Thread: [Module::Build] Module::Build installation problem: Interaction with cpan shell and gpg
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
module-build-general
|
From: James K. <jk...@ve...> - 2006-04-30 15:35:37
|
I am repeatedly encountering problems using the 'cpan' shell to install Module::Build on my laptop (iBook G4, Mac OS X 10.3, Perl 5.8.7). I have gnupg installed, and the interaction between cpan, Module::Build and gnupg is the problem. Whether I am installing only Module::Build or installing Module::Build as part of a Bundle::CPAN upgrade, I get a message like this: ##### Removing previously used /Users/jimk/.cpan/build/Module-Build-0.28 gpg: WARNING: unsafe ownership on configuration file `/Users/jimk/.gnupg/gpg.conf' gpg: WARNING: unsafe ownership on configuration file `/Users/jimk/.gnupg/gpg.conf' gpg: Signature made Fri Apr 28 00:14:21 2006 EDT using DSA key ID A6ZK6789 gpg: external program calls are disabled due to unsafe options file permissions gpg: keyserver communications error: general error gpg: Can't check signature: public key not found ==> BAD/TAMPERED signature detected! <== Signature invalid for distribution file. Please investigate. ##### Module::Build subsequently fails to install via 'cpan' -- but I then have no problem manually downloading and installing it from CPAN! But this is a nuisance; I would much prefer that the cpan shell DWIM. I previously raised this question on Perlmonks (http://perlmonks.org/?node_id=543255), but that thread petered out without a clear answer. I searched the archives of this mailing list for "unsafe ownership on configuration file" and "Signature invalid" and "gpg," but didn't come up with anything directly relevant. Further note (in case it's relevant): I have gpg version 1.4.1 and Module::Signature 0.53. I should note that I encounter this problem with some CPAN modules besides Module::Build. So it's not specific to Module::Build, but most CPAN modules install without incident. I don't claim to understand gnupg all that well, so I can't evaluate the error message. Can anyone help? Thanks. Jim Keenan |
|
From: Ken W. <ke...@ma...> - 2006-04-30 20:35:36
|
Hi Jim, I just downloaded M::B 0.28 and checked the validity of the signature, and it looks okay to me. I don't think it's treating me special because I created it either. It sounds to me like the most likely culprit is Module::Signature and your gpg setup. Here's what the permissions on my ~/.gnupg directory look like: % ls -al ~/.gnupg total 176 drwx------ 8 ken ken 272 Apr 5 22:30 ./ drwxr-xr-x 73 ken ken 2482 Apr 30 14:16 ../ -rw------- 1 ken ken 7850 Apr 25 2004 gpg.conf -rw------- 1 ken ken 33556 Apr 5 22:07 pubring.gpg -rw------- 1 ken ken 31730 Apr 5 22:05 pubring.gpg~ -rw------- 1 ken ken 600 Apr 27 23:14 random_seed -rw------- 1 ken ken 1168 Apr 25 2004 secring.gpg -rw------- 1 ken ken 1840 Apr 5 22:07 trustdb.gpg Does that match yours? Note that the directory and every file in it have no permissions for group & other. I'm guessing that the modules you can successfully install via CPAN simply don't have signatures on them. -Ken On Apr 30, 2006, at 10:35 AM, James Keenan wrote: > I am repeatedly encountering problems using the 'cpan' shell to > install Module::Build on my laptop (iBook G4, Mac OS X 10.3, Perl > 5.8.7). I have gnupg installed, and the interaction between cpan, > Module::Build and gnupg is the problem. Whether I am installing > only Module::Build or installing Module::Build as part of a > Bundle::CPAN upgrade, I get a message like this: > > ##### > Removing previously used /Users/jimk/.cpan/build/Module-Build-0.28 > gpg: WARNING: unsafe ownership on configuration file `/Users/ > jimk/.gnupg/gpg.conf' > gpg: WARNING: unsafe ownership on configuration file `/Users/ > jimk/.gnupg/gpg.conf' > gpg: Signature made Fri Apr 28 00:14:21 2006 EDT using DSA key ID > A6ZK6789 > gpg: external program calls are disabled due to unsafe options file > permissions > gpg: keyserver communications error: general error > gpg: Can't check signature: public key not found > ==> BAD/TAMPERED signature detected! <== > > Signature invalid for distribution file. Please