X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCPAN.pm;h=887d5cd3c43f625dabf3214180e6d08362e72a36;hb=9e01bed8b6dd351933b88ffcf539432d47e152bc;hp=683f827bf9dd313ef3b3bfb681ec125f0550c0e9;hpb=6a7bdc5005c252a20f424cac9c83b7df16348f9b;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/lib/CPAN.pm b/lib/CPAN.pm
index 683f827..887d5cd 100644
--- a/lib/CPAN.pm
+++ b/lib/CPAN.pm
@@ -1,11 +1,12 @@
 # -*- Mode: cperl; coding: utf-8; cperl-indent-level: 4 -*-
 package CPAN;
-$VERSION = '1.75_02';
-# $Id: CPAN.pm,v 1.409 2003/07/28 22:07:23 k Exp $
+$VERSION = '1.76_01';
+$VERSION = eval $VERSION;
+# $Id: CPAN.pm,v 1.412 2003/07/31 14:53:04 k Exp $
 
 # only used during development:
 $Revision = "";
-# $Revision = "[".substr(q$Revision: 1.409 $, 10)."]";
+# $Revision = "[".substr(q$Revision: 1.412 $, 10)."]";
 
 use Carp ();
 use Config ();
@@ -773,22 +774,6 @@ sub has_inst {
 
 });
 	sleep 2;
-    } elsif ($mod eq "Module::Signature"){
-	unless ($Have_warned->{"Module::Signature"}++) {
-	    # No point in complaining unless the user can
-	    # reasonably install and use it.
-	    if (eval { require Crypt::OpenPGP; 1 } ||
-		defined $CPAN::Config->{'gpg'}) {
-		$CPAN::Frontend->myprint(qq{
-  CPAN: Module::Signature security checks disabled because Module::Signature
-  not installed.  Please consider installing the Module::Signature module.
-  You also need to be able to connect over the Internet to the public
-  keyservers like pgp.mit.edu (port 11371).
-
-})
-		    sleep 2;
-	    }
-	}
     } else {
 	delete $INC{$file}; # if it inc'd LWP but failed during, say, URI
     }
@@ -2203,7 +2188,7 @@ sub get_basic_credentials {
     return unless $proxy;
     if ($USER && $PASSWD) {
     } elsif (defined $CPAN::Config->{proxy_user} &&
-        defined $CPAN::Config->{proxy_pass}) {
+             defined $CPAN::Config->{proxy_pass}) {
         $USER = $CPAN::Config->{proxy_user};
         $PASSWD = $CPAN::Config->{proxy_pass};
     } else {
@@ -2228,6 +2213,21 @@ sub get_basic_credentials {
     return($USER,$PASSWD);
 }
 
+# mirror(): Its purpose is to deal with proxy authentication. When we
+# call SUPER::mirror, we relly call the mirror method in
+# LWP::UserAgent. LWP::UserAgent will then call
+# $self->get_basic_credentials or some equivalent and this will be
+# $self->dispatched to our own get_basic_credentials method.
+
+# Our own get_basic_credentials sets $USER and $PASSWD, two globals.
+
+# 407 stands for HTTP_PROXY_AUTHENTICATION_REQUIRED. Which means
+# although we have gone through our get_basic_credentials, the proxy
+# server refuses to connect. This could be a case where the username or
+# password has changed in the meantime, so I'm trying once again without
+# $USER and $PASSWD to give the get_basic_credentials routine another
+# chance to set $USER and $PASSWD.
+
 sub mirror {
     my($self,$url,$aslocal) = @_;
     my $result = $self->SUPER::mirror($url,$aslocal);
@@ -3675,18 +3675,6 @@ sub dir_listing {
     my $lc_want =
 	File::Spec->catfile($CPAN::Config->{keep_source_where},
 			    "authors", "id", @$chksumfile);
-
-    my $fh;
-
-    # Purge and refetch old (pre-PGP) CHECKSUMS; they are a security
-    # hazard.  (Without GPG installed they are not that much better,
-    # though.)
-    $fh = FileHandle->new;
-    if (open($fh, $lc_want)) {
-	my $line = <$fh>; close $fh;
-	unlink($lc_want) unless $line =~ /PGP/;
-    }
-
     local($") = "/";
     # connect "force" argument with "index_expire".
     my $force = 0;
@@ -3709,7 +3697,7 @@ sub dir_listing {
     }
 
     # adapted from CPAN::Distribution::MD5_check_file ;
-    $fh = FileHandle->new;
+    my $fh = FileHandle->new;
     my($cksum);
     if (open $fh, $lc_file){
 	local($/);
@@ -3992,41 +3980,6 @@ sub get {
     $self->safe_chdir($builddir);
     File::Path::rmtree("tmp");
 
