Merge pull request #4 from chorn/gem_signing

Add gem signing and checksums

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    nameable (1.1.0)
+    nameable (1.1.1)
 
 GEM
   remote: https://rubygems.org/
@@ -61,19 +61,19 @@ GEM
     rb-fsevent (0.9.5)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
-    rspec (3.2.0)
-      rspec-core (~> 3.2.0)
-      rspec-expectations (~> 3.2.0)
-      rspec-mocks (~> 3.2.0)
-    rspec-core (3.2.3)
-      rspec-support (~> 3.2.0)
-    rspec-expectations (3.2.1)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.1)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.2.0)
-    rspec-mocks (3.2.1)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.2.0)
-    rspec-support (3.2.2)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
     shellany (0.0.1)
     simplecov (0.10.0)
       docile (~> 1.1.0)
@@ -92,11 +92,11 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.6, >= 1.6.2)
-  codeclimate-test-reporter (~> 0.4.7)
-  guard (~> 2.12.6)
-  guard-bundler (~> 2.1.0)
-  guard-rspec (~> 4.5.2)
+  bundler (~> 1.6)
+  codeclimate-test-reporter (~> 0.4)
+  guard (~> 2.12)
+  guard-bundler (~> 2.1)
+  guard-rspec (~> 4.5)
   nameable!
-  rake (~> 10.4.2)
-  rspec (~> 3.2.0)
+  rake (~> 10.4)
+  rspec (~> 3.3)

README.md

@@ -29,15 +29,15 @@ puts Nameable('chris horn, iii')
 puts Nameable.parse('chris horn, iii')
 #=> #<Nameable::Latin:0x007f8470e01b08 @first="Chris", @last="Horn", @middle=nil, @prefix=nil, @suffix="III.">
 ```
-Using a database of first names from the U.S. Social Security Administration, Nameable will make a guess at the gender of a name.
+Using a database of first names from the U.S. Social Security Administration, Nameable will pick the most likely gender for a name.
 
 ```ruby
 Nameable::Latin.new('Chris').gender
 #=> :male
 Nameable::Latin.new('Janine').female?
 #=> true
 ```
-Using a database of last names from the U.S. Census, Nameable will return the ethnicity breakdown as a Hash. 
+Using a database of last names from the U.S. Census, Nameable will return the ethnicity breakdown as a Hash.
 ```ruby
 Nameable::Latin.new('Chris', 'Horn').ethnicity
 #=> {:rank=>593, :count=>51380, :percent_white=>86.75, :percent_black=>8.31, :percent_asian_pacific_islander=>0.84, :percent_american_indian_alaska_native=>1.16, :percent_two_or_more_races=>1.46, :percent_hispanic=>1.48}
@@ -51,6 +51,15 @@ I've included a little web service, which should be installed as "nameable_web_s
 
 By inspiration, I should really say "other projects from which I yanked their code, ideas, examples and data." At worst I'll make sure the other projects I looked at and borrowed from are credited here.
 
+# Security
+
+As of version `1.1.1`., the nameable gem is cryptographically signed. To be sure the gem you install hasn’t been tampered with, add my public key as a trusted certificate, and verify that nameable and any dependencies it has are also signed:
+
+```
+gem cert --add <(curl -Ls https://raw.github.com/chorn/nameable/master/certs/chorn.pem)
+gem install nameable -P HighSecurity
+```
+
 # References
 
 * [Open Refine](http://openrefine.org/) formerly [Google Refine](https://code.google.com/p/google-refine/)
@@ -66,6 +75,8 @@ Thus far I've gone long stretches where this project did exactly what I needed i
 
 The first time an instance of Nameable uses the gender method, the database of first names shipped with the gem will be parsed.  The same is true for the last name data which is quite a bit larger.  They aren't huge, and it only happens the first time, which is why I opted to leave the data in the gem, and not split it up into a different thing.  If you hate that more than you hate gems that require extra steps to be useable let me know.
 
+I don't like that the Ethnicity data is just a Hash.
+
 Oh, and github, pull request, workflow, yada yada.
 
 -chorn

Rakefile

@@ -1,2 +1,13 @@
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'
+require 'digest/sha2'
+
+task default: %w[build]
+
+desc "Update checksums for gems in ./pkg"
+task :checksums do
+  Dir.glob('pkg/*.gem').each do |gem|
+    checksum = Digest::SHA512.new.hexdigest(File.read(gem))
+    File.open("#{gem.gsub(/pkg/, 'checksums')}.sha512", 'w' ) {|f| f.write(checksum) }
+  end
+end
 

