module Hoe::Signing

Signing plugin for hoe.

Tasks Provided:

generate_key

Generate a key for signing your gems.

Extra Configuration Options:

signing_key_file

Signs your gems with this private key.

signing_cert_file

Signs your gem with this certificate.

Usage:

Run the ‘generate_key’ task. This will:

  1. Configure your ~/.hoerc.

  2. Generate a signing key and certificate.

  3. Install the private key and public certificate files into ~/.gem.

Hoe will now generate signed gems when the package task is run. If you have multiple machines you build gems on, be sure to install your key and certificate on each machine.

Keep your private key secret! Keep your private key safe!

You can provide your private key passphrase via the GEM_PRIVATE_KEY_PASSPHRASE environment variable.

To make sure your gems are signed run:

rake package; tar tf pkg/yourproject-1.2.3.gem

If your gem is signed you will see:

data.tar.gz
data.tar.gz.sig
metadata.gz
metadata.gz.sig

Public Instance Methods

define_signing_tasks() click to toggle source

Define tasks for plugin.

# File lib/hoe/signing.rb, line 48
def define_signing_tasks
  set_up_signing

  desc "Generate a key for signing your gems."
  task :generate_key do
    generate_key_task
  end

  desc "Check pubilc key for signing your gems."
  task :check_key do
    check_key_task
  end
rescue NameError
  warn "Couldn't set up signing (openssl error?). Skipping."
end