Re: [Module::Build] Module::Build installation problem: Interaction with cpan shell and gpg

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Jim,

I just downloaded M::B 0.28 and checked the validity of the  
signature, and it looks okay to me.  I don't think it's treating me  
special because I created it either.

It sounds to me like the most likely culprit is Module::Signature and  
your gpg setup.  Here's what the permissions on my ~/.gnupg directory  
look like:

% ls -al ~/.gnupg
total 176
drwx------    8 ken  ken    272 Apr  5 22:30 ./
drwxr-xr-x   73 ken  ken   2482 Apr 30 14:16 ../
-rw-------    1 ken  ken   7850 Apr 25  2004 gpg.conf
-rw-------    1 ken  ken  33556 Apr  5 22:07 pubring.gpg
-rw-------    1 ken  ken  31730 Apr  5 22:05 pubring.gpg~
-rw-------    1 ken  ken    600 Apr 27 23:14 random_seed
-rw-------    1 ken  ken   1168 Apr 25  2004 secring.gpg
-rw-------    1 ken  ken   1840 Apr  5 22:07 trustdb.gpg

Does that match yours?  Note that the directory and every file in it  
have no permissions for group & other.

I'm guessing that the modules you can successfully install via CPAN  
simply don't have signatures on them.

  -Ken

On Apr 30, 2006, at 10:35 AM, James Keenan wrote:

> I am repeatedly encountering problems using the 'cpan' shell to  
> install Module::Build on my laptop (iBook G4, Mac OS X 10.3, Perl  
> 5.8.7).  I have gnupg installed, and the interaction between cpan,  
> Module::Build and gnupg is the problem.  Whether I am installing  
> only Module::Build or installing Module::Build as part of a  
> Bundle::CPAN upgrade, I get a message like this:
>
> #####
> Removing previously used /Users/jimk/.cpan/build/Module-Build-0.28
> gpg: WARNING: unsafe ownership on configuration file `/Users/ 
> jimk/.gnupg/gpg.conf'
> gpg: WARNING: unsafe ownership on configuration file `/Users/ 
> jimk/.gnupg/gpg.conf'
> gpg: Signature made Fri Apr 28 00:14:21 2006 EDT using DSA key ID  
> A6ZK6789
> gpg: external program calls are disabled due to unsafe options file  
> permissions
> gpg: keyserver communications error: general error
> gpg: Can't check signature: public key not found
> ==> BAD/TAMPERED signature detected! <==
>
> Signature invalid for distribution file. Please investigate.
> #####
>
> Module::Build subsequently fails to install via 'cpan' -- but I  
> then have no problem manually downloading and installing it from  
> CPAN!  But this is a nuisance; I would much prefer that the cpan  
> shell DWIM.
>
> I previously raised this question on Perlmonks (http:// 
> perlmonks.org/?node_id=543255), but that thread petered out without  
> a clear answer.  I searched the archives of this mailing list for  
> "unsafe ownership on configuration file" and "Signature invalid"  
> and "gpg," but didn't come up with anything directly relevant.   
> Further note (in case it's relevant):  I have gpg version 1.4.1 and  
> Module::Signature 0.53.
>
> I should note that I encounter this problem with some CPAN modules  
> besides Module::Build.  So it's not specific to Module::Build, but  
> most CPAN modules install without incident.  I don't claim to  
> understand gnupg all that well, so I can't evaluate the error  
> message.  Can anyone help?
>
> Thanks.
> Jim Keenan
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Module-build-general mailing list
> Mod...@li...
> https://lists.sourceforge.net/lists/listinfo/module-build-general