letscert 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4d86e5665c2e35534ded942c0603cb47b927e05e
-  data.tar.gz: f2d9fa631de0f0aee3ec3e051f6c2a78ff85bdf1
+  metadata.gz: ecc722b11b425c139e92b66d7436be0b818d0d03
+  data.tar.gz: 10b112ecdefce5e90e0c5cf8f99cd8bef961c2c0
 SHA512:
-  metadata.gz: 103bc74e75d1a69f004951cbd681768a3efd11520c59ed38cc389a81aaf750ec097c94d84a57a9898fc298237309bc84f48d27dc5dd18d371d952ba48eab09e1
-  data.tar.gz: 717dfaff074bd6c3809045e56ff51e7518c2c0f2bc2ce5990e8777121b3ea6dda3f67e4b90dec891534dd0f9e4cba60a3f72bd36e2e26e62b18de77ee23b89e3
+  metadata.gz: 32d5b6a6cfe0fd937506fc60791c793cac8024ab13a04531fc4a4bc56529074131d27f80c642f2d9e68a6026f3081b3d5578c0c2d1343f8a07e7b5acc1eb484c
+  data.tar.gz: a2c004cd721d85ce5aec4afe22325eaf9cfd5f70fd173f029bd443826e7cf1361d341ef9db105a69afb91cf6ceca8da37539bdb32e382a629865612101fccbaf

data/README.md

@@ -11,11 +11,14 @@ in Ruby.
 
 ## Generate a key pair and get signed certificate:
 With full chain support (`fullchain.pem` file will contain all certificates):
+
 ```bash
 letscert -d example.com:/var/www/example.com/html --email my.name@domain.tld -f account_key.json -f key.pem -f fullchain.pem
 ```
+
 else (certificate for example.com is in `cert.pem` file, rest of certification chain
 is in `chain.pem`):
+
 ```bash
 letscert -d example.com:/var/www/example.com/html --email my.name@domain.tld -f account_key.json -f key.pem -f cert.pem -f chain.pem
 ```
@@ -25,14 +28,27 @@ Commands are the sames for certificate renewal.
 
 ## Generate a key pair and get a signed certificate for multi-domains:
 Generate a single certificate for `example.com` and `www.example.com`:
+
 ```bash
 letscert -d example.com -d www.example.com --default-root /var/www/html --email my.name@domain.tld -f account_key.json -f key.pem -f fullchain.pem
 ```
 
 Command is the same for certificate renewal.
 
+## Generate a key pair and get a signed certificate if existing one is valid for less than xx days
+
+In this example, `xx` is 10:
+
+```bash
+letscert -d example.com:/var/www/example.com/html --email my.name@domain.tld -f account_key.json -f key.pem -f cert.pem -f chain.pem --valid-min 10d
+```
+
+Valid time may also be set as number of hours (`h` suffix), minutes (`m` suffix) or
+seconds (no suffix).
+
 ## Revoke a key pair:
 From directory where are stored `account_key.json` and `cert.pem` or `fullchain.pem`:
+
 ```bash
 letscert -d example.com:/var/www/example.com/html --email my.name@domain.tld --revoke
 ```

data/lib/letscert/certificate.rb

@@ -19,6 +19,7 @@
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
+require 'acme-client'
 require_relative 'loggable'
 
 module LetsCert
@@ -28,6 +29,11 @@ module LetsCert
   class Certificate
     include Loggable
 
+    # @return [OpenSSL::X509::Certificate,nil]
+    attr_reader :cert
+    # @return [Acme::Client,nil]
+    attr_reader :client
+
 
