stone_checksums 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 10c24907c04341700760f767dee6961380dad863a854e27311ea5bad4adbbe87
+  data.tar.gz: ae70388ffc487abe1212908966cdc766257334aa35d0fc8cbfc8003783e492e2
+SHA512:
+  metadata.gz: 739fecf5f505e1d3233d93b6dab4ad7ce25f1ebf92a9dc493436cc2b24aa605ba25d24402ae5297015f622414e7e226a8df264ea5844cc6b94f34ea89373224a
+  data.tar.gz: 72194ebfe4981c8d4477572c72cb82bde815e65c94df3509511c27364d91b99b072ced8bc2cf0204473bef0704a42e4504c845ece9ea219463d6c505d92020d1

checksums.yaml.gz.sig

@@ -0,0 +1,3 @@
+2�@P�6)��	�v��B����C�e���+3�!�aq�����c�Y��f%�����I�U{���
+DR��2�<"�+5Ӹ��b
+#x�h����a�����(R����?;�H��d#�LM�W��ނŜy�N���hB�N��+*]����~���V�̡ȇ��h�%���`ث�a��ڟv҆��s�p/��,Z C���C���^�-d똲�8��HΜ"^��'k�TJ�,<ONb�!�D�y$���Oe�N#����3

data/CHANGELOG.md

@@ -0,0 +1,34 @@
+# Changelog
+
+[![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog]
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog][📗keep-changelog],
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
+and [yes][📌major-versions-not-sacred], platform and engine support are part of the [public API][📌semver-breaking].
+Please file a bug if you notice a violation of semantic versioning.
+
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
+
+## [Unreleased]
+### Added
+### Changed
+### Fixed
+### Removed
+
+## [1.0.0] - 2025-02-23 ([tag][1.0.0t])
+- COVERAGE:  98.67% -- 74/75 lines in 5 files
+- BRANCH COVERAGE:  79.17% -- 19/24 branches in 5 files
+- 38.46% documented
+### Added
+- Initial release
+
+[Unreleased]: https://github.com/pboling/gem_checksums/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/pboling/gem_checksums/compare/SHA_HERE...v1.0.0
+[1.0.0t]: https://github.com/pboling/gem_checksums/tags/v1.0.0

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,135 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
+[🚂bdfl-contact]: http://www.railsbling.com/contact
+[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red

data/CONTRIBUTING.md

@@ -0,0 +1,131 @@
+# Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/pboling/gem_checksums][🚎src-main]
+. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+the [code of conduct][🤝conduct].
+
+To submit a patch, please fork the project and create a patch with tests.
+Once you're happy with it send a pull request.
+
+We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+
+## You can help!
+
+Simply follow these instructions:
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Make some fixes.
+4. Commit your changes (`git commit -am 'Added some feature'`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Make sure to add tests for it. This is important, so it doesn't break in a future release.
+7. Create new Pull Request.
+
+## Appraisals
+
+From time to time the appraisal gemfiles in `gemfiles/` will need to be updated.
+They are created and updated with the commands:
+
+NOTE: We run on a [fork][🚎appraisal-fork] of Appraisal.
+
+Please upvote the PR for `eval_gemfile` [support][🚎appraisal-eval-gemfile-pr]
+
+```shell
+BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
+BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
+```
+
+When adding an appraisal to CI check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
+
+## The Reek List
+
+Take a look at the `reek` list which is the file called `REEK` and find something to improve.
+
+To refresh the `reek` list:
+
+```bash
+bundle exec reek > REEK
+```
+
+## Run Tests
+
+To run all tests
+
+```bash
+bundle exec rake test
+```
+
+## Lint It
+
+Run all the default tasks, which includes running the gradually autocorrecting linter, `rubocop-gradual`.
+
+```bash
+bundle exec rake
+```
+
+Or just run the linter.
+
+```bash
+bundle exec rake rubocop_gradual:autocorrect
+```
+
+## Contributors
+
+Your picture could be here!
+
+[![Contributors][🖐contributors-img]][🖐contributors]
+
+Made with [contributors-img][🖐contrib-rocks].
+
+Also see GitLab Contributors: [https://gitlab.com/pboling/gem_checksums/-/graphs/main][🚎contributors-gl]
+
+## For Maintainers
+
+### One-time, Per-maintainer, Setup
+
+**IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the
+`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there),
+in order to sign the new release.
+See: [RubyGems Security Guide][🔒️rubygems-security-guide]
+
+### To release a new version:
+
+1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
+3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
+4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
+5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
+   - NOTE: Remember to [check the build][🧪build]!
+6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
+7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
+8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
+9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
+   - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
+   - If the echo above has no output, then it didn't work.
+   - Note that you'll need the `zsh/datetime` module, if running `zsh`.
+   - In `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+10. Run `bundle exec rake build`
+11. Run `gem_checksums` (more context [1][🔒️rubygems-checksums-pr] and [2][🔒️rubygems-guides-pr])
+   to create SHA-256 and SHA-512 checksums
+    - Checksums will be committed automatically by the script, but not pushed
+12. Run `bundle exec rake release` which will create a git tag for the version,
+   push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+
+[🚎src-main]: https://gitlab.com/pboling/gem_checksums
+[🧪build]: https://github.com/pboling/gem_checksums/actions
+[🤝conduct]: https://gitlab.com/pboling/gem_checksums/-/blob/main/CODE_OF_CONDUCT.md
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/pboling/gem_checksums/graphs/contributors
+[🚎contributors-gl]: https://gitlab.com/pboling/gem_checksums/-/graphs/main
+[🖐contributors-img]: https://contrib.rocks/image?repo=pboling/gem_checksums
+[💎rubygems]: https://rubygems.org
+[🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
+[🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
+[🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[🚎appraisal-eval-gemfile-pr]: https://github.com/thoughtbot/appraisal/pull/248
+[🚎appraisal-fork]: https://github.com/pboling/appraisal/tree/galtzo
+[🏃‍♂️runner-tool-cache]: https://github.com/ruby/ruby-builder/releases/tag/toolcache

