gemsmith 19.5.1 → 19.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/README.adoc +25 -10
  4. data/gemsmith.gemspec +1 -1
  5. data.tar.gz.sig +0 -0
  6. metadata +27 -20
  7. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dc3a0499a53c54d89593afe7c592fd22d9a27278d0aa061716dfd3a6b811cea1
4
- data.tar.gz: 06bf7794ef447198c05297c57da2719eda6cb57e4311ea8c3a7ee88a2efeedce
3
+ metadata.gz: b0bab61fb9a27a5e8d869fb0dadcd0c8e50783e7a5774bca1ef860aa63312563
4
+ data.tar.gz: d5709a594be8f2f26d68c203be0b79abc49f06131bebf39a15af11f41e8fc799
5
5
  SHA512:
6
- metadata.gz: bdf22fbd50a35af130baa5cf843a89c89587b7b59ea680463e39632b15e80e90b7db4c48abbe64fdca1c9b6aa14892e1bbc59c0f6d11c5580987819a4184e208
7
- data.tar.gz: 152610ac1b68aa77b42983dbfbfe24f4b746b0a7a1c3b13400b4dba7a81a37728c16baae36858964eb044f3a5df9598af060d0321b68d9ecd80e1a896a541e16
6
+ metadata.gz: 5c1410312afb797e4f59d8d06aa4de04f4bcfab090935ec16c557e615db40238ceb59f73260eb10fdd0419b7d8cddd2fc747d4d5a44ceb82f7c6d3c5b060436e
7
+ data.tar.gz: 1467120baf6b1d6a561d8920ad930afb9b98c5ee73fb2970b2e5a51d470594097a5b683476c088b170b215aaec60aadf1dc7b6abc27e26e995b48cc3e7da062f
checksums.yaml.gz.sig CHANGED
Binary file
data/README.adoc CHANGED
@@ -2,6 +2,8 @@
2
2
  :toclevels: 5
3
3
  :figure-caption!:
4
4
 
5
+ :ruby_gems_link: link:https://rubygems.org[RubyGems]
6
+
5
7
  = Gemsmith
6
8
 
7
9
  Gemsmith is a command line interface for smithing Ruby gems. Perfect for when you need a
@@ -23,7 +25,7 @@ toc::[]
23
25
 
24
26
  . A UNIX-based system.
25
27
  . link:https://www.ruby-lang.org[Ruby].
26
- . link:https://rubygems.org[RubyGems].
28
+ . {ruby_gems_link}.
27
29
 
28
30
  == Setup
29
31
 
@@ -291,13 +293,20 @@ To create a certificate for your gems, run the following:
291
293
 
292
294
  [source,bash]
293
295
  ----
294
- cd ~/.ssh
295
- gem cert --build you@example.com
296
- chmod 600 gem-*.pem
296
+ cd ~/.gem
297
+ gem cert --build you@example.com --days 730
298
+ gem cert --add gem-public_cert.pem
299
+ cp gem-public_cert.pem <path/to/server/public/folder>/gems.pem
297
300
  ----
298
301
 
299
- The resulting `.pem` key files can be referenced via the `signing_key` and `cert_chain` of your
300
- `.gemspec` which Gemsmith provides for you via the `--security` build option. Example:
302
+ The above breaks down as follows:
303
+
304
+ * *Source*: The `~/.gem` directory is where your credentials and certificates are stored. This is also where the `Gem.default_key_path` and `Gem.default_cert_path` methods look for your certificates. I'll talk more about these shortly.
305
+ * *Build*: Builds your `gem-private_key.pem` and `gem-public_cert.pem` certificates with a two year duration (i.e. `365 * 2`) before expiring. You can also see this information on the {ruby_gems_link} page for your gem (scroll to the bottom). Security-wise, this isn't great but the way {ruby_gems_link} certification is implemented and enforced is weak to begin with. Regardless, this is important to do in order to be a good citizen within the ecosystem. You'll also be prompted for a private key passphrase so make sure it is long and complicated and then store it in your favorite password manager.
306
+ * *Add*: Once your public certificate has been built, you'll need to add it to your registry so {ruby_gems_link} can look up and verify your certificate upon gem install.
307
+ * *Web*: You'll need to copy your public certificate to the public folder of your web server so you can host this certificate for others to install. I rename my public certificate as `gems.pem` to keep the URL simple but you can name it how you like and document usage for others. For example, here's how you'd add my public certificate (same as done locally but via a URL this time): `gem cert --add <(curl --compressed --location https://alchemists.io/gems.pem)`.
308
+
309
+ Earlier, I mentioned `Gem.default_key_path` and `Gem.default_cert_path` are paths to where your certificates are stored in your `~/.gem` directory. Well, the `signing_key` and `cert_chain` of your `.gemspec` needs to use these paths. Gemsmith automates for you when the `--security` build option is used (enabled by default). For example, when using Gemsmith to build a new gem, you'll see the following configuration generated in your `.gemspec`:
301
310
 
