spectus 2.1.2 → 2.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f2c4743dab8a4c5d3ef43886f0386dd907f1419f
-  data.tar.gz: 7979714f7af19a110565165f83b03e9afaead82e
+  metadata.gz: a312e78b039e7c9918d904c9181ccc7a1f27c3cc
+  data.tar.gz: 64ad093824b550c74ada53baa5103e66f5bdf9b9
 SHA512:
-  metadata.gz: 388520b823d3af9569e2aabf025e4443b966f50f63102ea21487cede164ff3aaf6f1acd2aa90ad152a487eaf672fa606aa3d028b5c43e44683911955078cc0a3
-  data.tar.gz: aa730bf0e07b112652a68df30b7eb43dfd5c1fdeab98d25d630e7362232ca6d9d29b05eec7b69735503e030a43c66cbbf8b295e7336440f8d56c57fd10c057c8
+  metadata.gz: 833b4df309519b4902d4c37c76dd583ac6f4e8335e243508740dc401a59ab68ed47845c68016f7cc2cb8d23eefda087d78275ebe92a59450e3acb8f07b38f52c
+  data.tar.gz: e57d7f00a15dabe3b4474fc9f748ae48effa27be357d3605b5ba62747c53e233b114e6d9a9d63dae229c2c7c22937b94c565c3fa1947f4bbe95279b123187097

data/README.md

@@ -1,8 +1,3 @@
-[gem]: https://rubygems.org/gems/spectus
-[travis]: https://travis-ci.org/fixrb/spectus
-[inchpages]: http://inch-ci.org/github/fixrb/spectus/
-[rubydoc]: http://rubydoc.info/gems/spectus/frames
-
 # Spectus
 
 [![Build Status](https://travis-ci.org/fixrb/spectus.svg?branch=master)][travis]
@@ -26,19 +21,14 @@
 
 ## Installation
 
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'spectus'
-```
-
-And then execute:
+__Spectus__ is cryptographically signed.
 
-    $ bundle
+To be sure the gem you install hasn't been tampered with, add my public key (if you haven't already) as a trusted certificate:
 
-Or install it yourself as:
+    $ gem cert --add <(curl -Ls https://raw.github.com/fixrb/spectus/master/certs/gem-fixrb-public_cert.pem)
+    $ gem install spectus -P HighSecurity
 
-    $ gem install spectus
+The `HighSecurity` trust profile will verify all gems.  All of __Spectus__'s dependencies are signed.
 
 ## Expectation
 
@@ -118,6 +108,19 @@ Spectus.this { 'foo'.blank? }.MAY :BeFalse
 
 The optional `blank?` method is not implemented (unlike in [Ruby on Rails](http://api.rubyonrails.org/classes/Object.html#method-i-blank-3F), for instance), so the result of the test shows that the spec passed.
 
+## Security
+
+As a basic form of security __Spectus__ provides a set of SHA512 checksums for
+every Gem release.  These checksums can be found in the `checksum/` directory.
+Although these checksums do not prevent malicious users from tampering with a
+built Gem they can be used for basic integrity verification purposes.
+
+The checksum of a file can be checked using the `sha512sum` command.  For
+example:
+
+    $ sha512sum pkg/spectus-2.0.0.gem
+    e00ef19cbae209816410c1b0e4b032a59ba70ab2e43367c934ad723d3e23a9c50c457c0963fab7d46743d82ab21f9482dbd8ceb7cab23617e37be26823d846cd  pkg/spectus-2.0.0.gem
+
 ## Versioning
 
 __Spectus__ follows [Semantic Versioning 2.0](http://semver.org/).
@@ -133,3 +136,8 @@ __Spectus__ follows [Semantic Versioning 2.0](http://semver.org/).
 ## License
 
 See `LICENSE.md` file.
+
+[gem]: https://rubygems.org/gems/spectus
+[travis]: https://travis-ci.org/fixrb/spectus
+[inchpages]: http://inch-ci.org/github/fixrb/spectus/
+[rubydoc]: http://rubydoc.info/gems/spectus/frames

data/VERSION.semver

@@ -1 +1 @@
-2.1.2
+2.1.3

data/certs/gem-fixrb-public_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRAwDgYDVQQDDAdjb250
+YWN0MRUwEwYKCZImiZPyLGQBGRYFY3lyaWwxFTATBgoJkiaJk/IsZAEZFgVlbWFp
+bDAeFw0xNTA3MzExMjExMDZaFw0xNjA3MzAxMjExMDZaMEAxEDAOBgNVBAMMB2Nv
+bnRhY3QxFTATBgoJkiaJk/IsZAEZFgVjeXJpbDEVMBMGCgmSJomT8ixkARkWBWVt
+YWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hUEYoxnn1mtoaiK
+NiwjzVPqPgQCR9ZeYdWjLJ3UUG2h5Q6awJCnbaGr8LGGcKtveCDbOJRjtdKNuOTH
+O2FLTkf46nrMGiF+6/j//qh8o0EQHBRKIVMYkxZxZe4Fcqtdf1bWNMZuXeyoDjdt
+4yiGfizbbTOu0gBf7Yrsv5DsL0a5CU/We7zxMfgGXCVb9PYkD+OWUMcTARYDKfYa
+nN9ECI7CFm/yXcsof/eIQA5EmJNmQnhx8B+8L6jDqQeSUAUrBZnC9CdloKOoqmEL
+weqM2g6LM932Ba74rEl4QlFRYDcs8kjr71UcvseHRCUkFr36j26OU8+gKelsTNdO
+7OZNKQIDAQABo3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU
+LSJTN9h29D6bqOhp+vyvhyM0AF4wHgYDVR0RBBcwFYETY29udGFjdEBjeXJpbC5l
+bWFpbDAeBgNVHRIEFzAVgRNjb250YWN0QGN5cmlsLmVtYWlsMA0GCSqGSIb3DQEB
+BQUAA4IBAQArqCC1rUyGJlF0DF9ZhUOgggyROvO0/WroSI5zWgzdB8EU7RJpsDIV
+caGnpji7h0rQIGWQuJ6TL2fTFLfeGRFdIzRZwWC7TeXhcXngJHZxSjDBt2OpfM8A
+P5eElSQS9iJCetBGGMyt354PfgZkg3URaC+JA6mdEisdtEdo64ElnMsLg9shCqye
+JSR3BbejbyPVva0/MHKD+dR6RswlcM9KMiYOXQml7a/kH6huOHvVq9gj5xC2ih8W
+dzJvWzQ1+dJU6WQv75E9ddSkaQrK3nhdgQVu+/wgvGSrsMvOGNz+LXaSDxQqZuwX
+0KNQFuIukfrdk8URwRnHoAnvx4U93iUw
+-----END CERTIFICATE-----

data/checksum/spectus-2.0.0.gem.sha512

@@ -0,0 +1 @@
+e00ef19cbae209816410c1b0e4b032a59ba70ab2e43367c934ad723d3e23a9c50c457c0963fab7d46743d82ab21f9482dbd8ceb7cab23617e37be26823d846cd

data/checksum/spectus-2.0.1.gem.sha512

@@ -0,0 +1 @@
+9e53bf80d2c965ad554b7250434aa110eb02af57df8099c72c88bb904713fbcb6561161854085bdd21192193b813c7fe2385bf29908309ef5a033c6e217fda89

data/checksum/spectus-2.0.2.gem.sha512

@@ -0,0 +1 @@
+099ab4633acf7a95dd4c4ee103ca23bea5c61e3c4f6e2d999608f802b575b42e35f6caa5688a94e556797ce44f2f331d29f6091030c3ffbcd48d66e4c106309b

