NAME

Module::Signature - Module signature file manipulation

VERSION

This document describes version 0.10 of Module::Signature.

SYNOPSIS

As a shell command:

    % cpansign		# DWIM: verify an existing SIGNATURE, or
			        make a new one if none exists 

    % cpansign sign	# make signature; overwrites existing one
    % cpansign -s	# same thing

    % cpansign verify	# verify a signature
    % cpansign -v	# same thing

    % cpansign help     # display this documentation
    % cpansign -h       # same thing

In programs:

use Module::Signature qw(sign verify SIGNATURE_OK);
sign();
sign(overwrite => 1);	# overwrites without asking

# see the CONSTANTS section below
(verify() == SIGNATURE_OK) or die "failed!";

CPAN authors may consider adding this code as t/0-signature.t:

    #!/usr/bin/perl
    use strict;
    print "1..1\n";

    if (eval { require Module::Signature; 1 }) {
	(Module::Signature::verify() == Module::Signature::SIGNATURE_OK())
	    or print "not ";
	print "ok 1 # Valid signature\n";
    }
    else {
	warn "# Next time around, consider install Module::Signature,\n".
             "# so you can verify the integrity of this distribution.\n";
	print "ok 1 # skip - Module::Signature not installed\n";
    }

If you are already using Test::More for testing, a more straightforward version of t/0-signature.t can be found in the Module::Signature distribution.

And if you're not worried about compatibility of Perl 5.005 and earlier versions, willing to inflict the dependency of Module::Build on your users, and prefer a more full-fledged testing package, Iain Truskett's Test::Signature might be a better choice.

DESCRIPTION

Module::Signature adds cryptographic authentications to CPAN distributions, via the special SIGNATURE file.

VARIABLES

These package variables are not exported by default.

$SIGNATURE

The filename for a distribution's signature file. Defaults to SIGNATURE.

$KeyServer

The OpenPGP key server for fetching the author's public key (currently only implemented on gpg, not Crypt::OpenPGP). May be set to a false value to prevent this module from fetching public keys.

$Cipher

The default cipher used by the Digest module to make signature files. Defaults to SHA1, but may be changed to other ciphers if the SHA1 cipher is undesirable for the user.

Module::Signature version 0.09 and above will use the cipher specified in the SIGNATURE file's first entry to validate its integrity.

$Preamble

The explanatory text written to newly generated SIGNATURE files before the actual entries.

CONSTANTS

These constants are not exported by default.

SIGNATURE_OK: Signature successfully verified.
SIGNATURE_MALFORMED: The signature file does not contains a valid OpenPGP message.
SIGNATURE_BAD: Invalid signature detected -- it might have been tampered.
SIGNATURE_MISMATCH: The signature is valid, but files in the distribution have changed since its creation.
MANIFEST_MISMATCH: There are extra files in the current directory not specified by the MANIFEST file.
CIPHER_UNKNOWN: The cipher used by the signature file is not recognized by the Digest module.

AUTHORS

Autrijus Tang <autrijus@autrijus.org>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html

To install Module::Signature, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Module::Signature

CPAN shell

perl -MCPAN -e shell
install Module::Signature

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)