Re: [Module-build-general] signature verification and some bug fixes
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
Re: [Module-build-general] signature verification and some bug fixes
|
From: Ken W. <ke...@ma...> - 2003-06-23 16:22:18
|
I've applied the first one. I'm working kind of slowly at the moment and I'll get to the other two soon. Thanks. -Ken On Friday, June 20, 2003, at 11:46 PM, Dave Rolsky wrote: > The patch below my sig does three things: > > 1. Fix MANIFEST to include INSTALL.txt, not INSTALL > > 2. Make the distsign action depend on distdir unless $self->dist_dir > already exists. Otherwise the sequence of "perl Build.PL", "./Build > distsign" fails, which is almost certainly a bug. > > 3. Adds a verify action which verifies a signature. > > > -dave > > /*======================= > House Absolute Consulting > www.houseabsolute.com > =======================*/ > > ? t/Sample/SIGNATURE > ? t/Sample/Sample-0.01.tar.gz > Index: MANIFEST > =================================================================== > RCS file: /cvsroot/module-build/Module-Build/MANIFEST,v > retrieving revision 1.18 > diff -u -r1.18 MANIFEST > --- MANIFEST 22 May 2003 17:19:04 -0000 1.18 > +++ MANIFEST 21 Jun 2003 04:44:11 -0000 > @@ -1,6 +1,6 @@ > Build.PL > Changes > -INSTALL > +INSTALL.txt > MANIFEST > META.yml > Makefile.PL > Index: lib/Module/Build.pm > =================================================================== > RCS file: /cvsroot/module-build/Module-Build/lib/Module/Build.pm,v > retrieving revision 1.76 > diff -u -r1.76 Build.pm > --- lib/Module/Build.pm 17 Jun 2003 06:19:13 -0000 1.76 > +++ lib/Module/Build.pm 21 Jun 2003 04:44:11 -0000 > @@ -141,8 +141,8 @@ > distclean skipcheck > distdir test > distsign testdb > - disttest versioninstall > - fakeinstall > + disttest verify > + fakeinstall versioninstall > > You can run the 'help' action for a complete list of actions. > > @@ -877,6 +877,10 @@ > > This is a synonym for the 'test' action with the C<debugger=1> > argument. > + > +=item verify > + > +Verifies the signatures found in the distribution's SIGNATURE file. > > =item clean > > Index: lib/Module/Build/Base.pm > =================================================================== > RCS file: /cvsroot/module-build/Module-Build/lib/Module/Build/Base.pm,v > retrieving revision 1.129 > diff -u -r1.129 Base.pm > --- lib/Module/Build/Base.pm 17 Jun 2003 19:19:21 -0000 1.129 > +++ lib/Module/Build/Base.pm 21 Jun 2003 04:44:16 -0000 > @@ -819,6 +819,23 @@ > return [sort @tests]; > } > > +sub ACTION_verify { > + my ($self) = @_; > + > + $self->_load_module_signature('verify') or return; > + > + # We protect the verify with an eval{} to make sure we get back to > + # the right directory after a signature failure. > + > + chdir $self->dist_dir or die "Can't chdir() to " . $self->dist_dir > . ": $!"; > + my $ok = eval {Module::Signature::verify() == > Module::Signature::SIGNATURE_OK()}; > + my @err = $@ ? ($@) : (); > + chdir $self->base_dir or push @err, "Can't chdir() back to " . > $self->base_dir . ": $!"; > + die join "\n", @err if @err; > + > + print "Signature is", ($ok ? "" : " not"), " valid\n"; > +} > + > sub ACTION_testdb { > my ($self) = @_; > local $self->{properties}{debugger} = 1; > @@ -1144,11 +1161,10 @@ > > sub ACTION_distsign { > my ($self) = @_; > - > - unless (eval { require Module::Signature; 1 }) { > - warn "Couldn't load Module::Signature for 'distsign' action:\n > $@\n"; > - return; > - } > + > + $self->_load_module_signature('distsign') or return; > + > + $self->depends_on('distdir') unless -d $self->dist_dir; > > # We protect the signing with an eval{} to make sure we get back to > # the right directory after a signature failure. > @@ -1160,7 +1176,16 @@ > die join "\n", @err if @err; > } > > +sub _load_module_signature { > + my ($self, $action) = @_; > > + unless (eval { require Module::Signature; 1 }) { > + warn "Couldn't load Module::Signature for '$action' action:\n > $@\n"; > + return; > + } > + > + return 1; > +} > > sub ACTION_skipcheck { > my ($self) = @_; |