data/checksum/spectus-2.0.3.gem.sha512

@@ -0,0 +1 @@
+940e7cd57595b988c887d78dfa3e09ddbc77e2f387fe3432dea085a1377b0b2cdde327aa1955ddfd98a41a7a3f5c07b42f2872a6a6b08dc9f85b04923ef6536b

data/checksum/spectus-2.0.4.gem.sha512

@@ -0,0 +1 @@
+6e76d7fa5d2a6aa49db44430ffb45e7a87e25abd2aa75ea8d26438959956d722a053ef777e286821086d94f279b986f46004677efe38026676ce70ec6428a46c

data/checksum/spectus-2.1.0.gem.sha512

@@ -0,0 +1 @@
+b0c21b8994071c60473dcb8744a6f5cd7666cfc9f6c682b39b27b45fd24ca6ff742b47c2c195a1b114bbb21bf843597a853e7ed48c4cc4d9992b8642f922b40a

data/checksum/spectus-2.1.1.gem.sha512

@@ -0,0 +1 @@
+01c0dc2a88f74f7696443426153f7d025ac796b29ef122c4330675c736e7c3021762185a6c34e34340f1a139cc59dae63e571a0d18c4cba068a6f2a9c357a431

data/checksum/spectus-2.1.2.gem.sha512

@@ -0,0 +1 @@
+630355ae4fb971f56f52b83d8cc112c2f8b3a38fedde269f527641c54581abaf230536532f1d3fb5b926dd0d4034dc886e8c5c1f0fcf59d31ed49b4ba2548fdd

data/pkg_checksum

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+
+require 'digest/sha2'
+
+gemname         = :spectus
+ARGV[0]         = File.read('VERSION.semver').chomp if ARGV[0].nil?
+built_gem_path  = "pkg/#{gemname}-#{ARGV[0]}.gem"
+checksum        = Digest::SHA512.new.hexdigest(File.read(built_gem_path))
+checksum_path   = "checksum/#{gemname}-#{ARGV[0]}.gem.sha512"
+
+File.open(checksum_path, 'w') { |f| f.write("#{checksum}\n") }

data/spectus.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = 'spectus'
-  spec.version       = File.read('VERSION.semver')
+  spec.version       = File.read('VERSION.semver').chomp
   spec.authors       = ['Cyril Wack']
   spec.email         = ['contact@cyril.email']
 
@@ -22,9 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov',  '~> 0.10'
   spec.add_development_dependency 'rubocop',    '~> 0.32'
 
