my $distmeta = {
name => 'Module-Build',
abstract => 'Build and install Perl modules',
description => "Module::Build is a system for "
. "building, testing, and installing Perl modules. "
. "It is meant to ... blah blah blah ...",
version => '0.36',
release_status => 'stable',
author => [
'Ken Williams <kwilliams@cpan.org>',
'Module-Build List <module-build@perl.org>', # additional contact
],
license => [ 'perl_5' ],
prereqs => {
runtime => {
requires => {
'perl' => '5.006',
'ExtUtils::Install' => '0',
'File::Basename' => '0',
'File::Compare' => '0',
'IO::File' => '0',
},
recommends => {
'Archive::Tar' => '1.00',
'ExtUtils::Install' => '0.3',
'ExtUtils::ParseXS' => '2.02',
},
},
build => {
requires => {
'Test::More' => '0',
},
}
},
resources => {
license => ['http://dev.perl.org/licenses/'],
},
optional_features => {
domination => {
description => 'Take over the world',
prereqs => {
develop => { requires => { 'Genius::Evil' => '1.234' } },
runtime => { requires => { 'Machine::Weather' => '2.0' } },
},
},
},
dynamic_config => 1,
keywords => [ qw/ toolchain cpan dual-life / ],
'meta-spec' => {
version => '2',
url => 'https://metacpan.org/pod/CPAN::Meta::Spec',
},
generated_by => 'Module::Build version 0.36',
};
Revisions of this specification for typo corrections and prose clarifications may be issued as CPAN::Meta::Spec 2.x. These revisions will never change semantics or add or remove specified behavior.
Distribution metadata describe important properties of Perl distributions. Distribution building tools like Module::Build, Module::Install, ExtUtils::MakeMaker or Dist::Zilla should create a metadata file in accordance with this specification and include it with the distribution for use by automated tools that index, examine, package or install Perl distributions.
Producers must represent List elements using a data structure which unambiguously indicates that multiple values are possible, such as a reference to a Perl array (an ``arrayref'').
Consumers expecting a List must consider a String as equivalent to a List of length 1.
Any keys not described in this specification document (whether top-level or within compound data structures described herein) are considered custom keys and must begin with an ``x'' or ``X'' and be followed by an underscore; i.e. they must match the pattern: "qr{\Ax_}i". If a custom key refers to a compound data structure, subkeys within it do not need an ``x_'' or ``X_'' prefix.
Consumers of metadata may ignore any or all custom keys. All other keys not described herein are invalid and should be ignored by consumers. Producers must not generate or output invalid keys.
For each key, an example is provided followed by a description. The description begins with the version of spec in which the key was added or in which the definition was modified, whether the key is required or optional and the data type of the corresponding data element. These items are in parentheses, brackets and braces, respectively.
If a data type is a Map or Map subtype, valid subkeys will be described as well.
Some fields are marked Deprecated. These are shown for historical context and must not be produced in or consumed from any metadata structure of version 2 or higher.
Example:
abstract => 'Build and install Perl modules'
(Spec 1.2) [required] {String}
This is a short description of the purpose of the distribution.
author
Example:
author => [ 'Ken Williams <kwilliams@cpan.org>' ]
(Spec 1.2) [required] {List of one or more Strings}
This List indicates the person(s) to contact concerning the distribution. The preferred form of the contact string is:
contact-name <email-address>
This field provides a general contact list independent of other structured fields provided within the ``resources'' field, such as "bugtracker". The addressee(s) can be contacted for any purpose including but not limited to (security) problems with the distribution, questions about the distribution or bugs in the distribution.
A distribution's original author is usually the contact listed within this field. Co-maintainers, successor maintainers or mailing lists devoted to the distribution may also be listed in addition to or instead of the original author.
dynamic_config
Example:
dynamic_config => 1
(Spec 2) [required] {Boolean}
A boolean flag indicating whether a Build.PL or Makefile.PL (or similar) must be executed to determine prerequisites.
This field should be set to a true value if the distribution performs some dynamic configuration (asking questions, sensing the environment, etc.) as part of its configuration. This field should be set to a false value to indicate that prerequisites included in metadata may be considered final and valid for static analysis.
Note: when this field is true, post-configuration prerequisites are not guaranteed to bear any relation whatsoever to those stated in the metadata, and relying on them doing so is an error. See also ``Prerequisites for dynamically configured distributions'' in the implementors' notes.
