Always recreate distribution GnuPG signatures

Always recreate GnuPG signatures when generating distribution tarballs
in docknot dist.

Also convert t/dist/basic.t to use Path::Tiny instead of File::Spec.

3 files changed, 50 insertions, 49 deletions

diff --git a/Changes b/Changes
index 5a87d64..f0b26ee 100644
--- a/Changes
+++ b/Changes
@@ -18,6 +18,9 @@
    pass.  This ensurse the output files are seen when spinning the tree
    into the output directory.
 
+ - Always recreate GnuPG signatures when generating distribution tarballs
+   in docknot dist.
+
 6.01 - 2022-01-15
 
  - Add new docknot release command and corresponding App::DocKnot::Release
diff --git a/lib/App/DocKnot/Dist.pm b/lib/App/DocKnot/Dist.pm
index 5d1c684..382a41c 100644
--- a/lib/App/DocKnot/Dist.pm
+++ b/lib/App/DocKnot/Dist.pm
@@ -232,6 +232,10 @@ sub _sign_tarballs {
     my $files_ref = latest_tarball($path, $prefix)->{files};
     for my $file (grep { m{ [.]tar [.][xg]z }xms } $files_ref->@*) {
         my $tarball_path = $path->child($file);
+        my $sig_path = $path->child($tarball_path->basename() . '.asc');
+        if ($sig_path->exists()) {
+            $sig_path->remove();
+        }
         systemx(
             $self->{gpg}, '--detach-sign', '--armor', '-u',
             $self->{pgp_key}, $tarball_path,
diff --git a/t/dist/basic.t b/t/dist/basic.t
index dcc6b1b..5b72cb9 100755
--- a/t/dist/basic.t
+++ b/t/dist/basic.t
@@ -2,7 +2,7 @@
 #
 # Basic tests for App::DocKnot::Dist.
 #
-# Copyright 2019-2021 Russ Allbery <rra@cpan.org>
+# Copyright 2019-2022 Russ Allbery <rra@cpan.org>
 #
 # SPDX-License-Identifier: MIT
 
@@ -13,14 +13,12 @@ use warnings;
 use lib 't/lib';
 
 use Capture::Tiny qw(capture_stdout);
-use Cwd qw(getcwd);
 use File::Copy::Recursive qw(dircopy);
-use File::Spec;
-use File::Temp;
 use Git::Repository;
 use IPC::Run qw(run);
 use IPC::System::Simple qw(capturex systemx);
 use List::Util qw(first);
+use Path::Tiny qw(path);
 
 use Test::More;
 
@@ -29,24 +27,24 @@ local $ENV{XDG_CONFIG_HOME} = '/nonexistent';
 local $ENV{XDG_CONFIG_DIRS} = '/nonexistent';
 
 # Find the full path to the test data.
-my $cwd = getcwd() or die "$0: cannot get working directory: $!\n";
-my $dataroot = File::Spec->catfile($cwd, 't', 'data', 'dist', 'package');
-my $gpg_path = File::Spec->catfile($cwd, 't', 'data', 'dist', 'fake-gpg');
+my $cwd = Path::Tiny->cwd();
+my $dataroot = $cwd->child('t', 'data', 'dist', 'package');
+my $gpg_path = $cwd->child('t', 'data', 'dist', 'fake-gpg');
 
 # Set up a temporary directory.
-my $dir = File::Temp->newdir();
-my $sourcedir = File::Spec->catfile($dir, 'source');
-my $distdir = File::Spec->catfile($dir, 'dist');
+my $dir = Path::Tiny->tempdir();
+my $sourcedir = $dir->child('source');
+my $distdir = $dir->child('dist');
 
 # Create a new repository, copy all files from the data directory, and commit
 # them.  We have to rename the test while we copy it to avoid having it picked
 # up by the main package test suite.
 dircopy($dataroot, $sourcedir)
   or die "$0: cannot copy $dataroot to $sourcedir: $!\n";
-my $testpath = File::Spec->catfile($sourcedir, 't', 'api', 'empty.t');
-rename($testpath . '.in', $testpath);
-Git::Repository->run('init', { cwd => $sourcedir, quiet => 1 });
-my $repo = Git::Repository->new(work_tree => $sourcedir);
+my $testpath = $sourcedir->child('t', 'api', 'empty.t');
+$testpath->sibling('empty.t.in')->move($testpath);
+Git::Repository->run('init', { cwd => "$sourcedir", quiet => 1 });
+my $repo = Git::Repository->new(work_tree => "$sourcedir");
 $repo->run(config => '--add', 'user.name', 'Test');
 $repo->run(config => '--add', 'user.email', 'test@example.com');
 $repo->run(add => '-A', q{.});
@@ -76,11 +74,8 @@ require_ok('App::DocKnot::Dist');
 
 # Put some existing files in the directory that are marked read-only.  These
 # should be cleaned up automatically.
-mkdir($distdir);
-mkdir(File::Spec->catfile($distdir, 'Empty'));
-open(my $fh, '>', File::Spec->catfile($distdir, 'Empty', 'Build.PL'));
-close($fh);
-chmod(0000, File::Spec->catfile($distdir, 'Empty', 'Build.PL'));
+$distdir->child('Empty')->mkpath();
+$distdir->child('Empty', 'Build.PL')->touch()->chmod(0000);
 
