minitar 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3134140277b4b8a5ac33e40ddc3de53268d526b793c3e65935bc49158897444
-  data.tar.gz: 0e2d087a23c4b0d0898e32d9a02b0f5b6a23350cfd9596e42fea9d7f849791a9
+  metadata.gz: 59638d7516e33ff6d61b73b96aaa0b17446606dfebaff5c04ba2f4cb29db842e
+  data.tar.gz: b90a67f815f2f4ee38f5b4a0050d6bc2ef52794b3da80e767fee4a66c57ed2c3
 SHA512:
-  metadata.gz: 0205475c41f4f793832f30344bf60a71e04b72a6f0bd40f967994cc25194724f80fe9b9e404c779428f771fb1fee1daf88c111a172730a0dbb90da62df7b9cc7
-  data.tar.gz: 706350e009f79466f37a3bd0efb25ba21183a3b1d9816f18446c3c276d61c75a3767e5ed41f0ef037531d330c521b4df16c10c932cbc4b93c67057b7c5d04ccd
+  metadata.gz: 5b3f09d060b05dee333e3e2652b0b36e9533b3be9b9dbc94cb25948e12905d6518678774ab74a770723e21ebd583ee2bbb2a5d5b75ef38884632dc1e71a4ca84
+  data.tar.gz: 95354454f621aabe1d5c20615ac48a5b4f92ab27c35af1cf296afca5b3516369e12c54ac01175fd472715d7fdf509f8c7ed358b9e84ad672d0d9fb1407a195d8

data/CHANGELOG.md

@@ -0,0 +1,285 @@
+# Changelog
+
+## 1.1.0 / 2025-09-07
+
+- Enhancements:
+
+  - Support large file size encoded in base-256 encoding which is a GNU tar
+    extension [#121][pull-121].
+
+  - Support large file size encoded in PAX extension header. [#121][pull-121].
+
+- Bug fix:
+
+  - Resolved [#62][issue-62]. The initial solution was developed with the
+    assistance of Claude Sonnet 4 via Kiro, but nearly every line of the
+    solution and tests were rewritten as part of a comprehensive review of all
+    tests.
+
+- Breaking Change:
+
+  - Removed `Minitar::PosixHeader.new_from_stream` which should have been
+    removed with 1.0.0 and has been deprecated for a decade or so.
+
+- Governance:
+
+  Changes described below are effective 2024-12-31.
+
+  - Update gem management details to use markdown files for everything, enabled
+    in part by [flavorjones/hoe-markdown][hoe-markdown]. Several files were
+    renamed to be more consistent with standard practices.
+
+  - Updated security notes with an [age][age] public key rather than pointing to
+    Keybase.io and a PGP public key which I no longer use. The use of the
+    [Tidelift security contact][tidelift] is recommended over direct disclosure.
+
+  Changes described below are effective 2025-08-04.
+
+  - Contributions to minitar now require a DCO certification.
+
+## 1.0.2 / 2024-08-23
+
+- Bug fix:
+
+  - Minitar 1.0.1 was released with an unchanged gemspec. Reported by Debashish
+    Biswas in [#65][issue-65].
+
+## 1.0.1 / 2024-08-08
+
+- Bug fix:
+
+  - Resolve a constant lookup issue. The accepted fix has been provided by Aram
+    Price in [#58][issue-58].
+
+## 1.0.0 / 2024-08-07
+
+- Breaking Changes:
+
+  - Minimum Ruby version is 3.1.
+
+  - The `Archive::Tar::Minitar` namespace has been completely removed and
+    `Minitar` is a class instead of a module.
+
+- Enhancements:
+
+  - Added `Minitar.pack_as_file`, originally proposed by John Prince back in
+    2011 [#7][issue-07].
+
+## 0.12.1 / 2024-08-21
+
+- Reverted adbbb9b596 to restore compatibility with Ruby < 2.0. Resolves
+  [#63][issue-63] reported by Robert Schulze.
+
+## 0.12 / 2024-08-06
+
+- Properly handle very long GNU filenames, resolving [#46][issue-46].
