Module-Signature

 view release on metacpan or  search on metacpan

ANDK2020.pub  view on Meta::CPAN


mQGiBDx+A1YRBADEsflgt39/oYoLumUOxOI2KKEte7SKfNc0SaI8Awpx8uxw4UR7
dxJN56mwvMk3GeJw0vn7gEbVzcm5W0AsBdUrHrYFEfngxrkEN0fBzaByQ9U4nOj7
EsoII9q8LllWphLfFYmewzrat/e0YDQA2WneiICUeIjBohX3+4yJjho5xwCg/zRU
c/J+hJwuYyrNheC9+4gYGrkEALVWaB1CYqpaK5eUb911k+DjeOZQvqd+Mh7IiHDP
RYPd23ct8NFQeav8HdEA+zJRVqWISh4tl64aNbHHR3RpnFJwwjgnfa5HRXZRVjQL
UlQ/N5XV96TGywb58ZqYGouln7NZh+couss+5oWfI/vZDtx8Fo0vP1BqVn3amGoS
26J4A/wPXkV8DoiowGXv2bJztrzRjNDKNJ5E/9aOw0x9jad7s/VelwDUs11m5tRN
o4ExojPqn7OVBdvys6X23+tn2W23C2wDDkWwHivX0mtiFe4vUiwNpCc+v7/Y4tVi
Gi+DSuFMuVo0kcQCR5pd9MeeVi+fE5IED+U9geYLHWEHAq21QrQ8QW5kcmVhcyBK
LiBLb2VuaWcgPGFuZHJlYXMua29lbmlnLmdtd29qcHJ3QGZyYW56LmFrLm1pbmQu
ZGU+iGQEExECACQCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AFAkWZG+IFCQ3MHwwA
CgkQ7IA58KMXwV3TewCggnu5SLrOcp5goarr44bfLi7EH+cAoMWy1kKltU+dEsfl
ACYkWRLnKmD9iGQEExECACQFAkHhSoMCGwMFCQlnmQgGCwkIBwMCAxUCAwMWAgEC
HgECF4AACgkQ7IA58KMXwV3mFwCg6TM39gmLwBoaypkAHzMDrXYPwj4AoOE1jx6p
0xICUSYmfvoIwxV2x7j+iEYEEBECAAYFAkZLtdQACgkQi9gubzC5S1yMlQCeMh6T
nqDx6MFrhI6SzNVIwZVB6dcAoJJIe54AGHWH3ntSCfAr+3Z3n85oiJwEEAECAAYF
AkbwHHEACgkQLujFtvljWgVoLwQAztFvaN9eu0GmNTQy2hjZne2aH4GdzrkwUM7s
RIPiobJ4pv9xCXxthbK9eVGBj7xqkM08VcYXDV0hih9dkpeOS23Dlhs4/WjEiYGV
XCee62PWtYRYz3prtwG7CZVm7VzZ1Q9UQWEF/CbCb03dCGnZUCMWYwh73HOXSqNk
D9A3tsOIRgQQEQIABgUCRvLejQAKCRBCo09Ey+wGeCAnAKDujla6s2dXex1YivUa
H+W7HvRaqQCgq5GEqGrU8VwNB1jMTz4zGhlcX/SIewQTEQIAOwIbAwYLCQgHAwID
FQIDAxYCAQIeAQIXgBYhBFCg7SaKopW9LKBBHuyAOfCjF8FdBQJey1QCBQkmQH8s
AAoJEOyAOfCjF8FdcNAAoPVuJQo1owalfun4PivPxDyuYwnqAJwL7sDcF48OaEMr
Uc6p0YL5pL0r3YhGBBARAgAGBQJKz16VAAoJEA5ia60SmMK0GG0AnRQoAf5LM3JA
aoGC+S4mIRtCxV0XAJ91gdEP7u/UboLsp69qSHQVC3z5bYhkBBMRAgAkAhsDBgsJ
CAcDAgMVAgMDFgIBAh4BAheABQJKTDGxBQkTccixAAoJEOyAOfCjF8FdAfEAn11W
3prC3Tm5EzccRl4TJj+J8mB9AJ9H63eOana039luC9ycHk3kvCQirohkBBMRAgAk
AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheABQJQNToKBQkZWtEKAAoJEOyAOfCjF8Fd
oPYAmwe2TiMAoSp6M2sKRy0aTXLn5G4HAJ4mLDJ+yFd1Q80AYfsR6xhNThPjhrQ8
QW5kcmVhcyBKLiBLb2VuaWcgPGFuZHJlYXMua29lbmlnLjdvczZWVnFSQGZyYW56
LmFrLm1pbmQuZGU+iGYEExECACYFAkWZHGMCGwMFCQ3MHwwGCwkIBwMCBBUCCAME
FgIDAQIeAQIXgAAKCRDsgDnwoxfBXUfUAKChCYN5q01mDXuqFqihTzmjmwK/5QCg
9ocCaK+PTJtk2PM0Y77SH3X0DgWIRgQQEQIABgUCRku11AAKCRCL2C5vMLlLXNCp
AKCvNfxGkxY8GnUMqk9+LpyKiDphDACfZcLspGhQcSRwH0q0MFKxkykmsnWIRgQQ
EQIABgUCRvLeigAKCRBCo09Ey+wGeB4EAJ4m/p33MOsKwE0nWxkvgSKXFAuZqwCd
HU8VZfF7EJND9FhQLZyEx2fFtEqIfQQTEQIAPQIbAwYLCQgHAwIEFQIIAwQWAgMB
Ah4BAheAFiEEUKDtJoqilb0soEEe7IA58KMXwV0FAl7LVAoFCSZAfywACgkQ7IA5
8KMXwV2reACeNKAYQJJ65ars6Q2BWkW/814v9D4AnjY52aecdGjJ7hjDRycOHMRr
mhyqiEYEEBECAAYFAkrPXpUACgkQDmJrrRKYwrSWAACfSG8rNgISL5VnUbMxJKd8
roFysEoAnRQPFLWzppRb4XFtuyawz0944fRNiGYEExECACYCGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAUCSkwxqwUJE3HIsQAKCRDsgDnwoxfBXXgKAKCc7VZRCFnc
cRHHd2y8layRYNzjqgCfT2zczvF/sncNgp3bu7Yn6nkPFxeIZgQTEQIAJgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheABQJQNTolBQkZWtEKAAoJEOyAOfCjF8FdHJoA
oN+6jFrk+xLNIKu7uRwi+8fjyBeBAJ9SqfFH+AdiTxDCKtpiUhkXbhzj1bQrQW5k
cmVhcyBKLiBLb2VuaWcgPGFuZHJlYXMua29lbmlnQGFuaW1hLmRlPohiBBMRAgAi
AhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUCRZkb8QUJDcwfDAAKCRDsgDnwoxfBXXxu
AJ97ETTkVTuBLj7mOI7hZPABKqSP0ACdG6XVz+rJwaHHXjrDFFvcaqZCfDiITAQS
EQIADAUCPySDIwWDAwpGUgAKCRC0s903PDUBoAv4AJ4+5sTSi+heHZtA4Rdz97mN
K38ELgCfddzmCUi6vqXebB2QkhfbOWV0YxGIXQQTEQIAHQUCPH4DVgUJAeEzgAUL
BwoDBAMVAwIDFgIBAheAAAoJEOyAOfCjF8Fd3bAAoNc/scw/LhU5hAUwHJ9lfEt1
NgBwAKCzE4InDS0c3KtYpQwY10gq+5yeuYhiBBMRAgAiBQI+bGJ1AhsDBQkFsMYf
BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDsgDnwoxfBXY+ZAJ9K6w/cr13vgyy0vMg1
swsx3iENFQCeO6QGLsATl8EjVtcvol5gJqGAB1eIYgQTEQIAIgIbAwQLBwMCAxUC
AwMWAgECHgECF4AFAkHhSl4FCQlnmQgACgkQ7IA58KMXwV1oUQCg8j3oQk4aOgQf
uGMXQ1lHb5M8hWYAn3x+3vOQCAw+yHJCuJ+HvnwxT7QwiEYEEBECAAYFAkZLtdQA