This field explicitly does not indicate whether installation may be safely performed without using a Makefile or Build file, as there may be special files to install or custom installation targets (e.g. for dual-life modules that exist on CPAN as well as in the Perl core). This field only defines whether or not prerequisites are exactly as given in the metadata.
generated_by
Example:
generated_by => 'Module::Build version 0.36'
(Spec 1.0) [required] {String}
This field indicates the tool that was used to create this metadata. There are no defined semantics for this field, but it is traditional to use a string in the form ``Generating::Package version 1.23'' or the author's name, if the file was generated by hand.
license
Example:
license => [ 'perl_5' ] license => [ 'apache_2_0', 'mozilla_1_0' ]
(Spec 2) [required] {List of one or more License Strings}
One or more licenses that apply to some or all of the files in the distribution. If multiple licenses are listed, the distribution documentation should be consulted to clarify the interpretation of multiple licenses.
The following list of license strings are valid:
string description ------------- ----------------------------------------------- agpl_3 GNU Affero General Public License, Version 3 apache_1_1 Apache Software License, Version 1.1 apache_2_0 Apache License, Version 2.0 artistic_1 Artistic License, (Version 1) artistic_2 Artistic License, Version 2.0 bsd BSD License (three-clause) freebsd FreeBSD License (two-clause) gfdl_1_2 GNU Free Documentation License, Version 1.2 gfdl_1_3 GNU Free Documentation License, Version 1.3 gpl_1 GNU General Public License, Version 1 gpl_2 GNU General Public License, Version 2 gpl_3 GNU General Public License, Version 3 lgpl_2_1 GNU Lesser General Public License, Version 2.1 lgpl_3_0 GNU Lesser General Public License, Version 3.0 mit MIT (aka X11) License mozilla_1_0 Mozilla Public License, Version 1.0 mozilla_1_1 Mozilla Public License, Version 1.1 openssl OpenSSL License perl_5 The Perl 5 License (Artistic 1 & GPL 1 or later) qpl_1_0 Q Public License, Version 1.0 ssleay Original SSLeay License sun Sun Internet Standards Source License (SISSL) zlib zlib License
The following license strings are also valid and indicate other licensing not described above:
string description ------------- ----------------------------------------------- open_source Other Open Source Initiative (OSI) approved license restricted Requires special permission from copyright holder unrestricted Not an OSI approved license, but not restricted unknown License not provided in metadata
All other strings are invalid in the license field.
meta-spec
Example:
'meta-spec' => {
version => '2',
url => 'http://search.cpan.org/perldoc?CPAN::Meta::Spec',
}
(Spec 1.2) [required] {Map}
This field indicates the version of the CPAN Meta Spec that should be used to interpret the metadata. Consumers must check this key as soon as possible and abort further metadata processing if the meta-spec version is not supported by the consumer.
The following keys are valid, but only "version" is required.
For the version 2 spec, either of these are recommended:
name
Example:
name => 'Module-Build'
(Spec 1.0) [required] {String}
This field is the name of the distribution. This is often created by taking the ``main package'' in the distribution and changing "::" to "-", but the name may be completely unrelated to the packages within the distribution. For example, LWP::UserAgent is distributed as part of the distribution name ``libwww-perl''.
release_status
Example:
release_status => 'stable'
(Spec 2) [required] {String}
This field provides the release status of this distribution. If the "version" field contains an underscore character, then "release_status" must not be ``stable.''
The "release_status" field must have one of the following values:
Consumers may use this field to determine how to index the distribution for CPAN or other repositories in addition to or in replacement of heuristics based on version number or file name.
version
Example:
version => '0.36'
(Spec 1.0) [required] {Version}
This field gives the version of the distribution to which the metadata structure refers.
Example:
description => "Module::Build is a system for "
. "building, testing, and installing Perl modules. "
. "It is meant to ... blah blah blah ...",
(Spec 2) [optional] {String}
A longer, more complete description of the purpose or intended use of the distribution than the one provided by the "abstract" key.
keywords
Example:
keywords => [ qw/ toolchain cpan dual-life / ]
(Spec 1.1) [optional] {List of zero or more Strings}
A List of keywords that describe this distribution. Keywords must not include whitespace.
no_index
Example:
no_index => {
file => [ 'My/Module.pm' ],
directory => [ 'My/Private' ],
package => [ 'My::Module::Secret' ],
namespace => [ 'My::Module::Sample' ],
}
(Spec 1.2) [optional] {Map}
This Map describes any files, directories, packages, and namespaces that are private to the packaging or implementation of the distribution and should be ignored by indexing or search tools. Note that this is a list of exclusions, and the spec does not define what to include - see ``Indexing distributions a la PAUSE'' in the implementors notes for more information.
Valid subkeys are as follows:
[ Note: previous editions of the spec had "dir" instead of "directory" ]
In the example above for "no_index", "My::Module::Sample::Foo" would be ignored, but "My::Module::Sample" would not.
optional_features
Example:
optional_features => {
sqlite => {
description => 'Provides SQLite support',
prereqs => {
runtime => {
requires => {
'DBD::SQLite' => '1.25'
}
}
}
}
}
(Spec 2) [optional] {Map}
This Map describes optional features with incremental prerequisites. Each key of the "optional_features" Map is a String used to identify the feature and each value is a Map with additional information about the feature. Valid subkeys include:
There is one crucial restriction: the prereqs of an optional feature must not include "configure" phase prereqs.