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 - 2025 Peter Boling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,462 @@
+# StoneChecksums née GemChecksums
+
+[![Version][👽versioni]][👽version]
+[![License: MIT][📄license-img]][📄license-ref]
+[![Downloads Rank][👽dl-ranki]][👽dl-rank]
+[![Open Source Helpers][👽oss-helpi]][👽oss-help]
+[![Depfu][🔑depfui♻️]][🔑depfu]
+[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
+[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
+[![CodeClimate Test Coverage][🔑cc-covi♻️]][🔑cc-cov]
+[![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt]
+[![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf]
+[![CI Current][🚎11-c-wfi]][🚎11-c-wf]
+[![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf]
+[![CI JRuby][🚎10-j-wfi]][🚎10-j-wf]
+[![CI Supported][🚎6-s-wfi]][🚎6-s-wf]
+[![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf]
+[![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf]
+[![CI Ancient][🚎1-an-wfi]][🚎1-an-wf]
+[![CI Hoary][🚎8-ho-wfi]][🚎8-ho-wf]
+[![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf]
+[![CI Style][🚎5-st-wfi]][🚎5-st-wf]
+
+---
+
+[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay]
+[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor]
+[![Buy me a coffee][🖇buyme-small-img]][🖇buyme]
+[![Polar Shield][🖇polar-img]][🖇polar]
+[![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi]
+[![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+
+A ruby shell script, and rake task, to generate SHA-256 and SHA-512 checksums of RubyGem libraries,
+shipped as a RubyGem.
+
+You may be familiar with the standard rake task `build:checksum` from RubyGems.
+This gem ships an improved version as `build:generate_checksums`, based on the
+[RubyGems pull request][🔒️rubygems-checksums-pr] I started in October 2022.
+
+```shell
+rake build:generate_checksums
+```
+
+Or giving the same result...
+
+The script accomplishes the same thing if you prefer that:
+```shell
+gem_checksums
+```
+
+## Info you can shake a stick at
+
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | [![JRuby 9.1 Compat][💎jruby-9.1i]][🚎10-j-wf] [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                         |
+| Works with Truffle Ruby | [![Truffle Ruby 22.3 Compat][💎truby-22.3i]][🚎9-t-wf] [![Truffle Ruby 23.0 Compat][💎truby-23.0i]][🚎9-t-wf] [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf]                                                                                                                                                                                  |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                         |
+| Works with MRI Ruby 2   | [![Ruby 2.2 Compat][💎ruby-2.2i]][🚎8-ho-wf] [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                       |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                                                                             |
+| Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                                                                        |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog]                                                                                                            |
+| Expert 1:1 Support      | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                                                                                    |
+| Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]<br/>💡Subscribe for support guarantees covering _all_ FLOSS dependencies!<br/>💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!<br/>💡Tidelift pays maintainers to maintain the software you depend on!<br/>📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
+| Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme]                                                                                                                                                                                                                             |
+
+## Installation
+
+Install the gem and add to your library's Gemfile by executing:
+
+```bash
+bundle add stone_checksums
+```
+
+Or add it as a development dependency to the gemspec:
+
+```ruby
+Gem::Specification.new do |spec|
+  # ...
+  spec.add_development_dependency("stone_checksums", "~> 1.0")
+end
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install stone_checksums
+```
+
+## Usage
+
+Once installed you can use the shell script without any changes to your code.
+
+```shell
+# prepend with `bundle exec` if gem was added to Gemfile instead of installed globally
+gem_checksums
+```
+
+However, if you want to use the bundled rake task you'll need to add it to your Rakefile first.
+
+```ruby
+begin
+  require "stone_checksums"
+  GemChecksums.install_tasks
+rescue LoadError
+  task("build:generate_checksums") do
+    warn("stone_checksums gem is not available")
+  end
+end
+```
+
+Then you can do:
+
+```shell
+# prepend with `bundle exec` if gem was added to Gemfile instead of installed globally
+rake build:generate_checksums
+```
+
+It is different from, and improves on, the standard rake task in that it:
+- does various checks to ensure the generated checksums will be valid
+- does `git commit` the generated checksums
+
+### ENV variables
+
+Behavior can be controlled by ENV variables!
+
+- `GEM_CHECKSUMS_GIT_DRY_RUN` default value is `false`
+  - when `true` the `git commit` command will run with `--dry-run` flag
+  - when `true` the checksum files will be unstaged and deleted
+- `GEM_CHECKSUMS_CHECKSUMS_DIR` default value is `checksums` (relative path)
+  - this directory will be created, relative to current working directory, if not present