302
311
  [source,ruby]
303
312
  ----
@@ -310,13 +319,19 @@ Gem::Specification.new do |spec|
310
319
  end
311
320
  ----
312
321
 
313
- To learn more about gem certificates, read about RubyGems
314
- link:https://guides.rubygems.org/security[Security].
322
+ The above wires all of this functionality together so you can easily build and publish your gems with minimal effort while increasing your security. 🎉 To test the security of your newly minted gem, you can install it with the `--trust-policy` set to high security for maximum benefit. Example:
323
+
324
+ [source,bash]
325
+ ----
326
+ gem install <your_gem> --trust-policy HighSecurity
327
+ ----
328
+
329
+ To learn more about gem certificates, check out the RubyGems
330
+ link:https://guides.rubygems.org/security[Security] documentation.
315
331
 
316
332
  === Private Gem Servers
317
333
 
318
- By default, the following command will publicly publish your gem to
319
- link:https://rubygems.org[RubyGems]:
334
+ By default, the following command will publicly publish your gem to {ruby_gems_link}:
320
335
 
321
336
  [source,bash]
322
337
  ----
data/gemsmith.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |spec|
4
4
  spec.name = "gemsmith"
5
- spec.version = "19.5.1"
5
+ spec.version = "19.5.2"
6
6
  spec.authors = ["Brooke Kuhlmann"]
7
7
  spec.email = ["brooke@alchemists.io"]
8
8
  spec.homepage = "https://alchemists.io/projects/gemsmith"
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gemsmith
3
3
  version: !ruby/object:Gem::Version
4
- version: 19.5.1
4
+ version: 19.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brooke Kuhlmann
@@ -10,25 +10,32 @@ bindir: exe
10
10
  cert_chain:
11
11
  - |
12
12
  -----BEGIN CERTIFICATE-----
13
- MIIC/jCCAeagAwIBAgIBBTANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpicm9v
14
- a2UvREM9YWxjaGVtaXN0cy9EQz1pbzAeFw0yMjAzMTkxNzI0MzJaFw0yMzAzMTkx
15
- NzI0MzJaMCUxIzAhBgNVBAMMGmJyb29rZS9EQz1hbGNoZW1pc3RzL0RDPWlvMIIB
16
- IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6l1qpXTiomH1RfMRloyw7MiE
17
- xyVx/x8Yc3EupdH7uhNaTXQGyORN6aOY//1QXXMHIZ9tW74nZLhesWMSUMYy0XhB
18
- brs+KkurHnc9FnEJAbG7ebGvl/ncqZt72nQvaxpDxvuCBHgJAz+8i5wl6FhLw+oT
19
- 9z0A8KcGhz67SdcoQiD7qiCjL/2NTeWHOzkpPrdGlt088+VerEEGf5I13QCvaftP
20
- D5vkU0YlAm1r98BymuJlcQ1qdkVEI1d48ph4kcS0S0nv1RiuyVb6TCAR3Nu3VaVq
21
- 3fPzZKJLZBx67UvXdbdicWPiUR75elI4PXpLIic3xytaF52ZJYyKZCNZJhNwfQID
22
- AQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU0nzow9vc
23
- 2CdikiiE3fJhP/gY4ggwDQYJKoZIhvcNAQELBQADggEBAJbbNyWzFjqUNVPPCUCo
24
- IMrhDa9xf1xkORXNYYbmXgoxRy/KyNbUr+jgEEoWJAm9GXlcqxxWAUI6pK/i4/Qi