     # @param [OpenSSL::X509::Certificate,nil] cert
     def initialize(cert)
@@ -35,17 +41,29 @@ module LetsCert
     end
 
     # Get a new certificate, or renew an existing one
-    # @param [OpenSSL::PKey::PKey] account_key private key to authenticate to ACME server
-    # @param [OpenSSL::PKey::PKey] key private key from which make a certificate
-    # @param [Hash] data
+    # @param [OpenSSL::PKey::PKey,nil] account_key private key to authenticate to ACME
+    #   server
+    # @param [OpenSSL::PKey::PKey, nil] key private key from which make a certificate.
+    #    If +nil+, generate a new one with +options[:cet_key_size]+ bits.
+    # @param [Hash] options option hash
+    # @option options [Fixnum] :account_key_size ACME account private key size in bits
+    # @option options [Fixnum] :cert_key_size private key size used to generate
+    #    a certificate
+    # @option options [String] :email e-mail used as ACME account
+    # @option options [Array<String>] :files plugin names to use
+    # @option options [Boolean] :reuse_key reuse private key when getting a new
+    #    certificate
+    # @option options [Hash] :roots hash associating domains as keys to web roots as
+    #    values
+    # @option options [String] :server ACME servel URL
     def get(account_key, key, options)
       logger.info {"create key/cert/chain..." }
-      roots = compute_roots(options)
-      logger.debug { "webroots are: #{roots.inspect}" }
+      check_roots(options[:roots])
+      logger.debug { "webroots are: #{options[:roots].inspect}" }
 
       client = get_acme_client(account_key, options)
 
-      do_challenges client, roots
+      do_challenges client, options[:roots]
 
       if options[:reuse_key] and !key.nil?
         logger.info { 'Reuse existing private key' }
@@ -54,7 +72,7 @@ module LetsCert
         key = OpenSSL::PKey::RSA.generate(options[:cert_key_size])
       end
 
-      csr = Acme::Client::CertificateRequest.new(names: roots.keys,
+      csr = Acme::Client::CertificateRequest.new(names: options[:roots].keys,
                                                  private_key: key)
       cert = client.new_certificate(csr)
 
@@ -120,30 +138,17 @@ module LetsCert
 
     private
 
-    # Compute webroots
-    # @return [Hash] whre key are domains and value are their webroot path
-    def compute_roots(options)
-      roots = {}
-      no_roots = []
-
-      options[:domains].each do |domain|
-        match = domain.match(/([\w+\.]+):(.*)/)
-        if match
-          roots[match[1]] = match[2]
-        elsif options[:default_root]
-          roots[domain] = options[:default_root]
-        else
-          no_roots << domain
-        end
-      end
+    # check webroots.
+    # @param [Hash] roots
+    # @raise [Error] if some domains have no defined root.
+    def check_roots(roots)
+      no_roots = roots.select { |k,v| v.nil? }
 
       if !no_roots.empty?
         raise Error, 'root for the following domain(s) are not specified: ' +
-                     no_roots.join(', ') + ".\nTry --default_root or use " +
+                     no_roots.keys.join(', ') + ".\nTry --default_root or use " +
                      '-d example.com:/var/www/html syntax.'
       end
-
-      roots
     end
 
     # Get ACME client.

data/lib/letscert/io_plugin.rb

@@ -33,10 +33,6 @@ module LetsCert
     # @return [String]
     attr_reader :name
 
-    # Allowed plugin names
-    ALLOWED_PLUGINS = %w(account_key.json cert.der cert.pem chain.pem full.pem) +
-                      %w(fullchain.pem key.der key.pem)
-
 
     # Registered plugins
     @@registered = {}

data/lib/letscert/runner.rb

@@ -31,6 +31,9 @@ module LetsCert
   # Runner class: analyse and execute CLI commands.
   # @author Sylvain Daubert
   class Runner
+    # Get options
+    # @return [Hash]
+    attr_reader :options
 
     # Custom logger formatter
     class LoggerFormatter < Logger::Formatter
@@ -59,6 +62,47 @@ module LetsCert
 
     end
 
+    # Class used to process validation time from String.
+    # @author Sylvain Daubert
+    class ValidTime
+
+      # @param [String] str time string. May be:
+      #   * an integer -> time in seconds
+      #   * an integer plus a letter:
+      #     * 30m: 30 minutes,
+      #     * 30h: 30 hours,
+      #     * 30d: 30 days.
+      def initialize(str)
+        m = str.match(/^(\d+)([mhd])?$/)
+        if m
+          case m[2]
+          when nil
+            @seconds = m[1].to_i
+          when 'm'
+            @seconds = m[1].to_i * 60
+          when 'h'
+            @seconds = m[1].to_i * 60 * 60
+          when 'd'
+            @seconds = m[1].to_i * 24 * 60 * 60
+          end
+        else
+          raise OptionParser::InvalidArgument, "invalid argument: --valid-min #{str}"
+        end
+        @string = str
+      end
+
+      # Get time in seconds
+      # @return [Integer]
+      def to_seconds
+        @seconds
+      end
+
+      # Get time as string
+      # @return [String]
+      def to_s
+        @string
+      end
+    end
 
