How To

Gitian-RubyGems Usage Quick Start

To bootstrap a clean RubyGems installation, run:

% curl | sh

This will:

The HighSecurity gem install policy will be activated, meaning that all gems must be signed with a trusted certificate. If you have to install a gem from another repository, you can turn off security temporarily with gem gitian --undo and turn it back on with gem gitian. Alternatively, you can download a gem and install it with gem install -P LowSecurity name.gem.

Use with an Existing RubyGems Installation

This is somewhat less secure, since it relies on your existing gem source (e.g. gemcutter) for obtaining the Gitian gem.

% gem install gitian
% gem gitian

This will display:

Please verify fingerprint for <> is


* recommend uninstall gems in system directories (provide a utility?)
* howto for distribution forking
* howto for multiple signers - signer viewpoint, user viewpoint