Just discovered the perl module Module::Signature by 唐鳳 (Audrey Tang) the other day. It’s pretty spiffy.
Implementing is easy (stolen from the docs):
MakeMaker:
WriteMakefile(
(MM->can('signature_target') ? (SIGN => 1) : ()),
# ... original arguments ...
);
Module::Build:
Module::Build->new(
(sign => 1),
# ... original arguments ...
)->create_build_script;
Don’t forget to add
SIGNATURE
to your
MANIFEST
if needed.
Then when running
make dist
you will be prompted for the pass phrase for your gpg key. For extra goodness, add 0-signature.t to your tests. It includes a single test that verifies the package cryptographically during
make test
if the
TEST_SIGNATURE
environment variable is set.
If you know waltman and haven’t heard of this module, yell at him for not telling you about it, he’s mentioned in the
AUTHORS
file for his stellar documentation patches.
While it’s kind of audrey to include me in the AUTHORS file, I’m hardly an “author” of this module. All I did was send her a patch with a few minor grammatical fixes to the documentation. (English isn’t audrey’s first language.) It was 4 years ago — so long that I didn’t even remember doing it. :)
But you knew of this module and didn’t make sure I knew of it to!