CPAN-Checksums
view release on metacpan or search on metacpan
By setting the global variable $TRY_SHORTNAME to a true value, you
can tell updatedir() to include an attribute "shortname" in the
resulting hash that is 8.3-compatible. Please note, that updatedir()
in this case may be slow and may even fail on large directories,
because it will always only try 1000 iterations to find a name that
is not yet taken and then give up.
$SIGNING_KEY
Setting the global variable $SIGNING_KEY makes the generated
"CHECKSUMS" file to be clear-signed by the command specified in
$SIGNING_PROGRAM (defaults to "gpg --clearsign --default-key "),
passing the signing key as an extra argument. The resulting
"CHECKSUMS" file should look like:
0&&<<''; # this PGP-signed message is also valid perl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
# CHECKSUMS file written on ... by CPAN::Checksums (v...)
$cksum = {
...
lib/CPAN/Checksums.pm view on Meta::CPAN
);
require Exporter;
@ISA = qw(Exporter);
@EXPORT_OK = qw(updatedir);
$VERSION = "2.14";
$VERSION =~ s/_//;
$CAUTION ||= 0;
$TRY_SHORTNAME ||= 0;
$SIGNING_PROGRAM ||= 'gpg --clearsign --default-key ';
$SIGNING_KEY ||= '';
$MIN_MTIME_CHECKSUMS ||= 0;
$IGNORE_MATCH = qr{(?i-xsm:readme$)};
use DirHandle ();
use IO::File ();
use Digest::MD5 ();
use Compress::Bzip2();
use Compress::Zlib ();
use File::Spec ();
lib/CPAN/Checksums.pm view on Meta::CPAN
my $tckfn = $ft->filename;
close $ft;
my($fh) = new IO::File;
open $fh, ">$tckfn\0" or die "Couldn't open >$tckfn\: $!";
local $\;
if ($SIGNING_KEY) {
print $fh "0&&<<''; # this PGP-signed message is also valid perl\n";
close $fh;
open $fh, "| $SIGNING_PROGRAM $SIGNING_KEY >> $tckfn"
or die "Could not call gpg: $!";
$ddump .= "__END__\n";
}
my $message = sprintf "# CHECKSUMS file written on %s GMT by CPAN::Checksums (v%s)\n%s",
scalar gmtime, $VERSION, $ddump;
print $fh $message;
my $success = close $fh;
if ($SIGNING_KEY && !$success) {
warn "Couldn't run '$SIGNING_PROGRAM $SIGNING_KEY'!
Writing to $tckfn directly";
lib/CPAN/Checksums.pm view on Meta::CPAN
tell updatedir() to include an attribute C<shortname> in the resulting
hash that is 8.3-compatible. Please note, that updatedir() in this
case may be slow and may even fail on large directories, because it
will always only try 1000 iterations to find a name that is not yet
taken and then give up.
=item $SIGNING_KEY
Setting the global variable $SIGNING_KEY makes the generated C<CHECKSUMS>
file to be clear-signed by the command specified in $SIGNING_PROGRAM
(defaults to C<gpg --clearsign --default-key >), passing the signing
key as an extra argument. The resulting C<CHECKSUMS> file should look like:
0&&<<''; # this PGP-signed message is also valid perl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
# CHECKSUMS file written on ... by CPAN::Checksums (v...)
$cksum = {
...
};
t/00signature.t view on Meta::CPAN
)
) and
close($socket)
}) {
$exit_message = "Cannot connect to the keyserver";
}
}
unless ($exit_message) {
require Config;
my(@path) = split /$Config::Config{'path_sep'}/, $ENV{'PATH'};
if (!find_exe('gpg',\@path)) {
$exit_message = "Signature testing disabled without gpg program available";
}
}
if ($exit_message) {
$|=1;
print "1..0 # SKIP $exit_message\n";
eval "require POSIX; 1" and POSIX::_exit(0);
}
}
$ENV{TEST_SIGNATURE} = 1;
( run in 0.797 second using v1.01-cache-2.11-cpan-df04353d9ac )