AUDREYT2018.pub  view on Meta::CPAN

OGGJILRgVIMSpiNs+SJ8y1ns8eyzPWjlckqgjnUMECL/B05FrbQlQXVkcmV5IFRh
bmcgKENQQU4pIDxjcGFuQGF1ZHJleXQub3JnPohgBBMRAgAgBQJEUETMAhsDBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQtLPdNzw1AaDMegCfbFn0Q5yHOO/BK5sf
ui+qPo3cIikAoL349ljwdZIAbMBtn/r4pXn8wSV4iEYEEBECAAYFAkfOGhUACgkQ
i9gubzC5S1wAOACcCYu4G6gIVTXQ2YPOXS5qYRfRWv8An0jru7m38/1G+pHbi67G
hSWv6tNviEYEEhECAAYFAkbfA5AACgkQOV9mt2VyAVE9uQCcDn3zhUXvhjW2uBRP
3CitB4VjfFsAnRaFV8XPkuwiM387tB1x3eb8cxUItC5BdWRyZXkgVGFuZyAoYXV0
cmlqdXMpIDxhdXRyaWp1c0BhdXRyaWp1cy5vcmc+iGAEExECACAFAkOX62cCGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRC0s903PDUBoJMuAKCri2KiRc6QzxTP
7He9BM/fXEv62gCgpl5Zqm6YRGb5VRp4bplfAKAz3120K0F1ZHJleSBUYW5nIChh
dXRyaWp1cykgPGF1dHJpanVzQGdtYWlsLmNvbT6IYAQTEQIAIAUCQ5frjQIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJELSz3Tc8NQGgn6oAoLFnS0iu0vXww7qd
UFwVjjzEAGsWAJkBebabedFOwnEMldtleqBDe3nDtNHWbdZrARAAAQEAAAAAAAAA
AAAAAAD/2P/gABBKRklGAAEBAQBIAEgAAP/hADRFeGlmAABNTQAqAAAACAACARIA
AwAAAAEAAQAAh2kABAAAAAEAAAAmAAAAAAAAAAAAAP/tABxQaG90b3Nob3AgMy4w
ADhCSU0EBAAAAAAAAP/iDfhJQ0NfUFJPRklMRQABAQAADehhcHBsAgAAAG1udHJS
R0IgWFlaIAfVAAsACgAAADkAKGFjc3BBUFBMAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAD21gABAAAAANMtYXBwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAADnJYWVoAAAEsAAAAFGdYWVoAAAFAAAAAFGJYWVoA
AAFUAAAAFHd0cHQAAAFoAAAAFGNoYWQAAAF8AAAALHJUUkMAAAGoAAAADmdUUkMA
AAG4AAAADmJUUkMAAAHIAAAADnZjZ3QAAAHYAAADEm5kaW4AAATsAAAGPmRlc2MA

