Skip Menu |

This queue is for tickets about the GD-SecurityImage CPAN distribution.

Report information
The Basics
Id: 15346
Status: resolved
Priority: 0/
Queue: GD-SecurityImage
People
Owner: burak [...] cpan.org
Requestors: cpan [...] danonline.net
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.581
Fixed in: 1.59

History Show all quoted text
  Thu Oct 27 15:57:31 2005 Guest - Ticket created
Subject: Malformed SIGNATURE File
GD-SecurityImage-1.581 seems to have something wrong with the SIGNATURE file in its distribution. Extracting the distribution and then running: cpansign verify produces the error message: ==> MALFORMED Signature file! <== I'd attempt to provide a patch, but I don't have your private key. :) Thank you. -Daniel Axelrod I have Module::Signature 0.50, and gpg --version produces: gpg (GnuPG) 1.2.4 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB, BZIP2
  Sat Oct 29 15:42:14 2005 burak [...] cpan.org - Correspondence added
I don't have any problems under Windows XP. I'll check it... C:\Documents and Settings\burak\Desktop\GD-SecurityImage-1.581>cpansign Executing gpg --verify --batch --no-tty -- keyserver=hkp://pgp.mit.edu:11371 --keyserver-options=auto-key- retrieve SIGNATURE gpg: Signature made 10/26/05 20:32:54 EET using DSA key ID 1483EA44 gpg: Good signature from "Burak Gursoy <burak@cpan.org>" ==> Signature verified OK! <== C:\Documents and Settings\burak\Desktop\GD-SecurityImage-1.581>gpg -- version gpg (GnuPG) 1.2.5 Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: c:/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB
  Sat Oct 29 15:42:15 2005 burak [...] cpan.org - Status changed from 'new' to 'open'
  Sat Oct 29 15:42:16 2005 burak [...] cpan.org - Given to BURAK
  Sun Nov 27 16:24:09 2005 burak [...] cpan.org - Correspondence added
This turns out to be a Module::Signature issue. Module::Signature <= 0. 50 can not handle CRLF files. I've contacted the author about this, but he seems to be busy. For, now only thing fixed is distro integrity; LF files converted to CRLF. Now all files are CRLF. So, if you are under some $^O ne 'MSWin32' and M::S is <= 0.5 then the sig. test will by-passed. If you are under win32, the test will be performed. And I suggest you to not use "cpansign" util until the bug is patched sometime in the future. I've released 1.583 to by-pass signature test (got 2 FAILs from 1.582). .. I may even consider to remove all signature related things in future releases...
  Sun Nov 27 16:24:10 2005 burak [...] cpan.org - Status changed from 'open' to 'stalled'
  Thu Jan 05 21:08:38 2006 Guest - Correspondence added
From: ben [...] cpanel.net
Can you either: 1. Update your bypass of the SIGNATURE check so that it works with the current version of Module::Signature (0.51) or 2. Sign your module in a way that works with Module::Signature (I can give you access to a non-Windows system if that's what you need). or 3. Remove the SIGNATURE all together. Since CPAN has been updated to use Module::Signature by default (installed with Bundle::CPAN), this has become a real issue.
  Thu Jan 05 21:08:38 2006 The RT System itself - Status changed from 'stalled' to 'open'
  Sat Jan 07 09:18:18 2006 burak [...] cpan.org - Correspondence added
[guest - Thu Jan 5 21:08:38 2006]: Show quoted text
> Can you either: > > 1. Update your bypass of the SIGNATURE check so that it works with
the Show quoted text
> current version of Module::Signature (0.51) > > or > > 2. Sign your module in a way that works with Module::Signature (I can > give you access to a non-Windows system if that's what you need). > > or > > 3. Remove the SIGNATURE all together. > > Since CPAN has been updated to use Module::Signature by default > (installed with Bundle::CPAN), this has become a real issue.
I've removed anything signature related and released 1.59 ...
  Mon Jan 16 11:40:09 2006 burak [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Jan 16 11:40:09 2006 burak [...] cpan.org - Fixed in 1.59 added