Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

cpanp install, gpg: Can't check signature: No public key

by QM (Vicar)
on Sep 27, 2012 at 14:21 UTC ( #996014=perlquestion: print w/ replies, xml ) Need Help??
QM has asked for the wisdom of the Perl Monks concerning the following question:

Windows XP, strawberry Perl v5.16.1
C:\WINDOWS>cpanp i Math::Big Installing Math::Big (1.12) gpg: Signature made 04/17/07 15:52:12 GMT Daylight Time using RSA key +ID 93B84C15 gpg: Can't check signature: No public key [ERROR] Signature check failed for module 'Math::Big' -- Not trusting +this module, aborting install *** Install log written to: C:\Documents and Settings\SG34\.cpanplus\install-logs\Math-Big-1.12- +1348754888.log Error installing 'Math::Big' Problem installing one or more modules
Exactly who doesn't have a public key? The module author?

How do I fix this? I assume I should be using gpg, so I installed it and exported a key to the default server.

At this point, I'd just like to install the module.

-QM
--
Quantum Mechanics: The dreams stuff is made of

Comment on cpanp install, gpg: Can't check signature: No public key
Download Code
Re: cpanp install, gpg: Can't check signature: No public key
by Anonymous Monk on Sep 27, 2012 at 16:26 UTC
    It appears that CPAN is configured to check module signing signatures, and that it expects to do so with key-id 93B84C15, but that key has not been imported into your GPG key-ring. When you say "exported a key to the default server," exactly what did you do?
      I installed Gpg4win, and went through the certificate creation steps in Kleopatra, including exporting to a server.

      Do I have to import the key for each module or author? Is there some way to automate this?

      I don't see the point of installing more than the odd module if I have to track down the public keys for each one. I suppose the whole distributed key thing is a real pain, as I'll have to find trusted authorities who host the public keys of the entities I want to communicate with.

      -QM
      --
      Quantum Mechanics: The dreams stuff is made of

        You can always disable that signature checking stuff in cpanp
        $conf->set_conf( signature => 0 );
Re: cpanp install, gpg: Can't check signature: No public key
by tobyink (Abbot) on Sep 27, 2012 at 16:57 UTC

    I don't know about cpanp, but cpan and cpanm each have an option for forcing an install even when tests fail.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'

      It seems that this is something to do with cryptographic signature verification (integrity checking) of the package content, not a test-failure.   I know that there is an o conf setting for this in ordinary CPAN, which can turn this feature on or off, but I can’t speak to this particular scenario.   I would like to know how it shakes out ...

      In cpanp (and I presume in cpan):
      CPAN Terminal> s conf signature 0

      -QM
      --
      Quantum Mechanics: The dreams stuff is made of

        Okay, and if a GPG signature is missing ... can someone please document here how one properly retrieves and installs it?   (Does someone, like, have to read that hex key-id and enter it by hand into a separate command to pull the PK down from a keyserver?   How gauche ...   For all those of us who don’t know the answer, what is the answer to this one?)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://996014]
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2015-07-06 09:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (71 votes), past polls