gemstash 2.2.2 → 2.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +61 -17
- data/lib/gemstash/authorization.rb +5 -2
- data/lib/gemstash/cli/authorize.rb +42 -1
- data/lib/gemstash/cli/setup.rb +2 -2
- data/lib/gemstash/cli/start.rb +5 -25
- data/lib/gemstash/cli.rb +6 -2
- data/lib/gemstash/config.ru +0 -2
- data/lib/gemstash/configuration.rb +5 -0
- data/lib/gemstash/db/authorization.rb +3 -3
- data/lib/gemstash/env.rb +0 -11
- data/lib/gemstash/gem_source/upstream_source.rb +15 -0
- data/lib/gemstash/logging.rb +14 -2
- data/lib/gemstash/man/gemstash-authorize.1 +21 -33
- data/lib/gemstash/man/gemstash-authorize.1.txt +20 -16
- data/lib/gemstash/man/gemstash-configuration.5 +61 -119
- data/lib/gemstash/man/gemstash-configuration.5.txt +58 -65
- data/lib/gemstash/man/gemstash-customize.7 +60 -103
- data/lib/gemstash/man/gemstash-customize.7.txt +52 -56
- data/lib/gemstash/man/gemstash-debugging.7 +11 -31
- data/lib/gemstash/man/gemstash-debugging.7.txt +8 -13
- data/lib/gemstash/man/gemstash-deploy.7 +15 -39
- data/lib/gemstash/man/gemstash-deploy.7.txt +18 -22
- data/lib/gemstash/man/gemstash-mirror.7 +10 -31
- data/lib/gemstash/man/gemstash-mirror.7.txt +6 -10
- data/lib/gemstash/man/gemstash-multiple-sources.7 +72 -44
- data/lib/gemstash/man/gemstash-multiple-sources.7.txt +66 -22
- data/lib/gemstash/man/gemstash-private-gems.7 +51 -102
- data/lib/gemstash/man/gemstash-private-gems.7.txt +35 -39
- data/lib/gemstash/man/gemstash-readme.7 +42 -88
- data/lib/gemstash/man/gemstash-readme.7.txt +43 -48
- data/lib/gemstash/man/gemstash-setup.1 +13 -33
- data/lib/gemstash/man/gemstash-setup.1.txt +13 -17
- data/lib/gemstash/man/gemstash-start.1 +5 -29
- data/lib/gemstash/man/gemstash-start.1.txt +6 -14
- data/lib/gemstash/man/gemstash-status.1 +5 -23
- data/lib/gemstash/man/gemstash-status.1.txt +6 -10
- data/lib/gemstash/man/gemstash-stop.1 +5 -23
- data/lib/gemstash/man/gemstash-stop.1.txt +6 -10
- data/lib/gemstash/man/gemstash-version.1 +4 -24
- data/lib/gemstash/man/gemstash-version.1.txt +3 -7
- data/lib/gemstash/migrations/05_authorization_names.rb +10 -0
- data/lib/gemstash/upstream.rb +33 -2
- data/lib/gemstash/version.rb +1 -1
- data/lib/gemstash.rb +1 -0
- metadata +35 -14
@@ -1,24 +1,8 @@
|
|
1
1
|
<!-- Automatically generated by Pandoc -->
|
2
|
-
.\" Automatically generated by Pandoc 3.1
|
2
|
+
.\" Automatically generated by Pandoc 3.1.8
|
3
3
|
.\"
|
4
|
-
.\" Define V font for inline verbatim, using C font in formats
|
5
|
-
.\" that render this, and otherwise B font.
|
6
|
-
.ie "\f[CB]x\f[]"x" \{\
|
7
|
-
. ftr V B
|
8
|
-
. ftr VI BI
|
9
|
-
. ftr VB B
|
10
|
-
. ftr VBI BI
|
11
|
-
.\}
|
12
|
-
.el \{\
|
13
|
-
. ftr V CR
|
14
|
-
. ftr VI CI
|
15
|
-
. ftr VB CB
|
16
|
-
. ftr VBI CBI
|
17
|
-
.\}
|
18
4
|
.TH "gemstash-private-gems" "7" "October 8, 2015" "" ""
|
19
|
-
.hy
|
20
5
|
.SH Private Gems
|
21
|
-
.PP
|
22
6
|
Stashing private gems in your Gemstash server requires a bit of
|
23
7
|
additional setup.
