Just discovered the perl module Module::Signature by 唐鳳 (Audrey Tang) the other day. It’s pretty spiffy.
Implementing is easy (stolen from the docs):
MakeMaker:
WriteMakefile(
(MM->can('signature_target') ? (SIGN => 1) : ()),
# ... original arguments ...
);
Module::Build:
Module::Build->new(
(sign => 1),
# ... original arguments ...
)->create_build_script;
Don’t forget to add
SIGNATURE
to your
MANIFEST
if needed.
Then when running
make dist
you will be prompted for the pass phrase for your gpg key. For extra goodness, add 0-signature.t to your tests. It includes a single test that verifies the package cryptographically during
make test
if the
TEST_SIGNATURE
environment variable is set.
If you know waltman and haven’t heard of this module, yell at him for not telling you about it, he’s mentioned in the
AUTHORS
file for his stellar documentation patches.
![[FSF Associate Member]](/wp-images/fsf.png){kind=small}