Skip Menu |

This queue is for tickets about the Module-Signature CPAN distribution.

Report information
The Basics
Id: 16922
Status: open
Priority: 0/
Queue: Module-Signature

People
Owner: Nobody in particular
Requestors: julian [...] mehnle.net
Cc: rotkraut [...] cpan.org
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: Should be able to specify ID of signing key to use
It should be possible to specify the ID of the key that is to be used for signing modules. AFAICT it currently just uses the gpg default key, which is not always the key one wants to use.
Am Do 05. Jan 2006, 08:01:56, JMEHNLE schrieb: Show quoted text
> It should be possible to specify the ID of the key that is to be used > for signing modules. AFAICT it currently just uses the gpg default > key, which is not always the key one wants to use.
I prepared a patch that implements this feature. The key ID to use may be set in the new module variable $SigningKey or the environment variable MODULE_SIGNATURE_SIGNINGKEY. If this variable is set to a false value (which is the default) the behavior of Module::Signature is not changed. In the patched version, the following invocation should work as expected: $ export MODULE_SIGNATURE_SIGNINGKEY=0xFDCF7486 $ cpansign -s The attached patch is made against Module::Signature version 0.63 as found in CPAN. Please note that i use the gpg back-end and did not test the code for the Crypt::OpenPGP back-end in sub _sign_crypt_openpgp. But i hope it is working nevertheless.
Subject: signingkey.diff
--- lib/Module/Signature.pm.orig 2010-03-28 04:46:01.000000000 +0200 +++ lib/Module/Signature.pm 2010-04-03 21:35:50.000000000 +0200 @@ -4,7 +4,7 @@ use 5.005; use strict; use vars qw($VERSION $SIGNATURE @ISA @EXPORT_OK); -use vars qw($Preamble $Cipher $Debug $Verbose $Timeout); +use vars qw($Preamble $Cipher $Debug $Verbose $Timeout $SigningKey); use vars qw($KeyServer $KeyServerPort $AutoKeyRetrieve $CanKeyRetrieve); use constant CANNOT_VERIFY => '0E0'; @@ -29,6 +29,7 @@ $SIGNATURE = 'SIGNATURE'; $Timeout = $ENV{MODULE_SIGNATURE_TIMEOUT} || 3; $Verbose = $ENV{MODULE_SIGNATURE_VERBOSE} || 0; +$SigningKey = $ENV{MODULE_SIGNATURE_SIGNINGKEY} || 0; $KeyServer = $ENV{MODULE_SIGNATURE_KEYSERVER} || 'pool.sks-keyservers.net'; $KeyServerPort = $ENV{MODULE_SIGNATURE_KEYSERVERPORT} || '11371'; $Cipher = $ENV{MODULE_SIGNATURE_CIPHER} || 'SHA1'; @@ -353,12 +354,13 @@ sub _sign_gpg { my ($sigfile, $plaintext, $version) = @_; + my $signerarg = $SigningKey ? "-u $SigningKey" : ""; die "Could not write to $sigfile" if -e $sigfile and (-d $sigfile or not -w $sigfile); local *D; - open D, "| gpg --clearsign >> $sigfile.tmp" or die "Could not call gpg: $!"; + open D, "| gpg $signerarg --clearsign >> $sigfile.tmp" or die "Could not call gpg: $!"; print D $plaintext; close D; @@ -432,8 +434,15 @@ my $ring = Crypt::OpenPGP::KeyRing->new( Filename => $pgp->{cfg}->get('SecRing') ) or die $pgp->error(Crypt::OpenPGP::KeyRing->errstr); - my $kb = $ring->find_keyblock_by_index(-1) - or die $pgp->error('Can\'t find last keyblock: ' . $ring->errstr); + my $kb; + if ($SigningKey) { + $kb = $ring->find_keyblock_by_keyid(pack 'H*', $SigningKey) + or die $pgp->error("Can\'t find keyblock $SigningKey: " . $ring->errstr); + } + else { + $kb = $ring->find_keyblock_by_index(-1) + or die $pgp->error('Can\'t find last keyblock: ' . $ring->errstr); + } my $cert = $kb->signing_key; my $uid = $cert->uid($kb->primary_uid); @@ -631,6 +640,12 @@ The filename for a distribution's signature file. Defaults to C<SIGNATURE>. +=item $SigningKey + +The id of the key to be used for signing. If set to a false value, a +default key depending on the back-end (C<gpg> or C<Crypt::OpenPGP>) is +used. Defaults to C<0>. + =item $KeyServer The OpenPGP key server for fetching the author's public key @@ -686,6 +701,10 @@ Works like C<$Verbose>. +=item MODULE_SIGNATURE_SIGNINGKEY + +Works like C<$SigningKey>. + =item MODULE_SIGNATURE_KEYSERVER Works like C<$KeyServer>.
From: my.roges [...] gmail.com
On Thu Jan 05 08:01:56 2006, JMEHNLE wrote: Show quoted text
> It should be possible to specify the ID of the key that is to be used > for signing modules. AFAICT it currently just uses the gpg default > key, which is not always the key one wants to use.
#or we could pull the key from the AUTHOR in the Makefile.PL with this patch: --- a/usr/local/share/perl/5.10.0/Module/Signature.pm +++ b/usr/local/share/perl/5.10.0/Module/Signature.pm @@ -348,8 +348,17 @@ sub sign { return unless <STDIN> =~ /[Yy]/; } + #dirty hack to let the user chose the key + my $AUTHOR = ''; + $AUTHOR = `grep AUTHOR Makefile.PL` if(-f "Makefile.PL"); + #$AUTHOR = `grep AUTHOR Makefile.PL|sed -e 's/.*{//' -e 's/}.*//'` if(-f "Makefile.PL"); + $AUTHOR = '' unless $AUTHOR=~s/.*<(.+\@.+)\>.*/$1/; + #$AUTHOR=~s/.*\{(.+)\}.*/$1/; + chomp($AUTHOR); + $AUTHOR=~s/\s*\n$//; + if (my $version = _has_gpg()) { - _sign_gpg($SIGNATURE, $plaintext, $version); + _sign_gpg($SIGNATURE, $plaintext, $version, $AUTHOR); } elsif (eval {require Crypt::OpenPGP; 1}) { _sign_crypt_openpgp($SIGNATURE, $plaintext); @@ -363,13 +372,15 @@ sub sign { } sub _sign_gpg { - my ($sigfile, $plaintext, $version) = @_; + my ($sigfile, $plaintext, $version, $AUTHOR) = @_; die "Could not write to $sigfile" if -e $sigfile and (-d $sigfile or not -w $sigfile); local *D; - open D, "| gpg --clearsign >> $sigfile.tmp" or die "Could not call gpg: $!"; + my $set_key =''; + $set_key = "--default-key $AUTHOR" if $AUTHOR; + open D, "| gpg $set_key --clearsign >> $sigfile.tmp" or die "Could not call gpg: $!"; print D $plaintext; close D; # grep VERSION /usr/local/share/perl/5.10.0/Module/Signature.pm # $Module::Signature::VERSION = '0.66'; # works for me (and I agree, this did bug me as I have lots of keys and lots of addresses.