|
24
8
|
If you haven\[cq]t read through the Quickstart Guide, you should do that
|
@@ -26,7 +10,6 @@ first.
|
|
26
10
|
By the end of this guide, you will be able to interact with your
|
27
11
|
Gemstash server to store and retrieve your private gems.
|
28
12
|
.SS Authorizing
|
29
|
-
.PP
|
30
13
|
\f[B]IMPORTANT NOTE:\f[R] Do not use the actual key value in this
|
31
14
|
document, otherwise your Gemstash server will be vulnerable to anyone
|
32
15
|
who wants to try to use the key against your server.
|
@@ -35,38 +18,32 @@ running the commands.
|
|
35
18
|
.PP
|
36
19
|
In order to push a gem to your Gemstash server, you need to first create
|
37
20
|
an API key.
|
38
|
-
Utilize the \f[
|
21
|
+
Utilize the \f[CR]gemstash authorize\f[R] command to create the API key:
|
39
22
|
.IP
|
40
|
-
.
|
41
|
-
\f[C]
|
23
|
+
.EX
|
42
24
|
$ gemstash authorize
|
43
25
|
Your new key is: e374e237fdf5fa5718d2a21bd63dc911
|
44
|
-
|
45
|
-
.fi
|
26
|
+
.EE
|
46
27
|
.PP
|
47
|
-
This new key can \f[
|
28
|
+
This new key can \f[CR]push\f[R], \f[CR]yank\f[R], and \f[CR]fetch\f[R]
|
48
29
|
gems from your Gemstash server.
|
49
|
-
Run \f[
|
30
|
+
Run \f[CR]gemstash authorize\f[R] with just the permissions you want to
|
50
31
|
limit what the key will be allowed to do.
|
51
32
|
You can similarly update a specific key by providing it via the
|
52
|
-
\f[
|
33
|
+
\f[CR]--key\f[R] option:
|
53
34
|
.IP
|
54
|
-
.
|
55
|
-
\f[C]
|
35
|
+
.EX
|
56
36
|
$ gemstash authorize push yank --key e374e237fdf5fa5718d2a21bd63dc911
|
57
|
-
|
58
|
-
.fi
|
37
|
+
.EE
|
59
38
|
.PP
|
60
39
|
When no permissions are provided (like the first example), the key will
|
61
40
|
be authorized for all permissions.
|
62
41
|
Leave the key authorized with everything if you want to use it to try
|
63
42
|
all private gem interactions:
|
64
43
|
.IP
|
65
|
-
.
|
66
|
-
\f[C]
|
44
|
+
.EX
|
67
45
|
$ gemstash authorize --key e374e237fdf5fa5718d2a21bd63dc911
|
68
|
-
|
69
|
-
.fi
|
46
|
+
.EE
|
70
47
|
.PP
|
71
48
|
With the key generated, you\[cq]ll need to tell Rubygems about your new
|
72
49
|
key.
|
@@ -75,86 +52,70 @@ already have a credentials file to add the key to.
|
|
75
52
|
If not, run the following commands before modifying the credentials
|
76
53
|
file:
|
77
54
|
.IP
|
78
|
-
.
|
79
|
-
\f[C]
|
55
|
+
.EX
|
80
56
|
$ mkdir -p \[ti]/.gem
|
81
57
|
$ touch \[ti]/.gem/credentials
|
82
58
|
$ chmod 0600 \[ti]/.gem/credentials
|
83
|
-
|
84
|
-
.fi
|
59
|
+
.EE
|
85
60
|
.PP
|
86
61
|
Add your new key to credentials such that it looks something like this
|
87
62
|
(but make sure not to remove any existing keys):
|
88
63
|
.IP
|
89
|
-
.