+- Handle very long GNU filenames that are 512 or more bytes, resolving
+  [#45][issue-45]. Originally implemented in [#47][pull-47] by Vijay, but
+  accidentally closed.
+
+## 0.11 / 2022-12-31
+
+- symlink support is complete. Merged as PR [#42][pull-42], rebased and built on
+  top of PR [#12][pull-12] by fetep.
+
+- kymmt90 fixed a documentation error on `Minitar.pack` in PR [#43][pull-43].
+
+- This version is a soft-deprecation of all versions before Ruby 2.7, as they
+  will no longer be tested in CI.
+
+## 0.10 / 2022-03-26
+
+- nevesenin fixed an issue with long filename handling. Merged as PR
+  [#40][pull-40].
+
+## 0.9 / 2019-09-04
+
+- jtappa added the ability to skip fsync with a new option to `Minitar.unpack`
+  and `Minitar::Input#extract_entry`. Provide `:fsync => false` as the last
+  parameter to enable. Merged from a modified version of PR [#37][pull-37].
+
+## 0.8 / 2019-01-05
+
+- [@inkstak](https://github.com/inkstak) resolved an issue introduced in the fix
+  for [#31][issue-31] by allowing spaces to be considered valid characters in
+  strict octal handling. Octal conversion ignores leading spaces. Merged from a
+  slightly modified version of PR [#35][pull-35].
+
+- [@dearblue](https://github.com/dearblue) contributed PR [#32][pull-32]
+  providing an explicit call to #bytesize for strings that include multibyte
+  characters. The PR has been modified to be compatible with older versions of
+  Ruby and extend tests.
+
+- Akinori MUSHA (knu) contributed PR [#36][pull-36] that treats certain badly
+  encoded regular files (with names ending in `/`) as if they were directories
+  on decode.
+
+## 0.7 / 2018-02-19
+
+- Fixed issue [#28][issue-28] with a modified version of PR [#29][pull-29]
+  covering the security policy and position for `Minitar`. Thanks so much to
+  [@ooooooo-q](https://github.com/ooooooo-q) for the report and an initial
+  patch. Additional information was added as [#30][issue-30].
+
+- [@dearblue](https://github.com/dearblue) contributed PR [#33][pull-33]
+  providing a fix for `Minitar::Reader` when the IO-like object does not have a
+  `#pos` method.
+
+- Kevin McDermott contributed PR [#34][pull-34] so that an InvalidTarStream is
+  raised if the tar header is not valid, preventing incorrect streaming of files
+  from a non-tarfile. This is a minor breaking change, so the version has been
+  bumped accordingly.
+
+- Kazuyoshi Kato contributed PR [#26][pull-26] providing support for the GNU tar
+  long filename extension.
+
+- Addressed a potential DOS with negative size fields in tar headers
+  ([#31][issue-31]). This has been handled in two ways: the size field in a tar
+  header is interpreted as a strict octal value and the `Minitar` reader will
+  raise an InvalidTarStream if the size ends up being negative anyway.
+
+## 0.6.1 / 2017-02-07
+
+- Fixed issue [#24][issue-24] where streams were being improperly closed
+  immediately on open unless there was a block provided.
+
+- Hopefully fixes issue [#23][issue-23] by releasing archive-tar-minitar after
+  minitar-cli is available.
+
+## 0.6 / 2017-02-07
+
+- Breaking Changes:
+
+  - Extracted `bin/minitar` into a new gem, `minitar-cli`. No, I am _not_ going
+    to bump the major version for this. As far as I can tell, few people use the
+    command-line utility anyway. (Installing `archive-tar-minitar` will install
+    both `minitar` and `minitar-cli`, at least until version 1.0.)
+
+  - `Minitar` extraction before 0.6 traverses directories if the tarball
+    includes a relative directory reference, as reported in [#16][issue-16] by
+    [@ecneladis](https://github.com/ecneladis). This has been disallowed
+    entirely and will throw a `SecureRelativePathError` when found.
+    Additionally, if the final destination of an entry is an already-existing
+    symbolic link, the existing symbolic link will be removed and the file will
+    be written correctly (on platforms that support symbolic links).
