view release on metacpan or search on metacpan
ANDK2020.pub view on Meta::CPAN
mQGiBDx+A1YRBADEsflgt39/oYoLumUOxOI2KKEte7SKfNc0SaI8Awpx8uxw4UR7
dxJN56mwvMk3GeJw0vn7gEbVzcm5W0AsBdUrHrYFEfngxrkEN0fBzaByQ9U4nOj7
EsoII9q8LllWphLfFYmewzrat/e0YDQA2WneiICUeIjBohX3+4yJjho5xwCg/zRU
c/J+hJwuYyrNheC9+4gYGrkEALVWaB1CYqpaK5eUb911k+DjeOZQvqd+Mh7IiHDP
RYPd23ct8NFQeav8HdEA+zJRVqWISh4tl64aNbHHR3RpnFJwwjgnfa5HRXZRVjQL
UlQ/N5XV96TGywb58ZqYGouln7NZh+couss+5oWfI/vZDtx8Fo0vP1BqVn3amGoS
26J4A/wPXkV8DoiowGXv2bJztrzRjNDKNJ5E/9aOw0x9jad7s/VelwDUs11m5tRN
o4ExojPqn7OVBdvys6X23+tn2W23C2wDDkWwHivX0mtiFe4vUiwNpCc+v7/Y4tVi
Gi+DSuFMuVo0kcQCR5pd9MeeVi+fE5IED+U9geYLHWEHAq21QrQ8QW5kcmVhcyBK
LiBLb2VuaWcgPGFuZHJlYXMua29lbmlnLmdtd29qcHJ3QGZyYW56LmFrLm1pbmQu
ZGU+iGQEExECACQCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AFAkWZG+IFCQ3MHwwA
CgkQ7IA58KMXwV3TewCggnu5SLrOcp5goarr44bfLi7EH+cAoMWy1kKltU+dEsfl
ACYkWRLnKmD9iGQEExECACQFAkHhSoMCGwMFCQlnmQgGCwkIBwMCAxUCAwMWAgEC
HgECF4AACgkQ7IA58KMXwV3mFwCg6TM39gmLwBoaypkAHzMDrXYPwj4AoOE1jx6p
0xICUSYmfvoIwxV2x7j+iEYEEBECAAYFAkZLtdQACgkQi9gubzC5S1yMlQCeMh6T
nqDx6MFrhI6SzNVIwZVB6dcAoJJIe54AGHWH3ntSCfAr+3Z3n85oiJwEEAECAAYF
AkbwHHEACgkQLujFtvljWgVoLwQAztFvaN9eu0GmNTQy2hjZne2aH4GdzrkwUM7s
RIPiobJ4pv9xCXxthbK9eVGBj7xqkM08VcYXDV0hih9dkpeOS23Dlhs4/WjEiYGV
XCee62PWtYRYz3prtwG7CZVm7VzZ1Q9UQWEF/CbCb03dCGnZUCMWYwh73HOXSqNk
D9A3tsOIRgQQEQIABgUCRvLejQAKCRBCo09Ey+wGeCAnAKDujla6s2dXex1YivUa
H+W7HvRaqQCgq5GEqGrU8VwNB1jMTz4zGhlcX/SIewQTEQIAOwIbAwYLCQgHAwID
FQIDAxYCAQIeAQIXgBYhBFCg7SaKopW9LKBBHuyAOfCjF8FdBQJey1QCBQkmQH8s
AAoJEOyAOfCjF8FdcNAAoPVuJQo1owalfun4PivPxDyuYwnqAJwL7sDcF48OaEMr
Uc6p0YL5pL0r3YhGBBARAgAGBQJKz16VAAoJEA5ia60SmMK0GG0AnRQoAf5LM3JA
aoGC+S4mIRtCxV0XAJ91gdEP7u/UboLsp69qSHQVC3z5bYhkBBMRAgAkAhsDBgsJ
CAcDAgMVAgMDFgIBAh4BAheABQJKTDGxBQkTccixAAoJEOyAOfCjF8FdAfEAn11W
3prC3Tm5EzccRl4TJj+J8mB9AJ9H63eOana039luC9ycHk3kvCQirohkBBMRAgAk
AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheABQJQNToKBQkZWtEKAAoJEOyAOfCjF8Fd
oPYAmwe2TiMAoSp6M2sKRy0aTXLn5G4HAJ4mLDJ+yFd1Q80AYfsR6xhNThPjhrQ8
QW5kcmVhcyBKLiBLb2VuaWcgPGFuZHJlYXMua29lbmlnLjdvczZWVnFSQGZyYW56
LmFrLm1pbmQuZGU+iGYEExECACYFAkWZHGMCGwMFCQ3MHwwGCwkIBwMCBBUCCAME
FgIDAQIeAQIXgAAKCRDsgDnwoxfBXUfUAKChCYN5q01mDXuqFqihTzmjmwK/5QCg
9ocCaK+PTJtk2PM0Y77SH3X0DgWIRgQQEQIABgUCRku11AAKCRCL2C5vMLlLXNCp
