Just discovered the perl module Module::Signature by å”é³³ (Audrey Tang) the other day. It’s pretty spiffy.
Implementing is easy (stolen from the docs):
WriteMakefile( (MM->can(‘signature_target’) ? (SIGN => 1) : ()), # … original arguments … );Module::Build:
Module::Build->new( (sign => 1), # … original arguments … )->create_build_script;
Don’t forget to add
SIGNATURE to your
MANIFEST if needed.
Then when running
make dist you will be prompted for the pass phrase for your gpg key. For extra goodness, add 0-signature.t to your tests. It includes a single test that verifies the package cryptographically during
make test if the
TEST_SIGNATURE environment variable is set.
If you know waltman and haven’t heard of this module, yell at him for not telling you about it, he’s mentioned in the
AUTHORS file for his stellar documentation patches.