AUDREYT2018.pub  view on Meta::CPAN

i6yvVLtQ1gkYwchmd5yPzA0detxD/6rRhgQyo25iZEktMU0mfjJmyR6MJvi0QeLT
2XhfrgPbwPrYhwOUSdnrjj6Xzn6v+o0lzdsR//xnYvDpwwoFbnZ2EAgErs9joNcF
WfkfDwOFbc6AncXJr5abBo5EB1yVWHizzpb4XBbZ1t5ISRGVzND4ICHLQQYiDeru
gwADBgf+MJmm3rNb32lYLdGKFkg1Sk1qqb7OCJYAGniwaJei+Xqf3/vWVXzbGzaV
eQ0tmwFuOlzyz3xE+VFbPCEG3MPWpHMaB49S9W2IGS2zPQkZsDO8TYdEiIPHpWsU
6h6iniPHxVeR9x1ymbYmrw2H8Tn0qzyyPDZRUP3k8a9nQpKhJKXgoWazpx3BTfrJ
fakKf03jloQO4rVHukrdvf2waPz4OyJ6QgpJVJ41WzFb7oqxc9VR56OKluQJcf7D
q+5OyCawY9Te4nJ8vKrdWtKXponvTKpSJ9pTF6Mte//c/a8/Cv0tDPcg/hCmne4h
ryKm0jWeGY10Gr7eStKZpfo7IGj84IhMBBgRAgAMBQI9qANoBQkKDQvqAAoJELSz
3Tc8NQGgLLwAoIfC4xc2NnEyfM4HQORkvnz3JcMnAJ9lf3JKyLVj7qtydScmeehu
hc3egbkBDQQ60nXzEAQApM3Kq25W1ngyEPxDkCGPg6vejRK4+0DJexssfYKdqj8k
aQYE640K0qTdZxu1BxlQwtWl/2CUfhgrNYXFf4yG9hCGfYqGnwgimea7gGRgSCIB
dhODpVsQXkv5HVN2cgSSYCiwIwp4dalaxHMXiyq5HUlT0ML3xnQ6u6tdEeADWKMA
AwYD/iTxRElyW1ivC000cgKxFlhL0jiP21Gug+hh+nte9sQLKsDhSsIbykH3mzCk
On/xqdF7YppvpgszzlHw7rVvm2bRSGdTVtrps0t0AHdWwCyP0GT5yPFZctpfAjRf
OBe91k+pNcEHYKXUPxm29ofo8QQnm7K/4h0MSlIqIpNbbjcziEsEGBECAAwFAjrS
dfMFCQHhM4AACgkQtLPdNzw1AaB0nACaA6UIYcaUN+BwsS6/mgjOAZc8/gIAmLr4
ptoEOqXkcKmcSyuZ3L7eCjK5BA0EVD1loxAQAK1mN8TNmMd5LKk5vugiKRrazH8/
kQGohXFp775abI1aEWHRd20iM/VqpyTTHkcb0FkTWG4b3rRle8b72bArLqD/7Ktm
xS/fOlOpJnPxJMlGTBpmddgvXr6aaxPIn571pHNPf/9kMUVxt+mQXxiBBXqw/38g
9Hbyhb62Wr2C0YQ7SvC9xi59pV92yTpF8vkQIUWBSl68DoLmNzktaepVobmgwx3n

