How To
Gitian-RubyGems Usage Quick Start
To bootstrap a clean RubyGems installation, run:
% curl https://gitian.org/boot-gems | sh
This will:
- Install RubyGems to ~/.gem
- Create ~/.profile-gem to be included in your shell startup script
- Install the Gitian gem
The HighSecurity gem install policy will be activated, meaning that all gems must be signed with a trusted certificate. If you have to install a gem from another repository, you can turn off security temporarily with gem gitian --undo and turn it back on with gem gitian. Alternatively, you can download a gem and install it with gem install -P LowSecurity name.gem.
Use with an Existing RubyGems Installation
This is somewhat less secure, since it relies on your existing gem source (e.g. gemcutter) for obtaining the Gitian gem.
% gem install gitian % gem gitian
This will display:
Please verify fingerprint for <info.deb@nginz.org> is A9:24:34:B6:63:16:80:6A:06:9B:30:29:D0:EA:9C:0D:3D:86:A9:32
TODO
* recommend uninstall gems in system directories (provide a utility?)
* howto for distribution forking
* howto for multiple signers - signer viewpoint, user viewpoint