App::DocKnot::Dist - Prepare a distribution tarball
use App::DocKnot::Dist;
my $docknot = App::DocKnot::Dist->new({ distdir => '/path/to/dist' });
$docknot->make_distribution();
Git, Perl 5.24 or later, and the modules File::BaseDir, File::ShareDir,
Git::Repository, IO::Compress::Xz (part of IO-Compress-Lzma),
IO::Uncompress::Gunzip (part of IO-Compress), IPC::Run, IPC::System::Simple,
Kwalify, List::SomeUtils, Path::Tiny, and YAML::XS, all of which are available
from CPAN.
The tools to build whatever type of software distribution is being prepared are
also required, since the distribution is built and tested as part of preparing
the tarball.
To sign distribution tarballs, the GnuPG command-line program
gpg is
required. (Any version, either GnuPG v1 or GnuPG v2, should work.)
This component of DocKnot generates distribution tarballs for a package. This is
a bit of an odd inclusion in the DocKnot suite, since it's not about
generating documentation, but it uses the same configuration and metadata as
the rest of DocKnot.
Specifically, App::DocKnot::Dist exports the current branch from Git into a
separate working directory, runs the commands appropriate to create a
distribution (based on the build system configured in the package metadata),
and cleans up the working directory.
- new(ARGS)
- Create a new App::DocKnot::Dist object. This should be used
for all subsequent actions. ARGS should be a hash reference with one or
more of the following keys:
- distdir
- The path to the directory into which to put the
distribution tarball. This should point to a trusted directory, not one
where an attacker could have written files (see make_distribution()
below). Required if not set in the global configuration file.
- gpg
- The path to the gpg binary, used to sign generated
tarballs if "pgp_key" is present in the global configuration or
provided as a constructor argument. Default: The binary named
"gpg" on the user's PATH.
- metadata
- The path to the metadata for the package on which to
operate. Default: docs/docknot.yaml relative to the current
directory.
- perl
- The path to the Perl executable to use for build steps that
require it. Used primarily in the test suite. Default: The binary named
"perl" on the user's PATH.
- pgp_key
- Sign generated tarballs with the provided PGP key. The key
can be named in any way that the -u option of GnuPG understands.
This can also be set in the global configuration file. There is no
default; if this option is not set, either as a constructor parameter or
in the global configuration file, the generated tarballs will not be
signed.
- check_dist(SOURCE, TARBALL)
- Given the path to a source directory and the path to a
gzip-compressed distribution tarball made from that directory, return the
list of files that should be in the tarball but aren't. An empty list
means that all files in the source tree expected to be in the distribution
are present.
This method is provided primarily for testing convenience and is normally
just an implementation detail of make_distribution().
- commands()
- Return the commands that should be run to generate a
distribution tarball as a reference to an array of arrays. Each included
array is a single command.
This method is provided primarily for testing convenience and is normally
just an implementation detail of make_distribution().
- make_distribution()
- Generate distribution tarballs in the "destdir"
directory provided to new(). The distribution will be generated
from the first branch found named either "main" or
"master".
If "destdir" already contains a subdirectory whose name matches
the "tarname" of the distribution, it will be forcibly removed.
In order to successfully remove trees that result from Automake's
"make distcheck" failing partway through, App::DocKnot::Dist
will change permissions as needed to remove an existing directory. For
security reasons, the "distdir" parameter of this module should
therefore only be pointed to a trusted directory, not one where an
attacker could have written files.
If the native distribution tarball generation commands for the package
generate a gzip-compressed tarball but not an xz-compressed tarball, an
xz-compressed tarball will be created.
After the distribution is created, check_dist() will be run on it. If
any files are missing from the distribution, they will be reported to
standard output and then an exception will be thrown.
If the "pgp_key" constructor parameter or global configuration
option is set, the generated tarballs will then be signed with that key,
using gpg. The generated signature will be armored and stored in a
file named by appending ".asc" to the name of the tarball.
Russ Allbery <
[email protected]>
Copyright 2019-2022 Russ Allbery <
[email protected]>
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
docknot(1), App::DocKnot::Config
This module is part of the App-DocKnot distribution. The current version of
DocKnot is available from CPAN, or directly from its web site at
<
https://www.eyrie.org/~eagle/software/docknot/>.