+
+- Enhancements:
+
+  - Licence change. After speaking with Mauricio Fernández, we have changed the
+    licensing of this library to Ruby and Simplified BSD and have dropped the
+    GNU GPL license. This takes effect from the 0.6 release.
+  - Printing a deprecation warning for including Archive::Tar to put `Minitar`
+    in the top-level namespace.
+  - Printing a deprecation warning for including `Archive::Tar::Minitar` into a
+    class (`Minitar` will be a class for version 1.0).
+  - Moved `Archive::Tar::PosixHeader` to `Archive::Tar::Minitar::PosixHeader`
+    with a deprecation warning. Do not depend on
+    `Archive::Tar::Minitar::PosixHeader`, as it will be moving to
+    `::Minitar::PosixHeader` in a future release.
+  - Added an alias, `::Minitar`, for `Archive::Tar::Minitar`, opted in with
+    `require 'minitar'`. In future releases, this alias will be enabled by
+    default, and the `Archive::Tar` namespace will be removed entirely for
+    version 1.0.
+  - Modified the handling of `mtime` in `PosixHeader` to do an integer
+    conversion (`#to_i`) so that a Time object can be used instead of the
+    integer value of the time object.
+  - `Writer::RestrictedStream` was renamed to `Writer::WriteOnlyStream` for
+    clarity. No alias or deprecation warning was provided for this as it is an
+    internal implementation detail.
+  - `Writer::BoundedStream` was renamed to `Writer::BoundedWriteStream` for
+    clarity. A deprecation warning is provided on first use because a
+    BoundedWriteStream may raise a `BoundedWriteStream::FileOverflow` exception.
+  - `Writer::BoundedWriteStream::FileOverflow` has been renamed to
+    `Writer::WriteBoundaryOverflow` and inherits from `StandardError` instead of
+    `RuntimeError`. Note that for Ruby 2.0 or higher, an error will be raised
+    when specifying `Writer::BoundedWriteStream::FileOverflow` because
+    `Writer::BoundedWriteStream` has been declared a private constant.
+  - Modified `Writer#add_file_simple` to accept the data for a file in
+    `opts[:data]`. When `opts[:data]` is provided, a stream block must not be
+    provided. Improved the documentation for this method.
+  - Modified `Writer#add_file` to accept `opts[:data]` and transparently call
+    `Writer#add_file_simple` in this case.
+  - Methods that require blocks are no longer required, so the
+    `Archive::Tar::Minitar::BlockRequired` exception has been removed with a
+    warning (this may not work on Ruby 1.8).
+  - Dramatically reduced the number of strings created when creating a POSIX
+    tarball header.
+  - Added a helper, `Input.each_entry` that iterates over each entry in an
+    opened entry object.
+
+- Bugs:
+
+  - Fix [#2][issue-02] to handle IO streams that are not seekable, such as
+    pipes, `STDIN`, or `STDOUT`.
+  - Fix [#3][issue-03] to make the test timezone resilient.
+  - Fix [#4][issue-04] for supporting the reading of tar files with filenames in
+    the GNU long filename extension format. Ported from
+    [@atoulme](https://github.com/atoulme)’s fork, originally provided by Curtis
+    Sampson.
+  - Fix [#6][issue-06] by making it raise the correct error for a long filename
+    with no path components.
+  - Fix [#13][issue-13] provided by [@fetep](https://github.com/fetep) fixes an
+    off-by-one error on filename splitting.
+  - Fix [#14][issue-14] provided by [@kzys](https://github.com/kzys) should fix
+    Windows detection issues.
+  - Fix [#16][issue-16] as specified above.
+  - Fix an issue where `Minitar.pack` would not include Unix hidden files when
+    creating a tarball.
+
+- Development:
+
+  - Modernized minitar tooling around Hoe.
+  - Added travis and coveralls.
+
+## 0.5.2 / 2008-02-26
+
+- Bugs:
+  - Fixed a Ruby 1.9 compatibility error.
+
+## 0.5.1 / 2004-09-27
+
+- Bugs:
+  - Fixed a variable name error.
+
+## 0.5.0
+
+- Initial release. Does files and directories. Command does create, extract, and
+  list.