AKCvNfxGkxY8GnUMqk9+LpyKiDphDACfZcLspGhQcSRwH0q0MFKxkykmsnWIRgQQ
EQIABgUCRvLeigAKCRBCo09Ey+wGeB4EAJ4m/p33MOsKwE0nWxkvgSKXFAuZqwCd
HU8VZfF7EJND9FhQLZyEx2fFtEqIfQQTEQIAPQIbAwYLCQgHAwIEFQIIAwQWAgMB
Ah4BAheAFiEEUKDtJoqilb0soEEe7IA58KMXwV0FAl7LVAoFCSZAfywACgkQ7IA5
8KMXwV2reACeNKAYQJJ65ars6Q2BWkW/814v9D4AnjY52aecdGjJ7hjDRycOHMRr
mhyqiEYEEBECAAYFAkrPXpUACgkQDmJrrRKYwrSWAACfSG8rNgISL5VnUbMxJKd8
roFysEoAnRQPFLWzppRb4XFtuyawz0944fRNiGYEExECACYCGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAUCSkwxqwUJE3HIsQAKCRDsgDnwoxfBXXgKAKCc7VZRCFnc
cRHHd2y8layRYNzjqgCfT2zczvF/sncNgp3bu7Yn6nkPFxeIZgQTEQIAJgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheABQJQNTolBQkZWtEKAAoJEOyAOfCjF8FdHJoA
oN+6jFrk+xLNIKu7uRwi+8fjyBeBAJ9SqfFH+AdiTxDCKtpiUhkXbhzj1bQrQW5k
cmVhcyBKLiBLb2VuaWcgPGFuZHJlYXMua29lbmlnQGFuaW1hLmRlPohiBBMRAgAi
AhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUCRZkb8QUJDcwfDAAKCRDsgDnwoxfBXXxu
AJ97ETTkVTuBLj7mOI7hZPABKqSP0ACdG6XVz+rJwaHHXjrDFFvcaqZCfDiITAQS
EQIADAUCPySDIwWDAwpGUgAKCRC0s903PDUBoAv4AJ4+5sTSi+heHZtA4Rdz97mN
K38ELgCfddzmCUi6vqXebB2QkhfbOWV0YxGIXQQTEQIAHQUCPH4DVgUJAeEzgAUL
BwoDBAMVAwIDFgIBAheAAAoJEOyAOfCjF8Fd3bAAoNc/scw/LhU5hAUwHJ9lfEt1
NgBwAKCzE4InDS0c3KtYpQwY10gq+5yeuYhiBBMRAgAiBQI+bGJ1AhsDBQkFsMYf
BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDsgDnwoxfBXY+ZAJ9K6w/cr13vgyy0vMg1
swsx3iENFQCeO6QGLsATl8EjVtcvol5gJqGAB1eIYgQTEQIAIgIbAwQLBwMCAxUC
AwMWAgECHgECF4AFAkHhSl4FCQlnmQgACgkQ7IA58KMXwV1oUQCg8j3oQk4aOgQf
uGMXQ1lHb5M8hWYAn3x+3vOQCAw+yHJCuJ+HvnwxT7QwiEYEEBECAAYFAkZLtdQA
AUDREYT2018.pub view on Meta::CPAN
OGGJILRgVIMSpiNs+SJ8y1ns8eyzPWjlckqgjnUMECL/B05FrbQlQXVkcmV5IFRh
bmcgKENQQU4pIDxjcGFuQGF1ZHJleXQub3JnPohgBBMRAgAgBQJEUETMAhsDBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQtLPdNzw1AaDMegCfbFn0Q5yHOO/BK5sf
ui+qPo3cIikAoL349ljwdZIAbMBtn/r4pXn8wSV4iEYEEBECAAYFAkfOGhUACgkQ
i9gubzC5S1wAOACcCYu4G6gIVTXQ2YPOXS5qYRfRWv8An0jru7m38/1G+pHbi67G
hSWv6tNviEYEEhECAAYFAkbfA5AACgkQOV9mt2VyAVE9uQCcDn3zhUXvhjW2uBRP
3CitB4VjfFsAnRaFV8XPkuwiM387tB1x3eb8cxUItC5BdWRyZXkgVGFuZyAoYXV0
cmlqdXMpIDxhdXRyaWp1c0BhdXRyaWp1cy5vcmc+iGAEExECACAFAkOX62cCGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRC0s903PDUBoJMuAKCri2KiRc6QzxTP
7He9BM/fXEv62gCgpl5Zqm6YRGb5VRp4bplfAKAz3120K0F1ZHJleSBUYW5nIChh