Consumers must not include optional features as prerequisites without explicit instruction from users (whether via interactive prompting, a function parameter or a configuration value, etc. ).
If an optional feature is used by a consumer to add additional prerequisites, the consumer should merge the optional feature prerequisites into those given by the "prereqs" key using the same semantics. See ``Merging and Resolving Prerequisites'' for details on merging prerequisites.
Suggestion for disuse: Because there is currently no way for a distribution to specify a dependency on an optional feature of another dependency, the use of "optional_feature" is discouraged. Instead, create a separate, installable distribution that ensures the desired feature is available. For example, if "Foo::Bar" has a "Baz" feature, release a separate "Foo-Bar-Baz" distribution that satisfies requirements for the feature.
prereqs
Example:
prereqs => {
runtime => {
requires => {
'perl' => '5.006',
'File::Spec' => '0.86',
'JSON' => '2.16',
},
recommends => {
'JSON::XS' => '2.26',
},
suggests => {
'Archive::Tar' => '0',
},
},
build => {
requires => {
'Alien::SDL' => '1.00',
},
},
test => {
recommends => {
'Test::Deep' => '0.10',
},
}
}
(Spec 2) [optional] {Map}
This is a Map that describes all the prerequisites of the distribution. The keys are phases of activity, such as "configure", "build", "test" or "runtime". Values are Maps in which the keys name the type of prerequisite relationship such as "requires", "recommends", or "suggests" and the value provides a set of prerequisite relations. The set of relations must be specified as a Map of package names to version ranges.
The full definition for this field is given in the ``Prereq Spec'' section.
provides
Example:
provides => {
'Foo::Bar' => {
file => 'lib/Foo/Bar.pm',
version => '0.27_02',
},
'Foo::Bar::Blah' => {
file => 'lib/Foo/Bar/Blah.pm',
},
'Foo::Bar::Baz' => {
file => 'lib/Foo/Bar/Baz.pm',
version => '0.3',
},
}
(Spec 1.2) [optional] {Map}
This describes all packages provided by this distribution. This information is used by distribution and automation mechanisms like PAUSE, CPAN, metacpan.org and search.cpan.org to build indexes saying in which distribution various packages can be found.
The keys of "provides" are package names that can be found within the distribution. If a package name key is provided, it must have a Map with the following valid subkeys:
resources
Example:
resources => {
license => [ 'http://dev.perl.org/licenses/' ],
homepage => 'http://sourceforge.net/projects/module-build',
bugtracker => {
web => 'http://rt.cpan.org/Public/Dist/Display.html?Name=CPAN-Meta',
mailto => 'meta-bugs@example.com',
},
repository => {
url => 'git://github.com/dagolden/cpan-meta.git',
web => 'http://github.com/dagolden/cpan-meta',
type => 'git',
},
x_twitter => 'http://twitter.com/cpan_linked/',
}
(Spec 2) [optional] {Map}
This field describes resources related to this distribution.
Valid subkeys include:
web - a URL pointing to a web front-end for the bug tracker mailto - an email address to which bugs can be sent
url - a URL pointing to the repository itself web - a URL pointing to a web front-end for the repository type - a lowercase string indicating the VCS used
Because a url like "http://myrepo.example.com/" is ambiguous as to type, producers should provide a "type" whenever a "url" key is given. The "type" field should be the name of the most common program used to work with the repository, e.g. "git", "svn", "cvs", "darcs", "bzr" or "hg".
(Deprecated in Spec 2) [optional] {String}
Replaced by "prereqs"
configure_requires
(Deprecated in Spec 2) [optional] {String}
Replaced by "prereqs"
conflicts
(Deprecated in Spec 2) [optional] {String}
Replaced by "prereqs"
distribution_type
(Deprecated in Spec 2) [optional] {String}
This field indicated 'module' or 'script' but was considered meaningless, since many distributions are hybrids of several kinds of things.
license_uri
(Deprecated in Spec 1.2) [optional] {URL}
Replaced by "license" in "resources"
private
(Deprecated in Spec 1.2) [optional] {Map}
This field has been renamed to ``no_index''.
recommends
(Deprecated in Spec 2) [optional] {String}
Replaced by "prereqs"
requires
(Deprecated in Spec 2) [optional] {String}
Version numbers must be treated as strings, not numbers. For example, 1.200 must not be serialized as 1.2. Version comparison should be delegated to the Perl version module, version 0.80 or newer.