investigate. > ##### > > Module::Build subsequently fails to install via 'cpan' -- but I > then have no problem manually downloading and installing it from > CPAN! But this is a nuisance; I would much prefer that the cpan > shell DWIM. > > I previously raised this question on Perlmonks (http:// > perlmonks.org/?node_id=543255), but that thread petered out without > a clear answer. I searched the archives of this mailing list for > "unsafe ownership on configuration file" and "Signature invalid" > and "gpg," but didn't come up with anything directly relevant. > Further note (in case it's relevant): I have gpg version 1.4.1 and > Module::Signature 0.53. > > I should note that I encounter this problem with some CPAN modules > besides Module::Build. So it's not specific to Module::Build, but > most CPAN modules install without incident. I don't claim to > understand gnupg all that well, so I can't evaluate the error > message. Can anyone help? > > Thanks. > Jim Keenan > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Module-build-general mailing list > Mod...@li... > https://lists.sourceforge.net/lists/listinfo/module-build-general |
|
From: James K. <jk...@ve...> - 2006-05-01 03:44:19
|
On Apr 30, 2006, at 4:35 PM, Ken Williams wrote: > Hi Jim, > > I just downloaded M::B 0.28 and checked the validity of the signature, > and it looks okay to me. I don't think it's treating me special > because I created it either. > > It sounds to me like the most likely culprit is Module::Signature and > your gpg setup. Here's what the permissions on my ~/.gnupg directory > look like: > > > % ls -al ~/.gnupg > total 176 > drwx------ 8 ken ken 272 Apr 5 22:30 ./ > drwxr-xr-x 73 ken ken 2482 Apr 30 14:16 ../ > -rw------- 1 ken ken 7850 Apr 25 2004 gpg.conf > -rw------- 1 ken ken 33556 Apr 5 22:07 pubring.gpg > -rw------- 1 ken ken 31730 Apr 5 22:05 pubring.gpg~ > -rw------- 1 ken ken 600 Apr 27 23:14 random_seed > -rw------- 1 ken ken 1168 Apr 25 2004 secring.gpg > -rw------- 1 ken ken 1840 Apr 5 22:07 trustdb.gpg > > Does that match yours? Note that the directory and every file in it > have no permissions for group & other. > > My permissions match yours exactly (though I don't have a random_seed or secring.gpg file in that directory). PathTools is another distro that fails in the same way. I'm beginning to think that the distros that do the right thing -- have a signature -- are the distros on which my cpan shell will fail. jimk |
|
From: Ken W. <ke...@ma...> - 2006-05-01 04:02:22
|
On Apr 30, 2006, at 10:44 PM, James Keenan wrote: > My permissions match yours exactly (though I don't have a > random_seed or secring.gpg file in that directory). Perhaps this URL helps? http://lists.gnupg.org/pipermail/gnupg-users/2005-March/025320.html Try a couple more things - as you (not root) can you go into the Module-Build-0.28 directory and successfully run "cpansign -v"? If so, and if it fails as root, then I recommend downloading the latest CPAN (beta?) that can run all steps except the final 'make/Build install' as a regular user, and run the last step under sudo. -Ken |
|
From: David G. <da...@hy...> - 2006-05-01 12:46:41
|
James Keenan wrote: > My permissions match yours exactly (though I don't have a random_seed or > secring.gpg file in that directory). > > PathTools is another distro that fails in the same way. I'm beginning > to think that the distros that do the right thing -- have a signature -- > are the distros on which my cpan shell will fail. There was something recently on one of the perl* lists I'm on about Module::Signature and newlines. Subversion is bad about automatic newline conversions between platforms. You need to either set the eol-style param or set auto-props in your subversion config files. Here's an example of how to do so for unix and windows: http://www.symfony-project.com/trac/wiki/SymfonyRepositoryTips Given the recent switch to subversion, I figured there's a chance this could be related. You might each try checking (in binmode) a count of the various newline characters in the files that are failing. Regards, David Golden |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X