File Coverage

blib/lib/Module/Release/VerifyGPGSignature.pm

Criterion	Covered	Total	%
statement	17	55	30.9
branch	0	10	0.0
condition			n/a
subroutine	6	10	60.0
pod	2	2	100.0
total	25	77	32.4

line	stmt	bran	sub	pod	time	code
1	2		2		665168	use v5.20;
	2				7
2
3						package Module::Release::VerifyGPGSignature;
4	2		2		9	use strict;
	2				3
	2				76
5	2		2		884	use experimental qw(signatures);
	2				2997
	2				9
6
7	2		2		409	use warnings;
	2				5
	2				159
8	2		2		13	no warnings;
	2				4
	2				120
9	2		2		12	use Exporter qw(import);
	2				6
	2				1283
10
11						our @EXPORT = qw(check_all_gpg_signatures check_gpg_signature);
12
13						our $VERSION = '0.002';
14
15						=encoding utf8
16
17						=head1 NAME
18
19						Module::Release::VerifyGPGSignature - Verify GPG signatures in the distro
20
21						=head1 SYNOPSIS
22
23						use Module::Release::VerifyGPGSignature;
24
25						=head1 DESCRIPTION
26
27						Configure in F<.releaserc> as a list of pairs:
28
29						gpg_signatures \
30						file.txt file.txt.gpg \
31						file2.txt file2.txt.gpg
32
33						=over 4
34
35						=cut
36
37	0		0			sub _get_file_pairs ( $self ) {
	0
	0
38	0					state $rc = require Getopt::Long;
39	0					my $key = _key($self);
40	0					my $string = $self->config->$key();
41
42	0					my( $ret, $args ) = Getopt::Long::GetOptionsFromString($string);
43
44	0	0				$self->_print( "Odd number of arguments in $key." ) if @$args % 2;
45
46	0					my @pairs;
47	0					while( @$args > 1 ) {
48	0					push @pairs, [ splice @$args, 0, 2, () ];
49						}
50	0	0				push @pairs, [ @$args ] if @$args;
51
52						\@pairs
53	0					}
54
55	0		0			sub _key ( $self ) { 'gpg_signatures' }
	0
	0
	0
56
57						=item * check_all_gpg_signatures
58
59						Go through all files and signature files listed in the C
60						and verify that the signatures match.
61
62						=cut
63
64	0		0	1		sub check_all_gpg_signatures ( $self ) {
	0
	0
65	0					my $pairs = $self->_get_file_pairs;
66	0					foreach my $pair ( $pairs->@* ) {
67	0					$self->check_gpg_signature( $pair->@* )
68						}
69	0					return 1;
70						}
71
72						=item * check_gpg_signature( FILE, SIGNATURE_FILE )
73
74						Checks the PGP signature in SIGNATURE_FILE matches for FILE.
75
76						=cut
77
78	0		0	1		sub check_gpg_signature ( $self, $file, $signature_file ) {
	0
	0
	0
	0
79	0					$self->_print( "Checking GPG signature of <$file>...\n" );
80
81	0	0				$self->_die( "\nERROR: Could not verify signature of <$file>: file does not exist\n" )
82						unless -e $file;
83
84	0	0				$self->_die( "\nERROR: Could not verify signature of <$file> with <$signature_file>: signature file does not exist\n" )
85						unless -e $signature_file;
86
87	0					my $result = $self->run( qq(gpg --verify "$signature_file" "$file" 2>&1) );
88	0					$result =~ s/^/ /mg;
89	0					$self->_print( "$result" );
90
91	0	0				unless( $result =~ /\bGood signature from\b/ ) {
92	0					$self->_die( "\nERROR: signature verification failed" );
93						}
94
95	0					return 1;
96						}
97
98						=back
99
100						=head1 TO DO
101
102
103						=head1 SEE ALSO
104
105
106						=head1 SOURCE AVAILABILITY
107
108						This source is in Github:
109
110						http://github.com/briandfoy/module-release-verifygpgsignature
111
112						=head1 AUTHOR
113
114						brian d foy, C<< >>
115
116						=head1 COPYRIGHT AND LICENSE
117
118						Copyright © 2022, brian d foy, All Rights Reserved.
119
120						You may redistribute this under the terms of the Artistic License 2.0.
121
122						=cut
123
124						1;