+
+[age]: https://github.com/FiloSottile/age
+[hoe-halostatue]: https://github.com/halostatue/hoe-halostatue
+[hoe-markdown]: https://github.com/flavorjones/hoe-markdown
+[issue-02]: https://github.com/halostatue/minitar/issues/2
+[issue-03]: https://github.com/halostatue/minitar/issues/3
+[issue-04]: https://github.com/halostatue/minitar/issues/4
+[issue-06]: https://github.com/halostatue/minitar/issues/6
+[issue-07]: https://github.com/halostatue/minitar/issues/7
+[issue-13]: https://github.com/halostatue/minitar/issues/13
+[issue-14]: https://github.com/halostatue/minitar/issues/14
+[issue-16]: https://github.com/halostatue/minitar/issues/16
+[issue-23]: https://github.com/halostatue/minitar/issues/23
+[issue-24]: https://github.com/halostatue/minitar/issues/24
+[issue-28]: https://github.com/halostatue/minitar/issues/28
+[issue-30]: https://github.com/halostatue/minitar/issues/30
+[issue-31]: https://github.com/halostatue/minitar/issues/31
+[issue-45]: https://github.com/halostatue/minitar/issues/45
+[issue-46]: https://github.com/halostatue/minitar/issues/46
+[issue-58]: https://github.com/halostatue/minitar/issues/58
+[issue-62]: https://github.com/halostatue/minitar/issues/62
+[issue-63]: https://github.com/halostatue/minitar/issues/63
+[issue-65]: https://github.com/halostatue/minitar/issues/65
+[pull-12]: https://github.com/halostatue/minitar/pull/12
+[pull-26]: https://github.com/halostatue/minitar/pull/26
+[pull-29]: https://github.com/halostatue/minitar/pull/29
+[pull-32]: https://github.com/halostatue/minitar/pull/32
+[pull-33]: https://github.com/halostatue/minitar/pull/33
+[pull-34]: https://github.com/halostatue/minitar/pull/34
+[pull-35]: https://github.com/halostatue/minitar/pull/35
+[pull-36]: https://github.com/halostatue/minitar/pull/36
+[pull-37]: https://github.com/halostatue/minitar/pull/37
+[pull-40]: https://github.com/halostatue/minitar/pull/40
+[pull-42]: https://github.com/halostatue/minitar/pull/42
+[pull-43]: https://github.com/halostatue/minitar/pull/43
+[pull-47]: https://github.com/halostatue/minitar/pull/47
+[pull-121]: https://github.com/halostatue/minitar/pull/121
+[tidelift]: https://tidelift.com/security

data/CONTRIBUTING.md

@@ -0,0 +1,273 @@
+# Contributing
+
+Contribution to minitar is encouraged: bug reports, feature requests, or code
+contributions. There are a few DOs and DON'Ts that should be followed:
+
+- DO:
+
+  - Keep the coding style that already exists for any updated Ruby code (support
+    or otherwise). I use [Standard Ruby][standardrb] for linting and formatting.
+
+  - Use thoughtfully-named topic branches for contributions. Rebase your commits
+    into logical chunks as necessary.
+
+  - Use [quality commit messages][qcm] for each commit (minitar uses a rebase
+    merge strategy). Ensure that each commit includes the required Developer
+    Certificate of Origin [sign-off][sign-off].
+
+  - Add your name or GitHub handle to `CONTRIBUTORS.md` and a record in the
+    `CHANGELOG.md` as a separate commit from your main change. (Follow the style
+    in the `CHANGELOG.md` and provide a link to your PR.)
+
+  - Add or update tests as appropriate for your change. The test suite is
+    written with [minitest][minitest].
+
+  - Add or update documentation as appropriate for your change. The
+    documentation is RDoc; mime-types does not use extensions that may be
+    present in alternative documentation generators.
+
+- DO NOT:
+
+  - Modify `VERSION` in `lib/minitar/version.rb`. When your patch is accepted
+    and a release is made, the version will be updated at that point.
+
+  - Modify `minitar.gemspec`; it is a generated file. (You _may_ use
+    `rake gemspec` to regenerate it if your change involves metadata related to
+    gem itself).
+
+  - Modify the `Gemfile`.