dXRyaWp1cykgPGF1dHJpanVzQGdtYWlsLmNvbT6IYAQTEQIAIAUCQ5frjQIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJELSz3Tc8NQGgn6oAoLFnS0iu0vXww7qd
UFwVjjzEAGsWAJkBebabedFOwnEMldtleqBDe3nDtNHWbdZrARAAAQEAAAAAAAAA
AAAAAAD/2P/gABBKRklGAAEBAQBIAEgAAP/hADRFeGlmAABNTQAqAAAACAACARIA
AwAAAAEAAQAAh2kABAAAAAEAAAAmAAAAAAAAAAAAAP/tABxQaG90b3Nob3AgMy4w
ADhCSU0EBAAAAAAAAP/iDfhJQ0NfUFJPRklMRQABAQAADehhcHBsAgAAAG1udHJS
R0IgWFlaIAfVAAsACgAAADkAKGFjc3BBUFBMAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAD21gABAAAAANMtYXBwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAADnJYWVoAAAEsAAAAFGdYWVoAAAFAAAAAFGJYWVoA
AAFUAAAAFHd0cHQAAAFoAAAAFGNoYWQAAAF8AAAALHJUUkMAAAGoAAAADmdUUkMA
AAG4AAAADmJUUkMAAAHIAAAADnZjZ3QAAAHYAAADEm5kaW4AAATsAAAGPmRlc2MA
AUDREYT2018.pub view on Meta::CPAN
i6yvVLtQ1gkYwchmd5yPzA0detxD/6rRhgQyo25iZEktMU0mfjJmyR6MJvi0QeLT
2XhfrgPbwPrYhwOUSdnrjj6Xzn6v+o0lzdsR//xnYvDpwwoFbnZ2EAgErs9joNcF
WfkfDwOFbc6AncXJr5abBo5EB1yVWHizzpb4XBbZ1t5ISRGVzND4ICHLQQYiDeru
gwADBgf+MJmm3rNb32lYLdGKFkg1Sk1qqb7OCJYAGniwaJei+Xqf3/vWVXzbGzaV
eQ0tmwFuOlzyz3xE+VFbPCEG3MPWpHMaB49S9W2IGS2zPQkZsDO8TYdEiIPHpWsU
6h6iniPHxVeR9x1ymbYmrw2H8Tn0qzyyPDZRUP3k8a9nQpKhJKXgoWazpx3BTfrJ
fakKf03jloQO4rVHukrdvf2waPz4OyJ6QgpJVJ41WzFb7oqxc9VR56OKluQJcf7D
q+5OyCawY9Te4nJ8vKrdWtKXponvTKpSJ9pTF6Mte//c/a8/Cv0tDPcg/hCmne4h
ryKm0jWeGY10Gr7eStKZpfo7IGj84IhMBBgRAgAMBQI9qANoBQkKDQvqAAoJELSz
3Tc8NQGgLLwAoIfC4xc2NnEyfM4HQORkvnz3JcMnAJ9lf3JKyLVj7qtydScmeehu
hc3egbkBDQQ60nXzEAQApM3Kq25W1ngyEPxDkCGPg6vejRK4+0DJexssfYKdqj8k
aQYE640K0qTdZxu1BxlQwtWl/2CUfhgrNYXFf4yG9hCGfYqGnwgimea7gGRgSCIB
dhODpVsQXkv5HVN2cgSSYCiwIwp4dalaxHMXiyq5HUlT0ML3xnQ6u6tdEeADWKMA
AwYD/iTxRElyW1ivC000cgKxFlhL0jiP21Gug+hh+nte9sQLKsDhSsIbykH3mzCk
On/xqdF7YppvpgszzlHw7rVvm2bRSGdTVtrps0t0AHdWwCyP0GT5yPFZctpfAjRf
OBe91k+pNcEHYKXUPxm29ofo8QQnm7K/4h0MSlIqIpNbbjcziEsEGBECAAwFAjrS
dfMFCQHhM4AACgkQtLPdNzw1AaB0nACaA6UIYcaUN+BwsS6/mgjOAZc8/gIAmLr4
ptoEOqXkcKmcSyuZ3L7eCjK5BA0EVD1loxAQAK1mN8TNmMd5LKk5vugiKRrazH8/
kQGohXFp775abI1aEWHRd20iM/VqpyTTHkcb0FkTWG4b3rRle8b72bArLqD/7Ktm
xS/fOlOpJnPxJMlGTBpmddgvXr6aaxPIn571pHNPf/9kMUVxt+mQXxiBBXqw/38g
9Hbyhb62Wr2C0YQ7SvC9xi59pV92yTpF8vkQIUWBSl68DoLmNzktaepVobmgwx3n
AUDREYT2018.pub view on Meta::CPAN
GnrDpfwKDz6UfOCVzbtZ6XeF2VHyh8yxU/ESX3Qew51aapTfgW9m4dibtuHNKOZC