     # Exit value for OK
     RETURN_OK = 1
@@ -86,11 +130,10 @@ module LetsCert
         domains: [],
         files: [],
         cert_key_size: 2048,
-        valid_min: 30 * 24 * 60 * 60,
-        account_key_public_exponent: 65537,
+        valid_min: ValidTime.new('30d'),
         account_key_size: 4096,
         tos_sha256: '33d233c8ab558ba6c8ebc370a509acdded8b80e5d587aa5d192193f35226540f',
-        user_agent: 'letscert/0',
+        user_agent: "letscert/#{VERSION.gsub(/\..*/, '')}",
         server: 'https://acme-v01.api.letsencrypt.org/directory',
       }
 
@@ -144,23 +187,12 @@ module LetsCert
             RETURN_ERROR
           end
         else
-          # Check all components are covered by plugins
-          persisted = IOPlugin.empty_data
-          @options[:files].each do |file|
-            persisted.merge!(IOPlugin.registered[file].persisted) do |k, oldv, newv|
-              oldv || newv
-            end
-          end
-          not_persisted = persisted.keys.find_all { |k| !persisted[k] }
-          unless not_persisted.empty?
-            raise Error, 'Selected IO plugins do not cover following components: ' +
-                         not_persisted.join(', ')
-          end
+          check_persisted
 
           data = load_data_from_disk(@options[:files])
 
           certificate = Certificate.new(data[:cert])
-          if certificate.valid?(@options[:domains], @options[:valid_min])
+          if certificate.valid?(@options[:domains], @options[:valid_min].to_seconds)
             @logger.info { 'no need to update cert' }
             RETURN_OK
           else
@@ -226,13 +258,17 @@ module LetsCert
 
         opts.on('--cert-key-size BITS', Integer,
                 'Certificate key size in bits',
-                '(default: 2048)') do |bits|
+                "(default: #{@options[:cert_key_size]})") do |bits|
           @options[:cert_key_size] = bits
         end
 
-        opts.on('--valid-min SECONDS', Integer, 'Renew existing certificate if validity',
-                'is lesser than SECONDS (default: 2592000 (30 days))') do |time|
-          @options[:valid_min] = time
+        opts.accept(ValidTime) do |valid_time|
+          ValidTime.new(valid_time)
+        end
+        opts.on('--valid-min TIME', ValidTime, 'Renew existing certificate if validity',
+                'is lesser than TIME',
+                "(default: #{@options[:valid_min].to_s})") do |vt|
+          @options[:valid_min] = vt
         end
 
         opts.on('--reuse-key', 'Reuse previous private key') do |rk|
@@ -244,18 +280,14 @@ module LetsCert
                        " by --server")
         opts.separator('')
 
-        opts.on('--account-key-public-exponent BITS', Integer,
-                'Account key public exponent value (default: 65537)') do |bits|
-          @options[:account_key_public_exponent] = bits
-        end
-
         opts.on('--account-key-size BITS', Integer,
-                'Account key size (default: 4096)') do |bits|
+                "Account key size (default: #{@options[:account_key_size]})") do |bits|
           @options[:account_key_size] = bits
         end
 
         opts.on('--tos-sha256 HASH', String,
-                'SHA-256 digest of the content of Terms Of Service URI') do |hash|
+                'SHA-256 digest of the content of Terms',
+                'Of Service URI') do |hash|
           @options[:tos_sha256] = hash
         end
 