 # Setup finished.  Now we can create a distribution tarball.
 chdir($sourcedir);
@@ -88,49 +83,50 @@ my $dist = App::DocKnot::Dist->new({ distdir => $distdir, perl => $^X });
 capture_stdout {
     eval { $dist->make_distribution() };
 };
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.gz'), 'dist exists');
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.xz'), 'xz dist exists');
-ok(!-e File::Spec->catfile($distdir, 'Empty-1.00.tar'), 'tarball missing');
-ok(!-e File::Spec->catfile($distdir, 'Empty-1.00.tar.gz.asc'), 'no signature');
-ok(!-e File::Spec->catfile($distdir, 'Empty-1.00.tar.xz.asc'), 'no signature');
+ok($distdir->child('Empty-1.00.tar.gz')->exists(), 'dist exists');
+ok($distdir->child('Empty-1.00.tar.xz')->exists(), 'xz dist exists');
+ok(!$distdir->child('Empty-1.00.tar')->exists(), 'tarball missing');
+ok(!$distdir->child('Empty-1.00.tar.gz.asc')->exists(), 'no signature');
+ok(!$distdir->child('Empty-1.00.tar.xz.asc')->exists(), 'no signature');
 is($@, q{}, 'no errors');
 
 # Switch to using a configuration file and enable signing.
-unlink(File::Spec->catfile($distdir, 'Empty-1.00.tar.gz'));
-unlink(File::Spec->catfile($distdir, 'Empty-1.00.tar.xz'));
-mkdir(File::Spec->catfile($dir, 'docknot'));
-open($fh, '>', File::Spec->catfile($dir, 'docknot', 'config.yaml'));
-print {$fh} "distdir: $distdir\npgp_key: some-pgp-key\n"
-  or die "cannot write to config.yaml: $!\n";
-close($fh);
-local $ENV{XDG_CONFIG_HOME} = $dir;
+$distdir->child('Empty-1.00.tar.gz')->remove();
+$distdir->child('Empty-1.00.tar.xz')->remove();
+$dir->child('docknot')->mkpath();
+$dir->child('docknot', 'config.yaml')->spew_utf8(
+    "distdir: $distdir\n",
+    "pgp_key: some-pgp-key\n",
+);
+local $ENV{XDG_CONFIG_HOME} = "$dir";
 $dist = App::DocKnot::Dist->new({ gpg => $gpg_path, perl => $^X });
 
+# Create a dummy signature, which should be overwritten.
+$distdir->child('Empty-1.00.tar.gz.asc')->spew_utf8("bogus signature\n");
+
 # If we add an ignored file to the source tree, this should not trigger any
 # errors.
-open($fh, '>', 'ignored-file');
-print {$fh} "Some data\n" or die "cannot write to some-file: $!\n";
-close($fh);
+$sourcedir->child('ignored-file')->spew_utf8("Some data\n");
 capture_stdout {
     eval { $dist->make_distribution() };
 };
 is($@, q{}, 'no errors with ignored file');
 
 # And now there should be signatures.
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.gz'), 'dist exists');
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.xz'), 'xz dist exists');
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.gz.asc'), 'gz signature');
-ok(-e File::Spec->catfile($distdir, 'Empty-1.00.tar.xz.asc'), 'xz signature');
-open($fh, '<', File::Spec->catfile($distdir, 'Empty-1.00.tar.gz.asc'));
-is("some signature\n", <$fh>, 'fake-gpg was run');
-close($fh);
+ok($distdir->child('Empty-1.00.tar.gz')->exists(), 'dist exists');
+ok($distdir->child('Empty-1.00.tar.xz')->exists(), 'xz dist exists');
+ok($distdir->child('Empty-1.00.tar.gz.asc')->exists(), 'gz signature');
+ok($distdir->child('Empty-1.00.tar.xz.asc')->exists(), 'xz signature');
+is(
+    "some signature\n",
+    $distdir->child('Empty-1.00.tar.gz.asc')->slurp_utf8(),
+    'fake-gpg was run'
+);
 
 # If we add a new file to the source tree and run make_distribution() again,
 # it should fail, and the output should contain an error message about an
 # unknown file.
-open($fh, '>', 'some-file');
-print {$fh} "Some data\n" or die "cannot write to some-file: $!\n";
-close($fh);
+$sourcedir->child('some-file')->spew_utf8("Some data\n");
 my $stdout = capture_stdout {
     eval { $dist->make_distribution() };
 };
@@ -138,14 +134,12 @@ is($@, "1 file missing from distribution\n", 'correct error for extra file');
 like($stdout, qr{ some-file }xms, 'output mentions the right file');
 
 # Verify that check_dist produces the same output.
-my $tarball = File::Spec->catfile($distdir, 'Empty-1.00.tar.gz');
+my $tarball = $distdir->child('Empty-1.00.tar.gz');
 my @missing = $dist->check_dist($sourcedir, $tarball);
 is_deeply(['some-file'], \@missing, 'check_dist matches');
 
 # Another missing file should produce different formatting.
-open($fh, '>', 'another-file');
-print {$fh} "Some data\n" or die "cannot write to some-file: $!\n";
-close($fh);
+$sourcedir->child('another-file')->spew_utf8("Some data\n");
 $stdout = capture_stdout {
     eval { $dist->make_distribution() };
 };