AUDREYT2018.pub  view on Meta::CPAN

GnrDpfwKDz6UfOCVzbtZ6XeF2VHyh8yxU/ESX3Qew51aapTfgW9m4dibtuHNKOZC
EH6oLBaVMVMW6n37jYBug8nkvsAfHFBl3TOnZOkyn5fHuhfcn7FiUl9YBC88aAaB
hONq+eeHQXMTaGVMx4pVhChbtqu8WsOFK/3MfY8yLIXUkT/tjm9iGtpTwVWHd1f9
AabFTG7FGqN4qzWhB1exz9LtACmDqacCgsdkDaIeHxbsMZ11p/PYG92YK9+IQijV
2ke3uRLDQ19rdowRMx+uA6qkGCll2F80ilyN1nX/aY/sOalc+42ItNOHHnZWTf+1
3UQiSbP1SYOlfQHtaLA1cAabuvVzDjTt54Fm6i9kddvuqwlpCvMllByUWoP4eywx
UlsHCjmAw/IXw4O4bf6j5InJ1fsd2hou9zOQTxW0OQUu7dBssFmVBJmSkatWwdn7
X96UIRWPdV1efnC+q8AAWZhNq4Lp7VadKvKj+cxh7H703nemHqcLYw172XUMmkTo
MguIXQQTEQIAHRYhBGayt47Rt3ZBSGHVkrSz3Tc8NQGgBQJai9yKAAoJELSz3Tc8
NQGgF/EAoLbmytuSS9kIyuujfi4rK4Jw9oOoAJ9KK6TXIv1I7z69qbTrc24VKxCv
X7QhQXVkcmV5IFRhbmcgPGF1ZHJleXRAYXVkcmV5dC5vcmc+iQIwBBMBCgAaBAsJ
CAcCFQoCFgECGQAFglqLiaYCngECmwEACgkQRmboANio4tnBpQ/+LW0pKLZqXTlK
th9FLfj4MPEugcz/NM3hxdD4+XTUseLNsNP9LF3E+6D/Y5Ejuc9m6y5Mxk1i0m5h
5ffc3ox5WDG4ATFyjsAmfGSr5AXDmfkYzE/8/sYvOnLFcJrctc7wFpc5ipVIRn1W
5qVqwV7QDpBbG5FfsXtQexloltRR/z+x9vtZbluuw2/k0Tmq7LzmbhONPjqSshYR
SYGyMKUf8oty9FvnsvDNI54DWXZ4zTEGfE+fREc3Vs9jUylnqxIZ+yVUbLq5kUPE
/BvGLPJF8U2aL+JBpGAeiZGLWROicB0RHe7cJ8Bm/viA+8u3QrOCGyE6iK2VCUok
zkJAeio+gfTfQPJgwH6HtGre+cyFtIlops+Rxs6C3QVoEcE75yHjj7uO6bLRYU0r
kqSw/a5MIWg4LIIZllIO5pmpakgj6Y7W7EW/dXiBxtSomB56gdiDzpugD6NSJfQC
N/tCK2KQYh32DhIFGIl5FnZHcNDIB9UpL0RalxtqY1cm+R1zhrYqYCFp+xKsBGVa
VRijSvEFZ8/ZIddMajd3gvS8wngXEIFcoRr44jpsk2hvlnNKof9958E8psJev1Ap
gJvX82MXjFraIFRoflxj1E1QGa7PWW2nGkwhQsErsD0pdqrwzZB3Tfr5FnOJqWvM
0Jp1q9UrBHKVRISskXQIl07P4u2270GIXQQQEQIAHRYhBGayt47Rt3ZBSGHVkrSz
3Tc8NQGgBQJai+Z5AAoJELSz3Tc8NQGg0mMAoIBj4NQoSRzgxmRa3xDdn3COEM1o
AJ9xV2ajU0QuBWbdjnwA0h1dJJOgarQjQXVkcmV5IFRhbmcgPGF1ZHJleXQub3Jn
QGdtYWlsLmNvbT6JAjAEEwEKABoECwkIBwIVCgIWAQIZAAWCWouJpgKeAQKbAQAK
CRBGZugA2Kji2Y43D/wJN2+ncPkG5wyG8oVHeBsXja3Njr6i6tGg1g2TeNzYxgnm
tGwXv3pgVuoJ0GT2yl41KxD0gtE3sYUgcIWnR2aIPfYEpEWhjOFhEKvKPEryQNHL
cGQH+mZ+R6CK7AwwoxtSpNx7r2SBhcuUnw+moIwN277gCxt8ee7CKkx0Y+tvd5V8
mnfd5ea8h5NAw7Sm3TL6b+lYGBf4mIY6tjLTFHK0OqTyMHojoC0P3TW2BlB3W/kw
tckwDMVdLSXZaUQp+AILUP0XR5YJCRx/N8kV7PNaDb5auzGV/6ik7VQf6d5WDmdg
2C7+MZhfSpsY5OyrJEJ4z5/20M+XbfS6AYug9hK+LHxAN9SrxszlLXVx8oW12Ax1
vmH+nEqrvuITrCtRuU8h/A08azLBs//K4WpY9vkz8y6vgLUj6XgrcosPUgRTJQDe
fK7q4hwq5h6d616p5vQdjQcKKGDX5xv6C8RFLdg5jRSeXr4xRgemqhCodPUQmWav
HiO0q9vSZvzjsAQTX0c0W+aT3IiiIp6tJBt6VUXui4jzMyicLmjO4VJ1nrR8FKJr

Changes  view on Meta::CPAN

* Update ChangeLog.

