write "# #{line}"
+            # Ditto
+            f.write "# #{line}" unless line =~ /private_key|certificate_chain|\.pem/        
           end                    
         end
       end      
@@ -244,12 +296,12 @@ class Echoe
 
     desc 'Install the gem'
     task :install => [:clean, :package] do
-      sh "sudo gem install pkg/*.gem"
+      sh "sudo gem install pkg/*.gem -P MediumSecurity"
     end
 
     desc 'Uninstall the gem'
     task :uninstall do
-      sh "sudo gem uninstall #{name}"
+      sh "sudo gem uninstall #{name} -a -i -x"
     end
 
     desc 'Package and upload the release to Rubyforge'
@@ -292,8 +344,15 @@ class Echoe
       rd.options += Array(rdoc_options)
       
       rd.rdoc_dir = 'doc'
-
-      files = (spec.files.grep(rdoc_pattern) - [manifest_name]).uniq
+      
+      files = (if rdoc_files.is_a? Array
+        rdoc_files
+      elsif rdoc_pattern.is_a? Regexp
+        spec.files.grep(rdoc_pattern).uniq
+      else
+        []
+      end) - [manifest_name]
+      
       rd.rdoc_files.push(*files)
 
       if rdoc_template

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.4
 specification_version: 1
 name: echoe
 version: !ruby/object:Gem::Version 
-  version: "2.3"
-date: 2007-08-13 00:00:00 -04:00
+  version: "2.4"
+date: 2007-09-16 00:00:00 -04:00
 summary: A tool for packaging Ruby gems.
 require_paths: 
 - lib
@@ -25,6 +25,28 @@ required_ruby_version: !ruby/object:Gem::Version::Requirement
 platform: ruby
 signing_key: 
 cert_chain: 
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDLjCCAhagAwIBAgIBADANBgkqhkiG9w0BAQUFADA9MQ0wCwYDVQQDDARldmFu
+  MRgwFgYKCZImiZPyLGQBGRYIY2xvdWRidXIxEjAQBgoJkiaJk/IsZAEZFgJzdDAe
+  Fw0wNzA5MTYxMDMzMDBaFw0wODA5MTUxMDMzMDBaMD0xDTALBgNVBAMMBGV2YW4x
+  GDAWBgoJkiaJk/IsZAEZFghjbG91ZGJ1cjESMBAGCgmSJomT8ixkARkWAnN0MIIB
+  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5C0Io89nyApnr+PvbNFge9Vs
+  yRWAlGBUEMahpXp28VrrfXZT0rAW7JBo4PlCE3jl4nE4dzE6gAdItSycjTosrw7A
+  Ir5+xoyl4Vb35adv56TIQQXvNz+BzlqnkAY5JN0CSBRTQb6mxS3hFyD/h4qgDosj
+  R2RFVzHqSxCS8xq4Ny8uzOwOi+Xyu4w67fI5JvnPvMxqrlR1eaIQHmxnf76RzC46
+  QO5QhufjAYGGXd960XzbQsQyTDUYJzrvT7AdOfiyZzKQykKt8dEpDn+QPjFTnGnT
+  QmgJBX5WJN0lHF2l1sbv3gh4Kn1tZu+kTUqeXY6ShAoDTyvZRiFqQdwh8w2lTQID
+  AQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU+WqJz3xQ
+  XSea1hRvvHWcIMgeeC4wDQYJKoZIhvcNAQEFBQADggEBAGLZ75jfOEW8Nsl26CTt
+  JFrWxQTcQT/UljeefVE3xYr7lc9oQjbqO3FOyued3qW7TaNEtZfSHoYeUSMYbpw1
+  XAwocIPuSRFDGM4B+hgQGVDx8PMGiJKom4qLXjO40UZsR7QyN/u869Vj45LURm6h
+  MBcPeqCASI+WNprj9+uZa2kmHiitrFqqfMBNlm5IFbn9XeYSta9AHVvs5QQqV2m5
+  hIPfLqCyxsn/YgOGvo6iwyQTWyTswamaAC3HRWZxIS1sfn/Ssqa7E7oQMkv5FAXr
+  x5rKePfXINf8XTJczkl9OBEYdE9aNdJsJpXD0asLgGVwBICS5Bjohp6mizJcDC1+
+  yZ0=
+  -----END CERTIFICATE-----
+
 post_install_message: 
 authors: 
 - Evan Weaver