-  private_key = File.expand_path '~/.gem/spectus-gem-private_key.pem'
-  if File.exist? private_key
-    spec.signing_key = private_key
-    spec.cert_chain  = ['spectus-gem-public_cert.pem']
-  end
+  spec.cert_chain   = ['certs/gem-fixrb-public_cert.pem']
+  private_key       = File.expand_path('~/.ssh/gem-fixrb-private_key.pem')
+  spec.signing_key  = private_key if File.exist?(private_key)
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spectus
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.1.3
 platform: ruby
 authors:
 - Cyril Wack
@@ -12,25 +12,25 @@ cert_chain:
   -----BEGIN CERTIFICATE-----
   MIIDdDCCAlygAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRAwDgYDVQQDDAdjb250
   YWN0MRUwEwYKCZImiZPyLGQBGRYFY3lyaWwxFTATBgoJkiaJk/IsZAEZFgVlbWFp
-  bDAeFw0xNTA3MjUxNjUzMDhaFw0xNjA3MjQxNjUzMDhaMEAxEDAOBgNVBAMMB2Nv
+  bDAeFw0xNTA3MzExMjExMDZaFw0xNjA3MzAxMjExMDZaMEAxEDAOBgNVBAMMB2Nv
   bnRhY3QxFTATBgoJkiaJk/IsZAEZFgVjeXJpbDEVMBMGCgmSJomT8ixkARkWBWVt
-  YWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrrzDqZmwp4Kdu2+
-  mi1hAtJ4wtD6FbZh9F2me5Sl4y7nozjQ1+4E285RVtPjdH6L3BEr4HcaUsT+Zkim
-  qTf90SMI1oa2wRSXZ3FpkNkt2zHs6Vx1PH7UYqK5cNMcywCDSW5rKhC1ZBxDMdZP
-  vmG5ZHXwDum2wEM+z0nGTFcp3/aEmrc/kyEIgiPboDJbfTLLBMH6zXURC4d4Fit+
-  DVuSXI9VTyfvYiYCdZa7w4VPRof+k+uqy3chz7sYxwbCwwXaxTmjEqPtCx3Er/SU
-  4P/OH73dE0r/luRBifNuSMuZrClZmIKu39Vm0DzfacXP3k8KLzK6CIK2YqVpKkAl
-  fKDmnwIDAQABo3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU
-  yvG9fvKk8CFLsqnjWQfemuO6wOUwHgYDVR0RBBcwFYETY29udGFjdEBjeXJpbC5l
+  YWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hUEYoxnn1mtoaiK
+  NiwjzVPqPgQCR9ZeYdWjLJ3UUG2h5Q6awJCnbaGr8LGGcKtveCDbOJRjtdKNuOTH
+  O2FLTkf46nrMGiF+6/j//qh8o0EQHBRKIVMYkxZxZe4Fcqtdf1bWNMZuXeyoDjdt
+  4yiGfizbbTOu0gBf7Yrsv5DsL0a5CU/We7zxMfgGXCVb9PYkD+OWUMcTARYDKfYa
+  nN9ECI7CFm/yXcsof/eIQA5EmJNmQnhx8B+8L6jDqQeSUAUrBZnC9CdloKOoqmEL
+  weqM2g6LM932Ba74rEl4QlFRYDcs8kjr71UcvseHRCUkFr36j26OU8+gKelsTNdO
+  7OZNKQIDAQABo3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU
+  LSJTN9h29D6bqOhp+vyvhyM0AF4wHgYDVR0RBBcwFYETY29udGFjdEBjeXJpbC5l
   bWFpbDAeBgNVHRIEFzAVgRNjb250YWN0QGN5cmlsLmVtYWlsMA0GCSqGSIb3DQEB
-  BQUAA4IBAQB7+BSUipu068bkbiUNoilqtyELOxd2egDgjKb+puPXGM+2nPKro5xQ
-  y8zaftDVmNTqC1EP2j6euDfVhWO4sv/89nLTL1A2WdTfodRkGHFekUHHVT4LFm0q
-  yF3vfuowYcV9M/fbrdi5GSs22SitzLZ3IvMy++mcIY57Qv2aI7WsxcefPBobnGMM
-  4PzLjKhqmU1NbXIokO49Zn2AoK4/DcbJ6fFhifnTL+vPUjPezAhjcuEE4dX5Nikp
-  kzblEabZ6jLr4iWRcl78m6nxsbKfUO7asR+InRweD1avTJSxAXMC9Ci7aePuxb8G
-  hdd2B5+neMHAKByDubyca9oN65msUDrY
+  BQUAA4IBAQArqCC1rUyGJlF0DF9ZhUOgggyROvO0/WroSI5zWgzdB8EU7RJpsDIV
+  caGnpji7h0rQIGWQuJ6TL2fTFLfeGRFdIzRZwWC7TeXhcXngJHZxSjDBt2OpfM8A
+  P5eElSQS9iJCetBGGMyt354PfgZkg3URaC+JA6mdEisdtEdo64ElnMsLg9shCqye
+  JSR3BbejbyPVva0/MHKD+dR6RswlcM9KMiYOXQml7a/kH6huOHvVq9gj5xC2ih8W
+  dzJvWzQ1+dJU6WQv75E9ddSkaQrK3nhdgQVu+/wgvGSrsMvOGNz+LXaSDxQqZuwX
+  0KNQFuIukfrdk8URwRnHoAnvx4U93iUw
   -----END CERTIFICATE-----
-date: 2015-07-25 00:00:00.000000000 Z
+date: 2015-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: matchi
@@ -135,6 +135,15 @@ files:
 - VERSION.semver
 - bin/console
 - bin/setup
+- certs/gem-fixrb-public_cert.pem
+- checksum/spectus-2.0.0.gem.sha512
+- checksum/spectus-2.0.1.gem.sha512
+- checksum/spectus-2.0.2.gem.sha512
+- checksum/spectus-2.0.3.gem.sha512
+- checksum/spectus-2.0.4.gem.sha512
+- checksum/spectus-2.1.0.gem.sha512
+- checksum/spectus-2.1.1.gem.sha512
+- checksum/spectus-2.1.2.gem.sha512
 - lib/spectus.rb
 - lib/spectus/challenge.rb
 - lib/spectus/expectation_target.rb
@@ -146,7 +155,7 @@ files:
 - lib/spectus/result/fail.rb
 - lib/spectus/result/pass.rb
 - lib/spectus/sandbox.rb
-- spectus-gem-public_cert.pem
+- pkg_checksum
 - spectus.gemspec
 homepage: https://github.com/fixrb/spectus
 licenses:

