p5-module-signature Makefile.PL should not run "gpg --list-public-keys"

[vinc17@…]

This is an upstream bug, but this has a particularly nasty effect with MacPorts: it can create config files belonging to root in the user's home directory:

drwx------ 7 root vinc17 238 2008-12-26 23:51:36 /Users/vinc17/.gnupg/

The build shows:

Looking for GNU Privacy Guard (gpg), a cryptographic signature tool...
gpg: directory `/Users/vinc17/.gnupg' created
gpg: new configuration file `/Users/vinc17/.gnupg/gpg.conf' created
gpg: WARNING: options in `/Users/vinc17/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/Users/vinc17/.gnupg/pubring.gpg' created
gpg: /Users/vinc17/.gnupg/trustdb.gpg: trustdb created
GnuPG found (/opt/local/bin/gpg).
Import PAUSE and author keys to GnuPG? [y] y
Importing... done.

I think the Makefile.PL should be patched by removing the and defined `gpg --list-public-keys`.

[vinc17@…]

This is even worse: even if pubring.gpg already exists, it becomes owned by root.

[anonymous]

Milestone Port Bugs deleted

[jmr@…]

This was fixed by r67748.