+
+## LLM-Generated Contribution Policy
+
+minitar-cli accepts only issues or pull requests that are well understood by the
+submitter and that, especially for pull requests, the developer can attest to
+the [Developer Certificate of Origin][dco] for each pull request (see
+[LICENCE](LICENCE.md)).
+
+If LLM assistance is used in writing pull requests, this must be documented in
+the commit message and pull request. If there is evidence of LLM assistance
+without such declaration, the pull request **will be declined**.
+
+Any contribution (bug, feature request, or pull request) that uses unreviewed
+LLM output will be rejected.
+
+For an example of how this should be done, see [#151][pr-151] and its
+[associated commits][pr-151-commits].
+
+## Test
+
+minitar uses Ryan Davis's [Hoe][Hoe] to manage the release process, and it adds
+a number of rake tasks. You will mostly be interested in `rake`, which runs
+tests in the same way that `rake test` does.
+
+To assist with the installation of the development dependencies for minitar, I
+have provided the simplest possible Gemfile pointing to the (generated)
+`minitar.gemspec` file. This will permit you to use `bundle install` to install
+the development dependencies.
+
+You can run tests with code coverage analysis by running `rake coverage`.
+
+### Test Helpers
+
+Minitar includes a number of custom test assertions, constants, and test utility
+methods that are useful for writing tests. These are maintained through modules
+defined in `test/support`.
+
+#### Fixture Utilities
+
+Minitar uses fixture tarballs in various tests, referenced by their base name
+(`test/fixtures/tar_input.tar.gz` becomes `tar_input`, etc.). There are two
+utility methods:
+
+- `Fixture(name)`: This returns the `Pathname` object for the full path of the
+  named fixture tarball or `nil` if the named fixture does not exist.
+
+- `open_fixture(name)`: This retrieves the named fixture and opens it. If the
+  fixture ends with `.gz` or `.tgz`, it will be opened with a
+  `Zlib::GZipReader`. A block may be provided to ensure that the fixture is
+  automatically closed.
+
+#### Header Assertions and Utilities
+
+Tar headers need to be built and compared in an exacting way, even for tests.
+
+There are two assertions:
+
+- `assert_headers_equal(expected, actual)`: This compares headers by field order
+  verifying that each field in `actual` is supposed to match the corresponding
+  field in `expected`.
+
+  `expected` must be a string representation of the expected header and this
+  assertion calls `#to_s` on the `actual` value so that both `PosixHeader` and
+  `PaxHeader` instances are converted to string representations for comparison.
+
+- `assert_modes_equal(expected, actual, filename)`: This compares the expected
+  octal mode string of `expected` against `actual` for a given `filename`. The
+  modes must be integer values. This assertion is skipped on Windows.
+
+There are several other helper methods available for working with headers:
+
+- `build_tar_file_header(name, prefix, mode, length)`: This builds a header for
+  a file `prefix/name` with `mode` and `length` bytes. `name` is limited to 100
+  bytes and `prefix` is limited to 155 bytes.
+
+- `build_tar_dir_header(name, prefix, mode)`: This builds a header for a
+  directory `prefix/name` with `mode`. `name` is limited to 100 bytes and
+  `prefix` is limited to 155 bytes.
+
+- `build_tar_symlink_header(name, prefix, mode, target)`: This builds a header
+  for a symbolic link of `prefix/name` to `target` where the symbolic link has
+  `mode`. `name` is limited to 100 bytes and `prefix` is limited to 155 bytes.
+
+- `build_tar_pax_header(name, prefix, bytes)`: This builds a header block for a
+  PAX extension at `name/prefix` with `content_size` bytes.
+
+- `build_header(type, name, prefix, size, mode, link = "")`: This builds an
+  otherwise unspecified header type. If you find yourself using this, it is
+  recommended to add a new `build_*_header` helper method.
+
+#### Tarball Helpers
+
+Minitar has several complex assertions and utilities to work with both in-memory
+and on-disk tarballs. These work using two concepts, file hashes (`file_hash`)
+and workspaces (`workspace`).
+
+##### File Hashes (`file_hash`)
+
+Many of these consume or produce a `file_hash`, which is a hash of
+`{filename => content}` where the tarball will be produced with such that each
+entry in the `file_hash` becomes a file named `filename` with the data
+`content`.
