Just discovered the perl module Module::Signature by 唐鳳 (Audrey Tang) the other day. It’s pretty spiffy.

Implementing is easy (stolen from the docs):


        (MM->can(‘signature_target’) ? (SIGN => 1) : ()),
        # … original arguments …
        (sign => 1),
        # … original arguments …

Don’t forget to add SIGNATURE to your MANIFEST if needed.

Then when running make dist you will be prompted for the pass phrase for your gpg key. For extra goodness, add 0-signature.t to your tests. It includes a single test that verifies the package cryptographically during make test if the TEST_SIGNATURE environment variable is set.

If you know waltman and haven’t heard of this module, yell at him for not telling you about it, he’s mentioned in the AUTHORS file for his stellar documentation patches.