* More protection of @INC from relative paths.

Fix various issues reported by John Lightsey:

[Changes for 0.74 - Tue Apr  7 02:39:14 CST 2015]

Fix various issues reported by John Lightsey:

* Fix GPG signature parsing logic.

* MANIFEST.SKIP is no longer consulted unless --skip is given.

* Properly use open() modes to avoid injection attacks.

[Changes for 0.73 - Wed Jun  5 23:44:57 CST 2013]

* Properly redo the previous fix using File::Spec->file_name_is_absolute.

[Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]

Changes  view on Meta::CPAN

[Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]

* Constrain the user-specified digest name to /^\w+\d+$/.

* Avoid loading Digest::* from relative paths in @INC.

  Contributed by: Florian Weimer (CVE-2013-2145)

[Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]

* Don't check gpg version if gpg does not exist.

  This avoids unnecessary warnings during installation
  when gpg executable is not installed.

  Contributed by: Kenichi Ishigaki

[Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]

* Support for gpg under these alternate names:

    gpg gpg2 gnupg gnupg2

  Contributed by: Michael Schwern

[Changes for 0.68 - Fri, 13 May 2011 11:51:50 +0200]

* Fix breakage introduced by 0.67 (Andreas König).

[Changes for 0.67 - Sun, 17 Apr 2011 16:29:23 +0200]

* Better handling of \r (Andreas König, Zefram) (Closes RT#46339).

Changes  view on Meta::CPAN


[Changes for 0.50 - 2005-08-21]

* Add support for to SHA-256, requested by Mark Shelor in light
  of the recent SHA1 attacks.  SHA1 is still the default, but
  you can now override this by settings MODULE_SIGNATURE_CIPHER
  environment variable to SHA256.

[Changes for 0.45 - 2005-08-09]

* Andreas Koenig ported out that "Import GPG keys?" was asked
  far too many times during autoinstall.

[Changes for 0.44 - 2004-12-16]

* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
  early Win32 hacks.  Reported by Steve Hay via Michael Schwern.

[Changes for 0.43 - 2004-12-16]

* Updated t/0-signature.t to be more friendly with Test::More;

Changes  view on Meta::CPAN


* Documented how to generate SIGNATURE files as part of "make dist",
  for Module::Install, ExtUtils::MakeMaker and Module::Build users .

[Changes for 0.41 - 2004-07-04]

* Mark Shelor points out that support for Digest::SHA was broken.

[Changes for 0.40 - 2004-07-01]

* Dave Rolsky points out that GPG version detection always
  returns '1'. (bug #6810)

[Changes for 0.39 - 2004-06-17]

* Supports Digest::SHA (now preferred) and Digest::SHA1::PurePerl,
  in addition to the original Digest::SHA1 backend.

* We now asks before importing the default keys,
  also suggested by Tels.

Changes  view on Meta::CPAN

* Don't ask user to install Crypt::OpenPGP if she does not have a
  C compiler anyway.

* ExtUtils::Manifest 1.38 does not support good enough skips even
  for Makefile.PL, sigh.

[Changes for 0.33 - 2003-08-12]

* William Wentworth-Sheilds points out that META.yml is dynamic,
  which makes SIGNATURE incorrect for people without either "diff"
  or "gpg".  Fixed.

[Changes for 0.32 - 2003-08-11]

* Take Schwern's patch to only set _maniskip for legacy EU::Manifest.

* Remove ::TieOut since we are not using it anymore.

* Reduce noise for untrusted signatures to two lines.

[Changes for 0.31 - 2003-08-10]

Changes  view on Meta::CPAN

* Ken Williams noted that M::B now works on 5.005.

[Changes for 0.22 - 2003-05-15]

* Move Signature.pm to lib/Module/Signature.pm.

* Switch to the Module::Install framework.

* Updates TODO to reflect correspondence with andk.

* Matt Southall mentioned that, if somebody has never run gpg before,
  we need to initialize it once before running test.

* Warn about potential 'Makefile' exploit as pointed out by Tels.
  Document pending.

* Bugfix for incorrect 'MALFORMED' response to signatures made from
  older versions of GnuPG, as reported by Tels.