certs/chorn.pem

@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJvjCCBaagAwIBAgIJAM/4MvGHp6qBMA0GCSqGSIb3DQEBDQUAMDoxHjAcBgkq
+hkiG9w0BCQEWD2Nob3JuQGNob3JuLmNvbTEYMBYGA1UEAwwPY2hvcm5AY2hvcm4u
+Y29tMB4XDTE1MDYxOTExMzIyNVoXDTIwMDYxNzExMzIyNVowOjEeMBwGCSqGSIb3
+DQEJARYPY2hvcm5AY2hvcm4uY29tMRgwFgYDVQQDDA9jaG9ybkBjaG9ybi5jb20w
+ggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAwggQKAoIEAQCrmvCKjihyb0/wGp6xds1M
+PII8KrtYztDRFD5kmJioqBt/8VcjrLqgCPKzafCY/ztLoRq7Zegjeer/QS7mUJGL
+EIG8hMSsA80y1+jCa0TmIbpRic9Y5RQoA0SiKGBqZ1j0rbhP5ZbQXxE6IG9aSxRU
+WTeSiGfcxWOG+as0L1qBrpuS9wXGenwsudLNouCY0ekRhOyQr3g+9U/dJqkb5ucg
+Mj9OyYQFPLnbml4SoTVy7KcbuuzEyPcaf+Zc688if5Bc3yQddnQfmbINhuQuqk/f
+EXOFarN1jZLN04mqjOYa9vR0W+AxEtrYLaTD1+ILoJzFhlO5NCTBMxSVNxlt95sY
+opEabhgZolrUA653mnAvNq7HEnbdH4iSUEHtSD1e0goGhaRmh7NmJPR3jQgj4dox
+L+FlE2MF4SW0lP74438BO29ClenGnPNgYWFuV0rSjmyTIMKkFHYP43VsNGVUv3zh
+JH6uqkXQvjEPWYqC42noEmpga1xxRKUizj90gzFtBXtOYi2AX2/RvpiPI2wabFoC
+s2QByquD0f8oXj60e1MLDXm7i0qImCLzzWyjXqTmM+7pdRBFYOmD4MiOKViZsdfs
+fTfv+bJxjLIyGg1igA0+T3A9Jhfr7nuBlt3u5rsTC6DthXpxReCsn/3fmzKOKE08
+jODSjhS2kVQUux2j1HF1/3ldicqvCttxpzvbooEGhN7TzHzj/nTnovg9wG6zmhUh
+8tmf4KO+4/JesXO2bsF5C/pUBO0w2sfut/vuQkI9vEXLoNENHfrTeRjB+NxjoIUX
+t0LcXqB+KiGvfUbhBUv7qoh/hJdU1zyw0EKh/UEUpddIhMkrS3ULoklaR9fwN8kH
+q+aAghO3djRFzQ5u3twHIeYsb+OR1gx+Wc0PhzSn93VQ5RCzfzPJz9YzFqiKktbl
+In554mvExkppc6H1VBDFehRopuKmuWVthgQZ24CbKjoXfa6hbYYsCDipzXw1O5DO
+8uPnzdPgh+KfCdUk8DNL9lmS0XrhE0aTRbj3JM+vAEjNT2+LjVIXVFj11o/zVMQx
+pedoKT1xYkIkKpKS51vPrjrrtlBwWL8Om6TdEEy7ygNEA1yk4C5uuZSQYgZ06jku
+9EF1vdawhzYF4sKnpO8XDf6xQzwDYRpX3f/Kj9PJNmyXisVqTH2Twdu6u2ZNtqrR
+6AYhUYjlHjtrt2qnAYWJt6ZqxbkXY0oJDPxfdg8WX5py4LjJSh/6cTmxuMHqEhbX
+aGZoH0va6h9KJIHFKmZzSePzPJO+qBp7tp6sqiOOpk8FlmS1UGzyYpQb8TmJiIKS
+0oehp9o4qppe6Lwlhrz883ZGGhkrloHsZGY08l2yURQa7yLJ4dRq/Afvfdf58mFJ
+AgMBAAGjgcYwgcMwHQYDVR0OBBYEFKK4azQaN8q8i/8LxqEf+gl0LAbAMGoGA1Ud
+IwRjMGGAFKK4azQaN8q8i/8LxqEf+gl0LAbAoT6kPDA6MR4wHAYJKoZIhvcNAQkB
+Fg9jaG9ybkBjaG9ybi5jb20xGDAWBgNVBAMMD2Nob3JuQGNob3JuLmNvbYIJAM/4
+MvGHp6qBMBoGA1UdEQQTMBGBD2Nob3JuQGNob3JuLmNvbTAaBgNVHRIEEzARgQ9j
+aG9ybkBjaG9ybi5jb20wDQYJKoZIhvcNAQENBQADggQBAAefdXGzhwlB9qY0MqTl
+TLSI4NlqnJjmlZuL/bk/s49CMXWUvkk8km1DeY2mJLGPSimhJIp0sylJ2DlrsQ4T
+C8gyd9ypjeeTaCs18t1FbwSUBoV5k5ci+ivR9rK7CFJQSLIX0rNlsj5j2JC3HvYG
+MvVZQNfKWqdyXuNgemAUuCOg4Y+fuv2COQyr72pOwAKFWaIzRb9q6tr9Ipr/s4Gb
+3qVe/JRbnZME3qhBr8YyorSH9aoOINZWMtquIs6thqNKXaxnIGij23Yc2ICumyuW
+wf27XD6/YedONg9S7I/ruGWJGy80FvaOj0BTZR5qghmcCvffiArziqEdoM9qBhUw
+1Aw1sxDG/VFSAJRp1f2zvWtXwaDnEDKjIAtjYCFjoTUKcztl0Di7+M5uGw2MKGbI
+M9rjRh6rLZsgjIE+R3ppYwI503xlBiRoyuQFO6P9S2D0toxwvfkO+byPVvz4vxnQ
+e9XfmSQqDIQVNkie1AaXHnNJRVNgi4MDmBKvwmKPWbPEN/4g1noO+ELDknINpoeo
+AV0QU1YyumtpRVhKu3tuiYJifdtyihBVzb8n/4AYLcIXuPhlRgUBqPNSOlC2H2/+
+h9Bu4VYZwOqYKVjJADz2thbAxQEW3e5GitVukOL5ZPJxMqCcRap/R8tlORKNiyQJ
+YfJQ9Go4pvS82cwql9NEt5cyaVU5JWJCRRUlsCwYWv/hGkbjjDafCVa+ITw0sKbq
+DvDiFKtFeZhLYI3VDS5kkrI1SeDoDX16DSCn0ECuMueWvmLkBzz5J4bjpHy+UCEr
+nye3JA2O20TEScLDh/zeJixfHbjTzA+vEC047/Lh7dtRTUemk4K2JXWHFBveB4Se
+rvvasIn7cygUq0MfhtNJd2wGYXMxWyT3LJvISqp+NP65tjna6zkpmZNnOpCEdq8x
+U59ydjqtevg9cZIco0tiTzGrBrcy7xnVWQKt+hbsV702V02Nx7gG4ihLRMIdAjtL
+nnnm3d3shuIrTfRG4YwBiYdJlT0X92geAtQbq5OPrT/27DBV6h3YydBoozkVEaZp
+Bvbz27URCmOw2e4psQctUBuVrTPirjqEwOql/SqqJsMIdWQ6oXLy235iuGzDgx+p
+Fi8s5azIOjbjFnc4OBols94L3oZxyIf+lUXgNBcvQ1wbWBlo+V1hyRWLSvLPLAtr
+3eeuQZ5HTqTSZSaMKfFrH10hG06h7Zla7oYxSn0GJsgu/aI1STGFHenjNeNRyFb4
+Qcofa1uD1LTI/r7EKL1I25n6eiABGw0KNDvow/ZtP9Kmx2QobEsWUbPfvkX1ogdj
+plBjPb1jywhCxKfdcYv+f4er+X1AnUyoYNi7EiifiNys7nmVG4+aFEZyUULPrB2g
+bHE=
+-----END CERTIFICATE-----

