Skip Menu |

This queue is for tickets about the Crypt-CipherSaber CPAN distribution.

Report information
The Basics
Id: 103485
Status: new
Priority: 0/
Queue: Crypt-CipherSaber
People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 1.00
Fixed in: (no value)

History Show all quoted text
  Mon Apr 13 07:46:18 2015 ppisar [...] redhat.com - Ticket created
Subject: t/0-signature.t test fails since Module-Signature 0.74
After upgrading Module-Signature from 0.73, signature test fails: $ prove -b t/0-signature.t t/0-signature.t .. WARNING: This key is not certified with a trusted signature! Primary key fingerprint: DF05 D93D BEA3 9DD2 4A44 CD66 05DF 169F 5C08 E9C4 Not in MANIFEST: _build/auto_features Not in MANIFEST: _build/build_params Not in MANIFEST: _build/cleanup Not in MANIFEST: _build/config_data Not in MANIFEST: _build/features Not in MANIFEST: _build/magicnum Not in MANIFEST: _build/notes Not in MANIFEST: _build/prereqs Not in MANIFEST: _build/runtime_params Not in MANIFEST: blib/lib/Crypt/CipherSaber.pm Not in MANIFEST: blib/libdoc/Crypt::CipherSaber.3pm Not in MANIFEST: Build Not in MANIFEST: MYMETA.json Not in MANIFEST: MYMETA.yml ==> MISMATCHED content between MANIFEST and distribution files! <== t/0-signature.t .. 1/1 # Failed test 'Valid signature' # at t/0-signature.t line 8. # Looks like you failed 1 test of 1. This is because Crypt-CipherSaber does not lists these temporary files created on build in MANIFEST.SKIP file. This requirement is documented in MANIFEST.SKIP Considerations section of Module::Signature POD.
  Mon Apr 13 09:23:11 2015 ppisar [...] redhat.com - Correspondence added
From: ppisar [...] redhat.com
Dne Po 13.dub.2015 07:46:18, ppisar napsal(a): Show quoted text
> After upgrading Module-Signature from 0.73, signature test fails: > > $ prove -b t/0-signature.t > t/0-signature.t .. WARNING: This key is not certified with a trusted > signature! > Primary key fingerprint: DF05 D93D BEA3 9DD2 4A44 CD66 05DF 169F 5C08 > E9C4 > Not in MANIFEST: _build/auto_features
[...] Show quoted text
> This is because Crypt-CipherSaber does not lists these temporary files > created on build in MANIFEST.SKIP file. This requirement is documented > in MANIFEST.SKIP Considerations section of Module::Signature POD.
Actually ExtUtils::Manifest provides a built-in skip list, but Module::Signature started to ignore the skip list by default. Attached patch forces the Module::Signature to process the skip list again in order to run the t/0-signature.t as a sanity test that all will-be-distributed files were signed.
Subject: Crypt-CipherSaber-1.00-Do-not-verify-files-missing-from-MANIFEST.patch
From aa3a3f5b7f4d15ee3cb30de679f4651f40c09eef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Mon, 13 Apr 2015 15:04:59 +0200 Subject: [PATCH] Do not verify files missing from MANIFEST MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Module-Signature-0.74 ignores MANIFEST.SKIP by default as a result of a security fix. This patch enables the (built-in) skip list again as the 0-signature.t is a sanity author test rather than a security check which should be performed before executing ./Build.PL or Makefile.PL. CPAN RT#103485 Signed-off-by: Petr Písař <ppisar@redhat.com> --- t/0-signature.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/0-signature.t b/t/0-signature.t index 48bb368..3bf3ec5 100644 --- a/t/0-signature.t +++ b/t/0-signature.t @@ -5,7 +5,7 @@ use Test::More tests => 1; SKIP: { if (eval { require Module::Signature; 1 }) { - ok(Module::Signature::verify() == Module::Signature::SIGNATURE_OK() + ok(Module::Signature::verify(skip => 1) == Module::Signature::SIGNATURE_OK() => "Valid signature" ); } else { -- 2.1.0