-    $self->safe_chdir($packagedir);
-    if ($CPAN::META->has_inst("Module::Signature")) {
-        if (-f "SIGNATURE") {
-            $self->debug("Module::Signature is installed, verifying") if $CPAN::DEBUG;
-            my $rv = Module::Signature::verify();
-            if ($rv != Module::Signature::SIGNATURE_OK() and
-                $rv != Module::Signature::SIGNATURE_MISSING()) {
-                $CPAN::Frontend->myprint(
-                                         qq{\nSignature invalid for }.
-                                         qq{distribution file. }.
-                                         qq{Please investigate.\n\n}.
-                                         $self->as_string,
-                                         $CPAN::META->instance(
-                                                               'CPAN::Author',
-                                                               $self->cpan_userid,
-                                                              )->as_string
-                                        );
-
-                my $wrap = qq{I\'d recommend removing $self->{localfile}. Its signature
-is invalid. Maybe you have configured your 'urllist' with
-a bad URL. Please check this array with 'o conf urllist', and
-retry.};
-                $CPAN::Frontend->mydie(Text::Wrap::wrap("","",$wrap));
-            }
-        } else {
-            $CPAN::Frontend->myprint(qq{Package came without SIGNATURE\n\n});
-        }
-    } else {
-	$self->debug("Module::Signature is NOT installed") if $CPAN::DEBUG;
-    }
-    $self->safe_chdir($builddir);
-    return if $CPAN::Signal;
-
-
-
     my($mpl) = File::Spec->catfile($packagedir,"Makefile.PL");
     my($mpl_exists) = -f $mpl;
     unless ($mpl_exists) {
@@ -4294,44 +4247,10 @@ sub verifyMD5 {
     $self->MD5_check_file($lc_file);
 }
 
-sub SIG_check_file {
-    my($self,$chk_file) = @_;
-    my $rv = eval { Module::Signature::_verify($chk_file) };
-
-    if ($rv == Module::Signature::SIGNATURE_OK()) {
-	$CPAN::Frontend->myprint("Signature for $chk_file ok\n");
-	return $self->{SIG_STATUS} = "OK";
-    } else {
-	$CPAN::Frontend->myprint(qq{\nSignature invalid for }.
-				 qq{distribution file. }.
-				 qq{Please investigate.\n\n}.
-				 $self->as_string,
-				$CPAN::META->instance(
-							'CPAN::Author',
-							$self->cpan_userid
-							)->as_string);
-
-	my $wrap = qq{I\'d recommend removing $chk_file. Its signature
-is invalid. Maybe you have configured your 'urllist' with
-a bad URL. Please check this array with 'o conf urllist', and
-retry.};
-
-	$CPAN::Frontend->mydie(Text::Wrap::wrap("","",$wrap));
-    }
-}
-
 #-> sub CPAN::Distribution::MD5_check_file ;
 sub MD5_check_file {
     my($self,$chk_file) = @_;
     my($cksum,$file,$basename);
-
-    if ($CPAN::META->has_inst("Module::Signature") and Module::Signature->VERSION >= 0.26) {
-	$self->debug("Module::Signature is installed, verifying");
-	$self->SIG_check_file($chk_file);
-    } else {
-	$self->debug("Module::Signature is NOT installed");
-    }
-
     $file = $self->{localfile};
     $basename = File::Basename::basename($file);
     my $fh = FileHandle->new;
@@ -5524,7 +5443,7 @@ sub cpan_file {
                 }
                 return "Contact Author $fullname <$email>";
             } else {
-                return "UserID $userid";
+                return "Contact Author $userid (Email address not available)";
             }
         } else {
             return "N/A";
@@ -7075,21 +6994,6 @@ like
 
 Your mileage may vary...
 
-=head1 Cryptographically signed modules
-
-Since release 1.72 CPAN.pm has been able to verify cryptographically
-signed module distributions using Module::Signature.  The CPAN modules
-can be signed by their authors, thus giving more security.  The simple
-unsigned MD5 checksums that were used before by CPAN protect mainly
-against accidental file corruption.
-
-You will need to have Module::Signature installed, which in turn
-requires that you have at least one of Crypt::OpenPGP module or the
-command-line F<gpg> tool installed.
-
-You will also need to be able to connect over the Internet to the public
-keyservers, like pgp.mit.edu, and their port 11731 (the HKP protocol).
-
 =head1 FAQ
 
 =over 4