Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

cpanp install, gpg: Can't check signature: No public key

by QM (Parson)
on Sep 27, 2012 at 14:21 UTC ( #996014=perlquestion: print w/replies, xml ) Need Help??
QM has asked for the wisdom of the Perl Monks concerning the following question:

Windows XP, strawberry Perl v5.16.1
C:\WINDOWS>cpanp i Math::Big Installing Math::Big (1.12) gpg: Signature made 04/17/07 15:52:12 GMT Daylight Time using RSA key +ID 93B84C15 gpg: Can't check signature: No public key [ERROR] Signature check failed for module 'Math::Big' -- Not trusting +this module, aborting install *** Install log written to: C:\Documents and Settings\SG34\.cpanplus\install-logs\Math-Big-1.12- +1348754888.log Error installing 'Math::Big' Problem installing one or more modules
Exactly who doesn't have a public key? The module author?

How do I fix this? I assume I should be using gpg, so I installed it and exported a key to the default server.

At this point, I'd just like to install the module.

Quantum Mechanics: The dreams stuff is made of

Replies are listed 'Best First'.
Re: cpanp install, gpg: Can't check signature: No public key
by Anonymous Monk on Sep 27, 2012 at 16:26 UTC
    It appears that CPAN is configured to check module signing signatures, and that it expects to do so with key-id 93B84C15, but that key has not been imported into your GPG key-ring. When you say "exported a key to the default server," exactly what did you do?
      I installed Gpg4win, and went through the certificate creation steps in Kleopatra, including exporting to a server.

      Do I have to import the key for each module or author? Is there some way to automate this?

      I don't see the point of installing more than the odd module if I have to track down the public keys for each one. I suppose the whole distributed key thing is a real pain, as I'll have to find trusted authorities who host the public keys of the entities I want to communicate with.

      Quantum Mechanics: The dreams stuff is made of

        You can always disable that signature checking stuff in cpanp
        $conf->set_conf( signature => 0 );
Re: cpanp install, gpg: Can't check signature: No public key
by tobyink (Abbot) on Sep 27, 2012 at 16:57 UTC

    I don't know about cpanp, but cpan and cpanm each have an option for forcing an install even when tests fail.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'

      It seems that this is something to do with cryptographic signature verification (integrity checking) of the package content, not a test-failure.   I know that there is an o conf setting for this in ordinary CPAN, which can turn this feature on or off, but I can’t speak to this particular scenario.   I would like to know how it shakes out ...

      In cpanp (and I presume in cpan):
      CPAN Terminal> s conf signature 0

      Quantum Mechanics: The dreams stuff is made of

        Okay, and if a GPG signature is missing ... can someone please document here how one properly retrieves and installs it?   (Does someone, like, have to read that hex key-id and enter it by hand into a separate command to pull the PK down from a keyserver?   How gauche ...   For all those of us who don’t know the answer, what is the answer to this one?)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://996014]
Front-paged by Corion
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2018-06-21 14:10 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (118 votes). Check out past polls.