stone_checksums 1.0.3 → 1.0.4

data/SECURITY.md

@@ -4,7 +4,7 @@
 
 | Version  | Supported |
 |----------|-----------|
-| 1.latest | ✅         |
+| 1.0.latest | ✅         |
 
 ## Security contact information
 

data/certs/pboling.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
+ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
+A2NvbTAeFw0yNTA1MDQxNTMzMDlaFw00NTA0MjkxNTMzMDlaMEMxFTATBgNVBAMM
+DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
+LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAruUoo0WA
+uoNuq6puKWYeRYiZekz/nsDeK5x/0IEirzcCEvaHr3Bmz7rjo1I6On3gGKmiZs61
+LRmQ3oxy77ydmkGTXBjruJB+pQEn7UfLSgQ0xa1/X3kdBZt6RmabFlBxnHkoaGY5
+mZuZ5+Z7walmv6sFD9ajhzj+oIgwWfnEHkXYTR8I6VLN7MRRKGMPoZ/yvOmxb2DN
+coEEHWKO9CvgYpW7asIihl/9GMpKiRkcYPm9dGQzZc6uTwom1COfW0+ZOFrDVBuV
+FMQRPswZcY4Wlq0uEBLPU7hxnCL9nKK6Y9IhdDcz1mY6HZ91WImNslOSI0S8hRpj
+yGOWxQIhBT3fqCBlRIqFQBudrnD9jSNpSGsFvbEijd5ns7Z9ZMehXkXDycpGAUj1
+to/5cuTWWw1JqUWrKJYoifnVhtE1o1DZ+LkPtWxHtz5kjDG/zR3MG0Ula0UOavlD
+qbnbcXPBnwXtTFeZ3C+yrWpE4pGnl3yGkZj9SMTlo9qnTMiPmuWKQDatAgMBAAGj
+fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQE8uWvNbPVNRXZ
+HlgPbc2PCzC4bjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
+A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
+ggGBAJbnUwfJQFPkBgH9cL7hoBfRtmWiCvdqdjeTmi04u8zVNCUox0A4gT982DE9
+wmuN12LpdajxZONqbXuzZvc+nb0StFwmFYZG6iDwaf4BPywm2e/Vmq0YG45vZXGR
+L8yMDSK1cQXjmA+ZBKOHKWavxP6Vp7lWvjAhz8RFwqF9GuNIdhv9NpnCAWcMZtpm
+GUPyIWw/Cw/2wZp74QzZj6Npx+LdXoLTF1HMSJXZ7/pkxLCsB8m4EFVdb/IrW/0k
+kNSfjtAfBHO8nLGuqQZVH9IBD1i9K6aSs7pT6TW8itXUIlkIUI2tg5YzW6OFfPzq
+QekSkX3lZfY+HTSp/o+YvKkqWLUV7PQ7xh1ZYDtocpaHwgxe/j3bBqHE+CUPH2vA
+0V/FwdTRWcwsjVoOJTrYcff8pBZ8r2MvtAc54xfnnhGFzeRHfcltobgFxkAXdE6p
+DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt
+L9nRqA==
+-----END CERTIFICATE-----

data/lib/gem_checksums.rb

@@ -3,6 +3,7 @@
 # Std lib
 require "digest/sha2"
 require "fileutils"
+require "rubygems/package"
 
 # external gems
 require "version_gem"
@@ -93,7 +94,7 @@ In bash shell:
     # Header: identify the gem and version being run
     begin
       puts "[ stone_checksums #{::StoneChecksums::Version::VERSION} ]"
-    rescue StandardError
+    rescue
       # If for any reason the version constant isn't available, skip header gracefully
     end
 
@@ -153,12 +154,14 @@ Tip: set GEM_CHECKSUMS_ASSUME_YES=true to proceed non-interactively (still requi
       # Sort by newest last
       # [ "my_gem-2.3.9.gem", "my_gem-2.3.11.pre.alpha.4.gem", "my_gem-2.3.15.gem", ... ]
       gems.sort_by! { |gem| Gem::Version.new(gem[VERSION_REGEX]) }
-      gem_pkg = gems.last
+      gem_pkg = preferred_project_package(gems) || gems.last
       gem_path_parts = gem_pkg.split("/")
       gem_name = gem_path_parts.last
-      puts "Found: #{gems.length} gems; latest is #{gem_name}"
+      puts "Found: #{gems.length} gems; selected #{gem_name}"
     end
 
+    validate_project_package!(gem_pkg)
+
     pkg_bits = File.read(gem_pkg)
 
