[Module-build-general] signature verification and some bug fixes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The patch below my sig does three things:

1. Fix MANIFEST to include INSTALL.txt, not INSTALL

2. Make the distsign action depend on distdir unless $self->dist_dir
already exists.  Otherwise the sequence of "perl Build.PL", "./Build
distsign" fails, which is almost certainly a bug.

3. Adds a verify action which verifies a signature.


-dave

/*=======================
House Absolute Consulting
www.houseabsolute.com
=======================*/

? t/Sample/SIGNATURE
? t/Sample/Sample-0.01.tar.gz
Index: MANIFEST
===================================================================
RCS file: /cvsroot/module-build/Module-Build/MANIFEST,v
retrieving revision 1.18
diff -u -r1.18 MANIFEST

--- MANIFEST	22 May 2003 17:19:04 -0000	1.18
+++ MANIFEST	21 Jun 2003 04:44:11 -0000
@@ -1,6 +1,6 @@
 Build.PL
 Changes
-INSTALL
+INSTALL.txt
 MANIFEST
 META.yml
 Makefile.PL
Index: lib/Module/Build.pm
===================================================================
RCS file: /cvsroot/module-build/Module-Build/lib/Module/Build.pm,v
retrieving revision 1.76
diff -u -r1.76 Build.pm
--- lib/Module/Build.pm	17 Jun 2003 06:19:13 -0000	1.76
+++ lib/Module/Build.pm	21 Jun 2003 04:44:11 -0000
@@ -141,8 +141,8 @@
   distclean                      skipcheck
   distdir                        test
   distsign                       testdb
-  disttest                       versioninstall
-  fakeinstall
+  disttest                       verify
+  fakeinstall                    versioninstall

 You can run the 'help' action for a complete list of actions.

@@ -877,6 +877,10 @@

 This is a synonym for the 'test' action with the C<debugger=1>
 argument.
+
+=item verify
+
+Verifies the signatures found in the distribution's SIGNATURE file.

 =item clean

Index: lib/Module/Build/Base.pm
===================================================================
RCS file: /cvsroot/module-build/Module-Build/lib/Module/Build/Base.pm,v
retrieving revision 1.129
diff -u -r1.129 Base.pm
--- lib/Module/Build/Base.pm	17 Jun 2003 19:19:21 -0000	1.129
+++ lib/Module/Build/Base.pm	21 Jun 2003 04:44:16 -0000
@@ -819,6 +819,23 @@
   return [sort @tests];
 }

+sub ACTION_verify {
+  my ($self) = @_;
+
+  $self->_load_module_signature('verify') or return;
+
+  # We protect the verify with an eval{} to make sure we get back to
+  # the right directory after a signature failure.
+
+  chdir $self->dist_dir or die "Can't chdir() to " . $self->dist_dir . ": $!";
+  my $ok = eval {Module::Signature::verify() == Module::Signature::SIGNATURE_OK()};
+  my @err = $@ ? ($@) : ();
+  chdir $self->base_dir or push @err, "Can't chdir() back to " . $self->base_dir . ": $!";
+  die join "\n", @err if @err;
+
+  print "Signature is", ($ok ? "" : " not"), " valid\n";
+}
+
 sub ACTION_testdb {
   my ($self) = @_;
   local $self->{properties}{debugger} = 1;
@@ -1144,11 +1161,10 @@

 sub ACTION_distsign {
   my ($self) = @_;
-
-  unless (eval { require Module::Signature; 1 }) {
-    warn "Couldn't load Module::Signature for 'distsign' action:\n $@\n";
-    return;
-  }
+
+  $self->_load_module_signature('distsign') or return;
+
+  $self->depends_on('distdir') unless -d $self->dist_dir;

   # We protect the signing with an eval{} to make sure we get back to
   # the right directory after a signature failure.
@@ -1160,7 +1176,16 @@
   die join "\n", @err if @err;
 }

+sub _load_module_signature {
+  my ($self, $action) = @_;

+  unless (eval { require Module::Signature; 1 }) {
+    warn "Couldn't load Module::Signature for '$action' action:\n $@\n";
+    return;
+  }
+
+  return 1;
+}

 sub ACTION_skipcheck {
   my ($self) = @_;