+- `GEM_CHECKSUMS_PACKAGE_DIR` default value is `pkg` (relative path)
+  - this directory will be searched for the latest gem package to generate checksums for
+
+### ARGV
+
+If an argument is provided to the rake task it should be the path to
+a specific `.gem` package you want to generate checksums for.
+
+The script version does not accept arguments, and should be controlled by the ENV variables if needed.
+
+### How To: Release gem with checksums generated by `stone_checksums`
+
+Generating checksums makes sense when you are building and releasing a gem, so how does it fit into that process?
+
+NOTE: This is an example process which assumes your project has bundler binstubs, and a version.rb file,
+with notes for `zsh` and `bash` shells.
+
+1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+2. Update the version number in `version.rb`
+3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
+4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
+5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
+    - NOTE: Remember to [check your project's CI][🧪build]!
+6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
+7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
+8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
+9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
+    - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
+    - If the echo above has no output, then it didn't work.
+    - Note that you'll need the `zsh/datetime` module, if running `zsh`.
+    - In `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+10. Run `bundle exec rake build`
+11. Run `gem_checksums` (from this gem, and added to path in .envrc,
+    more context [1][🔒️rubygems-checksums-pr] and [2][🔒️rubygems-guides-pr]) to create SHA-256 and SHA-512 checksums
+    - Checksums will be committed automatically by the script, but not pushed
+12. Run `bundle exec rake release` which will create a git tag for the version,
+    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+
+[🧪build]: https://github.com/pboling/gem_checksums/actions
+[💎rubygems]: https://rubygems.org
+[🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
+[🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
+[🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
+
+### Too many steps?
+
+If you don't follow the steps above you'll end up seeing this error:
+
+```
+WARNING: Build time not provided via environment variable SOURCE_DATE_EPOCH.
+         To ensure consistent SHA-256 & SHA-512 checksums,
+         you must set this environment variable *before* building the gem.
+
+IMPORTANT: After setting the build time, you *must re-build the gem*, i.e. bundle exec rake build, or gem build.
+
+How to set the build time:
+
+In zsh shell:
+  - export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH
+  - If the echo above has no output, then it didn't work.
+  - Note that you'll need the `zsh/datetime` module enabled.
+
+In fish shell:
+  - set -x SOURCE_DATE_EPOCH (date +%s)
+  - echo $SOURCE_DATE_EPOCH
+
+In bash shell:
+  - export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+```
+
+Just do what it says!
+
+## 🔐 Security
+
+See [SECURITY.md][🔐security].
+
+## 🤝 Contributing
+
+If you need some ideas of where to help, you could work on adding more code coverage,
+or if it is already 💯 (see [below](#code-coverage)) check TODOs (see [below](#todos)),
+or check [issues][🤝issues], or [PRs][🤝pulls],
+or use the gem and think about how it could be better.
+
+We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+
+See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
+
+### TODOs
+
+- [ ] Prepend `rake build` task with check for `SOURCE_DATE_EPOCH` environment variable, and raise error if not set.
+
+### Code Coverage
+
+[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
+
+### 🪇 Code of Conduct
+
+Everyone interacting in this project's codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct].
+
+## 🌈 Contributors
+
+[![Contributors][🖐contributors-img]][🖐contributors]
+
+Made with [contributors-img][🖐contrib-rocks].
+
+Also see GitLab Contributors: [https://gitlab.com/pboling/gem_checksums/-/graphs/main][🚎contributors-gl]
+
+## ⭐️ Star History
+
+<a href="https://star-history.com/#pboling/gem_checksums&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=pboling/gem_checksums&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=pboling/gem_checksums&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=pboling/gem_checksums&type=Date" />
+ </picture>
+</a>
+
+## 📌 Versioning
+
+This Library adheres to [![Semantic Versioning 2.0.0][📌semver-img]][📌semver].
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
+
+### 📌 Is "Platform Support" part of the public API?
+
+Yes.  But I'm obligated to include notes...
+
+SemVer should, but doesn't explicitly, say that dropping support for specific Platforms
+is a *breaking change* to an API.
+It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
+
+> dropping support for a platform is both obviously and objectively a breaking change
+
+- Jordan Harband (@ljharb) [in SemVer issue 716][📌semver-breaking]
+
+To get a better understanding of how SemVer is intended to work over a project's lifetime,
+read this article from the creator of SemVer:
+
+- ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]
+
+As a result of this policy, and the interpretive lens used by the maintainer,
+you can (and should) specify a dependency on these libraries using
+the [Pessimistic Version Constraint][📌pvc] with two digits of precision.
+
+For example:
+
+```ruby
+spec.add_dependency("gem_checksums", "~> 1.1")
+```
+
+See [CHANGELOG.md][📌changelog] for list of releases.
