import: Detect signed Gems and make them build as unsigned Gems

1 files changed, 17 insertions, 0 deletions

diff --git a/import/rubygems.to_chunk b/import/rubygems.to_chunk
index 5f2a3c86..39dba14f 100755
--- a/import/rubygems.to_chunk
+++ b/import/rubygems.to_chunk
@@ -125,6 +125,10 @@ class RubyGemChunkMorphologyGenerator
     spec.full_name
   end
 
+  def is_signed_gem(spec)
+    spec.signing_key != nil
+  end
+
   def generate_chunk_morph_for_gem(spec)
     description = 'Automatically generated by rubygems.to_chunk'
 
@@ -172,6 +176,18 @@ class RubyGemChunkMorphologyGenerator
     # installed. We must have the Gem metadata available, and `gem build; gem
     # install` seems the easiest way to achieve that.
 
+    configure_commands = []
+
+    if is_signed_gem(spec)
+      # This is a best-guess hack for allowing unsigned builds of Gems that are
+      # normally built signed. There's no value in building signed Gems when we
+      # control the build and deployment environment, and we obviously can't
+      # provide the private key of the Gem's maintainer.
+      configure_commands <<
+        "sed -e '/cert_chain\\w+=/d' -e '/signing_key\\w+=/d' -i " +
+        "#{spec.name}.gemspec"
+    end
+
     build_commands = [
       "gem build #{spec.name}.gemspec",
     ]
@@ -188,6 +204,7 @@ class RubyGemChunkMorphologyGenerator
       'description' => description,
       'build-system' => 'manual',
       'products' => split_rules,
+      'configure-commands' => configure_commands,
       'build-commands' => build_commands,
       'install-commands' => install_commands,
     }