|
90
|
-
\f[C]
|
64
|
+
.EX
|
91
65
|
# \[ti]/.gem/credentials
|
92
66
|
---
|
93
67
|
:test_key: e374e237fdf5fa5718d2a21bd63dc911
|
94
|
-
|
95
|
-
.fi
|
68
|
+
.EE
|
96
69
|
.PP
|
97
|
-
The name \f[
|
70
|
+
The name \f[CR]test_key\f[R] can be anything you want, but you will need
|
98
71
|
to remember it and use it again later in this guide for the
|
99
|
-
\f[
|
72
|
+
\f[CR]--key\f[R] option.
|
100
73
|
.SS Creating a Test Gem
|
101
|
-
.PP
|
102
74
|
You\[cq]ll need a test gem before you can play with private gems on your
|
103
75
|
Gemstash server.
|
104
76
|
If you have a gem you can use, move along to the next section.
|
105
77
|
You can start by instantiating a test gem via Bundler:
|
106
78
|
.IP
|
107
|
-
.
|
108
|
-
\f[C]
|
79
|
+
.EX
|
109
80
|
$ bundle gem private-example
|
110
|
-
|
111
|
-
.fi
|
81
|
+
.EE
|
112
82
|
.PP
|
113
83
|
You\[cq]ll need to add a summary and description to the new gem\[cq]s
|
114
84
|
gemspec file in order to successfully build it.
|
115
85
|
Once you\[cq]ve built the gem, you will be ready to push the new gem.
|
116
86
|
.IP
|
117
|
-
.
|
118
|
-
\f[C]
|
87
|
+
.EX
|
119
88
|
$ cd private-example
|
120
89
|
$ rake build
|
121
|
-
|
122
|
-
.fi
|
90
|
+
.EE
|
123
91
|
.PP
|
124
92
|
You will now have a gem at
|
125
|
-
\f[
|
93
|
+
\f[CR]private-example/pkg/private-example-0.1.0.gem\f[R].
|
126
94
|
.SS Pushing
|
127
|
-
.PP
|
128
95
|
If your Gemstash server isn\[cq]t running, go ahead and start it:
|
129
96
|
.IP
|
130
|
-
.
|
131
|
-
\f[C]
|
97
|
+
.EX
|
132
98
|
$ gemstash start
|
133
|
-
|
134
|
-
.fi
|
99
|
+
.EE
|
135
100
|
.PP
|
136
101
|
Push your test gem using Rubygems:
|
137
102
|
.IP
|
138
|
-
.
|
139
|
-
\f[C]
|
103
|
+
.EX
|
140
104
|
$ gem push --key test_key --host http://localhost:9292/private pkg/private-example-0.1.0.gem
|
141
|
-
|
142
|
-
.fi
|
105
|
+
.EE
|
143
106
|
.PP
|
144
|
-
The \f[
|
107
|
+
The \f[CR]/private\f[R] portion of the \f[CR]--host\f[R] option tells
|
145
108
|
Gemstash you are interacting with the private gems.
|
146
109
|
Gemstash will not let you push, or yank from anything except
|
147
|
-
\f[
|
110
|
+
\f[CR]/private\f[R].
|
148
111
|
.SS Bundling
|
149
|
-
.PP
|
150
112
|
Once your gem is pushed to your Gemstash server, you are ready to bundle
|
151
113
|
it.
|
152
|
-
Create a \f[
|
114
|
+
Create a \f[CR]Gemfile\f[R] and specify the gem.
|
153
115
|
You will probably want to wrap the private gem in a source block, and
|
154
116
|
let the rest of Gemstash handle all other gems:
|
155
117
|
.IP
|
156
|
-
.
|
157
|
-
\f[C]
|
118
|
+
.EX
|
158
119
|
# ./Gemfile
|
159
120
|
source \[dq]http://localhost:9292\[dq]
|
160
121
|
gem \[dq]rubywarrior\[dq]
|
@@ -162,65 +123,55 @@ gem \[dq]rubywarrior\[dq]
|
|
162
123
|
source \[dq]http://localhost:9292/private\[dq] do
|
163
124
|
gem \[dq]private-example\[dq]
|
164
125
|
end
|
165
|
-
|
166
|
-
.fi
|
126
|
+
.EE
|
167
127
|
.PP
|
168
|
-
Notice that the Gemstash server points to \f[
|
128
|
+
Notice that the Gemstash server points to \f[CR]/private\f[R] again when
|
169
129
|
installing your private gem.