Unless otherwise specified, version numbers must appear in one of two formats:
version => '1.234' # OK version => '1.23_04' # OK version => '1.23_04_05' # Illegal version => '1.' # Illegal version => '.1' # Illegal
version => 'v1.2.3' # OK version => 'v1.2_3' # OK version => 'v1.2.3.4' # OK version => 'v1.2.3_4' # OK version => 'v2009.10.31' # OK version => 'v1.2' # Illegal version => '1.2.3' # Illegal version => 'v1.2_3_4' # Illegal version => 'v1.2009.10.31' # Not recommended
The simplest format for a Version Range is just the version number itself, e.g. 2.4. This means that at least version 2.4 must be present. To indicate that any version of a prerequisite is okay, even if the prerequisite doesn't define a version at all, use the version 0.
Alternatively, a version range may use the operators < (less than), <= (less than or equal), > (greater than), >= (greater than or equal), == (equal), and != (not equal). For example, the specification "< 2.0" means that any version of the prerequisite less than 2.0 is suitable.
For more complicated situations, version specifications may be AND-ed together using commas. The specification ">= 1.2, != 1.5, < 2.0" indicates a version that must be at least 1.2, less than 2.0, and not equal to 1.5.
For example, to specify that "Data::Dumper" is "required" during the "test" phase, this entry would appear in the distribution metadata:
prereqs => {
test => {
requires => {
'Data::Dumper' => '2.00'
}
}
}
Phases
Requirements for regular use must be listed in the "runtime" phase. Other requirements should be listed in the earliest stage in which they are required and consumers must accumulate and satisfy requirements across phases before executing the activity. For example, "build" requirements must also be available during the "test" phase.
before action requirements that must be met ---------------- -------------------------------- perl Build.PL configure perl Makefile.PL make configure, runtime, build Build make test configure, runtime, build, test Build test
Consumers that install the distribution must ensure that runtime requirements are also installed and may install dependencies from other phases.
after action requirements that must be met ---------------- -------------------------------- make install runtime Build install
Relationships
Another subtle error that can occur in resolving prerequisites comes from the way that modules in prerequisites are indexed to distribution files on CPAN. When a module is deleted from a distribution, prerequisites calling for that module could indicate an older distribution should be installed, potentially overwriting files from a newer distribution.
For example, as of Oct 31, 2009, the CPAN index file contained these module-distribution mappings:
Class::MOP 0.94 D/DR/DROLSKY/Class-MOP-0.94.tar.gz Class::MOP::Class 0.94 D/DR/DROLSKY/Class-MOP-0.94.tar.gz Class::MOP::Class::Immutable 0.04 S/ST/STEVAN/Class-MOP-0.36.tar.gz
Consider the case where ``Class::MOP'' 0.94 is installed. If a distribution specified ``Class::MOP::Class::Immutable'' as a prerequisite, it could result in Class-MOP-0.36.tar.gz being installed, overwriting any files from Class-MOP-0.94.tar.gz.
Consumers of metadata should test whether prerequisites would result in installed module files being ``downgraded'' to an older version and may warn users or ignore the prerequisite that would cause such a result.
In the past, the distribution metadata structure had been packed with distributions as META.yml, a file in the YAML Tiny format (for which, see YAML::Tiny). Tools that consume distribution metadata from disk should be capable of loading META.yml, but should prefer META.json if both are found.
# via ExtUtils::MakeMaker my $file = MM->_installed_file_for_module($mod); my $version = MM->parse_version($file)
The private "_installed_file_for_module" method may be replaced with other methods for locating a module in @INC.
# via Module::Metadata my $info = Module::Metadata->new_from_module($mod); my $version = $info->version;
If only a filename is available, the following approach may be used:
# via Module::Build my $info = Module::Metadata->new_from_file($file); my $version = $info->version;
use version;
if ( version->new($v1) <=> version->new($v2) ) {
print "Versions are not equal\n";
}
If the only comparison needed is whether an installed module is of a sufficiently high version, a direct test may be done using the string form of "eval" and the "use" function. For example, for module $mod and version prerequisite $prereq:
if ( eval "use $mod $prereq (); 1" ) {
print "Module $mod version is OK.\n";
}
If the values of $mod and $prereq have not been scrubbed, however, this presents security implications.
In practice, however, one can generally expect such prerequisites to be one of two things:
The second case often turns out to have identical results to the first case, albeit only by accident.
As such, consumers may use this data for informational analysis, but presenting it to the user as canonical or relying on it as such is invariably the height of folly.
Or: If you're trying to be PAUSE-like, make sure you skip "inc", "xt" and "t" as well as anything marked as no_index.
Also remember: If the META file contains a provides field, you shouldn't be indexing anything in the first place - just use that.
In late 2009, David Golden organized the version 2 proposal review process. David and Ricardo Signes drafted the final version 2 spec in April 2010 based on the version 1.4 spec and patches contributed during the proposal process.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.