Generate Gem Checksums
The example script on the RubyGems Guides Security page is short and sweet, and left a lot of work for me to do.
require 'digest/sha2' built_gem_path = 'pkg/gemname-version.gem' checksum = Digest::SHA512.new.hexdigest(File.read(built_gem_path)) checksum_path = 'checksum/gemname-version.gem.sha512' File.open(checksum_path, 'w' ) {|f| f.write(checksum) } # add and commit 'checksum_path' It doesn’t create SHA-256 checksums, which are the only ones displayed on the gem’s landing page at RubyGems.org. There is also a rake task (rake build:checksum) which only creates an SHA-256 checksum.