|
170
130
|
Go ahead and bundle to install your new private gem:
|
171
131
|
.IP
|
172
|
-
.
|
173
|
-
\f[C]
|
132
|
+
.EX
|
174
133
|
$ bundle
|
175
|
-
|
176
|
-
.fi
|
134
|
+
.EE
|
177
135
|
.SS Yanking
|
178
|
-
.PP
|
179
136
|
If you push a private gem by accident, you can yank the gem with
|
180
137
|
Rubygems:
|
181
138
|
.IP
|
182
|
-
.
|
183
|
-
\f[C]
|
139
|
+
.EX
|
184
140
|
$ RUBYGEMS_HOST=http://localhost:9292/private gem yank --key test_key private-example --version 0.1.0
|
185
|
-
|
186
|
-
.fi
|
141
|
+
.EE
|
187
142
|
.PP
|
188
|
-
Like with pushing, the \f[
|
143
|
+
Like with pushing, the \f[CR]/private\f[R] portion of the host option
|
189
144
|
tells Gemstash you are interacting with private gems.
|
190
|
-
Gemstash will only let you yank from \f[
|
191
|
-
Unlike pushing, Rubygems doesn\[cq]t support \f[
|
192
|
-
(yet), so you need to specify the host via the \f[
|
145
|
+
Gemstash will only let you yank from \f[CR]/private\f[R].
|
146
|
+
Unlike pushing, Rubygems doesn\[cq]t support \f[CR]--host\f[R] for yank
|
147
|
+
(yet), so you need to specify the host via the \f[CR]RUBYGEMS_HOST\f[R]
|
193
148
|
environment variable.
|
194
149
|
.SS Protected Fetching
|
195
|
-
.PP
|
196
150
|
By default, private gems and specs can be accessed without
|
197
151
|
authentication.
|
198
152
|
.PP
|
199
153
|
Private gems often require protected fetching.
|
200
154
|
For backwards compatibility this is disabled by default, but can be
|
201
|
-
enabled via \f[
|
155
|
+
enabled via \f[CR]$ gemstash setup\f[R] command.
|
202
156
|
.PP
|
203
157
|
When protected fetching is enabled API keys with the permissions
|
204
|
-
\f[
|
158
|
+
\f[CR]all\f[R] or \f[CR]fetch\f[R] can be used to download gems and
|
159
|
+
specs.
|
205
160
|
.PP
|
206
161
|
On the Bundler side, there are a few ways to configure credentials for a
|
207
162
|
given gem source:
|
208
163
|
.PP
|
209
164
|
Add credentials globally:
|
210
165
|
.IP
|
211
|
-
.
|
212
|
-
\f[C]
|
166
|
+
.EX
|
213
167
|
$ bundle config my-gemstash.dev api_key
|
214
|
-
|
215
|
-
.fi
|
168
|
+
.EE
|
216
169
|
.PP
|
217
170
|
Add credentials in Gemfile:
|
218
171
|
.IP
|
219
|
-
.
|
220
|
-
\f[C]
|
172
|
+
.EX
|
221
173
|
source \[dq]https://api_key\[at]my-gemstash.dev\[dq]
|
222
|
-
|
223
|
-
.fi
|
174
|
+
.EE
|
224
175
|
.PP
|
225
176
|
However, it\[cq]s not a good practice to commit credentials to source
|
226
177
|
control.
|
@@ -228,15 +179,13 @@ A recommended solution is to use Bundler\[cq]s configuration
|
|
228
179
|
keys (http://bundler.io/man/bundle-config.1.html#CONFIGURATION-KEYS),
|
229
180
|
e.g.:
|
230
181
|
.IP
|
231
|
-
.
|
232
|
-
\f[C]
|
182
|
+
.EX
|
233
183
|
$ export BUNDLE_MYGEMSTASH__DEV=api_key
|
234
|
-
|
235
|
-
.fi
|
184
|
+
.EE
|
236
185
|
.PP
|
237
186
|
Behind the scene, Bundler will pick up the ENV var according to the host
|
238
|
-
name (e.g.\ mygemstash.dev) and add to \f[
|
239
|
-
requests.