EH6oLBaVMVMW6n37jYBug8nkvsAfHFBl3TOnZOkyn5fHuhfcn7FiUl9YBC88aAaB
hONq+eeHQXMTaGVMx4pVhChbtqu8WsOFK/3MfY8yLIXUkT/tjm9iGtpTwVWHd1f9
AabFTG7FGqN4qzWhB1exz9LtACmDqacCgsdkDaIeHxbsMZ11p/PYG92YK9+IQijV
2ke3uRLDQ19rdowRMx+uA6qkGCll2F80ilyN1nX/aY/sOalc+42ItNOHHnZWTf+1
3UQiSbP1SYOlfQHtaLA1cAabuvVzDjTt54Fm6i9kddvuqwlpCvMllByUWoP4eywx
UlsHCjmAw/IXw4O4bf6j5InJ1fsd2hou9zOQTxW0OQUu7dBssFmVBJmSkatWwdn7
X96UIRWPdV1efnC+q8AAWZhNq4Lp7VadKvKj+cxh7H703nemHqcLYw172XUMmkTo
MguIXQQTEQIAHRYhBGayt47Rt3ZBSGHVkrSz3Tc8NQGgBQJai9yKAAoJELSz3Tc8
NQGgF/EAoLbmytuSS9kIyuujfi4rK4Jw9oOoAJ9KK6TXIv1I7z69qbTrc24VKxCv
X7QhQXVkcmV5IFRhbmcgPGF1ZHJleXRAYXVkcmV5dC5vcmc+iQIwBBMBCgAaBAsJ
CAcCFQoCFgECGQAFglqLiaYCngECmwEACgkQRmboANio4tnBpQ/+LW0pKLZqXTlK
th9FLfj4MPEugcz/NM3hxdD4+XTUseLNsNP9LF3E+6D/Y5Ejuc9m6y5Mxk1i0m5h
5ffc3ox5WDG4ATFyjsAmfGSr5AXDmfkYzE/8/sYvOnLFcJrctc7wFpc5ipVIRn1W
5qVqwV7QDpBbG5FfsXtQexloltRR/z+x9vtZbluuw2/k0Tmq7LzmbhONPjqSshYR
SYGyMKUf8oty9FvnsvDNI54DWXZ4zTEGfE+fREc3Vs9jUylnqxIZ+yVUbLq5kUPE
/BvGLPJF8U2aL+JBpGAeiZGLWROicB0RHe7cJ8Bm/viA+8u3QrOCGyE6iK2VCUok
zkJAeio+gfTfQPJgwH6HtGre+cyFtIlops+Rxs6C3QVoEcE75yHjj7uO6bLRYU0r
kqSw/a5MIWg4LIIZllIO5pmpakgj6Y7W7EW/dXiBxtSomB56gdiDzpugD6NSJfQC
N/tCK2KQYh32DhIFGIl5FnZHcNDIB9UpL0RalxtqY1cm+R1zhrYqYCFp+xKsBGVa
VRijSvEFZ8/ZIddMajd3gvS8wngXEIFcoRr44jpsk2hvlnNKof9958E8psJev1Ap
gJvX82MXjFraIFRoflxj1E1QGa7PWW2nGkwhQsErsD0pdqrwzZB3Tfr5FnOJqWvM
0Jp1q9UrBHKVRISskXQIl07P4u2270GIXQQQEQIAHRYhBGayt47Rt3ZBSGHVkrSz
3Tc8NQGgBQJai+Z5AAoJELSz3Tc8NQGg0mMAoIBj4NQoSRzgxmRa3xDdn3COEM1o
AJ9xV2ajU0QuBWbdjnwA0h1dJJOgarQjQXVkcmV5IFRhbmcgPGF1ZHJleXQub3Jn
QGdtYWlsLmNvbT6JAjAEEwEKABoECwkIBwIVCgIWAQIZAAWCWouJpgKeAQKbAQAK
CRBGZugA2Kji2Y43D/wJN2+ncPkG5wyG8oVHeBsXja3Njr6i6tGg1g2TeNzYxgnm
tGwXv3pgVuoJ0GT2yl41KxD0gtE3sYUgcIWnR2aIPfYEpEWhjOFhEKvKPEryQNHL
cGQH+mZ+R6CK7AwwoxtSpNx7r2SBhcuUnw+moIwN277gCxt8ee7CKkx0Y+tvd5V8
mnfd5ea8h5NAw7Sm3TL6b+lYGBf4mIY6tjLTFHK0OqTyMHojoC0P3TW2BlB3W/kw
tckwDMVdLSXZaUQp+AILUP0XR5YJCRx/N8kV7PNaDb5auzGV/6ik7VQf6d5WDmdg
2C7+MZhfSpsY5OyrJEJ4z5/20M+XbfS6AYug9hK+LHxAN9SrxszlLXVx8oW12Ax1
vmH+nEqrvuITrCtRuU8h/A08azLBs//K4WpY9vkz8y6vgLUj6XgrcosPUgRTJQDe
fK7q4hwq5h6d616p5vQdjQcKKGDX5xv6C8RFLdg5jRSeXr4xRgemqhCodPUQmWav
HiO0q9vSZvzjsAQTX0c0W+aT3IiiIp6tJBt6VUXui4jzMyicLmjO4VJ1nrR8FKJr
* Update ChangeLog.