+
+## 📄 License
+
+The gem is available as open source under the terms of
+the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
+See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
+
+### © Copyright
+
+<p>
+  Copyright (c) 2022 - 2025 Peter H. Boling,
+  <a href="https://railsbling.com">
+    RailsBling.com
+    <picture>
+      <img alt="Rails Bling" height="20" src="https://railsbling.com/images/logos/RailsBling-TrainLogo.svg" />
+    </picture>
+  </a>
+</p>
+
+## 🤑 One more thing
+
+You made it to the bottom of the page,
+so perhaps you'll indulge me for another 20 seconds.
+I maintain many dozens of gems, including this one,
+because I want Ruby to be a great place for people to solve problems, big and small.
+Please consider supporting my efforts via the giant yellow link below,
+or one of the others at the head of this README.
+
+[![Buy me a latte][🖇buyme-img]][🖇buyme]
+
+[✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
+[⛳️gem-namespace]: https://github.com/pboling/gem_checksums/blob/main/lib/gem_checksums.rb
+[⛳️namespace-img]: https://img.shields.io/badge/namespace-GemChecksums-brightgreen.svg?style=flat&logo=ruby&logoColor=white
+[⛳️gem-name]: https://rubygems.org/gems/stone_checksums
+[⛳️name-img]: https://img.shields.io/badge/name-stone__checksums-brightgreen.svg?style=flat&logo=rubygems&logoColor=red
+[🚂bdfl-blog]: http://www.railsbling.com/tags/gem_checksums
+[🚂bdfl-blog-img]: https://img.shields.io/badge/blog-railsbling-0093D0.svg?style=for-the-badge&logo=rubyonrails&logoColor=orange
+[🚂bdfl-contact]: http://www.railsbling.com/contact
+[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[💖🖇linkedin]: http://www.linkedin.com/in/peterboling
+[💖🖇linkedin-img]: https://img.shields.io/badge/PeterBoling-LinkedIn-0B66C2?style=flat&logo=newjapanprowrestling
+[💖✌️wellfound]: https://angel.co/u/peter-boling
+[💖✌️wellfound-img]: https://img.shields.io/badge/peter--boling-orange?style=flat&logo=wellfound
+[💖💲crunchbase]: https://www.crunchbase.com/person/peter-boling
+[💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
+[💖🐘ruby-mast]: https://ruby.social/@galtzo
+[💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=flat&logo=mastodon&label=Ruby%20%40galtzo
+[💖🦋bluesky]: https://galtzo.bsky.social
+[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.bsky.social-0285FF?style=flat&logo=bluesky&logoColor=white
+[💖🌳linktree]: https://linktr.ee/galtzo
+[💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
+[💖💁🏼‍♂️devto]: https://dev.to/galtzo
+[💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
+[💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
+[💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
+[👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
+[👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
+[👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
+[👨🏼‍🏫expsup-codementor-img]: https://img.shields.io/badge/CodeMentor-Get_Help-1abc9c?style=for-the-badge&logo=CodeMentor&logoColor=white
+[🏙️entsup-tidelift]: https://tidelift.com/subscription
+[🏙️entsup-tidelift-img]: https://img.shields.io/badge/Tidelift_and_Sonar-Enterprise_Support-FD3456?style=for-the-badge&logo=sonar&logoColor=white
+[🏙️entsup-tidelift-sonar]: https://blog.tidelift.com/tidelift-joins-sonar
+[💁🏼‍♂️peterboling]: http://www.peterboling.com
+[🚂railsbling]: http://www.railsbling.com
+[📜src-gl-img]: https://img.shields.io/badge/GitLab-FBA326?style=for-the-badge&logo=Gitlab&logoColor=orange
+[📜src-gl]: https://gitlab.com/pboling/gem_checksums/
+[📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
+[📜src-gh]: https://github.com/pboling/gem_checksums
+[📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜docs-head-rd-img]: https://img.shields.io/badge/RubyDoc-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜wiki]: https://gitlab.com/pboling/gem_checksums/-/wikis/home
+[📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
+[👽dl-rank]: https://rubygems.org/gems/stone_checksums
+[👽dl-ranki]: https://img.shields.io/gem/rd/stone_checksums.svg
+[👽oss-help]: https://www.codetriage.com/pboling/gem_checksums
+[👽oss-helpi]: https://www.codetriage.com/pboling/gem_checksums/badges/users.svg
+[👽version]: https://rubygems.org/gems/stone_checksums
+[👽versioni]: https://img.shields.io/gem/v/stone_checksums.svg
+[🔑cc-mnt]: https://codeclimate.com/github/pboling/gem_checksums/maintainability
+[🔑cc-mnti♻️]: https://api.codeclimate.com/v1/badges/ff2234fcbe9051436f37/maintainability
+[🔑cc-cov]: https://codeclimate.com/github/pboling/gem_checksums/test_coverage
+[🔑cc-covi♻️]: https://api.codeclimate.com/v1/badges/ff2234fcbe9051436f37/test_coverage
+[🔑codecov]: https://codecov.io/gh/pboling/gem_checksums
+[🔑codecovi♻️]: https://codecov.io/gh/pboling/gem_checksums/branch/main/graph/badge.svg?token=iQykVGCFME
+[🔑coveralls]: https://coveralls.io/github/pboling/gem_checksums?branch=main
+[🔑coveralls-img]: https://coveralls.io/repos/github/pboling/gem_checksums/badge.svg?branch=main
+[🔑depfu]: https://depfu.com/github/pboling/gem_checksums
+[🔑depfui♻️]: https://badges.depfu.com/badges/85187dfdd2ecf7839b2ec78c64d2bf4e/count.svg
+[🖐codeQL]: https://github.com/pboling/gem_checksums/security/code-scanning
+[🖐codeQL-img]: https://github.com/pboling/gem_checksums/actions/workflows/codeql-analysis.yml/badge.svg
+[🚎1-an-wf]: https://github.com/pboling/gem_checksums/actions/workflows/ancient.yml
+[🚎1-an-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/ancient.yml/badge.svg
+[🚎2-cov-wf]: https://github.com/pboling/gem_checksums/actions/workflows/coverage.yml
+[🚎2-cov-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/coverage.yml/badge.svg
