• Your recent searches
Module-Release-VerifyGPGSignature
5 results

 view release on metacpan or  search on metacpan

META.json  view on Meta::CPAN 

      },
      "test" : {
         "requires" : {
            "Test::More" : "1"
         }
      }
   },
   "release_status" : "stable",
   "resources" : {
      "bugtracker" : {
         "web" : "https://github.com/briandfoy/module-release-verifygpgsignature/issues"
      },
      "homepage" : "https://github.com/briandfoy/module-release-verifygpgsignature",
      "repository" : {
         "type" : "git",
         "url" : "https://github.com/briandfoy/module-release-verifygpgsignature",
         "web" : "https://github.com/briandfoy/module-release-verifygpgsignature"
      }
   },
   "version" : "0.002",
   "x_serialization_backend" : "JSON::PP version 4.16"
}

META.yml  view on Meta::CPAN 

  version: '1.4'
name: Module-Release-VerifyGPGSignature
no_index:
  directory:
    - t
    - inc
requires:
  Carp: '0'
  perl: '5.026'
resources:
  bugtracker: https://github.com/briandfoy/module-release-verifygpgsignature/issues
  homepage: https://github.com/briandfoy/module-release-verifygpgsignature
  repository: https://github.com/briandfoy/module-release-verifygpgsignature
version: '0.002'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'

Makefile.PL  view on Meta::CPAN 

only needs v5.8. You can play with the data structure with a primitive
Perl.

=cut

use File::Spec::Functions qw(catfile);

my $module    = __PACKAGE__;
( my $dist = $module ) =~ s/::/-/g;

my $github    = 'https://github.com/briandfoy/module-release-verifygpgsignature';
my $main_file = catfile( 'lib', split /::/, "$module.pm" );

my %WriteMakefile = (
	'MIN_PERL_VERSION' => '5.026',

	'NAME'          => $module,
	'ABSTRACT_FROM' => $main_file,
	'VERSION_FROM'  => $main_file,
	'LICENSE'       => 'artistic_2',
	'AUTHOR'        => 'brian d foy <briandfoy@pobox.com>',

README.pod  view on Meta::CPAN 

=pod

=encoding utf8

=for HTML <a href="https://www.github.com/briandfoy/module-release-verifygpgsignature/actions?query=workflow%3Amacos"><img src="https://www.github.com/briandfoy/module-release-verifygpgsignature/workflows/macos/badge.svg"></a>

=for HTML <a href="https://www.github.com/briandfoy/module-release-verifygpgsignature/actions?query=workflow%3Aubuntu"><img src="https://www.github.com/briandfoy/module-release-verifygpgsignature/workflows/ubuntu/badge.svg"></a>

=for HTML <a href="https://www.github.com/briandfoy/module-release-verifygpgsignature/actions?query=workflow%3Awindows"><img src="https://www.github.com/briandfoy/module-release-verifygpgsignature/workflows/windows/badge.svg"></a>

=for HTML <a href='https://ci.appveyor.com/project/briandfoy/module-release-verifygpgsignature'><img src='https://ci.appveyor.com/api/projects/status/8ieweanxf0iwe9no?svg=true'></a>

=for HTML <a href='https://coveralls.io/github/briandfoy/module-release-verifygpgsignature?branch=master'><img src='https://coveralls.io/repos/github/briandfoy/module-release-verifygpgsignature/badge.svg?branch=master' alt='Coverage Status' /></a>

=for HTML <a href="https://github.com/briandfoy/module-release-verifygpgsignature/blob/master/LICENSE"><img src="https://img.shields.io/cpan/l/Module-Release-VerifyGPGSignature.svg" /></a>

=for HTML <a href="https://metacpan.org/pod/Module::Release::VerifyGPGSignature"><img src="https://img.shields.io/cpan/v/Module-Release-VerifyGPGSignature.svg" /></A>

=head1 The Module::Release::VerifyGPGSignature module

This is the I<README> for the L<Module::Release::VerifyGPGSignature> Perl module.

You're probably looking at this because you don't know where else to
find what you're looking for. Read this once and you might never have
to read one again for any Perl module.

