11package Module::Signature ;
2- $Module::Signature::VERSION = ' 0.73_01 ' ;
2+ $Module::Signature::VERSION = ' 0.74 ' ;
33
44use 5.005;
55use strict;
@@ -58,6 +58,8 @@ sub _cipher_map {
5858 my @lines = split /\015?\012/, $sigtext ;
5959 my %map ;
6060 for my $line (@lines ) {
61+ last if $line eq ' -----BEGIN PGP SIGNATURE-----' ;
62+ next if $line =~ / ^---/ .. $line eq ' ' ;
6163 my ($cipher ,$digest ,$file ) = split " " , $line , 3;
6264 return unless defined $file ;
6365 $map {$file } = [$cipher , $digest ];
@@ -66,7 +68,7 @@ sub _cipher_map {
6668}
6769
6870sub verify {
69- my %args = ( skip => 1, @_ );
71+ my %args = ( @_ );
7072 my $rv ;
7173
7274 (-r $SIGNATURE ) or do {
@@ -179,6 +181,11 @@ sub _fullcheck {
179181 ($mani , $file ) = ExtUtils::Manifest::fullcheck();
180182 }
181183 else {
184+ my $_maniskip = &ExtUtils::Manifest::maniskip;
185+ local *ExtUtils::Manifest::maniskip = sub { sub {
186+ return unless $skip ;
187+ return $_maniskip-> (@_ );
188+ } };
182189 ($mani , $file ) = ExtUtils::Manifest::fullcheck();
183190 }
184191
@@ -238,6 +245,11 @@ sub _verify_gpg {
238245
239246 my $keyserver = _keyserver($version );
240247
248+ require File::Temp;
249+ my $fh = File::Temp-> new();
250+ print $fh $sigtext ;
251+ close $fh ;
252+
241253 my $gpg = _which_gpg();
242254 my @quiet = $Verbose ? () : qw( -q --logger-fd=1) ;
243255 my @cmd = (
@@ -246,7 +258,7 @@ sub _verify_gpg {
246258 ($AutoKeyRetrieve and $version ge ' 1.0.7' )
247259 ? ' --keyserver-options=auto-key-retrieve'
248260 : ()
249- ) : ()), $SIGNATURE
261+ ) : ()), $fh -> filename
250262 );
251263
252264 my $output = ' ' ;
@@ -258,6 +270,7 @@ sub _verify_gpg {
258270 my $cmd = join ' ' , @cmd ;
259271 $output = ` $cmd ` ;
260272 }
273+ unlink $fh -> filename;
261274
262275 if ( $? ) {
263276 print STDERR $output ;
@@ -286,7 +299,7 @@ sub _verify_crypt_openpgp {
286299 my $pgp = Crypt::OpenPGP-> new(
287300 ($KeyServer ) ? ( KeyServer => $KeyServer , AutoKeyRetrieve => $AutoKeyRetrieve ) : (),
288301 );
289- my $rv = $pgp -> handle( Filename => $SIGNATURE )
302+ my $rv = $pgp -> handle( Data => $sigtext )
290303 or die $pgp -> errstr;
291304
292305 return SIGNATURE_BAD if (!$rv -> {Validity } and $AutoKeyRetrieve );
@@ -309,32 +322,35 @@ sub _read_sigfile {
309322 my $well_formed ;
310323
311324 local *D;
312- open D, $sigfile or die " Could not open $sigfile : $! " ;
325+ open D, " < $sigfile " or die " Could not open $sigfile : $! " ;
313326
314327 if ($] >= 5.006 and <D> =~ / \r / ) {
315328 close D;
316- open D, $sigfile or die " Could not open $sigfile : $! " ;
329+ open D, ' < ' , $sigfile or die " Could not open $sigfile : $! " ;
317330 binmode D, ' :crlf' ;
318331 } else {
319332 close D;
320- open D, $sigfile or die " Could not open $sigfile : $! " ;
333+ open D, " < $sigfile " or die " Could not open $sigfile : $! " ;
321334 }
322335
336+ my $begin = " -----BEGIN PGP SIGNED MESSAGE-----\n " ;
337+ my $end = " -----END PGP SIGNATURE-----\n " ;
323338 while (<D>) {
324- next if (1 .. /^-----BEGIN PGP SIGNED MESSAGE-----/);
325- last if / ^-----BEGIN PGP SIGNATURE/ ;
326-
339+ next if (1 .. ($_ eq $begin ));
327340 $signature .= $_ ;
341+ return " $begin$signature " if $_ eq $end ;
328342 }
329343
330- return (( split ( / \n + / , $signature , 2))[1]) ;
344+ return ;
331345}
332346
333347sub _compare {
334348 my ($str1 , $str2 , $ok ) = @_ ;
335349
336350 # normalize all linebreaks
351+ $str1 =~ s / ^-----BEGIN PGP SIGNED MESSAGE-----\n (?:.+\n )*\n // ;
337352 $str1 =~ s / [^\S ]+/ \n / g ; $str2 =~ s / [^\S ]+/ \n / g ;
353+ $str1 =~ s / -----BEGIN PGP SIGNATURE-----\n (?:.+\n )*$// ;
338354
339355 return $ok if $str1 eq $str2 ;
340356
@@ -345,7 +361,7 @@ sub _compare {
345361 }
346362 else {
347363 local (*D, *S);
348- open S, $SIGNATURE or die " Could not open $SIGNATURE : $! " ;
364+ open S, " < $SIGNATURE " or die " Could not open $SIGNATURE : $! " ;
349365 open D, " | diff -u $SIGNATURE -" or (warn " Could not call diff: $! " , return SIGNATURE_MISMATCH);
350366 while (<S>) {
351367 print D $_ if (1 .. /^-----BEGIN PGP SIGNED MESSAGE-----/);
@@ -412,9 +428,9 @@ sub _sign_gpg {
412428 die " Cannot find $sigfile .tmp, signing aborted.\n " ;
413429 };
414430
415- open D, " $sigfile .tmp" or die " Cannot open $sigfile .tmp: $! " ;
431+ open D, " < $sigfile .tmp" or die " Cannot open $sigfile .tmp: $! " ;
416432
417- open S, " >$sigfile " or do {
433+ open S, " > $sigfile " or do {
418434 unlink " $sigfile .tmp" ;
419435 die " Could not write to $sigfile : $! " ;
420436 };
@@ -597,7 +613,7 @@ sub _mkdigest_files {
597613 }
598614 else {
599615 local *F;
600- open F, $file or die " Cannot open $file for reading: $! " ;
616+ open F, " < $file " or die " Cannot open $file for reading: $! " ;
601617 if (-B $file ) {
602618 binmode (F);
603619 $obj -> addfile(*F);
@@ -949,7 +965,7 @@ L<Dist::Zilla::Plugin::Signature>
949965
950966=head1 AUTHORS
951967
952- 唐鳳 E<lt> cpan@audreyt.orgE<gt>
968+ Audrey Tang E<lt> cpan@audreyt.orgE<gt>
953969
954970=head1 CC0 1.0 Universal
955971
0 commit comments