Upgrade to CPAN 1.72.

p4raw-id: //depot/perl@20243
author: Jarkko Hietaniemi <jhi@iki.fi> 2003-07-27 20:31:31 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2003-07-27 20:31:31 +0000
commit: 0fa16c34bbe53a7015f0a9ba3310b33d220a2efe (patch)
tree: dac66b00dba5b4d2fefa555758a43c09412cf164
parent: 4546b9e60350d925ea9a8210378c9e1a79f4a7ab (diff)
download: perl-0fa16c34bbe53a7015f0a9ba3310b33d220a2efe.tar.gz
2 files changed, 98 insertions, 4 deletions
diff --git a/lib/CPAN.pm b/lib/CPAN.pm
index 5d24a18d7f..b27a98c169 100644
--- a/lib/CPAN.pm
+++ b/lib/CPAN.pm
@@ -1,11 +1,11 @@
 # -*- Mode: cperl; coding: utf-8; cperl-indent-level: 4 -*-
 package CPAN;
-$VERSION = '1.71';
-# $Id: CPAN.pm,v 1.405 2003/07/04 08:06:11 k Exp $
+$VERSION = '1.72';
+# $Id: CPAN.pm,v 1.407 2003/07/27 16:07:39 k Exp $
 
 # only used during development:
 $Revision = "";
-# $Revision = "[".substr(q$Revision: 1.405 $, 10)."]";
+# $Revision = "[".substr(q$Revision: 1.407 $, 10)."]";
 
 use Carp ();
 use Config ();
@@ -773,6 +773,13 @@ sub has_inst {
 
 });
 	sleep 2;
+    } elsif ($mod eq "Module::Signature"){
+	$CPAN::Frontend->myprint(qq{
+  CPAN: Module::Signature security checks disabled because Module::Signature
+  not installed.  Please consider installing the Module::Signature module.
+
+});
+	sleep 2;
     } else {
 	delete $INC{$file}; # if it inc'd LWP but failed during, say, URI
     }
@@ -3961,9 +3968,44 @@ sub get {
     }
 
     $self->{'build_dir'} = $packagedir;
-    $self->safe_chdir(File::Spec->updir);
+    $self->safe_chdir($builddir);
     File::Path::rmtree("tmp");
 
+    $self->safe_chdir($packagedir);
+    if ($CPAN::META->has_inst("Module::Signature")) {
+        if (-f "SIGNATURE") {
+            $self->debug("Module::Signature is installed, verifying") if $CPAN::DEBUG;
+            my $rv = Module::Signature::verify();
+            if ($rv != Module::Signature::SIGNATURE_OK() and
+                $rv != Module::Signature::SIGNATURE_MISSING()) {
+                $CPAN::Frontend->myprint(
+                                         qq{\nSignature invalid for }.
+                                         qq{distribution file. }.
+                                         qq{Please investigate.\n\n}.
+                                         $self->as_string,
+                                         $CPAN::META->instance(
+                                                               'CPAN::Author',
+                                                               $self->cpan_userid,
+                                                              )->as_string
+                                        );
+
+                my $wrap = qq{I\'d recommend removing $self->{localfile}. Its signature
+is invalid. Maybe you have configured your 'urllist' with
+a bad URL. Please check this array with 'o conf urllist', and
+retry.};
+                $CPAN::Frontend->mydie(Text::Wrap::wrap("","",$wrap));
+            }
+        } else {
+            $CPAN::Frontend->myprint(qq{Package came without SIGNATURE\n\n});
+        }
+    } else {
+	$self->debug("Module::Signature is NOT installed") if $CPAN::DEBUG;
+    }
+    $self->safe_chdir($builddir);
+    return if $CPAN::Signal;
+
+
+
     my($mpl) = File::Spec->catfile($packagedir,"Makefile.PL");
     my($mpl_exists) = -f $mpl;
     unless ($mpl_exists) {
@@ -4231,10 +4273,44 @@ sub verifyMD5 {
     $self->MD5_check_file($lc_file);
 }
 
+sub SIG_check_file {
+    my($self,$chk_file) = @_;
+    my $rv = eval { Module::Signature::_verify($chk_file) };
+
+    if ($rv == Module::Signature::SIGNATURE_OK()) {
+	$CPAN::Frontend->myprint("Signature for $chk_file ok\n");
+	return $self->{SIG_STATUS} = "OK";
+    } else {
+	$CPAN::Frontend->myprint(qq{\nSignature invalid for }.
+				 qq{distribution file. }.
+				 qq{Please investigate.\n\n}.
+				 $self->as_string,
+				$CPAN::META->instance(
+							'CPAN::Author',
+							$self->cpan_userid
+							)->as_string);
+
+	my $wrap = qq{I\'d recommend removing $chk_file. Its signature
+is invalid. Maybe you have configured your 'urllist' with
+a bad URL. Please check this array with 'o conf urllist', and
+retry.};
+
+	$CPAN::Frontend->mydie(Text::Wrap::wrap("","",$wrap));
+    }
+}
+
 #-> sub CPAN::Distribution::MD5_check_file ;
 sub MD5_check_file {
     my($self,$chk_file) = @_;
     my($cksum,$file,$basename);
+
+    if ($CPAN::META->has_inst("Module::Signature") and Module::Signature->VERSION >= 0.26) {
+	$self->debug("Module::Signature is installed, verifying");
+	$self->SIG_check_file($chk_file);
+    } else {
+	$self->debug("Module::Signature is NOT installed");
+    }
+
     $file = $self->{localfile};
     $basename = File::Basename::basename($file);
     my $fh = FileHandle->new;
diff --git a/lib/CPAN/t/signature.t b/lib/CPAN/t/signature.t
new file mode 100644
index 0000000000..670a1aacce
--- /dev/null
+++ b/lib/CPAN/t/signature.t
@@ -0,0 +1,18 @@
+# -*- mode: cperl -*-
+
+use strict;
+print "1..1\n";
+
+if (!eval { require Socket; Socket::inet_aton('pgp.mit.edu') }) {
+    print "ok 1 # skip - Cannot connect to the keyserver";
+}
+elsif (!eval { require Module::Signature; 1 }) {
+    warn "# Next time around, consider install Module::Signature,\n".
+         "# so you can verify the integrity of this distribution.\n";
+    print "ok 1 # skip - Module::Signature not installed\n";
+}
+else {
+    (Module::Signature::verify() == Module::Signature::SIGNATURE_OK())
+        or print "not ";
+    print "ok 1 # Valid signature\n";
+}
author	Jarkko Hietaniemi <jhi@iki.fi>	2003-07-27 20:31:31 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2003-07-27 20:31:31 +0000
commit	0fa16c34bbe53a7015f0a9ba3310b33d220a2efe (patch)
tree	dac66b00dba5b4d2fefa555758a43c09412cf164
parent	4546b9e60350d925ea9a8210378c9e1a79f4a7ab (diff)
download	perl-0fa16c34bbe53a7015f0a9ba3310b33d220a2efe.tar.gz