Responding to 'signature_verify NO' error when using Bundle::CPAN

jkeenan1 has asked for the wisdom of the Perl Monks concerning the following question:

Practically every week, while using the cpan shell, I'm prompted to upgrade to the latest version of Bundle::CPAN. But this is often not a clean process. Most often the obstacles have to do with signature verifications -- an issue I do not claim to understand very well.

Tonight, for instance, I got the following summary after calling install Bundle::CPAN:

Bundle summary: The following items in bundle Bundle::CPAN had install
+ation problems:
  File::Spec Module::Build CPAN 
Failed during this command:
  KWILLIAMS/PathTools-3.17.tar.gz              : signature_verify NO
  ANDK/CPAN-1.87.tar.gz                        : signature_verify NO
  KWILLIAMS/Module-Build-0.2612.tar.gz         : signature_verify NO
[download]

When I then went to install the individual components separately, I got error messages like this:

cpan> install File::Spec
Running install for module File::Spec
Running make for K/KW/KWILLIAMS/PathTools-3.17.tar.gz
  Is already unwrapped into directory /Users/jimk/.cpan/build/PathTool
+s-3.17
  Did not pass the signature test.
Running make test
  Make had some problems, won't test
Running make install
  Make had some problems, won't install
[download]

Needless to say, these are all modules that I have long had installed and upgraded repeatedly.

What is the best way of responding to these signature_verify NO errors?

Thanks in advance.

Jim Keenan

Comment on Responding to 'signature_verify NO' error when using Bundle::CPAN Select or Download Code

Replies are listed 'Best First'.
Re: Responding to 'signature_verify NO' error when using Bundle::CPAN by Cody Pendant (Prior) on Apr 14, 2006 at 05:23 UTC
Doesn't that just mean you don't have Module::Signature installed? Or that it's installed but not one of the encryption modules on which it relies? ($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss') =~y~b-v~a-z~s; print	[reply]
Re^2: Responding to 'signature_verify NO' error when using Bundle::CPAN by jkeenan1 (Deacon) on Apr 14, 2006 at 11:24 UTC
I've had Module::Signature installed for some time. Since other elements of the Bundle::CPAN got installed, I'm inclined to believe the problem is, as the error messages suggest, with these particular components. Jim Keenan	[reply]
Re: Responding to 'signature_verify NO' error when using Bundle::CPAN by hv (Prior) on Apr 14, 2006 at 13:25 UTC
My colleague had a similar problem shortly before getting a PM account; he documented it here. In short: it appears that either the spec has changed or older gpg implementations are buggy. For him, upgrading gnupg allowed signature verification to succeed. Hope this helps, Hugo	[reply]
Re^2: Responding to 'signature_verify NO' error when using Bundle::CPAN by jkeenan1 (Deacon) on Apr 15, 2006 at 00:57 UTC
Unfortunately, that doesn't seem to be the solution. Your colleague indicated that the earliest version of gnupg that fixed the problem was 1.06. But my version is much more recent Read more... (539 Bytes) So I think the jury is still out. Jim Keenan	[reply] [d/l]