checksums/nameable-1.1.0.gem.sha512

@@ -0,0 +1 @@
+294b882dbf36a5eadb5f9ee1e22262d403024e8c1263f22a0af84e9402e9b0236b0e6bb022342ae95e8e384389c64ed22d057f3f8c1e077ff313cf4f93ec5f23

checksums/nameable-1.1.1.gem.sha512

@@ -0,0 +1 @@
+3da59e4a80b73488ec9745fcb9ca31b08db3e603df7b1ac0c572c4740f29b703563e47b3fff879a9e1cd5f103fcbf2883c8cfa146193924e0d351c7fe719ce38

lib/nameable/version.rb

@@ -1,3 +1,3 @@
 module Nameable
-  VERSION = "1.1.0"
+  VERSION = "1.1.1"
 end

nameable.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Chris Horn']
   spec.email         = ['chorn@chorn.com']
   spec.summary       = 'Parse names into components.'
-  spec.description   = 'A library that provides parsing and output of person names.'
+  spec.description   = 'A library that provides parsing and output of person names, as well as Gender & Ethnicity matching.'
   spec.homepage      = 'https://github.com/chorn/nameable'
   spec.license       = 'MIT'
 
@@ -18,11 +18,17 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency 'bundler', '~> 1.6', '>= 1.6.2'
+  signing_key = File.expand_path("~/.certs/chorn@chorn.com-rubygems.key")
+  if File.file?(signing_key)
+    spec.signing_key = signing_key
+    spec.cert_chain = ['certs/chorn.pem']
+  end
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 0.4'
-  spec.add_development_dependency 'guard', '~> 2.12', '>= 2.12.6'
+  spec.add_development_dependency 'guard', '~> 2.12'
   spec.add_development_dependency 'guard-bundler', '~> 2.1'
   spec.add_development_dependency 'guard-rspec', '~> 4.5'
   spec.add_development_dependency 'rake', '~> 10.4'
-  spec.add_development_dependency 'rspec', '~> 3.2'
+  spec.add_development_dependency 'rspec', '~> 3.3'
 end