@@ -272,17 +304,36 @@ module LetsCert
         opts.separator('')
 
         opts.on('--user-agent NAME', 'User-Agent sent in all HTTP requests',
-                '(default: letscert/0)') do |ua|
+                "(default: #{@options[:user_agent]})") do |ua|
           @options[:user_agent] = ua
         end
         
         opts.on('--server URI', 'URI for the CA ACME API endpoint',
-                '(default: https://acme-v01.api.letsencrypt.org/directory)') do |uri|
+                "(default: #{@options[:server]})") do |uri|
           @options[:server] = uri
         end
       end
 
       @opt_parser.parse!
+      compute_roots
+    end
+
+    # Check all components are covered by plugins
+    # @raise [Error]
+    def check_persisted
+      persisted = IOPlugin.empty_data
+
+      @options[:files].each do |file|
+        persisted.merge!(IOPlugin.registered[file].persisted) do |k, oldv, newv|
+          oldv || newv
+        end
+      end
+      not_persisted = persisted.keys.find_all { |k| !persisted[k] }
+
+      unless not_persisted.empty?
+        raise Error, 'Selected IO plugins do not cover following components: ' +
+                     not_persisted.join(', ')
+      end
     end
 
 
@@ -313,6 +364,25 @@ module LetsCert
       all_data
     end
 
+    # Compute webroots and set +@options[:roots]+
+    # @return [Hash] where keys are domains and value are their webroot path
+    def compute_roots
+      roots = {}
+
+      @options[:domains].each do |domain|
+        match = domain.match(/([-\w\.]+):(.*)/)
+        if match
+          roots[match[1]] = match[2]
+        elsif @options[:default_root]
+          roots[domain] = @options[:default_root]
+        else
+          roots[domain] = nil
+        end
+      end
+
+      @options[:roots] = roots
+    end
+
   end
 
 end

data/lib/letscert.rb

@@ -24,7 +24,7 @@
 module LetsCert
 
   # Letscert version number
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'
 
 
   # Base error class

data/spec/certificate_spec.rb

@@ -6,33 +6,120 @@ module LetsCert
 
     before(:all) { Certificate.logger = Logger.new('/dev/null') }
 
-    context '#valid?' do
+    before(:all) do
+      root_key = OpenSSL::PKey::RSA.new(512)
+
+      @domains = %w(example.org www.example.org)
+
+      key = OpenSSL::PKey::RSA.new(512)
+      @cert = OpenSSL::X509::Certificate.new
+      @cert.version = 2
+      @cert.serial = 2
+      @cert.issuer = OpenSSL::X509::Name.parse "/DC=letscert/CN=CA"
+      @cert.public_key = key.public_key
+      @cert.not_before = Time.now
+      # 20 days validity
+      @cert.not_after = @cert.not_before + 20 * 24 * 60 * 60
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = @cert
+      @domains.each do |domain|
+        @cert.add_extension(ef.create_extension('subjectAltName',
+                                                "DNS:#{domain}",
+                                                false))
+      end
+      @cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+
+      # minimum size accepted by ACME server
+      @account_key2048 = OpenSSL::PKey::RSA.new(2048)
+    end
+
+    let(:certificate) { Certificate.new(@cert) }
+
+    context '#get' do
+
+      it 'checks all domains have a root' do
+        runner = Runner.new
+        ARGV.clear
+
+        ARGV << '-d' << 'example.com:/var/ww/html'
+        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
+        runner.parse_options
+        # raise error because no e-mail address was given
+        expect { certificate.get(nil, nil, runner.options) }.
+          to raise_error(Acme::Client::Error)
+
+        ARGV.clear
+        ARGV << '-d' << 'example.com:/var/www/html'
+        ARGV << '-d' << 'www.example.com'
+        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
+        runner.options[:domains] = []
+        runner.parse_options
+        expect { certificate.get(nil, nil, runner.options) }.
+          to raise_error(LetsCert::Error).
+              with_message(/not specified: www\.example\.com\./)
+
+        ARGV.clear
+        ARGV << '-d' << 'example.com:/var/www/html'
+        ARGV << '-d' << 'www.example.com'
+        ARGV << '--default-root' << '/opt/www'
+        ARGV << '--server' << 'https://acme-staging.api.letsencrypt.org/directory'
+        runner.parse_options
+        # raise error because no e-mail address was given
+        expect { certificate.get(nil, nil, runner.options) }.
+          to raise_error(Acme::Client::Error)
+        expect(runner.options[:roots]['example.com']).to eq('/var/www/html')
+        expect(runner.options[:roots]['www.example.com']).to eq('/opt/www')
+      end
+
+      it 'uses existing account key' do
+        options = { roots: { 'example.com' => '/var/www/html' } }
 