[Changes for 0.18 - 2002-11-04]

Makefile.PL  view on Meta::CPAN

       if ( can_cc() ) {
               $requires{'Digest::SHA'} = 0;
       } else {
               $requires{'Digest::SHA::PurePerl'} = 0;
       }
}

# Is openpgp currently installed
if ( can_use ('Crypt::OpenPGP') ) {
       # Crypt::OpenPGP installed/available, continue on...
} elsif ( my $gpg = locate_gpg() ) {
       # We SHOULD have gpg, double-check formally
       requires_external_bin ($gpg);
} elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) {
       # Dive headlong into a full Crypt::OpenPGP install.
       $requires{'Crypt::OpenPGP'} = 0;
} else {
       # Ask the user what to do
       ask_user();
}

unless ( can_run('diff') ) {
       # We know Text::Diff fails on Cygwin (for now)
       if ( $^O ne 'Cygwin' ) {
               $requires{'Algorithm::Diff'} = 0;
               $requires{'Text::Diff'} = 0;
       }
   }

#####################################################################
# Support Functions

sub locate_gpg {
       print "Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...\n";

       my ($gpg, $gpg_path);
       for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
               $gpg_path = can_run($gpg_bin);
               next unless $gpg_path;
               next unless `$gpg_bin --version` =~ /GnuPG/;
               next unless defined `$gpg_bin --list-public-keys`;

               $gpg = $gpg_bin;
               last;
       }
       unless ( $gpg ) {
               print "gpg not found.\n";
               return;
       }

       print "GnuPG found ($gpg_path).\n";

       return 1 if grep { /^--installdeps/} @ARGV;

       if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) {
               print 'Importing... ';
               system $gpg, '--quiet', '--import', qw[ AUDREYT2018.pub ANDK2020.pub PAUSE2022.pub NIKLASHOLM2018.pub TIMLEGGE2024.pub ];
               print "done.\n";
       }

       return $gpg;
}

sub ask_user {

    # Defined the prompt messages
    my $message1 = <<'END_MESSAGE';

Could not auto-detect a signature utility on your system.

What do you want me to do?

Makefile.PL  view on Meta::CPAN

END_MESSAGE

       my $choice;
       foreach ( 1 .. 3 ) {
               $choice = prompt("Your choice:", 3) || 3;
               last if $choice =~ /^[123]$/;
               print "Sorry, I cannot understand '$choice'.\n"
       }

       if ( $choice == 1 ) {
               # They claim to have installed gpg
               requires_external_bin ('gpg');
       } elsif ( $choice == 2 and $option3 == 3 ) {
               # They want to install Crypt::OpenPGP
               $requires{'Crypt::OpenPGP'} = 0;
       } else {
               # Forget about it...
               print "Module::Signature is not wanted on this host.\n";
               exit(0);
       }
}

PAUSE2022.pub  view on Meta::CPAN

gpg --export --armor 450F89EC
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBD4+cJARBACxOByY0SJBBuJoFrH2hoqRFny423gY6V3jq1uTgGY/PPaxP+Sq
r3RzxPct4vJcsoo48pwBsMHLrWfORq26zb6eKgmMq/CQo2gzaRbeRxCi3ke4KBmu
aREi6RjaZSU94yABtDmspUBrpYV8zfZMv5ZIQlg9W1Tu66BFOUrrNeDpKwCgosCp
9dtNAMhHkzxs8UJH5i3Uzb0D/0VLoAE8sOfUXqjc38rxiHuGBFSNC70Ih4mzGUCJ
MGT4z1X3K6uUawnXMoc8XqPaYnEgOzztMymydtr+urjUwcGnuXDSpV6nulE5irxh
zlikSTJy/42QzTMcrdRynffmJo9PRgymMI8GgWaYG5g3zzGAhi5BA6G8JKfC93IV
xiRPBACXJpLBYQljqJY9UDNJuq8nHhKiWHBXdZzrC3LM0FSF3PKuP/ugc+KBIKXm
clNPNFKla/SRbH6dMHsGIy8wnGPI5AtTS0roNQrttv3/ghRT7+OKXrGmBxZ/KHVr

lib/Module/Signature.pm  view on Meta::CPAN

            my $sock = IO::Socket::INET->new(
                Timeout => $Timeout,
                PeerAddr => "$KeyServer:$KeyServerPort",
            );
            $CanKeyRetrieve = ($sock ? 1 : 0);
            $sock->shutdown(2) if $sock;
        }
        $AutoKeyRetrieve = $CanKeyRetrieve;
    }

    if (my $version = _has_gpg()) {
        return _verify_gpg($sigtext, $plaintext, $version);
    }
    elsif (eval {require Crypt::OpenPGP; 1}) {
        return _verify_crypt_openpgp($sigtext, $plaintext);
    }
    else {
        warn "Cannot use GnuPG or Crypt::OpenPGP, please install either one first!\n";
        return _compare($sigtext, $plaintext, CANNOT_VERIFY);
    }
}

sub _has_gpg {
    my $gpg = _which_gpg() or return;
    `$gpg --version` =~ /GnuPG.*?(\S+)\s*$/m or return;
    return $1;
}

sub _fullcheck {
    my $skip = shift;
    my @extra;

    local $^W;
    local $ExtUtils::Manifest::Quiet = 1;

