Tools and data used to verify gems on rubygems.org
Ruby Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
raggis
README.rdoc
redis_sha_import.rb
redis_verify.rb
remove_yanked.rb
rubygems-sha512.S3.txt
rubygems-sha512.automated_labs.txt
rubygems-sha512.bluebox.txt
rubygems-sha512.google3rd.txt
rubygems-sha512.google_ghost.txt
rubygems-sha512.heroku.txt
rubygems-sha512.sj26.txt
rubygems-sha512.stevenhaddox.txt
rubygems-sha512.swift.txt
rubygems-sha512.tao.txt
rubygems-sha512.terrcin.txt
rubygems-sha512.tokyo.txt
rubygems-sha512.yorickpeterse.txt
sha_compare.rb
unverified.2_or_fewer_checksums.txt
unverified.txt
yanked.txt
yanked_gems.txt

README.rdoc

Using the SHA512 checksums supplied here, we have verified that all gems match at least one third-party mirror or excluding gems that have been yanked.

Gems that have been yanked are not installable with rubygems or bundler.

Using rubygems_verify.rb 11798 gems were found with 2 or fewer checksums from third-party mirrors or caches, again excluding gems that have been yanked.

These can be found in unverified.2_or_fewer_checksums.txt

All the gems with 2 or fewer checksums are pre-release versions according to:

ruby -ne 'gets =~ /-(.*?)\.gem/; puts $_ unless $1 =~ /[a-zA-Z]' \
  unverified.2_or_fewer_checksums.txt

This finds the gem version and checks it for any alphabet character. If it contains any alphabet character it is a pre-release.

SHA512 checksum lists

rubygems-sha512.S3.txt

Checksums from rubygems.org's S3 repository

rubygems-sha512.automated_labs.txt

Automated Labs mirror checksums

rubygems-sha512.bluebox.txt

Blue Box mirror checksums

rubygems-sha512.google3rd.txt

Google third-party depot checksums

rubygems-sha512.google_ghost.txt

Google “ghost” repository checksums

rubygems-sha512.heroku.txt

Heroku application caches checksums. This is not a mirror so there are some gems from git here.

rubygems-sha512.sj26.txt

The Conversation (theconversation.edu.au/) mirror checksum provided by Samuel Cochran from 17 Nov 2012

rubygems-sha512.stevenhaddox.txt

Steven Haddox's local gems checksums

rubygems-sha512.swift.txt

AT&T mirror checksums from 26 Nov 2012

rubygems-sha512.tao.txt

RubyGems china mirror checksums. Contains some corrupt gems

rubygems-sha512.terrcin.txt

NZ Railscamp mirror checksums provided by Nahum Wild (@terrcin)

rubygems-sha512.tokyo.txt

RubyGems tokyo mirror checksums

rubygems-sha512.yorickpeterse.txt

Yorick Peterse gem checksums

Additional scripts/tools

* Mark was using `puf(1)`, `grep(1)` and similar tools.
* Most of the scripts raggi used can be found in the `raggi/` subdirectory.