@@ -119,14 +119,84 @@ Add cert paths to your gemspec
119119
120120-------
121121
122- ### Include checksum of released gems in your repository
123-
124- require 'digest/sha2'
125- built_gem_path = 'pkg/gemname-version.gem'
126- checksum = Digest::SHA512.new.hexdigest(File.read(built_gem_path))
127- checksum_path = 'checksum/gemname-version.gem.sha512'
128- File.open(checksum_path, 'w' ) {|f| f.write(checksum) }
129- # add and commit 'checksum_path'
122+ ### Include SHA-256 and SHA-512 checksums of released gems in your repository
123+
124+ Checksums can be created when you are ready to release a gem.
125+
126+ Currently the rake task only creates an SHA-256 checksum. Run:
127+
128+ rake build:checksum
129+
130+ The checksum will be placed in the ` checksums/ ` directory. If you track the
131+ checksums in your source repository, others will be able to verify the
132+ authenticity of a release.
133+
134+ Alternatively, if you'd like a script that will create both SHA-256 and SHA-512
135+ checksums you might use something like the following:
136+
137+ ``` ruby
138+ # !/usr/bin/env ruby
139+ # frozen_string_literal: true
140+
141+ require " digest/sha2"
142+
143+ VERSION_REGEX = /\d +\.\d +\.\d +([-.] .+) */ .freeze
144+
145+ gem_path_parts = ARGV .first&.split(" /"
146+
147+ if gem_path_parts&.any?
148+ gem_name = gem_path_parts.last
149+ gem_pkg = File .join(gem_path_parts)
150+ puts " Looking for: #{ gem_pkg.inspect } "
151+ gems = Dir [gem_pkg]
152+ puts " Found: #{ gems.inspect } "
153+ else
154+ gem_pkgs = File .join(" pkg" " *.gem"
155+ puts " Looking for: #{ gem_pkgs.inspect } "
156+ gems = Dir [gem_pkgs]
157+ raise " Unable to find gems #{ gem_pkgs } " if gems.empty?
158+
159+ # Sort by newest last
160+ # [ "my_gem-2.3.9.gem", "my_gem-2.3.11.pre.alpha.4.gem", "my_gem-2.3.15.gem", ... ]
161+ gems.sort_by! { |gem | Gem ::Version .new (gem[VERSION_REGEX ]) }
162+ gem_pkg = gems.last
163+ gem_path_parts = gem_pkg.split(" /"
164+ gem_name = gem_path_parts.last
165+ puts " Found: #{ gems.length } gems; latest is #{ gem_name } "
166+ end
167+
168+ checksum512 = Digest ::SHA512 .new .hexdigest(File .read(gem_pkg))
169+ checksum512_path = " checksums/#{ gem_name } .sha512"
170+ File .write(checksum512_path, checksum512)
171+
172+ checksum256 = Digest ::SHA256 .new .hexdigest(File .read(gem_pkg))
173+ checksum256_path = " checksums/#{ gem_name } .sha256"
174+ File .write(checksum256_path, checksum256)
175+
176+ version = File .basename(checksum256_path[VERSION_REGEX ], " .gem"
177+
178+ git_cmd = <<~GIT_MSG
179+ git add checksums/* && \
180+ git commit -m "ποΈ Checksums for v#{ version } "
181+ GIT_MSG
182+
183+ puts <<~RESULTS
184+ [GEM: #{ gem_name } ]
185+ [VERSION: #{ version } ]
186+ [CHECKSUM SHA256 PATH: #{ checksum256_path } ]
187+ [CHECKSUM SHA512 PATH: #{ checksum512_path } ]
188+
189+ ... Running ...
190+
191+ #{ git_cmd }
192+ RESULTS
193+
194+ # This will replace the current process with the git process, and exit.
195+ # Any command placed after this will not be run:
196+ # See: https://www.akshaykhot.com/call-shell-commands-in-ruby
197+ exec (git_cmd)
198+
199+ ```
130200
131201-------
132202
0 commit comments