+[🚎3-hd-wf]: https://github.com/pboling/gem_checksums/actions/workflows/heads.yml
+[🚎3-hd-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/heads.yml/badge.svg
+[🚎4-lg-wf]: https://github.com/pboling/gem_checksums/actions/workflows/legacy.yml
+[🚎4-lg-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/legacy.yml/badge.svg
+[🚎5-st-wf]: https://github.com/pboling/gem_checksums/actions/workflows/style.yml
+[🚎5-st-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/style.yml/badge.svg
+[🚎6-s-wf]: https://github.com/pboling/gem_checksums/actions/workflows/supported.yml
+[🚎6-s-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/supported.yml/badge.svg
+[🚎7-us-wf]: https://github.com/pboling/gem_checksums/actions/workflows/unsupported.yml
+[🚎7-us-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/unsupported.yml/badge.svg
+[🚎8-ho-wf]: https://github.com/pboling/gem_checksums/actions/workflows/hoary.yml
+[🚎8-ho-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/hoary.yml/badge.svg
+[🚎9-t-wf]: https://github.com/pboling/gem_checksums/actions/workflows/truffle.yml
+[🚎9-t-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/truffle.yml/badge.svg
+[🚎10-j-wf]: https://github.com/pboling/gem_checksums/actions/workflows/jruby.yml
+[🚎10-j-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/jruby.yml/badge.svg
+[🚎11-c-wf]: https://github.com/pboling/gem_checksums/actions/workflows/current.yml
+[🚎11-c-wfi]: https://github.com/pboling/gem_checksums/actions/workflows/current.yml/badge.svg
+[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🖇polar-img]: https://polar.sh/embed/seeks-funding-shield.svg?org=pboling
+[🖇polar]: https://polar.sh/pboling
+[🖇kofi-img]: https://img.shields.io/badge/buy_me_coffee-donate-yellow.svg
+[🖇kofi]: https://ko-fi.com/O5O86SNP4
+[🖇patreon-img]: https://img.shields.io/badge/patreon-donate-yellow.svg
+[🖇patreon]: https://patreon.com/galtzo
+[💎ruby-2.2i]: https://img.shields.io/badge/Ruby-2.2-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.6i]: https://img.shields.io/badge/Ruby-2.6-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-2.7i]: https://img.shields.io/badge/Ruby-2.7-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.0i]: https://img.shields.io/badge/Ruby-3.0-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.1i]: https://img.shields.io/badge/Ruby-3.1-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.2i]: https://img.shields.io/badge/Ruby-3.2-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-3.3i]: https://img.shields.io/badge/Ruby-3.3-CC342D?style=for-the-badge&logo=ruby&logoColor=white
+[💎ruby-c-i]: https://img.shields.io/badge/Ruby-current-CC342D?style=for-the-badge&logo=ruby&logoColor=green
+[💎ruby-headi]: https://img.shields.io/badge/Ruby-HEAD-CC342D?style=for-the-badge&logo=ruby&logoColor=blue
+[💎truby-22.3i]: https://img.shields.io/badge/Truffle_Ruby-22.3-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.0i]: https://img.shields.io/badge/Truffle_Ruby-23.0-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-23.1i]: https://img.shields.io/badge/Truffle_Ruby-23.1-34BCB1?style=for-the-badge&logo=ruby&logoColor=pink
+[💎truby-c-i]: https://img.shields.io/badge/Truffle_Ruby-current-34BCB1?style=for-the-badge&logo=ruby&logoColor=green
+[💎truby-headi]: https://img.shields.io/badge/Truffle_Ruby-HEAD-34BCB1?style=for-the-badge&logo=ruby&logoColor=blue
+[💎jruby-9.1i]: https://img.shields.io/badge/JRuby-9.1-FBE742?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.2i]: https://img.shields.io/badge/JRuby-9.2-FBE742?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-9.3i]: https://img.shields.io/badge/JRuby-9.3-FBE742?style=for-the-badge&logo=ruby&logoColor=red
+[💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
+[💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
+[🤝issues]: https://github.com/pboling/gem_checksums/issues
+[🤝pulls]: https://github.com/pboling/gem_checksums/pulls
+[🤝contributing]: CONTRIBUTING.md
+[🔑codecov-g♻️]: https://codecov.io/gh/pboling/gem_checksums/graphs/tree.svg?token=iQykVGCFME
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/pboling/gem_checksums/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=pboling/gem_checksums
+[🚎contributors-gl]: https://gitlab.com/pboling/gem_checksums/-/graphs/main
+[🪇conduct]: CODE_OF_CONDUCT.md
+[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-4baaaa.svg
+[📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
+[📌semver]: https://semver.org/spec/v2.0.0.html
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat
+[📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
+[📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
+[📌changelog]: CHANGELOG.md
+[📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
+[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.075-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🔐security]: SECURITY.md
+[🔐security-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
+[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
+[📄license]: LICENSE.txt
+[📄license-ref]: https://opensource.org/licenses/MIT
+[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg
+[📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
+[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-brightgreen.svg?style=flat
+[🚎yard-current]: http://rubydoc.info/gems/stone_checksums
+[🚎yard-head]: https://rubydoc.info/github/pboling/gem_checksums/main
+[🖇buyme-img]: https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20latte&emoji=&slug=pboling&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff
+[🖇buyme]: https://www.buymeacoffee.com/pboling
+[🖇buyme-small-img]: https://img.shields.io/badge/Buy--Me--A--Coffee-✓-brightgreen.svg?style=flat