data/spectus-gem-public_cert.pem

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdDCCAlygAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMRAwDgYDVQQDDAdjb250
-YWN0MRUwEwYKCZImiZPyLGQBGRYFY3lyaWwxFTATBgoJkiaJk/IsZAEZFgVlbWFp
-bDAeFw0xNTA3MjUxNjUzMDhaFw0xNjA3MjQxNjUzMDhaMEAxEDAOBgNVBAMMB2Nv
-bnRhY3QxFTATBgoJkiaJk/IsZAEZFgVjeXJpbDEVMBMGCgmSJomT8ixkARkWBWVt
-YWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrrzDqZmwp4Kdu2+
-mi1hAtJ4wtD6FbZh9F2me5Sl4y7nozjQ1+4E285RVtPjdH6L3BEr4HcaUsT+Zkim
-qTf90SMI1oa2wRSXZ3FpkNkt2zHs6Vx1PH7UYqK5cNMcywCDSW5rKhC1ZBxDMdZP
-vmG5ZHXwDum2wEM+z0nGTFcp3/aEmrc/kyEIgiPboDJbfTLLBMH6zXURC4d4Fit+
-DVuSXI9VTyfvYiYCdZa7w4VPRof+k+uqy3chz7sYxwbCwwXaxTmjEqPtCx3Er/SU
-4P/OH73dE0r/luRBifNuSMuZrClZmIKu39Vm0DzfacXP3k8KLzK6CIK2YqVpKkAl
-fKDmnwIDAQABo3kwdzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQU
-yvG9fvKk8CFLsqnjWQfemuO6wOUwHgYDVR0RBBcwFYETY29udGFjdEBjeXJpbC5l
-bWFpbDAeBgNVHRIEFzAVgRNjb250YWN0QGN5cmlsLmVtYWlsMA0GCSqGSIb3DQEB
-BQUAA4IBAQB7+BSUipu068bkbiUNoilqtyELOxd2egDgjKb+puPXGM+2nPKro5xQ
-y8zaftDVmNTqC1EP2j6euDfVhWO4sv/89nLTL1A2WdTfodRkGHFekUHHVT4LFm0q
-yF3vfuowYcV9M/fbrdi5GSs22SitzLZ3IvMy++mcIY57Qv2aI7WsxcefPBobnGMM
-4PzLjKhqmU1NbXIokO49Zn2AoK4/DcbJ6fFhifnTL+vPUjPezAhjcuEE4dX5Nikp
-kzblEabZ6jLr4iWRcl78m6nxsbKfUO7asR+InRweD1avTJSxAXMC9Ci7aePuxb8G
-hdd2B5+neMHAKByDubyca9oN65msUDrY
------END CERTIFICATE-----