+
+As an example, `Minitar::TestHelpers` has a `MIXED_FILENAME_SCENARIOS` constant
+that is a `file_hash`:
+
+```ruby
+MIXED_FILENAME_SCENARIOS = {
+  "short.txt" => "short content",
+  "medium_length_filename_under_100_chars.txt" => "medium content",
+  "dir1/medium_filename.js" => "medium nested content",
+  "#{"x" * 120}.txt" => "long content",
+  "nested/dir/#{"y" * 110}.css" => "long nested content"
+}.freeze
+```
+
+This will produce a tarball that looks like:
+
+```
+short.txt
+medium_length_filename_under_100_chars.txt
+dir1/medium_filename.js
+x[118 more 'x' characters...]x
+nested/dir/y[108 more y' characters...]y.css
+```
+
+Each file will contain the text as the content.
+
+If the `content` is `nil`, this will be ignored for in-memory tarballs, but will
+be created as empty directory entries for on-disk tarballs.
+
+##### Workspace (`workspace`)
+
+A workspace is a temporary directory used for on-disk tests. It is created with
+the `workspace` utility method (see below) and must be passed a block where all
+setup and tests will be run.
+
+At most one `workspace` may be used per test method.
+
+##### Assertions
+
+There are five assertions:
+
+- `assert_tar_structure_preserved(original_files, extracted_files)`: This is
+  used primarily with string tarballs. Given two `file_hash`es representing
+  tarball contents (the original files passed to `create_tar_string` and the
+  extracted files returned from `extract_tar_string`), it ensures that all files
+  from the original contents are present and that no additional files have been
+  added in the process.
+
+- `assert_files_extracted_in_workspace`: Can only be run in a `workspace` and
+  the test tarball must have been both created and extracted. This ensures that
+  all of the files and/or directories expected have been extracted and that the
+  contents of files match. File modes are ignored for this assertion.
+
+- `refute_file_path_duplication_in_workspace`: Can only be run in a `workspace`
+  and the test tarball must have been both created and extracted. This is used
+  to prevent regression of [#62][issue-62] with explicit file tests. This only
+  needs to be called after unpacking with Minitar methods.
+
+- `assert_extracted_files_match_source_files_in_workspace`: Can only be run in a
+  `workspace` and the test tarball must have been both created and extracted.
+  This ensures that there are no files missing or added in the `target`
+  directory that should are not also be in the `source` directory. This does no
+  contents comparison.
+
+- `assert_file_modes_match_in_workspace`: Can only be run in a `workspace` and
+  the test tarball must have been both created and extracted. This ensures that
+  all files have the same modes between source and target. This is skipped on
+  Windows.
+
+##### In-Memory Tarball Utilities
+
+- `create_tar_string`: Given a `file_hash`, this creates a string containing the
+  output of `Minitar::Output.open` and `Minitar.pack_as_file`.
+
+- `extract_tar_string`: Given the string output of `create_tar_string` (or any
+  uncompressed tarball string), uses `Minitar::Input.open` to read the files
+  into a hash of `{filename => content}`.
+
+- `roundtrip_tar_string`: calls `create_tar_string` on a `file_hash` and
+  immediately calls `extract_tar_string`, returning a processed `file_hash`.
+
+##### On-Disk Workspace Tarball Utilities
+
+- `workspace`: Prepares a temporary directory for working with tarballs on disk
+  inside the block that must be provided. If given a hash of files, calls
+  `prepare_files`. The workspace directory will be removed after the block
+  finishes executing.
+
+  A workspace has a `source` directory, a `target` directory`, and the`tarball`
+  which will be created from the prepared files.
+
+  All other utility methods _must_ be run inside of a `workspace` block.
+
+- `prepare_workspace`: creates a file structure in the workspace source
+  directory given the `{filename => content}` hash. For on-disk file structures,
+  `{directory_name => nil}` can be used to create empty directories. Directory
+  names will be created automatically for nested filenames.