|
187
|
+
name (e.g.\ mygemstash.dev) and add to \f[CR]URI.userinfo\f[R] for
|
188
|
+
making requests.
|
240
189
|
.PP
|
241
190
|
The API key is treated as a HTTP Basic Auth username and any HTTP Basic
|
242
191
|
password supplied will be ignored.
|
@@ -1,6 +1,4 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
4mgemstash-private-gems24m(7) 4mgemstash-private-gems24m(7)
|
4
2
|
|
5
3
|
<!-- Automatically generated by Pandoc -->
|
6
4
|
|
@@ -17,44 +15,44 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
17
15
|
try to use the key against your server. Instead of the key value here,
|
18
16
|
use whatever key is generated from running the commands.
|
19
17
|
|
20
|
-
In
|
21
|
-
ate
|
18
|
+
In order to push a gem to your Gemstash server, you need to first cre-
|
19
|
+
ate an API key. Utilize the gemstash authorize command to create the
|
22
20
|
API key:
|
23
21
|
|
24
22
|
$ gemstash authorize
|
25
23
|
Your new key is: e374e237fdf5fa5718d2a21bd63dc911
|
26
24
|
|
27
|
-
This
|
28
|
-
Run
|
25
|
+
This new key can push, yank, and fetch gems from your Gemstash server.
|
26
|
+
Run gemstash authorize with just the permissions you want to limit what
|
29
27
|
the key will be allowed to do. You can similarly update a specific key
|
30
|
-
by providing it via the
|
28
|
+
by providing it via the --key option:
|
31
29
|
|
32
30
|
$ gemstash authorize push yank --key e374e237fdf5fa5718d2a21bd63dc911
|
33
31
|
|
34
32
|
When no permissions are provided (like the first example), the key will
|
35
|
-
be authorized for all
|
36
|
-
|
33
|
+
be authorized for all permissions. Leave the key authorized with
|
34
|
+
everything if you want to use it to try all private gem interactions:
|
37
35
|
|
38
36
|
$ gemstash authorize --key e374e237fdf5fa5718d2a21bd63dc911
|
39
37
|
|
40
38
|
With the key generated, you'll need to tell Rubygems about your new
|
41
39
|
key. If you've pushed a gem to https://rubygems.org, then you will al-
|
42
|
-
ready
|
40
|
+
ready have a credentials file to add the key to. If not, run the fol-
|
43
41
|
lowing commands before modifying the credentials file:
|
44
42
|
|
45
43
|
$ mkdir -p ~/.gem
|
46
44
|
$ touch ~/.gem/credentials
|
47
45
|
$ chmod 0600 ~/.gem/credentials
|
48
46
|
|
49
|
-
Add
|
47
|
+
Add your new key to credentials such that it looks something like this
|
50
48
|
(but make sure not to remove any existing keys):
|
51
49
|
|
52
50
|
# ~/.gem/credentials
|
53
51
|
---
|
54
52
|
:test_key: e374e237fdf5fa5718d2a21bd63dc911
|
55
53
|
|
56
|
-
The name
|
57
|
-
ber it and use it again later in this guide for the
|
54
|
+
The name test_key can be anything you want, but you will need to remem-
|
55
|
+
ber it and use it again later in this guide for the --key option.
|
58
56
|
|
59
57
|
1mCreating a Test Gem0m
|
60
58
|
You'll need a test gem before you can play with private gems on your
|
@@ -63,15 +61,15 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
63
61
|
|
64
62
|
$ bundle gem private-example
|
65
63
|
|
66
|
-
You'll
|
64
|
+
You'll need to add a summary and description to the new gem's gemspec
|
67
65
|
file in order to successfully build it. Once you've built the gem, you
|
68
66
|
will be ready to push the new gem.
|
69
67
|
|
70
68
|
$ cd private-example
|
71
69
|
$ rake build
|
72
70
|
|
73
|
-
You will now have a gem at
|
74
|
-
|
71
|
+
You will now have a gem at private-example/pkg/private-exam-
|
72
|
+
ple-0.1.0.gem.
