App::DocKnot::Dist

(Prepare a distribution tarball)

SYNOPSIS

    use App::DocKnot::Dist;
    my $docknot = App::DocKnot::Dist->new({ distdir => '/path/to/dist' });
    $docknot->make_distribution();

REQUIREMENTS

Git, Perl 5.24 or later, and the modules File::BaseDir, File::ShareDir, Git::Repository, IO::Compress::Xz (part of IO-Compress-Lzma), IO::Uncompress::Gunzip (part of IO-Compress), IPC::Run, IPC::System::Simple, Kwalify, List::SomeUtils, Path::Tiny, and YAML::XS, all of which are available from CPAN.

The tools to build whatever type of software distribution is being prepared are also required, since the distribution is built and tested as part of preparing the tarball.

To sign distribution tarballs, the GnuPG command-line program gpg is required. (Any version, either GnuPG v1 or GnuPG v2, should work.)

DESCRIPTION

This component of DocKnot generates distribution tarballs for a package. This is a bit of an odd inclusion in the DocKnot suite, since it's not about generating documentation, but it uses the same configuration and metadata as the rest of DocKnot.

Specifically, App::DocKnot::Dist exports the current branch from Git into a separate working directory, runs the commands appropriate to create a distribution (based on the build system configured in the package metadata), and cleans up the working directory.

CLASS METHODS

new(ARGS)

Create a new App::DocKnot::Dist object. This should be used for all subsequent actions. ARGS should be a hash reference with one or more of the following keys:

distdir

The path to the directory into which to put the distribution tarball. This should point to a trusted directory, not one where an attacker could have written files (see make_distribution() below). Required if not set in the global configuration file.

gpg

The path to the gpg binary, used to sign generated tarballs if pgp_key is present in the global configuration or provided as a constructor argument. Default: The binary named gpg on the user's PATH.

metadata

The path to the metadata for the package on which to operate. Default: docs/docknot.yaml relative to the current directory.

perl

The path to the Perl executable to use for build steps that require it. Used primarily in the test suite. Default: The binary named perl on the user's PATH.

pgp_key

Sign generated tarballs with the provided PGP key. The key can be named in any way that the -u option of GnuPG understands. This can also be set in the global configuration file. There is no default; if this option is not set, either as a constructor parameter or in the global configuration file, the generated tarballs will not be signed.

INSTANCE METHODS

check_dist(SOURCE, TARBALL)

Given the path to a source directory and the path to a gzip-compressed distribution tarball made from that directory, return the list of files that should be in the tarball but aren't. An empty list means that all files in the source tree expected to be in the distribution are present.

This method is provided primarily for testing convenience and is normally just an implementation detail of make_distribution().

commands()

Return the commands that should be run to generate a distribution tarball as a reference to an array of arrays. Each included array is a single command.

This method is provided primarily for testing convenience and is normally just an implementation detail of make_distribution().

make_distribution()

Generate distribution tarballs in the destdir directory provided to new(). The distribution will be generated from the first branch found named either main or master.

If destdir already contains a subdirectory whose name matches the tarname of the distribution, it will be forcibly removed. In order to successfully remove trees that result from Automake's make distcheck failing partway through, App::DocKnot::Dist will change permissions as needed to remove an existing directory. For security reasons, the distdir parameter of this module should therefore only be pointed to a trusted directory, not one where an attacker could have written files.

If the native distribution tarball generation commands for the package generate a gzip-compressed tarball but not an xz-compressed tarball, an xz-compressed tarball will be created.

After the distribution is created, check_dist() will be run on it. If any files are missing from the distribution, they will be reported to standard output and then an exception will be thrown.

If the pgp_key constructor parameter or global configuration option is set, the generated tarballs will then be signed with that key, using gpg. The generated signature will be armored and stored in a file named by appending .asc to the name of the tarball.

AUTHOR

Russ Allbery <rra@cpan.org>

COPYRIGHT AND LICENSE

Copyright 2019-2022 Russ Allbery <rra@cpan.org>

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

SEE ALSO

docknot(1), App::DocKnot::Config

This module is part of the App-DocKnot distribution. The current version of DocKnot is available from CPAN, or directly from its web site at <https://www.eyrie.org/~eagle/software/docknot/>.

Last modified and spun 2024-07-14