push_safety 0.0.1

data/README.rdoc

@@ -0,0 +1,78 @@
+= push_safety
+
+* http://github.com/jdleesmiller/push_safety
+
+== SYNOPSIS
+
+The <tt>gem push</tt> command makes it incredibly easy to publish your gems...
+maybe a little too easy. PushSafety is a RubyGems plugin that refuses to push a
+gem unless it is on a whitelist. Add your open source gems to your whitelist,
+and keep your private gems safe from accidental pushes.
+
+=== Usage
+
+1. Create a whitelist file. The default location is <tt>~/.gem_push_safety</tt>.
+   Separate gem names with whitespace (e.g. one gem name per line). For example,
+   if you work on open source gems +foo+ and +bar+, your file should read
+     foo
+     bar
+2. Use <tt>gem push</tt> as normal. If you try to push a gem that is not in
+   your whitelist, it gives an error.
+
+You can use a different file for the whitelist; see <tt>gem help push</tt> once
+you have installed PushSafety.
+
+== REQUIREMENTS
+
+You must have ruby and rubygems installed.
+
+PushSafety has been tested on:
+* x86-linux (Ubuntu 10.10) with Ruby 1.8.7p299 and rubygems 1.3.7
+* x86-linux (rvm) with Ruby 1.9.2p0 (2010-08-18 revision 29036) and rubygems
+  1.3.7
+
+PushSafety has not yet been tested on Windows.
+
+== INSTALLATION
+
+  sudo gem install push_safety
+
+== DEVELOPMENT
+
+To get the source and development depencies:
+  git clone git://github.com/jdleesmiller/push_safety.git
+  cd push_safety
+  gem build push_safety.gemspec
+  sudo gem install push_safety-X.X.X.gem --development
+where X.X.X is the current version.
+
+== HISTORY
+
+<em>0.0.1</em>
+* first release
+
+== LICENSE
+
+(The MIT License)
+
+Copyright (c) 2010 John Lees-Miller
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/lib/push_safety/version.rb

@@ -0,0 +1,3 @@
+module PushSafety
+  VERSION = '0.0.1'
+end

data/lib/push_safety.rb

@@ -0,0 +1,2 @@
+require 'push_safety/version'
+

data/lib/rubygems_plugin.rb

@@ -0,0 +1,62 @@
+require 'rubygems/command_manager'
+require 'rubygems/commands/push_command'
+require 'rubygems/format'
+
+#
+# Patch the PushCommand to first check the whitelist.
+#
+# You can technically only push one gem at once, but if you pass several gems,
+# we check that they are all on the whitelist.
+#
+class Gem::Commands::PushCommand
+  # If this gets loaded twice, it will do strange things.
+  if respond_to?(:unsafe_execute)
+    raise "PushSafety has been loaded twice; something is wrong."
+  end
+
+  alias unsafe_description description
+  alias unsafe_initialize initialize
+  alias unsafe_execute execute
+
+  def initialize
+    unsafe_initialize
+
+    default_file = File.join(Gem.user_home, '.gem_push_safety')
+    defaults.merge!(:push_safety_file => default_file)
+
+    add_option :PushSafety, '--push-safety-file STRING',
+      "whitelist file (default #{default_file})" do |value, options|
+      options[:push_safety_file] = value
+    end
+  end
+
+  def description
+    "#{unsafe_description} (with PushSafety plugin)"
+  end
+
+  def execute
+    white_list_file = options[:push_safety_file]
+    unless File.exists?(white_list_file)
+      raise "The whitelist file '#{white_list_file}' does not exist;"\
+        " PushSafety will not allow you to push any gems."
+    end
+
+    white_list = File.read(white_list_file).split(/\s+/)
+    if white_list.empty? || white_list.all?{|f| f.empty?}
+      raise "The whitelist file '#{white_list_file}' is empty;"\
+        " PushSafety will not allow you to push any gems."
+    end
+
+    grey_list = get_all_gem_names.map {|gem_file|
+      Gem::Format.from_file_by_path(gem_file).spec.name}
+    black_list = grey_list - white_list
+
+    unless black_list.empty?
+      raise "The following gems are not on your PushSafety whitelist:"\
+        "\n#{black_list.join("\n")}\nYour whitelist file is #{white_list_file}."
+    end
+
+    unsafe_execute
+  end
+end
+

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification 
+name: push_safety
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- John Lees-Miller
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-12-06 00:00:00 +00:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: gemma
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 1
+        - 0
+        version: "1.0"
+  type: :development
+  version_requirements: *id001
+description: |
+  The gem push command makes it incredibly easy to publish your gems... maybe a
+  little too easy. PushSafety is a RubyGems plugin that refuses to push a gem
+  unless it is on a whitelist. Add your open source gems to your whitelist, and 
+  keep your private gems safe from accidental pushes.
+
+email: 
+- jdleesmiller@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- lib/push_safety/version.rb
+- lib/push_safety.rb
+- lib/rubygems_plugin.rb
+- README.rdoc
+has_rdoc: true
+homepage: https://github.com/jdleesmiller/push_safety
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --main
+- README.rdoc
+- --title
+- push_safety-0.0.1 Documentation
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Avoid accidentally pushing a private gem to rubygems.org (reduce paranoia).
+test_files: []
+