[Module-build-general] Figuring out signature stuff
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
[Module-build-general] Figuring out signature stuff
|
From: Ken W. <ke...@ma...> - 2003-05-22 03:09:58
|
Hi people who seem to know about signing modules,
I finally got gpg working, and Module::Signature with it. Now I'm
trying to figure how how Module::Build should organize things. It
seems to me things should happen in this order when building a
distribution:
1) The distdir (e.g. Sample-Module-0.11/ ) is created, including
a META.yml file inside it
2) Module::Signature creates a SIGNATURE file in the distdir, scanning
the contents of the distdir and the MANIFEST inside it
Because it seems like the distribution should be created, then signed.
But it looks to me like the patches submitted to M::B so far create a
SIGNATURE file in the top-level development directory, based on the
MANIFEST and MANIFEST.SKIP file (so it knows what files to skip), and
signs things before the distdir is created.
The problem with this is that developers can override the
ACTION_distdir() method, doing whatever they want. For instance, in
HTML::Mason, the POD documentation gets tweaked before going in the
distdir. So the signatures could be wrong if they're done with the
local versions.
What I'd like to do is to tell Module::Signature what directory to
create the SIGNATURE file in, which would be the distdir in this case.
Autrijus, could this happen? Then I'd switch things around in M::B to
take advantage of it.
-Ken
|