lib/Module/Signature.pm  view on Meta::CPAN

sub _default_skip {
    local $_ = shift;
    return 1 if /\bRCS\b/ or /\bCVS\b/ or /\B\.svn\b/ or /,v$/
             or /^MANIFEST\.bak/ or /^Makefile$/ or /^blib\//
             or /^MakeMaker-\d/ or /^pm_to_blib/ or /^blibdirs/
             or /^_build\// or /^Build$/ or /^pmfiles\.dat/
             or /^MYMETA\./
             or /~$/ or /\.old$/ or /\#$/ or /^\.#/;
}

my $which_gpg;
sub _which_gpg {
    # Cache it so we don't need to keep checking.
    return $which_gpg if $which_gpg;

    for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
        my $version = `$gpg_bin --version 2>&1`;
        if( $version && $version =~ /GnuPG/ ) {
            $which_gpg = $gpg_bin;
            return $which_gpg;
        }
    }
}

sub _verify_gpg {
    my ($sigtext, $plaintext, $version) = @_;

    local $SIGNATURE = Win32::GetShortPathName($SIGNATURE)
        if defined &Win32::GetShortPathName and $SIGNATURE =~ /[^-\w.:~\\\/]/;

    my $keyserver = _keyserver($version);

    require File::Temp;
    my $fh = File::Temp->new();
    print $fh $sigtext || _read_sigfile($SIGNATURE);
    close $fh;

    my $gpg = _which_gpg();
    my @quiet = $Verbose ? () : qw(-q --logger-fd=1);
    my @cmd = (
        $gpg, qw(--verify --batch --no-tty), @quiet, ($KeyServer ? (
            "--keyserver=$keyserver",
            ($AutoKeyRetrieve and $version ge '1.0.7')
                ? '--keyserver-options=auto-key-retrieve'
                : ()
        ) : ()), $fh->filename
    );

    my $output = '';
    if( $Verbose ) {
        warn "Executing @cmd\n";

lib/Module/Signature.pm  view on Meta::CPAN

        warn "==> MISMATCHED content between MANIFEST and the distribution! <==\n";
        warn "==> Please correct your MANIFEST file and/or delete extra files. <==\n";
    }

    if (!$overwrite and -e $SIGNATURE and IO::Interactive::is_interactive()) {
        local $/ = "\n";
        print "$SIGNATURE already exists; overwrite [y/N]? ";
        return unless <STDIN> =~ /[Yy]/;
    }

    if (my $version = _has_gpg()) {
        _sign_gpg($SIGNATURE, $plaintext, $version);
    }
    elsif (eval {require Crypt::OpenPGP; 1}) {
        _sign_crypt_openpgp($SIGNATURE, $plaintext);
    }
    else {
        die 'Cannot use GnuPG or Crypt::OpenPGP, please install either one first!';
    }

    warn "==> SIGNATURE file created successfully. <==\n";
    return SIGNATURE_OK;
}

sub _sign_gpg {
    my ($sigfile, $plaintext, $version) = @_;

    die "Could not write to $sigfile"
        if -e $sigfile and (-d $sigfile or not -w $sigfile);

    my $gpg = _which_gpg();

    my $gpg_fh;
    my $set_key = '';
    $set_key = qq{--default-key "$AUTHOR"} if($AUTHOR);
    open ($gpg_fh, '|-', "$gpg $set_key --clearsign --openpgp --personal-digest-preferences RIPEMD160 >> $sigfile.tmp")
        or die "Could not call $gpg: $!";
    print $gpg_fh $plaintext;
    close $gpg_fh;

    (-e "$sigfile.tmp" and -s "$sigfile.tmp") or do {
        unlink "$sigfile.tmp";
        die "Cannot find $sigfile.tmp, signing aborted.\n";
    };

    my $sigfile_tmp_fh;
    open ($sigfile_tmp_fh, '<', "$sigfile.tmp") or die "Cannot open $sigfile.tmp: $!";

    my $sigfile_fh;

lib/Module/Signature.pm  view on Meta::CPAN

    print $sigfile_fh $Preamble;
    print $sigfile_fh (<$sigfile_tmp_fh>);

    close $sigfile_fh;
    close $sigfile_tmp_fh;

    unlink("$sigfile.tmp");

    my $key_id;
    my $key_name;
    my @verify = `$gpg --batch --logger-fd 1 --verify $SIGNATURE`;
    foreach (@verify) {
        if (/key(?: ID)? ([0-9A-F]+)$/) {
            $key_id = $1;
        } elsif (/signature from "(.+)"(?: \[[a-z]+\])?$/) {
            $key_name = $1;
        }
    }
    my $found_name;
    my $found_key;
    if (defined $key_id && defined $key_name) {
        my $keyserver = _keyserver($version);
        foreach (`$gpg --output - --keyserver=$keyserver --recv-key '$key_id' 2>&1`) {
            if (/^\(\d+\)/) {
                $found_name = 0;
            } elsif ($key_id) {
                my $short_key_id = substr($key_id, (length($key_id) - 16));
                if (/key \Q$short_key_id\E/) {
                    $found_key = 1;
                    last;
                }
            }

lib/Module/Signature.pm  view on Meta::CPAN


=head1 VARIABLES

No package variables are exported by default.

