🔒️ SHA256 and SHA512 checksums

Author: pboling

CHANGELOG.md

@@ -10,7 +10,15 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Removed
 
-## [Unreleased]
+## [2.0.1] - 2022-09-23 ([tag][2.0.1t])
+### Added
+- Certificate for signing gem releases (@pboling)
+- Gemspec metadata (@pboling)
+    - funding_uri
+    - mailing_list_uri
+- Checksums for released gems (@pboling)
+### Changed
+- Gem releases are now cryptographically signed (@pboling)
 
 ## [2.0.0] - 2022-08-29 ([tag][2.0.0t])
 ### Changed

Gemfile.lock

@@ -3,7 +3,7 @@ PATH
   specs:
     snaky_hash (2.0.0)
       hashie
-      version_gem (~> 1.1)
+      version_gem (~> 1.1, >= 1.1.1)
 
 GEM
   remote: https://rubygems.org/
@@ -39,13 +39,13 @@ GEM
       rspec-core
     rspec-core (3.11.0)
       rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rspec-expectations (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
     rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
+    rspec-support (3.11.1)
     rubocop (0.68.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -82,7 +82,7 @@ GEM
     simplecov-lcov (0.8.0)
     simplecov_json_formatter (0.1.4)
     unicode-display_width (1.5.0)
-    version_gem (1.1.0)
+    version_gem (1.1.1)
     webrick (1.7.0)
     yard (0.9.28)
       webrick (~> 1.7.0)

bin/checksum

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "digest/sha2"
+gems = Dir["*.gem"]
+puts "Found: #{gems.inspect}"
+raise "No Gems" if gems.length.zero?
+raise "Too Many Gems" if gems.length > 1
+
+built_gem_path = gems.first
+checksum512 = Digest::SHA512.new.hexdigest(File.read(built_gem_path))
+checksum512_path = "checksums/#{built_gem_path}.sha512"
+File.write(checksum512_path, checksum512)
+
+checksum256 = Digest::SHA256.new.hexdigest(File.read(built_gem_path))
+checksum256_path = "checksums/#{built_gem_path}.sha256"
+File.write(checksum256_path, checksum256)
+
+puts "You must now git add and commit '#{checksum256_path}' and '#{checksum512_path}'"

certs/pboling.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
+ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
+A2NvbTAeFw0yMjA5MTgyMzEyMzBaFw0yMzA5MTgyMzEyMzBaMEMxFTATBgNVBAMM
+DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
+LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Dn1GM3W
+8K2/rvN1zz+06bQMcxD16ZKTihVwi7Pb1v3T98rM4Omnxohm3s+CwpDWGeiB9pj6
+0I/CTce0e4e3s8GKJSOrg93veImPSoH2PfsMsRsuB8wtqyiOCjLbF5o6S29x87r0
+LA5EawH+Lh4xqrkkPjdffsmLk7TaCig/vlmNvnzxXKBdey/X/aEJZXzzBiWRfVdh
+O1fmMbVKyieGv9HK7+pLotIoT08bjDv8NP6V7zZslwQRqW27bQc6cqC2LGIbTYO3
+3jt1kQxfMWmhOictS6SzG9VtKSrXf0L4Neq0Gh7CLBZBvJFWJYZPfb92YNITDbd8
+emPOAQlXXNMN4mMXsEqtEhCPZRMnmwO+fOk/cC4AyglKi9lnQugCQoFV1XDMZST/
+CYbzdQyadOdPDInTntG6V+Uw51d2QGXZ6PDDfrx9+toc/3sl5h68rCUGgE6Q3jPz
+srinqmBsxv2vTpmd4FjmiAtEnwH5/ooLpQYL8UdAjEoeysxS3AwIh+5dAgMBAAGj
+fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQWU6D156a2cle+
+lb5RBfvVXlxTwjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
+A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
+ggGBAJ4SqhPlgUiLYIrphGXIaxXScHyvx4kixuvdrwhI4VoQV2qXvO7R6ZjOXVwX
+f/z84BWPiTZ8lzThPbt1UV/BGwkvLw9I4RjOdzvUz3J42j9Ly6q63isall07bo3F
+QWe/OBvIMBF1IbjC3q5vKPg4rq8+TkNRJNoE86U2gfR+PkW3jYYs9uiy0GloHDCP
+k5xgaj0vSL0Uy5mTOPdk3K6a/sUGZyYniWK05zdhIi956ynhfGaFO988FFdVw5Jq
+LHtXfIpAU8F7ES04syZSslxOluw7VlcSKyRdVIr737J92ZTduppB4PRGSKRgBsWV
+hXTahRE72Kyw53Q7FAuzF3v102WxAAQ7BuMjW+MyCUT75fwPm3W4ELPL8HYkNGE7
+2oA5CPghFitRnvYS3GNrDG+9bNiRMEskeaBYwZ9UgReBQIwGYVj7LZk3UhiAsn44
+gwGrEXGQGDZ0NIgBcmvMOqlXjkGQwQvugKycJ024z89+fz2332vdZIKTrSxJrXGk
+4/bR9A==
+-----END CERTIFICATE-----

snaky_hash.gemspec

@@ -3,26 +3,31 @@
 require_relative "lib/snaky_hash/version"
 
 Gem::Specification.new do |spec|
+  spec.cert_chain = ["certs/pboling.pem"]
+  spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $PROGRAM_NAME.end_with?("gem")
+
   spec.add_dependency "hashie"
-  spec.add_dependency "version_gem", "~> 1.1"
+  spec.add_dependency "version_gem", ["~> 1.1", ">= 1.1.1"]
 
   spec.name = "snaky_hash"
   spec.version = SnakyHash::Version::VERSION
   spec.authors = ["Peter Boling"]
-  spec.email = ["[email protected]"]
+  spec.email = ["[email protected]", "[email protected]"]
 
   spec.summary = "A very snaky hash"
   spec.description = "A Hashie::Mash joint to make #snakelife better"
-  spec.homepage = "https://gitlab.com/oauth-xx/snaky_hash"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.2"
 
+  spec.homepage = "https://gitlab.com/oauth-xx/snaky_hash"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "#{spec.homepage}/-/tree/v#{spec.version}"
   spec.metadata["changelog_uri"] = "#{spec.homepage}/-/blob/v#{spec.version}/CHANGELOG.md"
   spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/-/issues"
   spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}"
-  spec.metadata["wiki_uri"] = "#{spec.homepage}/-/wikis/home"
+  spec.metadata["wiki_uri"] = "#{spec.homepage}/-/wiki"
+  spec.metadata["mailing_list_uri"] = "https://groups.google.com/g/oauth-ruby"
+  spec.metadata["funding_uri"] = "https://liberapay.com/pboling"
   spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = Dir[