data/SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+| Version  | Supported |
+|----------|-----------|
+| 1.latest | ✅         |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
+
+## Additional Support
+
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
+
+[README]: README.md

data/exe/gem_checksums

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+
+require "gem_checksums"
+
+GemChecksums.generate

data/lib/gem_checksums/rakelib/gem_checksums.rake

@@ -0,0 +1,8 @@
+# TODO: Override rake build task with check for SOURCE_DATE_EPOCH environment variable, and raise error if not set.
+
+namespace :build do
+  desc "Generate both SHA256 & SHA512 checksums into the checksums directory, and git commit them"
+  task :generate_checksums do
+    GemChecksums.generate
+  end
+end

data/lib/gem_checksums/tasks.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Load from a "rakelib" directory is automatic!
+# Adding this library's custom directory of tasks as a "rakelib"
+#   directory makes them available.
+abs_path = File.expand_path(__dir__)
+rakelib = "#{abs_path}/rakelib"
+Rake.add_rakelib(rakelib)

data/lib/gem_checksums/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module GemChecksums
+  module Version
+    VERSION = "1.0.0"
+  end
+end

data/lib/gem_checksums.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+
+# Std lib
+require "digest/sha2"
+require "fileutils"
+
+# external gems
+require "version_gem"
+
+# this library's version
+require_relative "gem_checksums/version"
+
+# Primary namespace of this library
+module GemChecksums
+  # Errors raised by this gem will use this class
+  class Error < StandardError; end
+
+  # Final clause of Regex `(?=\.gem)` is a positive lookahead assertion
+  # See: https://learnbyexample.github.io/Ruby_Regexp/lookarounds.html#positive-lookarounds
+  # Used to pattern match against a gem package name, which always ends with .gem.
+  # The positive lookahead ensures it is present, and prevents it from being captured.
+  VERSION_REGEX = /((\d+\.\d+\.\d+)([-.][0-9A-Za-z-]+)*)(?=\.gem)/.freeze
+  RUNNING_AS = File.basename($PROGRAM_NAME)
+  BUILD_TIME_ERROR_MESSAGE = "Environment variable SOURCE_DATE_EPOCH must be set. You'll need to rebuild the gem. See README.md of stone_checksums"
+  GIT_DRY_RUN_ENV = ENV.fetch("GEM_CHECKSUMS_GIT_DRY_RUN", "false").casecmp("true") == 0
+  CHECKSUMS_DIR = ENV.fetch("GEM_CHECKSUMS_CHECKSUMS_DIR", "checksums")
+  PACKAGE_DIR = ENV.fetch("GEM_CHECKSUMS_PACKAGE_DIR", "pkg")
+  BUILD_TIME_WARNING = <<-BUILD_TIME_WARNING
+WARNING: Build time not provided via environment variable SOURCE_DATE_EPOCH.
+         To ensure consistent SHA-256 & SHA-512 checksums,
+         you must set this environment variable *before* building the gem.
+
+IMPORTANT: After setting the build time, you *must re-build the gem*, i.e. bundle exec rake build, or gem build.
+
+How to set the build time:
+
+In zsh shell:
+  - export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH
+  - If the echo above has no output, then it didn't work.
+  - Note that you'll need the `zsh/datetime` module enabled.
+
+In fish shell:
+  - set -x SOURCE_DATE_EPOCH (date +%s)
+  - echo $SOURCE_DATE_EPOCH 
+
+In bash shell:
+  - export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+
+  BUILD_TIME_WARNING
+
+  # Make this gem's rake tasks available in your Rakefile:
+  #
+  #   require "gem_checksums"
+  #   GemChecksums.install_tasks
+  #
+  def install_tasks
+    load("gem_checksums/tasks.rb")
+  end
+  module_function :install_tasks
+
+  # Script, stolen from myself, from https://github.com/rubygems/guides/pull/325
+  # NOTE: SOURCE_DATE_EPOCH must be set in your environment prior to building the gem.
+  #       This ensures that the gem build, and the gem checksum will use the same timestamp,