-      before(:all) do
-        root_key = OpenSSL::PKey::RSA.new(512)
-
-        @domains = %w(example.org www.example.org)
-
-        key = OpenSSL::PKey::RSA.new(512)
-        @cert = OpenSSL::X509::Certificate.new
-        @cert.version = 2
-        @cert.serial = 2
-        @cert.issuer = OpenSSL::X509::Name.parse "/DC=letscert/CN=CA"
-        @cert.public_key = key.public_key
-        @cert.not_before = Time.now
-        # 20 days validity
-        @cert.not_after = @cert.not_before + 20 * 24 * 60 * 60
-        ef = OpenSSL::X509::ExtensionFactory.new
-        ef.subject_certificate = @cert
-        @domains.each do |domain|
-          @cert.add_extension(ef.create_extension('subjectAltName',
-                                                  "DNS:#{domain}",
-                                                  false))
-        end
-        @cert.sign(root_key, OpenSSL::Digest::SHA256.new)
-      end
-
-      let(:certificate) { Certificate.new(@cert) }
+        # Connection error: no server to connect to
+        expect { certificate.get(@account_key2048, nil, options) }.
+          to raise_error(Faraday::ConnectionFailed)
+        expect(certificate.client.private_key).to eq(@account_key2048)
+      end
+
+      it 'creates an ACME account key if non exists' do
+        options = {
+          roots: { 'example.com' => '/var/www/html' },
+          account_key_size: 128,
+        }
+
+        # Connection error: no server to connect to
+        expect { certificate.get(nil, nil, options) }.
+          to raise_error(Faraday::ConnectionFailed)
+        expect(certificate.client.private_key).to be_a(OpenSSL::PKey::RSA)
+      end
+
+      it 'creates an ACME client with provided account key and end point' do
+        options = {
+          roots: { 'example.com' => '/var/www/html' },
+          server: 'https://acme-staging.api.letsencrypt.org/directory',
+        }
+
+        # Acme error: not valid e-mail address
+        expect { certificate.get(@account_key2048, nil, options) }.
+          to raise_error(Acme::Client::Error)
+        expect(certificate.client.private_key).to eq(@account_key2048)
+        expect(certificate.client.instance_eval { @endpoint }).to eq(options[:server])
+      end
+
+      it 'raises when register without e-mail' do
+        options = {
+          roots: { 'example.com' => '/var/www/html' },
+          server: 'https://acme-staging.api.letsencrypt.org/directory',
+        }
+
+        # Acme error: not valid e-mail address
+        expect { certificate.get(@account_key2048, nil, options) }.
+          to raise_error(Acme::Client::Error).
+              with_message('not a valid e-mail address')
+      end
+
+    end
+
+    context '#valid?' do
 
       it 'checks whether a certificate is valid given a minimum valid duration' do
         expect(certificate.valid?(@domains)).to be(true)