25
- X6rPFEFmeObDOHNvuqy8Hd6AYsu+kP94U/KJhe9wnWGMmGoNKJNU3EkW3jM/osSl
26
- +JRxiH5t4WtnDiVyoYl5nYC02rYdjJkG6VMxDymXTqn7u6HhYgZkGujq1UPar8x2
27
- hNIWJblDKKSu7hA2d6+kUthuYo13o1sg1Da/AEDg0hoZSUvhqDEF5Hy232qb3pDt
28
- CxDe2+VuChj4I1nvIHdu+E6XoEVlanUPKmSg6nddhkKn2gC45Kyzh6FZqnzH/CRp
29
- RFE=
13
+ MIIEeDCCAuCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZicm9v
14
+ a2UxGjAYBgoJkiaJk/IsZAEZFgphbGNoZW1pc3RzMRIwEAYKCZImiZPyLGQBGRYC
15
+ aW8wHhcNMjMwMzIyMTYxNDQxWhcNMjUwMzIxMTYxNDQxWjBBMQ8wDQYDVQQDDAZi
16
+ cm9va2UxGjAYBgoJkiaJk/IsZAEZFgphbGNoZW1pc3RzMRIwEAYKCZImiZPyLGQB
17
+ GRYCaW8wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCro8tj5/E1Hg88
18
+ f4qfiwPVd2zJQHvdYt4GHVvuHRRgx4HGhJuNp+4BId08RBn7V6V1MW6MY3kezRBs
19
+ M+7QOQ4b1xNLTvY7FYQB1wGK5a4x7TTokDrPYQxDB2jmsdDYCzVbIMrAvUfcecRi
20
+ khyGZCdByiiCl4fKv77P12tTT+NfsvXkLt/AYCGwjOUyGKTQ01Z6eC09T27GayPH
21
+ QQvIkakyFgcJtzSyGzs8bzK5q9u7wQ12MNTjJoXzW69lqp0oNvDylu81EiSUb5S6
22
+ QzzPxZBiRB1sgtbt1gUbVI262ZDq1gR+HxPFmp+Cgt7ZLIJZAtesQvtcMzseXpfn
23
+ hpmm0Sw22KGhRAy/mqHBRhDl5HqS1SJp2Ko3lcnpXeFResp0HNlt8NSu13vhC08j
24
+ GUHU9MyIXbFOsnp3K3ADrAVjPWop8EZkmUR3MV/CUm00w2cZHCSGiXl1KMpiVKvk
25
+ Ywr1gd2ZME4QLSo+EXUtLxDUa/W3xnBS8dBOuMMz02FPWYr3PN8CAwEAAaN7MHkw
26
+ CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFAFgmv0tYMZnItuPycSM
27
+ F5wykJEVMB8GA1UdEQQYMBaBFGJyb29rZUBhbGNoZW1pc3RzLmlvMB8GA1UdEgQY
28
+ MBaBFGJyb29rZUBhbGNoZW1pc3RzLmlvMA0GCSqGSIb3DQEBCwUAA4IBgQAX+EGY
29
+ 9RLYGxF1VLZz+G1ACQc4uyrCB6kXwI06kzUa5dF9tPXqTX9ffnz3/W8ck2IQhKzu
30
+ MKO2FVijzbDWTsZeZGglS4E+4Jxpau1lU9HhOIcKolv6LeC6UdALTFudY+GLb8Xw
31
+ REXgaJkjzzhkUSILmEnRwEbY08dVSl7ZAaxVI679vfI2yapLlIwpbBgmQTiTvPr3
32
+ qyyLUno9flYEOv9fmGHunSrM+gE0/0niGTXa5GgXBXYGS2he4LQGgSBfGp/cTwMU
33
+ rDKJRcusZ12lNBeDfgqACz/BBJF8FLodgk6rGMRZz7+ZmjjHEmpG5bQpR6Q2BuWL
34
+ XMtYk/QzaWuhiR7pWjiF8jbdd7RO6or0ohq7iFkokz/5xrtQ/vPzU2RQ3Qc6YaKw
35
+ 3n5C8/6Zh9DYTkpcwPSuIfAga6wf4nXc9m6JAw8AuMLaiWN/r/2s4zJsUHYERJEu
36
+ gZGm4JqtuSg8pYjPeIJxS960owq+SfuC+jxqmRA54BisFCv/0VOJi7tiJVY=
30
37
  -----END CERTIFICATE-----
31
- date: 2023-03-07 00:00:00.000000000 Z
38
+ date: 2023-03-22 00:00:00.000000000 Z
32
39
  dependencies:
33
40
  - !ruby/object:Gem::Dependency
34
41
  name: cogger
@@ -293,7 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
293
300
  - !ruby/object:Gem::Version
294
301
  version: '0'
295
302
  requirements: []
296
- rubygems_version: 3.4.7
303
+ rubygems_version: 3.4.9
297
304
  signing_key:
298
305
  specification_version: 4
299
306
  summary: A command line interface for smithing Ruby gems.
metadata.gz.sig CHANGED
Binary file