1NAME
2 Test::Signature - Automated SIGNATURE testing
3
4SYNOPSIS
5 # This is actually the t/0-signature.t file from this distribution.
6 use Test::More tests => 1;
7 use Test::Signature;
8
9 signature_ok();
10
11ABSTRACT
12 "Test::Signature" verifies that the "Module::Signature" generated
13 signature of a module is correct.
14
15DESCRIPTION
16 "Module::Signature" allows you to verify that a distribution has not
17 been tampered with. "Test::Signature" lets that be tested as part of the
18 distribution's test suite.
19
20 By default, if "Module::Signature" is not installed then it will just
21 say so and not fail the test. That can be overridden though.
22
23 IMPORTANT: This is not a substitute for the users verifying the
24 distribution themselves. By the time this module is run, the users will
25 have already run your Makefile.PL or Build.PL scripts which could have
26 been compromised.
27
28 This module is more for ensuring you've updated your signature
29 appropriately before distributing, and for preventing accidental errors
30 during transmission or packaging.
31
32FUNCTIONS
33 "signature_ok" is exported by default. "signature_force_ok" must be
34 explicitly exported.
35
36 signature_ok()
37 This will test that the "Module::Signature" generated signature is valid
38 for the distribution. It can be given two optional parameters. The first
39 is a name for the test. The default is "Valid signature". The second is
40 whether a lack of "Module::Signature" should be regarded as a failure.
41 The default is 0 meaning 'no'.
42
43 # Test with defaults
44 signature_ok()
45 # Test with custom name
46 signature_ok( "Is the signature valid?" );
47 # Test with custom name and force C<Module::Signature> to exist
48 signature_ok( "Is the signature valid?", 1 );
49 # Test without custom name, but forcing
50 signature_ok( undef, 1 );
51
52 signature_force_ok()
53 This is equivalent to calling "signature_ok( $name, 1 )" but is more
54 readable.
55
56 # These are equivalent:
57 signature_force_ok( "Is our signature valid?" );
58 signature_ok( "Is our signature valid?", 1);
59
60 # These are equivalent:
61 signature_force_ok();
62 signature_ok( undef, 1 );
63
64NOTES ON USE
65 MANIFEST and MANIFEST.SKIP
66 It is imperative that your MANIFEST and MANIFEST.SKIP files be accurate
67 and complete. If you are using "ExtUtils::MakeMaker" and you do not have
68 a MANIFEST.SKIP file, then don't worry about the rest of this. If you do
69 have a MANIFEST.SKIP file, or you use "Module::Build", you must read
70 this.
71
72 Since the test is run at "make test" time, the distribution has been
73 made. Thus your MANIFEST.SKIP file should have the entries listed below.
74
75 If you're using "ExtUtils::MakeMaker", you should have, at least:
76
77 #defaults
78 ^Makefile$
79 ^blib/
80 ^blibdirs$
81 ^pm_to_blib$
82
83 These entries are part of the default set provided by
84 "ExtUtils::Manifest", which is ignored if you provide your own
85 MANIFEST.SKIP file.
86
87 If you are using "Module::Build", there is no default MANIFEST.SKIP so
88 you must provide your own. It must, minimally, contain:
89
90 ^Build$
91 ^Makefile$
92 ^_build/
93 ^blib/
94
95 If you don't have the correct entries, "Module::Signature" will complain
96 that you have:
97
98 ==> MISMATCHED content between MANIFEST and distribution files! <==
99
100 You should note this during normal development testing anyway.
101
102 Use with Test::Prereq
103 "Test::Prereq" tends to get a bit particular about modules. If you're
104 using the *force* option with "Test::Signature" then you will have to
105 specify that you expect "Module::Signature" as a prerequisite.
106 "Test::Signature" will not have it as a prerequisite since that would
107 defeat the point of having the *force* variant.
108
109 If you are using "ExtUtils::MakeMaker" you should have a line like the
110 following in your Makefile.PL:
111
112 'PREREQ_PM' => {
113 'Test::Signature' => '1.04',
114 'Module::Signature' => '0.22',
115 'Test::More' => '0.47',
116 },
117
118 If using "Module::Build", your Build.PL should have:
119
120 build_requires => {
121 'Test::Signature' => '1.04',
122 'Module::Signature' => '0.22',
123 'Test::More' => '0.47',
124 },
125
126 If you just want the default behaviour of testing the signature if and
127 only if the user already has "Module::Signature" installed, then you
128 will need something like the following code. The example uses
129 "Module::Build" format but it should be trivial for you to translate to
130 "ExtUtils::MakeMaker".
131
132 #!/usr/bin/perl -w
133 use strict;
134 use Module::Build 0.18;
135
136 my @extra_build;
137
138 eval { require Module::Signature };
139 if (!$@ or $Test::Prereq::VERSION)
140 {
141 push @extra_build, "Module::Signature" => '0.22'
142 }
143
144 my $m = Module::Build->new(
145 dist_name => 'WWW-Yahoo-Groups',
146 dist_version => '1.7.7',
147 license => 'perl',
148
149 requires => {
150 # various modules
151 'perl' => '5.6.0',
152 },
153 build_requires => {
154 'Test::More' => 0.47,
155 'Test::Prereq' => 0.19,
156 'Test::Prereq::Build' => 0.04,
157 'Test::Signature' => 1.04,
158 @extra_build,
159 },
160 );
161
162 $m->create_build_script;
163
164 If you have any questions on using this module with "Test::Prereq", just
165 email me (address below).
166
167 Use with Module::Install
168 "Module::Install" is a module to assist in the bundling of build
169 prerequisite modules in packages. Well, among other things.
170
171 "Test::Signature" is a perfect candidate for such a module. As it's a
172 module aimed purely at those writing modules rather than those using
173 them.
174
175 Here's a good way to use it:
176
177 Make a test file (say, t/00sig.t) that contains the following:
178
179 use lib 'inc';
180 use Test::More tests => 1;
181 use Test::Signature;
182 signature_ok();
183
184 In your Makefile.PL (or Build.PL if appropriate) add:
185
186 include 'Test::Signature';
187
188 And that's it! You don't have to specify it as a prerequisite or
189 anything like that because "Module::Install" will include it in your
190 distribution. And you don't have to worry about size because
191 "Module::Install" strips out all this waffling POD.
192
193THANKS
194 Arthur Bergman for suggesting the module.
195
196 Audrey Tang for writing Module::Signature, and making some suggestions.
197
198 Tels suggested testing network connectivity to Audrey; Audrey added that
199 to "Module::Signature" 0.16 and I (Iain Truskett) added it to this
200 module (as of 1.03).
201
202BUGS
203 Please report bugs at <bug-test-signature@rt.cpan.org> or via the web
204 interface at <http://rt.cpan.org>
205
206AUTHORS
207 Iain Truskett <spoon@cpan.org>, now passed away.
208
209 Currently maintained by Audrey Tang <cpan@audreyt.org>
210
211LICENSE AND COPYRIGHT
212 Copyright 2002, 2003 by Iain Truskett. All rights reserved. Copyright
213 2003, 2007, 2015 by Audrey Tang <cpan@audreyt.org>.
214
215 This library is free software; you can redistribute it and/or modify it
216 under the same terms as Perl itself.
217
218SEE ALSO
219 perl, Module::Signature, Test::More.
220
221 Module::Build, ExtUtils::Manifest, ExtUtils::MakeMaker.
222
223 Test::Prereq, Module::Install.
224
225