class Gem::RemoteFetcher
def sign_s3_url(uri, expiration = nil)
we have our own signing code here to avoid a dependency on the aws-sdk gem
def sign_s3_url(uri, expiration = nil) require 'base64' require 'openssl' unless uri.user && uri.password raise FetchError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/", uri.to_s) end expiration ||= s3_expiration canonical_path = "/#{uri.host}#{uri.path}" payload = "GET\n\n\n#{expiration}\n#{canonical_path}" digest = OpenSSL::HMAC.digest('sha1', uri.password, payload) # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] } URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}") end