* More protection of @INC from relative paths.
Fix various issues reported by John Lightsey:
[Changes for 0.74 - Tue Apr 7 02:39:14 CST 2015]
Fix various issues reported by John Lightsey:
* Fix GPG signature parsing logic.
* MANIFEST.SKIP is no longer consulted unless --skip is given.
* Properly use open() modes to avoid injection attacks.
[Changes for 0.73 - Wed Jun 5 23:44:57 CST 2013]
* Properly redo the previous fix using File::Spec->file_name_is_absolute.
[Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
[Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
* Constrain the user-specified digest name to /^\w+\d+$/.
* Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)
[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist.
This avoids unnecessary warnings during installation
when gpg executable is not installed.
Contributed by: Kenichi Ishigaki
[Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
* Support for gpg under these alternate names:
gpg gpg2 gnupg gnupg2
Contributed by: Michael Schwern
[Changes for 0.68 - Fri, 13 May 2011 11:51:50 +0200]
* Fix breakage introduced by 0.67 (Andreas König).
[Changes for 0.67 - Sun, 17 Apr 2011 16:29:23 +0200]
* Better handling of \r (Andreas König, Zefram) (Closes RT#46339).
[Changes for 0.50 - 2005-08-21]
* Add support for to SHA-256, requested by Mark Shelor in light
of the recent SHA1 attacks. SHA1 is still the default, but
you can now override this by settings MODULE_SIGNATURE_CIPHER
environment variable to SHA256.
[Changes for 0.45 - 2005-08-09]
* Andreas Koenig ported out that "Import GPG keys?" was asked
far too many times during autoinstall.
[Changes for 0.44 - 2004-12-16]
* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
early Win32 hacks. Reported by Steve Hay via Michael Schwern.
[Changes for 0.43 - 2004-12-16]
* Updated t/0-signature.t to be more friendly with Test::More;
* Documented how to generate SIGNATURE files as part of "make dist",
for Module::Install, ExtUtils::MakeMaker and Module::Build users .
[Changes for 0.41 - 2004-07-04]
* Mark Shelor points out that support for Digest::SHA was broken.
[Changes for 0.40 - 2004-07-01]
* Dave Rolsky points out that GPG version detection always
returns '1'. (bug #6810)
[Changes for 0.39 - 2004-06-17]
* Supports Digest::SHA (now preferred) and Digest::SHA1::PurePerl,
in addition to the original Digest::SHA1 backend.
* We now asks before importing the default keys,
also suggested by Tels.
* Don't ask user to install Crypt::OpenPGP if she does not have a
C compiler anyway.
* ExtUtils::Manifest 1.38 does not support good enough skips even
for Makefile.PL, sigh.
[Changes for 0.33 - 2003-08-12]
* William Wentworth-Sheilds points out that META.yml is dynamic,
which makes SIGNATURE incorrect for people without either "diff"
or "gpg". Fixed.
[Changes for 0.32 - 2003-08-11]
* Take Schwern's patch to only set _maniskip for legacy EU::Manifest.
* Remove ::TieOut since we are not using it anymore.
* Reduce noise for untrusted signatures to two lines.
[Changes for 0.31 - 2003-08-10]
* Ken Williams noted that M::B now works on 5.005.
[Changes for 0.22 - 2003-05-15]
* Move Signature.pm to lib/Module/Signature.pm.
* Switch to the Module::Install framework.
* Updates TODO to reflect correspondence with andk.
* Matt Southall mentioned that, if somebody has never run gpg before,
we need to initialize it once before running test.
* Warn about potential 'Makefile' exploit as pointed out by Tels.
Document pending.
* Bugfix for incorrect 'MALFORMED' response to signatures made from
older versions of GnuPG, as reported by Tels.