+
+- `gnu_tar_create_in_workspace`, `gnu_tar_extract_in_workspace`, and
+  `gnu_tar_list_in_workspace` work with the workspace tarball using GNU tar
+  (either `tar` or `gtar`). GNU tar tests will be skipped if GNU tar is not
+  available.
+
+- `minitar_pack_in_workspace`, `minitar_unpack_in_workspace` use `Minitar.pack`
+  and `Minitar.unpack`, respectively, to work with the workspace tarball.
+
+- `minitar_writer_create_in_workspace` uses `Minitar::Writer` to create the
+  workspace tarball.
+
+## Workflow
+
+Here's the most direct way to get your work merged into the project:
+
+- Fork the project.
+- Clone your fork (`git clone git://github.com/<username>/minitar.git`).
+- Create a topic branch to contain your change
+  (`git checkout -b my_awesome_feature`).
+- Hack away, add tests. Not necessarily in that order.
+- Make sure everything still passes by running `rake`.
+- If necessary, rebase your commits into logical chunks, without errors.
+- Push the branch up (`git push origin my_awesome_feature`).
+- Create a pull request against halostatue/minitar and describe what your change
+  does and the why you think it should be merged.
+
+[dco]: licences/dco.txt
+[hoe]: https://github.com/seattlerb/hoe
+[issue-62]: https://github.com/halostatue/minitar/issues/62
+[minitest]: https://github.com/seattlerb/minitest
+[pr-151-commits]: https://github.com/halostatue/minitar/pull/151/commits
+[pr-151]: https://github.com/halostatue/minitar/pull/151
+[qcm]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[sign-off]: LICENCE.md#developer-certificate-of-origin
+[standardrb]: https://github.com/standardrb/standard

data/CONTRIBUTORS.md

@@ -0,0 +1,27 @@
+# Contributors
+
+- Austin Ziegler created minitar, based on work originally written by Mauricio
+  Fernández for rpa-base.
+
+Thanks to everyone who has contributed to minitar:
+
+- Akinori MUSHA (knu)
+- Antoine Toulme
+- Curtis Sampson
+- Daniel J. Berger
+- [@dearblue](https://github.com/dearblue)
+- [@inkstak](https://github.com/inkstak)
+- John Prince
+- Jorie Tappa
+- Kazuyoshi Kato
+- Kevin McDermott
+- Matthew Kent
+- Merten Falk
+- Michal Suchanek
+- Mike Furr
+- [@ooooooo-q](https://github.com/ooooooo-q)
+- Pete Fritchman
+- [@sorah](https://github.com/sorah)
+- Vijay ([@bv-vijay](https://github.com/bv-vijay))
+- Yamamoto Kōhei
+- Zach Dennis

data/LICENCE.md

@@ -0,0 +1,39 @@
+# Licence
+
+- SPDX-License-Identifier: [Ruby][ruby-license] OR [BSD-2-Clause][bsd-2-clause]
+
+minitar is free software that may be redistributed and/or modified under the
+terms of Ruby’s licence or the Simplified BSD licence.
+
+- Copyright 2004–2025 Austin Ziegler and other contributors.
+- Portions copyright 2004 Mauricio Julio Fernández Pradier.
+
+### Simplified BSD Licence
+
+See the file [bsdl.txt](docs/bsdl.txt) in the main distribution.
+
+### Ruby's Licence
+
+See the file [ruby.txt](docs/ruby.txt) in the main distribution.
+
+## Developer Certificate of Origin
+
+All contributors **must** certify they are willing and able to provide their
+contributions under the terms of this project's licences with the certification
+of the [Developer Certificate of Origin (Version 1.1)](licences/dco.txt).
+
+Such certification is provided by ensuring that a `Signed-off-by`
+[commit trailer][trailer] is present on every commit:
+
+    Signed-off-by: FirstName LastName <email@example.org>
+
+The `Signed-off-by` trailer can be automatically added by git with the `-s` or
+`--signoff` option on `git commit`:
+
+```sh
+git commit --signoff
+```
+
+[bsd-2-clause]: https://spdx.org/licenses/BSD-2-Clause.html
+[ruby-license]: https://spdx.org/licenses/Ruby.html
+[trailer]: https://git-scm.com/docs/git-interpret-trailers