=over 4

=item $Verbose

If true, Module::Signature will give information during processing including
gpg output.  If false, Module::Signature will be as quiet as possible as
long as everything is working ok.  Defaults to false.

=item $SIGNATURE

The filename for a distribution's signature file.  Defaults to
C<SIGNATURE>.

=item $AUTHOR

The key ID used for signature. If empty/null/0, C<gpg>'s configured default ID,
or the most recently added key within the secret keyring for C<Crypt::OpenPGP>,
will be used for the signature.

=item $KeyServer

The OpenPGP key server for fetching the author's public key
(currently only implemented on C<gpg>, not C<Crypt::OpenPGP>).
May be set to a false value to prevent this module from
fetching public keys.

=item $KeyServerPort

The OpenPGP key server port, defaults to C<11371>.

=item $Timeout

Maximum time to wait to try to establish a link to the key server.

maint/Makefile_header.PL  view on Meta::CPAN

       if ( can_cc() ) {
               $requires{'Digest::SHA'} = 0;
       } else {
               $requires{'Digest::SHA::PurePerl'} = 0;
       }
}

# Is openpgp currently installed
if ( can_use ('Crypt::OpenPGP') ) {
       # Crypt::OpenPGP installed/available, continue on...
} elsif ( my $gpg = locate_gpg() ) {
       # We SHOULD have gpg, double-check formally
       requires_external_bin ($gpg);
} elsif ( can_cc() and $ENV{AUTOMATED_TESTING} ) {
       # Dive headlong into a full Crypt::OpenPGP install.
       $requires{'Crypt::OpenPGP'} = 0;
} else {
       # Ask the user what to do
       ask_user();
}

unless ( can_run('diff') ) {
       # We know Text::Diff fails on Cygwin (for now)
       if ( $^O ne 'Cygwin' ) {
               $requires{'Algorithm::Diff'} = 0;
               $requires{'Text::Diff'} = 0;
       }
   }

#####################################################################
# Support Functions

sub locate_gpg {
       print "Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...\n";

       my ($gpg, $gpg_path);
       for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
               $gpg_path = can_run($gpg_bin);
               next unless $gpg_path;
               next unless `$gpg_bin --version` =~ /GnuPG/;
               next unless defined `$gpg_bin --list-public-keys`;

               $gpg = $gpg_bin;
               last;
       }
       unless ( $gpg ) {
               print "gpg not found.\n";
               return;
       }

       print "GnuPG found ($gpg_path).\n";

       return 1 if grep { /^--installdeps/} @ARGV;

       if ( prompt("Import PAUSE and author keys to GnuPG?", 'y' ) =~ /^y/i) {
               print 'Importing... ';
               system $gpg, '--quiet', '--import', qw[ AUDREYT2018.pub ANDK2020.pub PAUSE2022.pub NIKLASHOLM2018.pub TIMLEGGE2024.pub ];
               print "done.\n";
       }

       return $gpg;
}

sub ask_user {

    # Defined the prompt messages
    my $message1 = <<'END_MESSAGE';

Could not auto-detect a signature utility on your system.

What do you want me to do?

maint/Makefile_header.PL  view on Meta::CPAN

END_MESSAGE

       my $choice;
       foreach ( 1 .. 3 ) {
               $choice = prompt("Your choice:", 3) || 3;
               last if $choice =~ /^[123]$/;
               print "Sorry, I cannot understand '$choice'.\n"
       }

       if ( $choice == 1 ) {
               # They claim to have installed gpg
               requires_external_bin ('gpg');
       } elsif ( $choice == 2 and $option3 == 3 ) {
               # They want to install Crypt::OpenPGP
               $requires{'Crypt::OpenPGP'} = 0;
       } else {
               # Forget about it...
               print "Module::Signature is not wanted on this host.\n";
               exit(0);
       }
}

t/2-cygwin.t  view on Meta::CPAN


use Module::Signature;
use Test::More;

if ($^O ne 'cygwin') {
    plan skip_all => "Cygwin only tests";
}
elsif (! $ENV{TEST_CYGWIN_GNUPG} ) {
    plan skip_all => 'Set the environment variable TEST_CYGWIN_GNUPG to enable this test';
}
elsif (! -x '/usr/local/bin/gpg') {
    plan skip_all => '/usr/local/bin/gpg not found';
}

plan tests => 1;

my $version = Module::Signature::_has_gpg();

like($version, qr/^\d+\.\d+\.\d+$/, "gpg version detected");



( run in 2.208 seconds using v1.01-cache-2.11-cpan-9581c071862 )