data/spec/runner_spec.rb

@@ -0,0 +1,127 @@
+require_relative 'spec_helper'
+
+module LetsCert
+
+  describe Runner do
+
+    before(:each) { ARGV.clear }
+
+    let(:runner) { Runner.new }
+
+    context '#parse_options' do
+
+      it 'accepts --domain with DOMAIN only' do
+        ARGV << '--domain' << 'example.com'
+
+        runner.parse_options
+        expect(runner.options[:domains]).to be_a(Array)
+        expect(runner.options[:domains].size).to eq(1)
+        expect(runner.options[:domains]).to include('example.com')
+      end
+
+      it 'accepts --domain with DOMAIN:PATH' do
+        ARGV << '--domain' << 'example.com:/var/www/html'
+
+        runner.parse_options
+        expect(runner.options[:domains]).to be_a(Array)
+        expect(runner.options[:domains].size).to eq(1)
+        expect(runner.options[:domains]).to include('example.com:/var/www/html')
+      end
+
+      it 'accepts multiple domains with --domain option' do
+        ARGV << '--domain' << 'example.com'
+        ARGV << '--domain' << 'www.example.com'
+        ARGV << '--domain' << 'www2.example.com'
+
+        runner.parse_options
+        expect(runner.options[:domains]).to be_a(Array)
+        expect(runner.options[:domains].size).to eq(3)
+        expect(runner.options[:domains]).to include('example.com')
+        expect(runner.options[:domains]).to include('www.example.com')
+        expect(runner.options[:domains]).to include('www2.example.com')
+      end
+
+      it 'sets default root path with --default-root for domains without PATH' do
+        ARGV << '--domain' << 'example.com'
+        ARGV << '--domain' << 'another-example.com:/var/www/html'
+        ARGV << '--default-root' << '/opt/www'
+
+        runner.parse_options
+        expect(runner.options[:default_root]).to eq('/opt/www')
+        expect(runner.options[:roots]).to be_a(Hash)
+        expect(runner.options[:roots]['example.com']).to eq(runner.options[:default_root])
+        expect(runner.options[:roots]['another-example.com']).to eq('/var/www/html')
+      end
+
+      it 'accepts multiples files with --file option' do
+        ARGV << '--file' << 'key.pem'
+        ARGV << '-f' << 'cert.pem'
+        
+        runner.parse_options
+        expect(runner.options[:files]).to be_a(Array)
+        expect(runner.options[:files].size).to eq(2)
+        expect(runner.options[:files]).to include('key.pem')
+        expect(runner.options[:files]).to include('cert.pem')
+      end
+
+      it 'sets minimum validity time with --valid-min option' do
+        ARGV << '--valid-min' << '30000'
+
+        runner.parse_options
+        expect(runner.options[:valid_min].to_seconds).to eq(30000)
+      end
+
+      it '--valid-min option accepts minute format' do
+        minutes = 156
+        ARGV << '--valid-min' << "#{minutes}m"
+
+        runner.parse_options
+        expect(runner.options[:valid_min].to_seconds).to eq(minutes * 60)
+      end
+
+      it '--valid-min option accepts hour format' do
+        hours = 4
+        ARGV << '--valid-min' << "#{hours}h"
+
+        runner.parse_options
+        expect(runner.options[:valid_min].to_seconds).to eq(hours * 3600)
+      end
+
+      it '--valid-min option accepts day format' do
+        days = 20
+        ARGV << '--valid-min' << "#{days}d"
+
+        runner.parse_options
+        expect(runner.options[:valid_min].to_seconds).to eq(days * 24 * 3600)
+      end
+
+    end
+
+    it '#check_persisted checks all mandatory components are covered by files' do
+      expect { runner.check_persisted }.to raise_error(LetsCert::Error)
+
+      all_needed = [%w(account_key.json cert.pem chain.pem key.pem),
+                    %w(account_key.json cert.der chain.pem key.der),
+                    %w(account_key.json fullchain.pem key.pem),
+                    %w(account_key.json fullchain.pem key.der)]
+      all_needed.each do |needed|
+        needed.size.times do |nb|
+          ARGV.clear
+          runner.options[:files] = []
+          0.upto(nb) do |i|
+            ARGV << '-f' << needed[i]
+          end
+          runner.parse_options
+
+          if nb == needed.size - 1
+            expect { runner.check_persisted }.to_not raise_error
+          else
+            expect { runner.check_persisted }.to raise_error(LetsCert::Error)
+          end
+        end
+      end
+    end
+
+  end
+
+end

data/spec/runner_spec.rb~

@@ -0,0 +1,8 @@
+require_relative 'spec_helper'
+
+module LetsCert
+
+  describe Runner do
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: letscert
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Sylvain Daubert
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-16 00:00:00.000000000 Z
+date: 2016-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -95,6 +95,8 @@ files:
 - spec/key.der
 - spec/key.pem
 - spec/loggable_spec.rb
+- spec/runner_spec.rb
+- spec/runner_spec.rb~
 - spec/spec_helper.rb
 - spec/test.json
 - tasks/gem.rake