[Changes for 0.18 - 2002-11-04]
Makefile.PL view on Meta::CPAN
if ( can_cc() ) {
$requires{'Digest::SHA'} = 0;
} else {
$requires{'Digest::SHA::PurePerl'} = 0;
}
}
# Is openpgp currently installed
if ( can_use ('Crypt::OpenPGP') ) {
# Crypt::OpenPGP installed/available, continue on...
} elsif ( my $gpg = locate_gpg() ) {
# We SHOULD have gpg, double-check formally
requires_external_bin ($gpg);
} elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) {
# Dive headlong into a full Crypt::OpenPGP install.
$requires{'Crypt::OpenPGP'} = 0;
} else {
# Ask the user what to do
ask_user();
}
unless ( can_run('diff') ) {
# We know Text::Diff fails on Cygwin (for now)
if ( $^O ne 'Cygwin' ) {
$requires{'Algorithm::Diff'} = 0;
$requires{'Text::Diff'} = 0;
}
}
#####################################################################
# Support Functions
sub locate_gpg {
print "Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...\n";
my ($gpg, $gpg_path);
for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
$gpg_path = can_run($gpg_bin);
next unless $gpg_path;
next unless `$gpg_bin --version` =~ /GnuPG/;
next unless defined `$gpg_bin --list-public-keys`;
$gpg = $gpg_bin;
last;
}
unless ( $gpg ) {
print "gpg not found.\n";
return;
}
print "GnuPG found ($gpg_path).\n";
return 1 if grep { /^--installdeps/} @ARGV;
if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) {
print 'Importing... ';
system $gpg, '--quiet', '--import', qw[ AUDREYT2018.pub ANDK2020.pub PAUSE2022.pub NIKLASHOLM2018.pub TIMLEGGE2024.pub ];
print "done.\n";
}
return $gpg;
}
sub ask_user {
# Defined the prompt messages
my $message1 = <<'END_MESSAGE';
Could not auto-detect a signature utility on your system.
What do you want me to do?
Makefile.PL view on Meta::CPAN
END_MESSAGE
my $choice;
foreach ( 1 .. 3 ) {
$choice = prompt("Your choice:", 3) || 3;
last if $choice =~ /^[123]$/;
print "Sorry, I cannot understand '$choice'.\n"
}
if ( $choice == 1 ) {
# They claim to have installed gpg
requires_external_bin ('gpg');
} elsif ( $choice == 2 and $option3 == 3 ) {
# They want to install Crypt::OpenPGP
$requires{'Crypt::OpenPGP'} = 0;
} else {
# Forget about it...
print "Module::Signature is not wanted on this host.\n";
exit(0);
}
}
PAUSE2022.pub view on Meta::CPAN
gpg --export --armor 450F89EC
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBD4+cJARBACxOByY0SJBBuJoFrH2hoqRFny423gY6V3jq1uTgGY/PPaxP+Sq
r3RzxPct4vJcsoo48pwBsMHLrWfORq26zb6eKgmMq/CQo2gzaRbeRxCi3ke4KBmu
aREi6RjaZSU94yABtDmspUBrpYV8zfZMv5ZIQlg9W1Tu66BFOUrrNeDpKwCgosCp
9dtNAMhHkzxs8UJH5i3Uzb0D/0VLoAE8sOfUXqjc38rxiHuGBFSNC70Ih4mzGUCJ
MGT4z1X3K6uUawnXMoc8XqPaYnEgOzztMymydtr+urjUwcGnuXDSpV6nulE5irxh
zlikSTJy/42QzTMcrdRynffmJo9PRgymMI8GgWaYG5g3zzGAhi5BA6G8JKfC93IV
xiRPBACXJpLBYQljqJY9UDNJuq8nHhKiWHBXdZzrC3LM0FSF3PKuP/ugc+KBIKXm
clNPNFKla/SRbH6dMHsGIy8wnGPI5AtTS0roNQrttv3/ghRT7+OKXrGmBxZ/KHVr
lib/Module/Signature.pm view on Meta::CPAN
my $sock = IO::Socket::INET->new(
Timeout => $Timeout,
PeerAddr => "$KeyServer:$KeyServerPort",
);
$CanKeyRetrieve = ($sock ? 1 : 0);
$sock->shutdown(2) if $sock;
}
$AutoKeyRetrieve = $CanKeyRetrieve;
}
if (my $version = _has_gpg()) {
return _verify_gpg($sigtext, $plaintext, $version);
}
elsif (eval {require Crypt::OpenPGP; 1}) {
return _verify_crypt_openpgp($sigtext, $plaintext);
}
else {
warn "Cannot use GnuPG or Crypt::OpenPGP, please install either one first!\n";
return _compare($sigtext, $plaintext, CANNOT_VERIFY);
}
}
sub _has_gpg {
my $gpg = _which_gpg() or return;
`$gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return;
return $1;
}
sub _fullcheck {
my $skip = shift;
my @extra;
local $^W;
local $ExtUtils::Manifest::Quiet = 1;
lib/Module/Signature.pm view on Meta::CPAN
sub _default_skip {
local $_ = shift;
return 1 if /\bRCS\b/ or /\bCVS\b/ or /\B\.svn\b/ or /,v$/
or /^MANIFEST\.bak/ or /^Makefile$/ or /^blib\//
or /^MakeMaker-\d/ or /^pm_to_blib/ or /^blibdirs/
or /^_build\// or /^Build$/ or /^pmfiles\.dat/
or /^MYMETA\./
or /~$/ or /\.old$/ or /\#$/ or /^\.#/;
}
my $which_gpg;
