Signing a Ruby gem: Will s.signing_key be removed in gemspec when creating a gem?

Question

Signing a Ruby gem: Will s.signing_key be removed in gemspec when creating a gem?

I want to sign the Ruby pearl and follow the instructions at http://docs.rubygems.org/read/chapter/21 It says: "Keep the hidden secret key." But in order to sign the gem, we need to put "s.signing_key = '/mnt/floppy/gem-private_key.pem" in the gemfile. If this line is not deleted after creating the gem, everyone can see it after installing the gem from RubyGems.org. (Not that they could easily access my computer, but still.) Will this line be automatically deleted from gemspec when generating the gem?

I usually build a gem using the Bundler's rake release. So this time I tried "gem build mygem.gemspec". But this caused some OpenSSL error. Therefore, I can’t check the created stone.

Thanks in advance.

+5

ruby gem

tadatoshi Mar 10 '13 at 21:34

source share

1 answer

Matt Sanders · Answer 1 · 2013-08-26T18:55:24+0000

No, the entry signing_keyin your gemspec will not be deleted. It will be publicly available, so people will be able to see the location of your signature key file.

As you already mentioned, this does not mean that people will have access to it, but they will know where it would be if they could access your system.

, gemspec , gem unpack

gem unpack GEMNAME

, !

Signing a Ruby gem: Will s.signing_key be removed in gemspec when creating a gem?

More articles: