diff options
| author | Andreas König <a.koenig@mind.de> | 2006-07-30 00:06:31 +0200 |
|---|---|---|
| committer | Steve Peters <steve@fisharerojo.org> | 2006-07-30 16:20:58 +0000 |
| commit | ed84aac994553b92aff03a46f3a7be7248eb5fab (patch) | |
| tree | c26ef15bcc622630d70f96bd9a6946945a9db0ec /lib/CPAN | |
| parent | 57303e6c0943c683fe6bdbbfa2a8b16d3aa4d9f5 (diff) | |
| download | perl-ed84aac994553b92aff03a46f3a7be7248eb5fab.tar.gz | |
[PAUSE] CPAN Upload: A/AN/ANDK/CPAN-1.87_55.tar.gz
Message-ID: <877j1w2n20.fsf@k75.linux.bogus>
p4raw-id: //depot/perl@28631
Diffstat (limited to 'lib/CPAN')
| -rw-r--r-- | lib/CPAN/FirstTime.pm | 51 | ||||
| -rw-r--r-- | lib/CPAN/HandleConfig.pm | 80 | ||||
| -rw-r--r-- | lib/CPAN/SIGNATURE | 43 | ||||
| -rw-r--r-- | lib/CPAN/Tarzip.pm | 30 |
4 files changed, 158 insertions, 46 deletions
diff --git a/lib/CPAN/FirstTime.pm b/lib/CPAN/FirstTime.pm index 3d24c9c666..9d39282b80 100644 --- a/lib/CPAN/FirstTime.pm +++ b/lib/CPAN/FirstTime.pm @@ -2,7 +2,7 @@ package CPAN::Mirrored::By; use strict; use vars qw($VERSION); -$VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; +$VERSION = sprintf "%.6f", substr(q$Rev: 742 $,4)/1000000 + 5.4; sub new { my($self,@arg) = @_; @@ -21,7 +21,7 @@ use File::Basename (); use File::Path (); use File::Spec; use vars qw($VERSION); -$VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; +$VERSION = sprintf "%.6f", substr(q$Rev: 742 $,4)/1000000 + 5.4; =head1 NAME @@ -240,6 +240,17 @@ Shall we use it as the general CPAN build and cache directory? # + # Module::Signature + # + $CPAN::Frontend->myprint($prompts{check_sigs_intro}); + + defined($default = $CPAN::Config->{check_sigs}) or + $default = 0; + $ans = prompt($prompts{check_sigs}, + ($default ? 'yes' : 'no')); + $CPAN::Config->{check_sigs} = ($ans =~ /^y/i ? 1 : 0); + + # # External programs # @@ -264,7 +275,7 @@ Shall we use it as the general CPAN build and cache directory? my $progcall = $progname; # we don't need ncftp if we have ncftpget next if $progname eq "ncftp" && $CPAN::Config->{ncftpget} gt " "; - my $path = $CPAN::Config->{$progname} + my $path = $CPAN::Config->{$progname} || $Config::Config{$progname} || ""; if (File::Spec->file_name_is_absolute($path)) { @@ -273,6 +284,8 @@ Shall we use it as the general CPAN build and cache directory? # warn "Warning: configured $path does not exist\n" unless -e $path; # $path = ""; + } elsif ($path =~ /^\s+$/) { + # preserve disabled programs } else { $path = ''; } @@ -409,6 +422,7 @@ Shall we use it as the general CPAN build and cache directory? $CPAN::Config->{inhibit_startup_message} = 0; $CPAN::Config->{getcwd} = 'cwd'; $CPAN::Config->{ftp_passive} = 1; + $CPAN::Config->{term_ornaments} = 1; $CPAN::Frontend->myprint("\n\n"); CPAN::HandleConfig->commit($configpm); @@ -693,13 +707,13 @@ my @prompts = ( manual_config => qq[ CPAN is the world-wide archive of perl resources. It consists of about -100 sites that all replicate the same contents all around the globe. +300 sites that all replicate the same contents around the globe. Many countries have at least one CPAN site already. The resources found on CPAN are easily accessible with the CPAN.pm module. If you want to use CPAN.pm, you have to configure it properly. -If you do not want to enter a dialog now, you can answer 'no' to this -question and I\'ll try to autoconfigure. (Note: you can revisit this +If you do NOT want to enter a dialog now, you can answer 'no' to this +question and I'll try to autoconfigure. (Note: you can revisit this dialog anytime later by typing 'o conf init' at the cpan prompt.) ], @@ -813,6 +827,31 @@ policy to one of the three values. prerequisites_policy => "Policy on building prerequisites (follow, ask or ignore)?", +check_sigs_intro => qq{ + +CPAN packages can be digitally signed by authors and thus verified +with the security provided by strong cryptography. The exact mechanism +is defined in the Module::Signature module. While this is generally +considered a good thing, it is not always convenient to the end user +to install modules that are signed incorrectly or where the key of the +author is not available or where some prerequisite for +Module::Signature has a bug and so on. + +With the check_sigs parameter you can turn signature checking on and +off. The default is off for now because the whole tool chain for the +functionality is not yet considered mature by some. The author of +CPAN.pm would recommend setting it to true most of the time and +turning it off only if it turns out to be annoying. + +Note that if you do not have Module::Signature installed, no signature +checks will be performed at all. + +}, + +check_sigs => +qq{Always try to check and verify signatures if a SIGNATURE file is in the package +and Module::Signature is installed (yes/no)?}, + external_progs => qq{ The CPAN module will need a few external programs to work properly. diff --git a/lib/CPAN/HandleConfig.pm b/lib/CPAN/HandleConfig.pm index 93e2a9c3f3..588b15bbc0 100644 --- a/lib/CPAN/HandleConfig.pm +++ b/lib/CPAN/HandleConfig.pm @@ -2,7 +2,7 @@ package CPAN::HandleConfig; use strict; use vars qw(%can %keys $VERSION); -$VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; +$VERSION = sprintf "%.6f", substr(q$Rev: 740 $,4)/1000000 + 5.4; %can = ( commit => "Commit changes to disk", @@ -12,10 +12,12 @@ $VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; ); %keys = map { $_ => undef } ( + # allow_unauthenticated ?? some day... "build_cache", "build_dir", "bzip2", "cache_metadata", + "check_sigs", "commandnumber_in_prompt", "cpan_home", "curl", @@ -48,6 +50,7 @@ $VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; "ncftpget", "no_proxy", "pager", + "password", "prefer_installer", "prerequisites_policy", "scan_cache", @@ -55,8 +58,10 @@ $VERSION = sprintf "%.6f", substr(q$Rev: 657 $,4)/1000000 + 5.4; "show_upload_date", "tar", "term_is_latin", + "term_ornaments", "unzip", "urllist", + "username", "wait_list", "wget", ); @@ -272,6 +277,59 @@ sub defaults { 1; } +=head2 C<< CLASS->safe_quote ITEM >> + +Quotes an item to become safe against spaces +in shell interpolation. An item is enclosed +in double quotes if: + + - the item contains spaces in the middle + - the item does not start with a quote + +This happens to avoid shell interpolation +problems when whitespace is present in +directory names. + +This method uses C<commands_quote> to determine +the correct quote. If C<commands_quote> is +a space, no quoting will take place. + + +if it starts and ends with the same quote character: leave it as it is + +if it contains no whitespace: leave it as it is + +if it contains whitespace, then + +if it contains quotes: better leave it as it is + +else: quote it with the correct quote type for the box we're on + +=cut + +{ + # Instead of patching the guess, set commands_quote + # to the right value + my ($quotes,$use_quote) + = $^O eq 'MSWin32' + ? ('"', '"') + : (q<"'>, "'") + ; + + sub safe_quote { + my ($self, $command) = @_; + # Set up quote/default quote + my $quote = $CPAN::Config->{commands_quote} || $quotes; + + if ($quote ne ' ' + and $command =~ /\s/ + and $command !~ /[$quote]/) { + return qq<$use_quote$command$use_quote> + } + return $command; + } +} + sub init { my($self,@args) = @_; undef $CPAN::Config->{'inhibit_startup_message'}; # lazy trick to @@ -319,8 +377,16 @@ sub require_myconfig_or_config () { my $home = home(); unshift @INC, File::Spec->catdir($home,'.cpan'); eval { require CPAN::MyConfig }; + my $err_myconfig = $@; + if ($err_myconfig and $err_myconfig !~ m#locate CPAN/MyConfig\.pm#) { + die "Error while requiring CPAN::MyConfig:\n$err_myconfig"; + } unless ($INC{"CPAN/MyConfig.pm"}) { # this guy has settled his needs already eval {require CPAN::Config;}; # not everybody has one + my $err_config = $@; + if ($err_config and $err_config !~ m#locate CPAN/Config\.pm#) { + die "Error while requiring CPAN::Config:\n$err_config"; + } } } @@ -401,12 +467,12 @@ sub missing_config_data { "cache_metadata", "cpan_home", "ftp_proxy", - "gzip", + #"gzip", "http_proxy", "index_expire", "inhibit_startup_message", "keep_source_where", - "make", + #"make", "make_arg", "make_install_arg", "makepl_arg", @@ -415,11 +481,11 @@ sub missing_config_data { "mbuild_install_build_command", "mbuildpl_arg", "no_proxy", - "pager", + #"pager", "prerequisites_policy", "scan_cache", - "tar", - "unzip", + #"tar", + #"unzip", "urllist", ) { next unless exists $keys{$_}; @@ -486,7 +552,7 @@ package use strict; use vars qw($AUTOLOAD $VERSION); -$VERSION = sprintf "%.2f", substr(q$Rev: 657 $,4)/100; +$VERSION = sprintf "%.2f", substr(q$Rev: 740 $,4)/100; # formerly CPAN::HandleConfig was known as CPAN::Config sub AUTOLOAD { diff --git a/lib/CPAN/SIGNATURE b/lib/CPAN/SIGNATURE index abf2b69d4d..6d8837deda 100644 --- a/lib/CPAN/SIGNATURE +++ b/lib/CPAN/SIGNATURE @@ -1,5 +1,5 @@ This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.51. +signed via the Module::Signature module, version 0.54. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: @@ -14,27 +14,27 @@ not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -SHA1 503d633750c15310bdac5fee77f4c97da1bc71f3 ChangeLog +SHA1 447d018a706534efcf1e1a435fb0935aae1f6623 ChangeLog SHA1 9b97524a7a91c815e46b19302a33829d3c26bbbf ChangeLog.old -SHA1 5d5c8e773ac9c97b5e7a5c65d9c31abef003b18b Changes +SHA1 3c9a07074ef95a9778e87a41f9315487c10feeba Changes SHA1 a029ffa2f2252bb8914eb658666244710994d256 Changes.old -SHA1 2eea12eec1dfa3b7c5e534d5252b4bb9becfa38f MANIFEST +SHA1 4532f91d1cd45d5b948accca01ad7bbf85e84655 MANIFEST SHA1 d6facfb968686d74e249cc1e45463e61ff18d026 MANIFEST.SKIP -SHA1 49f392243079d029a76b8fd56525acc0e1361d20 META.yml -SHA1 9f0ad024210c870711c6e52621483a6c735a2fc3 Makefile.PL +SHA1 4f388fc7e356900ed174cd8109b9af920c1e4f5c META.yml +SHA1 4c8e0f9432b5709d9d888685c095fd233fa82962 Makefile.PL SHA1 37e858c51409a297ef5d3fb35dc57cd3b57f9a4d PAUSE2003.pub SHA1 af016003ad503ed078c5f8254521d13a3e0c494f PAUSE2005.pub -SHA1 4ec86ae1993d8b497ce8c026530af71290366122 README -SHA1 78a1416b5cb1335b09472bcd17f4967e876e942f Todo +SHA1 4895962a895fea47b7dde8b08a1c137199e9b6ee README +SHA1 02b0065d1822dbb2a5d3a546f00c5450fb6cb79b Todo SHA1 efbe8e6882a2caa0d741b113959a706830ab5882 inc/Test/Builder.pm SHA1 ae1d68262bedc2475e2c6fd478d99b259b4fb109 inc/Test/More.pm -SHA1 6c2c007ac4f624f72635ec43ac045f6f031e7cd1 lib/CPAN.pm +SHA1 f74c02ef6e90ef9e057d9c1bb02008821ca1e9fe lib/CPAN.pm SHA1 94c4656fdae231c673719978e6e9a460f2dfc794 lib/CPAN/Admin.pm SHA1 8884e4b1932555e7d2f52d1df62097e8c78bb548 lib/CPAN/Debug.pm -SHA1 2b6bc87b7c09fb80d7962847e791cc697f1dc0f1 lib/CPAN/FirstTime.pm -SHA1 5b45acbcdc6da27ae1c1e6160cf78d51849d51ff lib/CPAN/HandleConfig.pm +SHA1 368d73cabcd53fc61f5ad091a0570f49100c934b lib/CPAN/FirstTime.pm +SHA1 8673b5108da6a37a9ebe0b6cc13065b80ed2dcbc lib/CPAN/HandleConfig.pm SHA1 f7b20d828c197710b4eac3029a30266242fb782b lib/CPAN/Nox.pm -SHA1 9c0d5f217194ac755e97e1f936a878bbc7eaa362 lib/CPAN/Tarzip.pm +SHA1 e7fe16eb17c3a987a7f504deca3f6cca4d5ea4ae lib/CPAN/Tarzip.pm SHA1 4d60b4782a851767c40dc27825057e584014cfc5 lib/CPAN/Version.pm SHA1 fb08e07d8740ef36e8ab719c6a9b7e89c4fe674a scripts/cpan SHA1 2a3adebb8252dc893681d17460082c2e08aa144a t/00signature.t @@ -43,12 +43,13 @@ SHA1 67e80e1cfc3530932de7743dd0c833b2c387609d t/02nox.t SHA1 b586d8e1a613880bbd2ec68d3abd0ca21e43b0c2 t/03pkgs.t SHA1 ebdb653877d5c5e5a071fe9933b18f018cde3250 t/10version.t SHA1 325d8a2f72d59c4cd2400c72403c05cd614c3abc t/11mirroredby.t -SHA1 96de4b1e41fca2ecf0641d4242020ccd05c4ef47 t/12cpan.t +SHA1 67e0a678e13fab53fa4441953c0f161add195616 t/12cpan.t SHA1 228e825e24b1cf3a3ca3fc24f1ea86de354c2cb6 t/30shell.pod -SHA1 5af241d60e757fbed792079b99eb0e15ac3d6628 t/30shell.t +SHA1 a2d61eaa040007d09f198f9b86df63025839567d t/30shell.t SHA1 6a79f15a10337bd3450604abf39d4462df2a550b t/50pod.t +SHA1 317755a5c56104702a6fd183457afcb3ee7d5251 t/60credentials.t SHA1 7efe930efd0a07d8101679ed15d4700dcf208137 t/CPAN/CpanTestDummies-1.55.pm -SHA1 2b0622cff92a038c8fbb2b852a55b014d20588f3 t/CPAN/TestConfig.pm +SHA1 f39ccb108dd4fb0e9635b24c09b5a2b299fe77e4 t/CPAN/TestConfig.pm SHA1 b4fd27234696da334ac6a1716222c70610a98c3a t/CPAN/authors/01mailrc.txt SHA1 61f6dbc7e5616028952b07a0451e029d41993bb6 t/CPAN/authors/id/A/AN/ANDK/CHECKSUMS SHA1 d1a101f24d2d0719c9991df28ede729d58005bb4 t/CPAN/authors/id/A/AN/ANDK/CHECKSUMS@588 @@ -63,12 +64,12 @@ SHA1 1aee1bed21f0e9755d693419e810ec75543eb0b7 t/CPAN/authors/id/A/AN/CHECKSUMS SHA1 1f3304f219bf0da4db6a60f638e11b61c2c2f4c0 t/CPAN/authors/id/A/CHECKSUMS SHA1 dfc900f5bfbc9683fa91977a1c7198222fbd4452 t/CPAN/authors/id/CHECKSUMS SHA1 468603b8016e599fec432e807890fb55f07483a6 t/CPAN/modules/02packages.details.txt -SHA1 9bbcc30e783e5fe67e2aa12d5f1fe113563e345c t/CPAN/modules/03modlist.data -SHA1 836b7df7eb49a55bfc2afdb666be6ac72e5658bc t/README.shell.txt +SHA1 f4c1a524de16347b37df6427ca01f98dd27f3c81 t/CPAN/modules/03modlist.data +SHA1 8d388a1036ae5e287a2331ce38d65f6b882ed623 t/README.shell.txt -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.2 (GNU/Linux) +Version: GnuPG v1.4.3 (GNU/Linux) -iD8DBQFEAqK+7IA58KMXwV0RAi6oAJ4mPY4qXiPW8Ee3PEbhyHMWyWJWPQCg6Q99 -CZnZg3sLednZofhJcd75dlM= -=wrpR +iD8DBQFEy7g57IA58KMXwV0RArlgAJ4q4WAEjyv92NefEikRM5hULGxKHQCfZVjo +Vdq3I7ykecETlhiyH2qR1ao= +=fOLR -----END PGP SIGNATURE----- diff --git a/lib/CPAN/Tarzip.pm b/lib/CPAN/Tarzip.pm index d0281d2f74..b5005dd8fd 100644 --- a/lib/CPAN/Tarzip.pm +++ b/lib/CPAN/Tarzip.pm @@ -4,7 +4,7 @@ use strict; use vars qw($VERSION @ISA $BUGHUNTING); use CPAN::Debug; use File::Basename (); -$VERSION = sprintf "%.6f", substr(q$Rev: 659 $,4)/1000000 + 5.4; +$VERSION = sprintf "%.6f", substr(q$Rev: 714 $,4)/1000000 + 5.4; # module is internal to CPAN.pm @ISA = qw(CPAN::Debug); @@ -28,7 +28,7 @@ sub new { $bzip2 = File::Which::which("bzip2"); } if ($bzip2) { - $me->{UNGZIPPRG} = $bzip2; + $me->{UNGZIPPRG} = $bzip2 || "bzip2"; } else { $CPAN::Frontend->mydie(qq{ CPAN.pm needs the external program bzip2 in order to handle '$file'. @@ -39,7 +39,7 @@ program. } } else { # yes, we let gzip figure it out in *any* other case - $me->{UNGZIPPRG} = $CPAN::Config->{gzip}; + $me->{UNGZIPPRG} = $CPAN::Config->{gzip} || "gzip"; } bless $me, $class; } @@ -60,7 +60,8 @@ sub gzip { $fhw->close; return 1; } else { - system(qq{$self->{UNGZIPPRG} -c "$read" > "$write"})==0; + my $command = CPAN::HandleConfig->safe_quote($self->{UNGZIPPRG}); + system(qq{$command -c "$read" > "$write"})==0; } } @@ -82,7 +83,8 @@ sub gunzip { $fhw->close; return 1; } else { - system(qq{$self->{UNGZIPPRG} -dc "$read" > "$write"})==0; + my $command = CPAN::HandleConfig->safe_quote($self->{UNGZIPPRG}); + system(qq{$command -dc "$read" > "$write"})==0; } } @@ -114,7 +116,8 @@ sub gtest { $gz->gzclose(); CPAN->debug("err[$err]success[$success]") if $CPAN::DEBUG; } else { - $success = 0==system(qq{$self->{UNGZIPPRG} -qdt "$read"}); + my $command = CPAN::HandleConfig->safe_quote($self->{UNGZIPPRG}); + $success = 0==system(qq{$command -qdt "$read"}); } return $self->{GTEST} = $success; } @@ -135,7 +138,8 @@ sub TIEHANDLE { die "Could not gzopen $file"; $self->{GZ} = $gz; } else { - my $pipe = "$CPAN::Config->{gzip} -dc $file |"; + my $gzip = CPAN::HandleConfig->safe_quote($self->{UNGZIPPRG}); + my $pipe = "$gzip -dc $file |"; my $fh = FileHandle->new($pipe) or die "Could not pipe[$pipe]: $!"; binmode $fh; $self->{FH} = $fh; @@ -197,7 +201,7 @@ sub untar { $prefer=2; } elsif (MM->maybe_command($self->{UNGZIPPRG}) && - MM->maybe_command($CPAN::Config->{'tar'})) { + MM->maybe_command($CPAN::Config->{tar})) { # should be default until Archive::Tar handles bzip2 $prefer = 1; } elsif ( @@ -219,11 +223,13 @@ installed. Can't continue. if ($prefer==1) { # 1 => external gzip+tar my($system); my $is_compressed = $self->gtest(); + my $tarcommand = CPAN::HandleConfig->safe_quote($CPAN::Config->{tar}) || "tar"; if ($is_compressed) { - $system = qq{$self->{UNGZIPPRG} -dc }. - qq{< "$file" | $CPAN::Config->{tar} xvf -}; + my $command = CPAN::HandleConfig->safe_quote($self->{UNGZIPPRG}); + $system = qq{$command -dc }. + qq{< "$file" | $tarcommand xvf -}; } else { - $system = qq{$CPAN::Config->{tar} xvf "$file"}; + $system = qq{$tarcommand xvf "$file"}; } if (system($system) != 0) { # people find the most curious tar binaries that cannot handle @@ -239,7 +245,7 @@ installed. Can't continue. } $file = $ungzf; } - $system = qq{$CPAN::Config->{tar} xvf "$file"}; + $system = qq{$tarcommand xvf "$file"}; $CPAN::Frontend->myprint(qq{Using Tar:$system:\n}); if (system($system)==0) { $CPAN::Frontend->myprint(qq{Untarred $file successfully\n}); |