README.pod  view on Meta::CPAN 

	% make install

You probably don't want to do that unless you're fiddling with the
module and only want to run the tests without installing anything.

=head2 Source location

The meta data, such as the source repository and bug tracker, is in
I<Makefile.PL> or the I<META.*> files it creates. You can find that on
those CPAN web interfaces, but you can also look at files directly in
the source repository: L<https://github.com/briandfoy/module-release-verifygpgsignature>

If you find a problem, file a ticket in the L<issue
tracker|https://github.com/briandfoy/module-release-verifygpgsignature/issues>.

There are also backup repositories hosted on other services. These
reflect the state of the main repo and exist only for redundancy:

=over 4

=item * L<https://bitbucket.com/briandfoy/module-release-verifygpgsignature>

=item * L<https://codeberg.org/briandfoy/module-release-verifygpgsignature>

=item * L<https://gitlab.com/briandfoy/module-release-verifygpgsignature>

=back

=head2 GitHub Attestations

This distribution now uses
L<GitHub Attestations|https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/>,
which allow you to verify that the archive file you have was made from
the official repo.

lib/Module/Release/VerifyGPGSignature.pm  view on Meta::CPAN 

use v5.20;

package Module::Release::VerifyGPGSignature;
use strict;
use experimental qw(signatures);

use warnings;
no warnings;
use Exporter qw(import);

our @EXPORT = qw(check_all_gpg_signatures check_gpg_signature);

our $VERSION = '0.002';

=encoding utf8

=head1 NAME

Module::Release::VerifyGPGSignature - Verify GPG signatures in the distro

=head1 SYNOPSIS

	use Module::Release::VerifyGPGSignature;

=head1 DESCRIPTION

Configure in F<.releaserc> as a list of pairs:

    gpg_signatures \
    	file.txt file.txt.gpg \
    	file2.txt file2.txt.gpg

=over 4

=cut

sub _get_file_pairs ( $self ) {
	state $rc = require Getopt::Long;
	my $key = _key($self);
	my $string = $self->config->$key();

lib/Module/Release/VerifyGPGSignature.pm  view on Meta::CPAN 


	my @pairs;
	while( @$args > 1 ) {
		push @pairs, [ splice @$args, 0, 2, () ];
		}
	push @pairs, [ @$args ] if @$args;

	\@pairs
	}

sub _key ( $self ) { 'gpg_signatures' }

=item * check_all_gpg_signatures

Go through all files and signature files listed in the C<gpg_signatures>
and verify that the signatures match.

=cut

sub check_all_gpg_signatures ( $self ) {
	my $pairs = $self->_get_file_pairs;
	foreach my $pair ( $pairs->@* ) {
		$self->check_gpg_signature( $pair->@* )
		}
	return 1;
	}

=item * check_gpg_signature( FILE, SIGNATURE_FILE )

Checks the PGP signature in SIGNATURE_FILE matches for FILE.

=cut

sub check_gpg_signature ( $self, $file, $signature_file ) {
	$self->_print( "Checking GPG signature of <$file>...\n" );

	$self->_die( "\nERROR: Could not verify signature of <$file>: file does not exist\n" )
		unless -e $file;

	$self->_die( "\nERROR: Could not verify signature of <$file> with <$signature_file>: signature file does not exist\n" )
		unless -e $signature_file;

	my $result = $self->run( qq(gpg --verify "$signature_file" "$file" 2>&1) );
	$result =~ s/^/    /mg;
	$self->_print( "$result" );

	unless( $result =~ /\bGood signature from\b/ ) {
		$self->_die( "\nERROR: signature verification failed" );
		}

	return 1;
	}

lib/Module/Release/VerifyGPGSignature.pm  view on Meta::CPAN 

=head1 TO DO


=head1 SEE ALSO


=head1 SOURCE AVAILABILITY

This source is in Github:

	http://github.com/briandfoy/module-release-verifygpgsignature

=head1 AUTHOR

brian d foy, C<< <brian d foy> >>

=head1 COPYRIGHT AND LICENSE

Copyright © 2022, brian d foy, All Rights Reserved.

You may redistribute this under the terms of the Artistic License 2.0.



( run in 0.899 second using v1.01-cache-2.11-cpan-df04353d9ac )