http://www.perlmonks.org?node_id=761088

SilasTheMonk has asked for the wisdom of the Perl Monks concerning the following question:

I am looking for a good way to make sure that I know what cpan is doing when I install a perl module. For example "cpan -i Titanium" will attempt to install quite a lot. When I tried it I was so horrified I restored from backup. So now my plan is:

I have a little script: 

#!/bin/bash

echo "/usr/bin/cpan -t $1 2>&1 >/root/reports/$1.log" | script /root/r
+eports/$1.txt

[download]
When I can run this without any errors I will proceed to do a real install. Can anyone improve on this?

Edit:I should say it was only when I saw the errors flying past, it occurred to me that the system did not have a compiler.

Replies are listed 'Best First'.
Re: RFC: auditing cpan installs
by jettero (Monsignor) on Apr 30, 2009 at 13:06 UTC
    I wonder if "o conf shell script" (or something similar) would do a lot of what you want. Possibly a continuation of the thought: an app that forks to script, slurps the resulting typescript and squishes it into an sqlite db or something.

    UPDATE: You would type it at the shell... "bash$ cpan" ... then "cpan> o conf shell script"

    -Paul

[reply]
      I recognize that as referring to stuff in the CPAN module. However I have to admit I am struggling a bit with that module. I feel I ought to be able to do all sorts of stuff with that but I am really struggling with the documentation.
[reply]
Re: RFC: auditing cpan installs
by thunders (Priest) on Apr 30, 2009 at 15:19 UTC
    I think a better method of doing what you want would be to download the module, untar, then run: 
    
$ perl Makefile.PL
$ make
$ make test

    [download]
    If that works without error you can make install as root.
[reply]
[d/l]
[select]
      Of course, this means you'd need to manually resolve dependencies, while CPAN will do that for you. But this is the best way I know to audit exactly what's happening at each step.
[reply]
Re: RFC: auditing cpan installs
by JavaFan (Canon) on Apr 30, 2009 at 16:12 UTC
    I always configure CPAN in such a way it will ask me whether to install dependencies.
[reply]
      Okay I have just finished installing Titanium. I have had to restore from backup twice (or maybe it was more and I cannot count high enough). My hands are feeling warn out. And I have come to some conclusions.
      1. The current version of the CPAN module is better than the one the box came with. It has a "failed" command which helps you keep track of what needs to be done.
      2. It must be the case that a lot of modules do not state their dependencies correctly.
      3. In particular the compression modules should check for the underlying C libraries and bail out quickly if they are not there.
      4. What I really wanted was a way of typing one command (install Titanium) and getting a list of all perl modules installed. I want it to stop as soon as it hits an error but to only scream when there is a serious issue. I believe CPAN can do this, but I was too fed up to play with it anymore.
      5. I am not aware of any security mailing list for all these modules.
      6. Somebody did once organize an automated CPAN to Debian online converter but it seemed to have died last year.
[reply]

        If you want to see what pre-requisites a module has, use the CPANdeps website. Or download and install CPAN::FindDependencies and use the cpandeps script that it installs. Both allow you to fine-tune the results to match your version of perl.

        There is, unfortunately, no way of declaring non-perl dependencies, such as those on external C libraries or external binaries, such that CPAN.pm can just Do The Right Thing. If you think about it, it's a Hard Problem, as different platforms have very different ways of installing such things. But I can assure you, it is a problem that people are aware of. If you have any good ideas about how to solve it, one of the module-authors or perl-qa mailing lists are probably the best places to discuss them.

[reply]
[d/l]

Back to Seekers of Perl Wisdom