How To

Gitian-RubyGems Usage Quick Start

To bootstrap a clean RubyGems installation, run:

% curl https://gitian.org/boot-gems | sh
        

This will:

The HighSecurity gem install policy will be activated, meaning that all gems must be signed with a trusted certificate. If you have to install a gem from another repository, you can turn off security temporarily with gem gitian --undo and turn it back on with gem gitian. Alternatively, you can download a gem and install it with gem install -P LowSecurity name.gem.

Use with an Existing RubyGems Installation

This is somewhat less secure, since it relies on your existing gem source (e.g. gemcutter) for obtaining the Gitian gem.

% gem install gitian
% gem gitian
        

This will display:

Please verify fingerprint for <info.deb@nginz.org> is
 A9:24:34:B6:63:16:80:6A:06:9B:30:29:D0:EA:9C:0D:3D:86:A9:32
        

TODO

* recommend uninstall gems in system directories (provide a utility?)
* howto for distribution forking
* howto for multiple signers - signer viewpoint, user viewpoint