     # SHA-512 digest is 8 64-bit words
@@ -205,7 +208,7 @@ rm -f #{digest256_32bit_path}
     RESULTS
 
     if git_dry_run_flag
-      %x{#{git_cmd}}
+      `#{git_cmd}`
     else
       # `exec` will replace the current process with the git process, and exit.
       # Within the generate method, Ruby code placed after the `exec` *will not be run*:
@@ -216,6 +219,46 @@ rm -f #{digest256_32bit_path}
     end
   end
   module_function :generate
+
+  def validate_project_package!(gem_pkg)
+    project_spec = current_project_spec
+    return unless project_spec
+    return unless validate_package_against_project?(gem_pkg, project_spec)
+
+    package_spec = Gem::Package.new(gem_pkg).spec
+    return if package_spec.name == project_spec.name && package_spec.version == project_spec.version
+
+    raise Error, [
+      "Built gem version mismatch for #{gem_pkg}.",
+      "Current gemspec resolves to #{project_spec.name} #{project_spec.version}, but selected package is #{package_spec.name} #{package_spec.version}.",
+      "Remove stale packages or pass the intended .gem path explicitly before generating checksums."
+    ].join("\n")
+  rescue Gem::Package::Error => error
+    raise Error, "Unable to inspect built gem #{gem_pkg}: #{error.message}"
+  end
+  module_function :validate_project_package!
+
+  def current_project_spec
+    gemspecs = Dir["*.gemspec"]
+    return unless gemspecs.length == 1
+
+    Gem::Specification.load(gemspecs.first)
+  end
+  module_function :current_project_spec
+
+  def preferred_project_package(gems)
+    project_spec = current_project_spec
+    return unless project_spec
+
+    expected_name = "#{project_spec.name}-#{project_spec.version}.gem"
+    gems.find { |gem| File.basename(gem) == expected_name }
+  end
+  module_function :preferred_project_package
+
+  def validate_package_against_project?(gem_pkg, project_spec)
+    File.basename(File.expand_path(PACKAGE_DIR)) == "pkg" || File.basename(gem_pkg).start_with?("#{project_spec.name}-")
+  end
+  module_function :validate_package_against_project?
 end
 
 GemChecksums::Version.class_eval do

data/lib/stone_checksums/version.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-# Semantic version for the StoneChecksums gem
 module StoneChecksums
-  # Version-related constants for StoneChecksums
   module Version
-    # Current gem version
-    # @return [String]
-    VERSION = "1.0.3"
+    VERSION = "1.0.4"
   end
+  VERSION = Version::VERSION # Traditional Constant Location
 end

data/lib/stone_checksums.rb

@@ -7,6 +7,8 @@
 #
 # RubyGems does not allow publishing a gem named `gem_checksums`,
 # hence the updated namespace and gem name.
+require "version_gem"
+
 require_relative "gem_checksums"
 
 # This library's version

data/sig/stone_checksums/version.rbs

@@ -0,0 +1,6 @@
+module StoneChecksums
+  module Version
+    VERSION: String
+  end
+  VERSION: String
+end

data/sig/stone_checksums.rbs

@@ -1,11 +1,8 @@
 module StoneChecksums
-  VERSION: String
-
   class Error < ::GemChecksums::Error
   end
 
   module Version
-    VERSION: String
   end
 
   def self.install_tasks: () -> void

metadata

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification
 name: stone_checksums
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
-- Peter H. Boling
+- "|7eter l-|. l3oling"
 bindir: exe
 cert_chain:
 - |
@@ -46,7 +46,7 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.9
+        version: 1.1.13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -56,35 +56,41 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.9
+        version: 1.1.13
 - !ruby/object:Gem::Dependency
   name: kettle-dev
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.15
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.15
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -125,34 +131,60 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
 - !ruby/object:Gem::Dependency
   name: kettle-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 2.0.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 2.0.6
+- !ruby/object:Gem::Dependency
+  name: turbo_tests2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.5
 - !ruby/object:Gem::Dependency
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
@@ -173,20 +205,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 2.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 2.0.3
 description: "\U0001F5FF Generate both SHA256 & SHA512 checksums into the checksums
   directory, and git commit them.\n  gem install stone_checksums\nThen, use the rake
   task or the script:\n  rake build:generate_checksums\n  gem_checksums\nControl options
@@ -203,9 +235,8 @@ extra_rdoc_files:
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - FUNDING.md
-- LICENSE.txt
+- LICENSE.md
 - README.md
-- REEK
 - RUBOCOP.md
 - SECURITY.md
 files:
@@ -214,11 +245,11 @@ files:
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - FUNDING.md
-- LICENSE.txt
+- LICENSE.md
 - README.md
-- REEK
 - RUBOCOP.md
 - SECURITY.md
+- certs/pboling.pem
 - exe/gem_checksums
 - lib/gem_checksums.rb
 - lib/gem_checksums/rakelib/gem_checksums.rake
@@ -228,15 +259,16 @@ files:
 - lib/stone_checksums/version.rb
 - sig/gem_checksums.rbs
 - sig/stone_checksums.rbs
+- sig/stone_checksums/version.rbs
 homepage: https://github.com/galtzo-floss/stone_checksums
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://stone-checksums.galtzo.com/
-  source_code_uri: https://github.com/galtzo-floss/stone_checksums/tree/v1.0.3
-  changelog_uri: https://github.com/galtzo-floss/stone_checksums/blob/v1.0.3/CHANGELOG.md
+  homepage_uri: https://stone-checksums.galtzo.com
+  source_code_uri: https://github.com/galtzo-floss/stone_checksums/tree/v1.0.4
+  changelog_uri: https://github.com/galtzo-floss/stone_checksums/blob/v1.0.4/CHANGELOG.md
   bug_tracker_uri: https://github.com/galtzo-floss/stone_checksums/issues
-  documentation_uri: https://www.rubydoc.info/gems/stone_checksums/1.0.3
+  documentation_uri: https://www.rubydoc.info/gems/stone_checksums/1.0.4
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/galtzo-floss/stone_checksums/wiki
   news_uri: https://www.railsbling.com/tags/stone_checksums
@@ -266,7 +298,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.10
 specification_version: 4
 summary: "\U0001F5FF Generate both SHA256 & SHA512 checksums of RubyGem libraries"
 test_files: []

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2022 - 2025 Peter Boling
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.