+  #       and thus will match the SHA-256 checksum generated for every gem on Rubygems.org.
+  def generate(git_dry_run: false)
+    build_time = ENV.fetch("SOURCE_DATE_EPOCH", "")
+    build_time_missing = !(build_time =~ /\d{10,}/)
+    git_dry_run_flag = (git_dry_run || GIT_DRY_RUN_ENV) ? "--dry-run" : nil
+    warn("Will run git commit with --dry-run") if git_dry_run_flag
+
+    if build_time_missing
+      warn(BUILD_TIME_WARNING)
+      raise Error, BUILD_TIME_ERROR_MESSAGE
+    end
+
+    gem_path_parts =
+      case RUNNING_AS
+      when "rake", "gem_checksums"
+        first_arg = ARGV.first
+        first_arg.respond_to?(:split) ? first_arg.split("/") : []
+      else # e.g. "rspec"
+        []
+      end
+
+    if gem_path_parts.any?
+      gem_name = gem_path_parts.last
+      gem_pkg = File.join(gem_path_parts)
+      puts "Looking for: #{gem_pkg.inspect}"
+      gems = Dir[gem_pkg]
+      raise Error, "Unable to find gem #{gem_pkg}" if gems.empty?
+
+      puts "Found: #{gems.inspect}"
+    else
+      gem_pkgs = File.join(PACKAGE_DIR, "*.gem")
+      puts "Looking for: #{gem_pkgs.inspect}"
+      gems = Dir[gem_pkgs]
+      raise Error, "Unable to find gems #{gem_pkgs}" if gems.empty?
+
+      # Sort by newest last
+      # [ "my_gem-2.3.9.gem", "my_gem-2.3.11.pre.alpha.4.gem", "my_gem-2.3.15.gem", ... ]
+      gems.sort_by! { |gem| Gem::Version.new(gem[VERSION_REGEX]) }
+      gem_pkg = gems.last
+      gem_path_parts = gem_pkg.split("/")
+      gem_name = gem_path_parts.last
+      puts "Found: #{gems.length} gems; latest is #{gem_name}"
+    end
+
+    pkg_bits = File.read(gem_pkg)
+
+    # SHA-512 digest is 8 64-bit words
+    digest512_64bit = Digest::SHA512.new.hexdigest(pkg_bits)
+    digest512_64bit_path = "#{CHECKSUMS_DIR}/#{gem_name}.sha512"
+    Dir.mkdir(CHECKSUMS_DIR) unless Dir.exist?(CHECKSUMS_DIR)
+    File.write(digest512_64bit_path, digest512_64bit)
+
+    # SHA-256 digest is 8 32-bit words
+    digest256_32bit = Digest::SHA256.new.hexdigest(pkg_bits)
+    digest256_32bit_path = "#{CHECKSUMS_DIR}/#{gem_name}.sha256"
+    File.write(digest256_32bit_path, digest256_32bit)
+
+    version = gem_name[VERSION_REGEX]
+
+    git_cmd = <<-GIT_MSG.rstrip
+git add #{CHECKSUMS_DIR}/* && \
+git commit #{git_dry_run_flag} -m "🔒️ Checksums for v#{version}"
+    GIT_MSG
+
+    if git_dry_run_flag
+      git_cmd += <<-CLEANUP_MSG
+ && \
+echo "Cleaning up in dry run mode" && \
+git reset #{digest512_64bit_path} && \
+git reset #{digest256_32bit_path} && \
+rm -f #{digest512_64bit_path} && \
+rm -f #{digest256_32bit_path}
+      CLEANUP_MSG
+    end
+
+    puts <<-RESULTS
+[ GEM: #{gem_name} ]
+[ VERSION: #{version} ]
+[ GEM PKG LOCATION: #{gem_pkg} ]
+[ CHECKSUM SHA-256: #{digest256_32bit} ]
+[ CHECKSUM SHA-512: #{digest512_64bit} ]
+[ CHECKSUM SHA-256 PATH: #{digest256_32bit_path} ]
+[ CHECKSUM SHA-512 PATH: #{digest512_64bit_path} ]
+
+... Running ...
+
+#{git_cmd}
+    RESULTS
+
+    if git_dry_run_flag
+      %x{#{git_cmd}}
+    else
+      # `exec` will replace the current process with the git process, and exit.
+      # Within the generate method, Ruby code placed after the `exec` *will not be run*:
+      #   See: https://www.akshaykhot.com/call-shell-commands-in-ruby
+      # But we can't exit the process when testing from RSpec,
+      #   since that would exit the parent RSpec process
+      exec(git_cmd)
+    end
+  end
+  module_function :generate
+end
+
+GemChecksums::Version.class_eval do
+  extend VersionGem::Basic
+end
+
+GemChecksums.install_tasks if GemChecksums::RUNNING_AS == "rake"

data/lib/stone_checksums.rb

@@ -0,0 +1,2 @@
+# RubyGems disallowed pushing a gem called `gem_checksums`, hence the name games.
+require_relative "gem_checksums"

