Replace 'gem sign' and 'gem sbuild' with 'gem build --sign'

grant-olson / rubygems-openpgp

This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.

http://www.rubygems-openpgp-ca.org

Other

32 stars 4 forks source link

Replace 'gem sign' and 'gem sbuild' with 'gem build --sign' #10

Closed grant-olson closed 11 years ago

grant-olson commented 11 years ago

See #9. It looks like we actually can hook in and add options to build.

--sign should automatically sign the gem with the default key in your keyring.
--key DEADBEEF should allow you to override that.
Maybe we can specify a key in the gemspec? Not sure.
The two existing commands should print out messages saying they are deprecated, show the new syntax, and exit.

grant-olson commented 11 years ago

Echoing a comment on #9 there actually is no sbuild command, and we should still have an explicit sign command in addition to gem build --sign