sub _which_gpg {
# Cache it so we don't need to keep checking.
return $which_gpg if $which_gpg;
for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
my $version = `$gpg_bin --version 2>&1`;
if( $version && $version =~ /GnuPG/ ) {
$which_gpg = $gpg_bin;
return $which_gpg;
}
}
}
sub _verify_gpg {
my ($sigtext, $plaintext, $version) = @_;
local $SIGNATURE = Win32::GetShortPathName($SIGNATURE)
if defined &Win32::GetShortPathName and $SIGNATURE =~ /[^-\w.:~\\\/]/;
my $keyserver = _keyserver($version);
require File::Temp;
my $fh = File::Temp->new();
print $fh $sigtext || _read_sigfile($SIGNATURE);
close $fh;
my $gpg = _which_gpg();
my @quiet = $Verbose ? () : qw(-q --logger-fd=1);
my @cmd = (
$gpg, qw(--verify --batch --no-tty), @quiet, ($KeyServer ? (
"--keyserver=$keyserver",
($AutoKeyRetrieve and $version ge '1.0.7')
? '--keyserver-options=auto-key-retrieve'
: ()
) : ()), $fh->filename
);
my $output = '';
if( $Verbose ) {
warn "Executing @cmd\n";
lib/Module/Signature.pm view on Meta::CPAN
warn "==> MISMATCHED content between MANIFEST and the distribution! <==\n";
warn "==> Please correct your MANIFEST file and/or delete extra files. <==\n";
}
if (!$overwrite and -e $SIGNATURE and IO::Interactive::is_interactive()) {
local $/ = "\n";
print "$SIGNATURE already exists; overwrite [y/N]? ";
return unless <STDIN> =~ /[Yy]/;
}
if (my $version = _has_gpg()) {
_sign_gpg($SIGNATURE, $plaintext, $version);
}
elsif (eval {require Crypt::OpenPGP; 1}) {
_sign_crypt_openpgp($SIGNATURE, $plaintext);
}
else {
die 'Cannot use GnuPG or Crypt::OpenPGP, please install either one first!';
}
warn "==> SIGNATURE file created successfully. <==\n";
return SIGNATURE_OK;
}
sub _sign_gpg {
my ($sigfile, $plaintext, $version) = @_;
die "Could not write to $sigfile"
if -e $sigfile and (-d $sigfile or not -w $sigfile);
my $gpg = _which_gpg();
my $gpg_fh;
my $set_key = '';
$set_key = qq{--default-key "$AUTHOR"} if($AUTHOR);
open ($gpg_fh, '|-', "$gpg $set_key --clearsign --openpgp --personal-digest-preferences RIPEMD160 >> $sigfile.tmp")
or die "Could not call $gpg: $!";
print $gpg_fh $plaintext;
close $gpg_fh;
(-e "$sigfile.tmp" and -s "$sigfile.tmp") or do {
unlink "$sigfile.tmp";
die "Cannot find $sigfile.tmp, signing aborted.\n";
};
my $sigfile_tmp_fh;
open ($sigfile_tmp_fh, '<', "$sigfile.tmp") or die "Cannot open $sigfile.tmp: $!";
my $sigfile_fh;
lib/Module/Signature.pm view on Meta::CPAN
print $sigfile_fh $Preamble;
print $sigfile_fh (<$sigfile_tmp_fh>);
close $sigfile_fh;
close $sigfile_tmp_fh;
unlink("$sigfile.tmp");
my $key_id;
my $key_name;
my @verify = `$gpg --batch --logger-fd 1 --verify $SIGNATURE`;
foreach (@verify) {
if (/key(?: ID)? ([0-9A-F]+)$/) {
$key_id = $1;
} elsif (/signature from "(.+)"(?: \[[a-z]+\])?$/) {
$key_name = $1;
}
}
my $found_name;
my $found_key;
if (defined $key_id && defined $key_name) {
my $keyserver = _keyserver($version);
foreach (`$gpg --output - --keyserver=$keyserver --recv-key '$key_id' 2>&1`) {
if (/^\(\d+\)/) {
$found_name = 0;
} elsif ($key_id) {
my $short_key_id = substr($key_id, (length($key_id) - 16));
if (/key \Q$short_key_id\E/) {
$found_key = 1;
last;
}
}
lib/Module/Signature.pm view on Meta::CPAN
=head1 VARIABLES
No package variables are exported by default.