data/sig/gem_checksums.rbs

@@ -0,0 +1,4 @@
+module GemChecksums
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,211 @@
+--- !ruby/object:Gem::Specification
+name: stone_checksums
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Peter Boling
+bindir: exe
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
+  ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
+  A2NvbTAeFw0yNDA5MjAwODU4NDJaFw0yNTA5MjAwODU4NDJaMEMxFTATBgNVBAMM
+  DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
+  LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAjrxsKObI
+  rFQjBpzvVfqnT6JlF8/pkpgEEjFh7ex3zIerfuHzZvSrx+sRDGxQ8koWWG0Wjx8s
+  wkBZ5dIqvl0g3sWP5asa28u/09opxkQTC1Ao77iYxcBcwoCe/Dpf1m4Q/m6oH0kL
+  2AZVNJQL3UkqAcLS0tsj/s/jAKnVlsaZZE5gQiIIi8HtkvSsajtx+Cq2AxDvcWvV
+  /CliD+pmzYkTjvjwGm8yeyFGGGgrisJMryiZdZlkTwrQSjCzudIKbLeuG8Se4JTD
+  TAcT+rPubr27v1jwmtIjtiot3rf4nof7LHLb122a/0VR7cC7xPLnXw0Cq1BShvoq
+  /GKRdSwMNinTOGkFTK1gKnjN+3iD4zyXU3XO3CXoTr+Ju8fXPN1x4tpOMgbv8dme
+  WbcQMOH9ZjmA5w0bSVRL1c3NhRRpUzrKTNXBEvqOyWjUnintxWKj+cRXx+z+dUgI
+  dL3kj68fcsiTgl75In3C485pnCMmq1eLuVoiy3jkLNOn2lHeLt9ZK63LAgMBAAGj
+  fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRhfc+2UaVYd74p
+  yJ1JclGiUYN8+jAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
+  A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
+  ggGBAA4fLU2+mQ++jBhVM2IeyvQdw1nm+0thkH4Ldv8ZOBm5ZxCPGIMoYliDDzg4
+  4JDFxZR1wR4sdrz/K5tWtEkN23SKzopwbNb1NIQRSLQ7nOoc+4bkuz9xwKinmIvF
+  D+5qsl2S27WLKFreMDtGoh0CREIMBUxU4rGTh0gtzmweGR+fnOShg4Jo0kxrjU5h
+  uYk/uVE+bn/jOEGs43GvKXZLyshpBrZjQ+ArbvxDht5t35zbSxerbUxUPZUbXUCW
+  tTyh38a9UYjAAHvnh6Y4Fi9wd4/pGNsektrzB3z/zlVj4YF2TMLX9XfNJWEGRGpO
+  sSkLYdtEX1WQAmuZtActVW2cL3HdQaRbiv7VbfpA0eSk0ZdZHvBCl516ZZu10uX6
+  82W1mg6fuezdpeBOiXwrEbZSt/oGiF4V511F6nd55p0okwHc/6nS10F/3aKJ4gwC
+  I5o+DRfXQHqKucx1ldFHvI2rE/kSCWqGTHN2eyu1sqCPeOoIMxrltJhaejKPkxqj
+  zaF9Og==
+  -----END CERTIFICATE-----
+date: 2025-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: version_gem
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+- !ruby/object:Gem::Dependency
+  name: rspec-block_is_expected
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-pending_for
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.16
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.16
+- !ruby/object:Gem::Dependency
+  name: rspec-stubbed_env
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+description: |-
+  Generate both SHA256 & SHA512 checksums into the checksums directory, and git commit them.
+    gem install stone_checksums
+  Then, use the rake task or the script:
+    rake build:generate_checksums
+    gem_checksums
+  Control options with ENV variables!
+email:
+- peter.boling@gmail.com
+executables:
+- gem_checksums
+extensions: []
+extra_rdoc_files:
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- LICENSE.txt
+- README.md
+- SECURITY.md
+files:
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- LICENSE.txt
+- README.md
+- SECURITY.md
+- exe/gem_checksums
+- lib/gem_checksums.rb
+- lib/gem_checksums/rakelib/gem_checksums.rake
+- lib/gem_checksums/tasks.rb
+- lib/gem_checksums/version.rb
+- lib/stone_checksums.rb
+- sig/gem_checksums.rbs
+homepage: https://github.com/pboling/gem_checksums
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://railsbling.com/tags/stone_checksums/
+  source_code_uri: https://github.com/pboling/gem_checksums/tree/v1.0.0
+  changelog_uri: https://github.com/pboling/gem_checksums/blob/v1.0.0/CHANGELOG.md
+  bug_tracker_uri: https://github.com/pboling/gem_checksums/issues
+  documentation_uri: https://www.rubydoc.info/gems/stone_checksums/1.0.0
+  wiki_uri: https://github.com/pboling/gem_checksums/wiki
+  funding_uri: https://liberapay.com/pboling
+  rubygems_mfa_required: 'true'
+rdoc_options:
+- "--title"
+- stone_checksums - Generate both SHA256 & SHA512 checksums of RubyGem libraries
+- "--main"
+- README.md
+- "--line-numbers"
+- "--inline-source"
+- "--quiet"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.4
+specification_version: 4
+summary: Generate both SHA256 & SHA512 checksums of RubyGem libraries
+test_files: []