new action release workflow to build, tag, and publish

.github/workflows/ci.yml

@@ -0,0 +1,48 @@
+---
+name: ci
+
+on:
+  pull_request:
+    branches: [ master ]
+  push:
+    branches: [ master ]
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  windows:
+    name: ${{ matrix.os }} ruby ${{ matrix.ruby }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.7, 3.3, head, mingw, mswin, ucrt]
+        os: [windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - run: bundle exec rake compile
+      - run: bundle exec rake test
+
+  unix:
+    name: ${{ matrix.os }} ruby ${{ matrix.ruby }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.7, 3.3, head]
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - run: bundle exec rake compile
+      - run: bundle exec rake test

.github/workflows/release.yml

@@ -0,0 +1,67 @@
+---
+name: release
+run-name: release ${{ github.event.inputs.new_version }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      new_version:
+        description: version to create, tag, and release
+        required: true
+        type: string
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - if: github.ref_name != github.event.repository.default_branch
+        run: |
+          echo "::error::workflow may only be run with the default branch"
+          exit 1
+
+      - uses: rubygems/configure-rubygems-credentials@main
+        with:
+          role-to-assume: ${{ secrets.RUBYGEMS_OIDC_API_ROLE }}
+
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.3
+          bundler-cache: true
+
+      - name: bump version
+        shell: ruby {0}
+        run: |
+          require 'rubygems'
+          spec_file = 'bcrypt_pbkdf.gemspec'
+          new_version = Gem::Version.new('${{ github.event.inputs.new_version }}')
+          GEMSPEC = Gem::Specification::load(spec_file)
+          if new_version <= GEMSPEC.version
+            abort("::error::current version #{GEMSPEC.version.to_s} is the same or later than new version #{new_version.to_s}")
+          end
+          spec = File.read(spec_file).gsub(%r{(^\s*s\.version\s*=).*$}, "\\1 '#{new_version.to_s}'")
+          File.open(spec_file, "w") { |f| f.puts spec }
+
+      - run: bundle exec rake build
+
+      - run: bundle exec rake gem:all
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gems
+          path: pkg/*.gem
+
+      - run: |
+          git config --global user.name "Github Release Automation"
+          git config --global user.email "${{ github.triggering_actor }}@users.noreply.github.com"
+          git commit -a -m "Release ${{ github.events.input.new_version }}"
+          bundle exec rake release
+          bundle exec rake gem:release

.gitignore

@@ -0,0 +1,5 @@
+lib/
+pkg/
+tmp/
+Gemfile.lock
+.bundle/

README.md

@@ -2,21 +2,21 @@
 
 bcrypt_pbkdf is a ruby gem implementing bcrypt_pbkdf from OpenBSD. This is currently used by net-ssh to read password encrypted Ed25519 keys.
 
-[![Build Status](https://travis-ci.org/mfazekas/bcrypt_pbkdf-ruby.png?branch=master)](https://travis-ci.org/mfazekas/bcrypt_pbkdf-ruby)
+[![Build Status](https://github.com/net-ssh/bcrypt_pbkdf-ruby/actions/workflows/ci.yml/badge.svg?branch=master&event=push)](https://github.com/net-ssh/bcrypt_pbkdf-ruby/actions/workflows/ci.yml)
 
-# Acknowledgements
+## Acknowledgements
 
 * The gut of the code is based on OpenBSD's bcrypt_pbkdf.c implementation
 * Some ideas/code were taken adopted bcrypt-ruby: https://github.com/codahale/bcrypt-ruby
 
-# Links:
+## Links
 
-http://www.tedunangst.com/flak/post/bcrypt-pbkdf
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c?rev=1.13&content-type=text/x-cvsweb-markup
+* http://www.tedunangst.com/flak/post/bcrypt-pbkdf
+* http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c?rev=1.13&content-type=text/x-cvsweb-markup
 
-# Building
+## Building
 
-For windows cross build make sure you checked out the gem source under the home directory
+For windows and osx cross build make sure you checked out the gem source under the home directory and have docker installed.
 
 ```sh
 gem install rake-compiler-dock
@@ -26,7 +26,7 @@ gem install rake-compiler-dock
 bundle exec rake compile
 bundle exec rake test
 bundle exec rake clean clobber
-bundle exec rake gem:windows
+bundle exec rake gem:all
 bundle exec rake release
-bundle exec rake gem:windows:release
+bundle exec rake gem:release
 ```

Rakefile

@@ -5,37 +5,19 @@ require 'rake/extensiontask'
 require 'rake/clean'
 require 'rdoc/task'
 require 'benchmark'
+require 'rake_compiler_dock'
 
+CLEAN.add("{ext,lib}/**/*.{o,so}", "pkg")
 