|
75
73
|
|
76
74
|
1mPushing0m
|
77
75
|
If your Gemstash server isn't running, go ahead and start it:
|
@@ -82,13 +80,13 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
82
80
|
|
83
81
|
$ gem push --key test_key --host http://localhost:9292/private pkg/private-example-0.1.0.gem
|
84
82
|
|
85
|
-
The
|
86
|
-
acting
|
87
|
-
from anything except
|
83
|
+
The /private portion of the --host option tells Gemstash you are inter-
|
84
|
+
acting with the private gems. Gemstash will not let you push, or yank
|
85
|
+
from anything except /private.
|
88
86
|
|
89
87
|
1mBundling0m
|
90
|
-
Once
|
91
|
-
dle
|
88
|
+
Once your gem is pushed to your Gemstash server, you are ready to bun-
|
89
|
+
dle it. Create a Gemfile and specify the gem. You will probably want
|
92
90
|
to wrap the private gem in a source block, and let the rest of Gemstash
|
93
91
|
handle all other gems:
|
94
92
|
|
@@ -100,7 +98,7 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
100
98
|
gem "private-example"
|
101
99
|
end
|
102
100
|
|
103
|
-
Notice that the Gemstash server points to
|
101
|
+
Notice that the Gemstash server points to /private again when in-
|
104
102
|
stalling your private gem. Go ahead and bundle to install your new
|
105
103
|
private gem:
|
106
104
|
|
@@ -112,24 +110,24 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
112
110
|
|
113
111
|
$ RUBYGEMS_HOST=http://localhost:9292/private gem yank --key test_key private-example --version 0.1.0
|
114
112
|
|
115
|
-
Like with pushing, the
|
113
|
+
Like with pushing, the /private portion of the host option tells Gem-
|
116
114
|
stash you are interacting with private gems. Gemstash will only let
|
117
|
-
you yank from
|
118
|
-
|
119
|
-
|
115
|
+
you yank from /private. Unlike pushing, Rubygems doesn't support
|
116
|
+
--host for yank (yet), so you need to specify the host via the
|
117
|
+
RUBYGEMS_HOST environment variable.
|
120
118
|
|
121
119
|
1mProtected Fetching0m
|
122
120
|
By default, private gems and specs can be accessed without authentica-
|
123
121
|
tion.
|
124
122
|
|
125
123
|
Private gems often require protected fetching. For backwards compati-
|
126
|
-
bility this is disabled by default, but can be enabled via
|
127
|
-
|
124
|
+
bility this is disabled by default, but can be enabled via $ gemstash
|
125
|
+
setup command.
|
128
126
|
|
129
|
-
When protected fetching is enabled API keys with the permissions
|
130
|
-
|
127
|
+
When protected fetching is enabled API keys with the permissions all or
|
128
|
+
fetch can be used to download gems and specs.
|
131
129
|
|
132
|
-
On
|
130
|
+
On the Bundler side, there are a few ways to configure credentials for
|
133
131
|
a given gem source:
|
134
132
|
|
135
133
|
Add credentials globally:
|
@@ -140,19 +138,17 @@ gemstash-private-gems(7) gemstash-private-gems(7)
|
|
140
138
|
|
141
139
|
source "https://api_key@my-gemstash.dev"
|
142
140
|
|
143
|
-
However,
|
144
|
-
trol.
|
141
|
+
However, it's not a good practice to commit credentials to source con-
|
142
|
+
trol. A recommended solution is to use Bundler's configuration keys
|
145
143
|
(http://bundler.io/man/bundle-config.1.html#CONFIGURATION-KEYS), e.g.:
|
146
144
|
|
147
145
|
$ export BUNDLE_MYGEMSTASH__DEV=api_key
|
148
146
|
|
149
|
-
Behind
|
150
|
-
host
|
147
|
+
Behind the scene, Bundler will pick up the ENV var according to the
|
148
|
+
host name (e.g. mygemstash.dev) and add to URI.userinfo for making re-
|
151
149
|
quests.
|
152
150
|
|
153
151
|
The API key is treated as a HTTP Basic Auth username and any HTTP Basic
|
154
152
|
password supplied will be ignored.
|
155
153
|
|
156
|
-
|
157
|
-
|
158
|
-
October 8, 2015 gemstash-private-gems(7)
|
154
|
+
October 8, 2015 4mgemstash-private-gems24m(7)
|