Skip to content

Commit 8a91645

Browse files
committed
* Fix issues reported by John Lightsey
1 parent d91271f commit 8a91645

File tree

3 files changed

+34
-17
lines changed

3 files changed

+34
-17
lines changed

Diff for: Makefile.PL

+1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ readme_from 'lib/Module/Signature.pm';
1010
repository 'http://github.com/audreyt/module-signature';
1111
install_script 'script/cpansign';
1212
build_requires 'Test::More', 0, 'IPC::Run', 0;
13+
requires 'File::Temp';
1314

1415
# On Win32 (excluding cygwin) we know that IO::Socket::INET,
1516
# which is needed for keyserver stuff, doesn't work. In fact

Diff for: README

+1-1
Original file line numberDiff line numberDiff line change
@@ -248,7 +248,7 @@ SEE ALSO
248248
Dist::Zilla::Plugin::Signature
249249

250250
AUTHORS
251-
唐鳳 <cpan@audreyt.org>
251+
Audrey Tang <cpan@audreyt.org>
252252

253253
CC0 1.0 Universal
254254
To the extent possible under law, 唐鳳 has waived all copyright and

Diff for: lib/Module/Signature.pm

+32-16
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
package Module::Signature;
2-
$Module::Signature::VERSION = '0.73_01';
2+
$Module::Signature::VERSION = '0.74';
33

44
use 5.005;
55
use strict;
@@ -58,6 +58,8 @@ sub _cipher_map {
5858
my @lines = split /\015?\012/, $sigtext;
5959
my %map;
6060
for my $line (@lines) {
61+
last if $line eq '-----BEGIN PGP SIGNATURE-----';
62+
next if $line =~ /^---/ .. $line eq '';
6163
my($cipher,$digest,$file) = split " ", $line, 3;
6264
return unless defined $file;
6365
$map{$file} = [$cipher, $digest];
@@ -66,7 +68,7 @@ sub _cipher_map {
6668
}
6769

6870
sub verify {
69-
my %args = ( skip => 1, @_ );
71+
my %args = ( @_ );
7072
my $rv;
7173

7274
(-r $SIGNATURE) or do {
@@ -179,6 +181,11 @@ sub _fullcheck {
179181
($mani, $file) = ExtUtils::Manifest::fullcheck();
180182
}
181183
else {
184+
my $_maniskip = &ExtUtils::Manifest::maniskip;
185+
local *ExtUtils::Manifest::maniskip = sub { sub {
186+
return unless $skip;
187+
return $_maniskip->(@_);
188+
} };
182189
($mani, $file) = ExtUtils::Manifest::fullcheck();
183190
}
184191

@@ -238,6 +245,11 @@ sub _verify_gpg {
238245

239246
my $keyserver = _keyserver($version);
240247

248+
require File::Temp;
249+
my $fh = File::Temp->new();
250+
print $fh $sigtext;
251+
close $fh;
252+
241253
my $gpg = _which_gpg();
242254
my @quiet = $Verbose ? () : qw(-q --logger-fd=1);
243255
my @cmd = (
@@ -246,7 +258,7 @@ sub _verify_gpg {
246258
($AutoKeyRetrieve and $version ge '1.0.7')
247259
? '--keyserver-options=auto-key-retrieve'
248260
: ()
249-
) : ()), $SIGNATURE
261+
) : ()), $fh->filename
250262
);
251263

252264
my $output = '';
@@ -258,6 +270,7 @@ sub _verify_gpg {
258270
my $cmd = join ' ', @cmd;
259271
$output = `$cmd`;
260272
}
273+
unlink $fh->filename;
261274

262275
if( $? ) {
263276
print STDERR $output;
@@ -286,7 +299,7 @@ sub _verify_crypt_openpgp {
286299
my $pgp = Crypt::OpenPGP->new(
287300
($KeyServer) ? ( KeyServer => $KeyServer, AutoKeyRetrieve => $AutoKeyRetrieve ) : (),
288301
);
289-
my $rv = $pgp->handle( Filename => $SIGNATURE )
302+
my $rv = $pgp->handle( Data => $sigtext )
290303
or die $pgp->errstr;
291304

