Skip Menu |

This queue is for tickets about the Module-Signature CPAN distribution.

Report information
The Basics
Id: 103369
Status: open
Worked: 5 min
Priority: 0/
Queue: Module-Signature
People
Owner: Nobody in particular
Requestors: ANDK [...] cpan.org
KENTNL [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 0.75
  • 0.76
  • 0.77
Fixed in: (no value)

History Show all quoted text
  Tue Apr 07 18:05:39 2015 ANDK [...] cpan.org - Ticket created
Subject: 0.75 breaks CPAN.pm checksums file checking
CPAN shell output follows up to EOSHELL cpan[1]> test Module::Signature Reading '/home/ftp/pub/PAUSE/authors/01mailrc.txt.gz' ............................................................................DONE Reading '/home/ftp/pub/PAUSE/modules/02packages.details.txt.gz' Database was generated on Tue, 07 Apr 2015 21:29:01 GMT ............................................................................DONE Reading '/home/ftp/pub/PAUSE/modules/03modlist.data.gz' DONE Running test for module 'Module::Signature' Executing gpg/--verify/--batch/--no-tty/--keyserver=hkp://pool.sks-keyservers.net:11371/--keyserver-options=auto-key-retrieve//tmp/NCJfTn7C9s gpg: verify signatures failed: eof Signature invalid for distribution file. Please investigate. Distribution id = A/AU/AUDREYT/Module-Signature-0.75.tar.gz CPAN_USERID AUDREYT (Audrey Tang <cpan@audreyt.org>) CALLED_FOR Module::Signature CHECKSUM_STATUS CONTAINSMODS Module::Signature localfile /home/ftp/pub/PAUSE/authors/id/A/AU/AUDREYT/Module-Signature-0.75.tar.gz mandatory 1 negative_prefs_cache 1 prefs HASH(0x3ad42e0) reqtype c I'd recommend removing /home/ftp/pub/PAUSE/authors/id/A/AU/AUDREYT/CHECKSUMS. Its signature is invalid. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. EOSHELL The file /tmp/NCJfTn7C9s is empty. Cpan shell calls Module::Signature::_verify($chk_file) directly (you remember?:) where $chk_file is the path to the CHECKSUMS file. This leads to _verify_gpg being called with an empty $sigtext argument. There is this 'print $fh $sigtext;' in https://metacpan.org/source/AUDREYT/Module-Signature-0.75/lib/Module/Signature.pm#L252 I think it would be prudent for CPAN shell to not call an underscore function directly, but as far as I can see, there was never another way through Module::Signature::verify for the CHECKSUMS files, right? Bottom line: I think I need help from within Module::Signature. Cordially,
  Tue Apr 07 20:31:21 2015 ANDK [...] cpan.org - Correspondence added
Attached patch seems to do it.
Subject: 103359.diff
--- ../Module-Signature-0.75-0/lib/Module/Signature.pm 2015-04-06 22:56:55.000000000 +0200 +++ lib/Module/Signature.pm 2015-04-08 02:18:30.754037252 +0200 @@ -249,7 +249,7 @@ require File::Temp; my $fh = File::Temp->new(); - print $fh $sigtext; + print $fh $sigtext || _read_sigfile($SIGNATURE); close $fh; my $gpg = _which_gpg();
  Thu Apr 09 01:16:30 2015 KENTNL [...] cpan.org - Broken in 0.76 added
  Thu Apr 09 01:16:30 2015 KENTNL [...] cpan.org - Broken in 0.77 added
  Thu Apr 09 01:16:30 2015 KENTNL [...] cpan.org - Correspondence added

Still broken as stated above in 0.77 under cpanm which also fails in the same way for every dist.

Patch by ANDK resolves this issue so far.

  Thu Apr 09 01:16:31 2015 The RT System itself - Status changed from 'new' to 'open'
  Thu Apr 09 01:40:27 2015 KENTNL [...] cpan.org - Requestor KENTNL added
  Thu Apr 09 05:00:35 2015 cpan [...] audreyt.org - Correspondence added 5 min
Fixed in 0.78. Thanks for the patch and sorry for the breakage!