=over 4
=item $Verbose
If true, Module::Signature will give information during processing including
gpg output. If false, Module::Signature will be as quiet as possible as
long as everything is working ok. Defaults to false.
=item $SIGNATURE
The filename for a distribution's signature file. Defaults to
C<SIGNATURE>.
=item $AUTHOR
The key ID used for signature. If empty/null/0, C<gpg>'s configured default ID,
or the most recently added key within the secret keyring for C<Crypt::OpenPGP>,
will be used for the signature.
=item $KeyServer
The OpenPGP key server for fetching the author's public key
(currently only implemented on C<gpg>, not C<Crypt::OpenPGP>).
May be set to a false value to prevent this module from
fetching public keys.
=item $KeyServerPort
The OpenPGP key server port, defaults to C<11371>.
=item $Timeout
Maximum time to wait to try to establish a link to the key server.
maint/Makefile_header.PL view on Meta::CPAN
if ( can_cc() ) {
$requires{'Digest::SHA'} = 0;
} else {
$requires{'Digest::SHA::PurePerl'} = 0;
}
}
# Is openpgp currently installed
if ( can_use ('Crypt::OpenPGP') ) {
# Crypt::OpenPGP installed/available, continue on...
} elsif ( my $gpg = locate_gpg() ) {
# We SHOULD have gpg, double-check formally
requires_external_bin ($gpg);
} elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) {
# Dive headlong into a full Crypt::OpenPGP install.
$requires{'Crypt::OpenPGP'} = 0;
} else {
# Ask the user what to do
ask_user();
}
unless ( can_run('diff') ) {
# We know Text::Diff fails on Cygwin (for now)
if ( $^O ne 'Cygwin' ) {
$requires{'Algorithm::Diff'} = 0;
$requires{'Text::Diff'} = 0;
}
}
#####################################################################
# Support Functions
sub locate_gpg {
print "Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...\n";
my ($gpg, $gpg_path);
for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
$gpg_path = can_run($gpg_bin);
next unless $gpg_path;
next unless `$gpg_bin --version` =~ /GnuPG/;
next unless defined `$gpg_bin --list-public-keys`;
$gpg = $gpg_bin;
last;
}
unless ( $gpg ) {
print "gpg not found.\n";
return;
}
print "GnuPG found ($gpg_path).\n";
return 1 if grep { /^--installdeps/} @ARGV;
if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) {
print 'Importing... ';
system $gpg, '--quiet', '--import', qw[ AUDREYT2018.pub ANDK2020.pub PAUSE2022.pub NIKLASHOLM2018.pub TIMLEGGE2024.pub ];
print "done.\n";
}
return $gpg;
}
sub ask_user {
# Defined the prompt messages
my $message1 = <<'END_MESSAGE';
Could not auto-detect a signature utility on your system.
What do you want me to do?
maint/Makefile_header.PL view on Meta::CPAN
END_MESSAGE
my $choice;
foreach ( 1 .. 3 ) {
$choice = prompt("Your choice:", 3) || 3;
last if $choice =~ /^[123]$/;
print "Sorry, I cannot understand '$choice'.\n"
}
if ( $choice == 1 ) {
# They claim to have installed gpg
requires_external_bin ('gpg');
} elsif ( $choice == 2 and $option3 == 3 ) {
# They want to install Crypt::OpenPGP
$requires{'Crypt::OpenPGP'} = 0;
} else {
# Forget about it...
print "Module::Signature is not wanted on this host.\n";
exit(0);
}
}
t/2-cygwin.t view on Meta::CPAN
use Module::Signature;
use Test::More;
if ($^O ne 'cygwin') {
plan skip_all => "Cygwin only tests";
}
elsif (! $ENV{TEST_CYGWIN_GNUPG} ) {
plan skip_all => 'Set the environment variable TEST_CYGWIN_GNUPG to enable this test';
}
elsif (! -x '/usr/local/bin/gpg') {
plan skip_all => '/usr/local/bin/gpg not found';
}
plan tests => 1;
my $version = Module::Signature::_has_gpg();
like($version, qr/^\d+\.\d+\.\d+$/, "gpg version detected");