292305
return SIGNATURE_BAD if (!$rv->{Validity} and $AutoKeyRetrieve);
@@ -309,32 +322,35 @@ sub _read_sigfile {
309322
my $well_formed;
310323

311324
local *D;
312-
open D, $sigfile or die "Could not open $sigfile: $!";
325+
open D, "< $sigfile" or die "Could not open $sigfile: $!";
313326

314327
if ($] >= 5.006 and <D> =~ /\r/) {
315328
close D;
316-
open D, $sigfile or die "Could not open $sigfile: $!";
329+
open D, '<', $sigfile or die "Could not open $sigfile: $!";
317330
binmode D, ':crlf';
318331
} else {
319332
close D;
320-
open D, $sigfile or die "Could not open $sigfile: $!";
333+
open D, "< $sigfile" or die "Could not open $sigfile: $!";
321334
}
322335

336+
my $begin = "-----BEGIN PGP SIGNED MESSAGE-----\n";
337+
my $end = "-----END PGP SIGNATURE-----\n";
323338
while (<D>) {
324-
next if (1 .. /^-----BEGIN PGP SIGNED MESSAGE-----/);
325-
last if /^-----BEGIN PGP SIGNATURE/;
326-
339+
next if (1 .. ($_ eq $begin));
327340
$signature .= $_;
341+
return "$begin$signature" if $_ eq $end;
328342
}
329343

330-
return ((split(/\n+/, $signature, 2))[1]);
344+
return;
331345
}
332346

333347
sub _compare {
334348
my ($str1, $str2, $ok) = @_;
335349

336350
# normalize all linebreaks
351+
$str1 =~ s/^-----BEGIN PGP SIGNED MESSAGE-----\n(?:.+\n)*\n//;
337352
$str1 =~ s/[^\S ]+/\n/g; $str2 =~ s/[^\S ]+/\n/g;
353+
$str1 =~ s/-----BEGIN PGP SIGNATURE-----\n(?:.+\n)*$//;
338354

339355
return $ok if $str1 eq $str2;
340356

@@ -345,7 +361,7 @@ sub _compare {
345361
}
346362
else {
347363
local (*D, *S);
348-
open S, $SIGNATURE or die "Could not open $SIGNATURE: $!";
364+
open S, "< $SIGNATURE" or die "Could not open $SIGNATURE: $!";
349365
open D, "| diff -u $SIGNATURE -" or (warn "Could not call diff: $!", return SIGNATURE_MISMATCH);
350366
while (<S>) {
351367
print D $_ if (1 .. /^-----BEGIN PGP SIGNED MESSAGE-----/);
@@ -412,9 +428,9 @@ sub _sign_gpg {
412428
die "Cannot find $sigfile.tmp, signing aborted.\n";
413429
};
414430

415-
open D, "$sigfile.tmp" or die "Cannot open $sigfile.tmp: $!";
431+
open D, "< $sigfile.tmp" or die "Cannot open $sigfile.tmp: $!";
416432

417-
open S, ">$sigfile" or do {
433+
open S, "> $sigfile" or do {
418434
unlink "$sigfile.tmp";
419435
die "Could not write to $sigfile: $!";
420436
};
@@ -597,7 +613,7 @@ sub _mkdigest_files {
597613
}
598614
else {
599615
local *F;
600-
open F, $file or die "Cannot open $file for reading: $!";
616+
open F, "< $file" or die "Cannot open $file for reading: $!";
601617
if (-B $file) {
602618
binmode(F);
603619
$obj->addfile(*F);
@@ -949,7 +965,7 @@ L<Dist::Zilla::Plugin::Signature>
949965
950966
=head1 AUTHORS
951967
952-
唐鳳 E<lt>cpan@audreyt.orgE<gt>
968+
Audrey Tang E<lt>cpan@audreyt.orgE<gt>
953969
954970
=head1 CC0 1.0 Universal
955971

0 commit comments

Comments
 (0)