Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tools and data used to verify gems on rubygems.org
Ruby Shell
Branch: master

Compare checksum counts directly in redis_verify

Moved shas_to_redis_sadd.rb to redis_sha_import.rb since it no longer
uses redis sets.

Used HINCRBY with gem name and SHA checksum to store a checksum count
for a name, checksum pair.

Count number of matching checksums for the S3 checksum directly instead
of indirectly.

This removes 1984 prerelease gems from the
unverified.2_or_fewer_checksums.txt list while adding four:

    bundler-1.2.0.pre.gem 2
    feedzirra-0.2.0.rc1.gem 2
    railties-3.0.0.beta3.gem 2
    rhodes-3.1.0.beta.4.gem 1

All gems in the list are according to the updated command in #1.

Thanks to David Heath for checking my work.

Fixes #1
latest commit 9dda726a31
@drbrain drbrain authored
Failed to load latest commit information.
raggis
README.rdoc
redis_sha_import.rb
redis_verify.rb
remove_yanked.rb
rubygems-sha512.S3.txt Tools and data used for verifying gems on rubygems.org
rubygems-sha512.automated_labs.txt
rubygems-sha512.bluebox.txt
rubygems-sha512.google3rd.txt
rubygems-sha512.google_ghost.txt Tools and data used for verifying gems on rubygems.org
rubygems-sha512.heroku.txt
rubygems-sha512.sj26.txt
rubygems-sha512.stevenhaddox.txt Tools and data used for verifying gems on rubygems.org
rubygems-sha512.swift.txt
rubygems-sha512.tao.txt
rubygems-sha512.terrcin.txt
rubygems-sha512.tokyo.txt
rubygems-sha512.yorickpeterse.txt Tools and data used for verifying gems on rubygems.org
sha_compare.rb
unverified.2_or_fewer_checksums.txt
unverified.txt
yanked.txt
yanked_gems.txt

README.rdoc

Using the SHA512 checksums supplied here, we have verified that all gems match at least one third-party mirror or excluding gems that have been yanked.

Gems that have been yanked are not installable with rubygems or bundler.

Using rubygems_verify.rb 11798 gems were found with 2 or fewer checksums from third-party mirrors or caches, again excluding gems that have been yanked.

These can be found in unverified.2_or_fewer_checksums.txt

All the gems with 2 or fewer checksums are pre-release versions according to:

ruby -ne 'gets =~ /-(.*?)\.gem/; puts $_ unless $1 =~ /[a-zA-Z]' \
  unverified.2_or_fewer_checksums.txt

This finds the gem version and checks it for any alphabet character. If it contains any alphabet character it is a pre-release.

SHA512 checksum lists

rubygems-sha512.S3.txt

Checksums from rubygems.org's S3 repository

rubygems-sha512.automated_labs.txt

Automated Labs mirror checksums

rubygems-sha512.bluebox.txt

Blue Box mirror checksums

rubygems-sha512.google3rd.txt

Google third-party depot checksums

rubygems-sha512.google_ghost.txt

Google “ghost” repository checksums

rubygems-sha512.heroku.txt

Heroku application caches checksums. This is not a mirror so there are some gems from git here.

rubygems-sha512.sj26.txt

The Conversation (theconversation.edu.au/) mirror checksum provided by Samuel Cochran from 17 Nov 2012

rubygems-sha512.stevenhaddox.txt

Steven Haddox's local gems checksums

rubygems-sha512.swift.txt

AT&T mirror checksums from 26 Nov 2012

rubygems-sha512.tao.txt

RubyGems china mirror checksums. Contains some corrupt gems

rubygems-sha512.terrcin.txt

NZ Railscamp mirror checksums provided by Nahum Wild (@terrcin)

rubygems-sha512.tokyo.txt

RubyGems tokyo mirror checksums

rubygems-sha512.yorickpeterse.txt

Yorick Peterse gem checksums

Additional scripts/tools

* Mark was using `puf(1)`, `grep(1)` and similar tools.
* Most of the scripts raggi used can be found in the `raggi/` subdirectory.
Something went wrong with that request. Please try again.