-CLEAN.include(
-  "tmp",
-  "lib/2.0",
-  "lib/2.1",
-  "lib/2.2",
-  "lib/2.3",
-  "lib/2.4",
-  "lib/2.5",
-  "lib/2.6",
-  "lib/2.7",
-  "lib/3.0",
-  "lib/bcrypt_pbkdf_ext.so"
-)
-CLOBBER.include(
-  "doc",
-  "pkg"
-)
-
-task 'gem:windows' do
-  require 'rake_compiler_dock'
-  sh "bundle package"   # Avoid repeated downloads of gems by using gem files from the host.
-  RakeCompilerDock.sh "bundle && rake cross native gem RUBY_CC_VERSION=3.0.0:2.7.0:2.6.0:2.5.0:2.4.0:2.3.0:2.2.2:2.1.6:2.0.0"
-end
-
-task 'gem:windows:release' do
-  version = Gem::Specification::load("bcrypt_pbkdf.gemspec").version
-  sh "gem push pkg/bcrypt_pbkdf-#{version}-x86-mingw32.gem"
-  sh "gem push pkg/bcrypt_pbkdf-#{version}-x64-mingw32.gem"
-end
+cross_rubies = ["3.3.0", "3.2.0", "3.1.0", "3.0.0", "2.7.0"]
+cross_platforms = [
+  "arm64-darwin",
+  "x64-mingw-ucrt",
+  "x64-mingw32",
+  "x86-mingw32",
+  "x86_64-darwin",
+]
+ENV["RUBY_CC_VERSION"] = cross_rubies.join(":")
 
 GEMSPEC = Gem::Specification.load("bcrypt_pbkdf.gemspec")
 
@@ -59,13 +41,53 @@ RDoc::Task.new do |rdoc|
   rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files)
 end
 
-Gem::PackageTask.new(GEMSPEC) do |pkg|
-  pkg.need_zip = true
-  pkg.need_tar = true
-end
-
 Rake::ExtensionTask.new("bcrypt_pbkdf_ext", GEMSPEC) do |ext|
   ext.ext_dir = 'ext/mri'
   ext.cross_compile = true
-  ext.cross_platform = ['x86-mingw32', 'x64-mingw32']
+  ext.cross_platform = cross_platforms
+  ext.cross_config_options << "--enable-cross-build" # so extconf.rb knows we're cross-compiling
+end
+
+namespace "gem" do
+  cross_platforms.each do |platform|
+    desc "build native gem for #{platform}"
+    task platform do
+      RakeCompilerDock.sh(<<~EOF, platform: platform, verbose: true)
+        gem install bundler --no-document &&
+        BUNDLE_IGNORE_CONFIG=1 BUNDLE_PATH=.bundle/#{platform} bundle &&
+        BUNDLE_IGNORE_CONFIG=1 BUNDLE_PATH=.bundle/#{platform} bundle exec rake gem:#{platform}:buildit
+      EOF
+    end
+
+    namespace platform do
+      # this runs in the rake-compiler-dock docker container
+      task "buildit" do
+        # use Task#invoke because the pkg/*gem task is defined at runtime
+        Rake::Task["native:#{platform}"].invoke
+        Rake::Task["pkg/#{GEMSPEC.full_name}-#{Gem::Platform.new(platform)}.gem"].invoke
+      end
+
+      task "release" do
+        sh "gem push pkg/#{GEMSPEC.full_name}-#{Gem::Platform.new(platform)}.gem"
+      end
+    end
+  end
+
+  desc "build native gem for all platforms"
+  task "all" do
+    cross_platforms.each do |platform|
+      Rake::Task["gem:#{platform}"].invoke
+    end
+  end
+
+  desc "release native gem for all platforms"
+  task "release" do
+    cross_platforms.each do |platform|
+      Rake::Task["gem:#{platform}:release"].invoke
+    end
+  end
 end
+
+task "package" => cross_platforms.map { |p| "gem:#{p}" } # "package" task for all the native platforms
+
+Rake::Task["package"].prerequisites.prepend("compile")

bcrypt_pbkdf.gemspec

@@ -10,13 +10,12 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.require_path = 'lib'
 
-  s.add_development_dependency 'rake-compiler', '~> 1.1.0'
-  s.add_development_dependency 'minitest', '>= 5'
-  s.add_development_dependency 'openssl'
-  s.add_development_dependency 'rdoc', '~> 3.12'
-  s.add_development_dependency 'rake-compiler-dock', '~> 1.0.1'
+  s.add_development_dependency 'rake-compiler', '~> 1.2.5'
+  s.add_development_dependency 'minitest', '~> 5'
+  s.add_development_dependency 'openssl', '~> 3'
+  s.add_development_dependency 'rdoc', '~> 6'
+  s.add_development_dependency 'rake-compiler-dock', '~> 1.5.0'
 
-  s.has_rdoc = true
   s.rdoc_options += ['--title', 'bcrypt_pbkdf', '--line-numbers', '--inline-source', '--main', 'README.md']
   s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG.md', *Dir['lib/**/*.rb']]
 

ext/mri/explicit_bzero.c

@@ -15,6 +15,6 @@
 void
 explicit_bzero(void *p, size_t n)
 {
-	bzero(p, n);
+	memset(p, 0, n);
 }
 #endif

ext/mri/includes.h

@@ -4,7 +4,7 @@
 #include <stdint.h>
 #include <sys/types.h>
 #include <stdlib.h>
-#include <strings.h>
+#include <string.h>
 
 #if defined(_WIN32) || (defined(__sun) && defined(__SVR4))
 

test/bcrypt_pnkdf/engine_test.rb

@@ -44,7 +44,7 @@ def bcrypt_pbkdf(password, salt, keylen, rounds)
 
     amt = [amt, remlen].min
     (0...amt).each do |i|
-      dest = i * stride + (count -1)
+      dest = i * stride + (count - 1)
       key[dest] = out[i] if (dest < keylen)
     end