Welcome to the Monastery | |
PerlMonks |
Building Perl and CPAN Modules Securely from Sourceby eyepopslikeamosquito (Archbishop) |
on Sep 02, 2024 at 06:18 UTC ( [id://11161513]=perlquestion: print w/replies, xml ) | Need Help?? |
eyepopslikeamosquito has asked for the wisdom of the Perl Monks concerning the following question: Reviewing my first attempt to build perl securely from source on Linux (as non-root) today, I felt happy enough with the first part namely:
At least that looks safe enough to me. I was also happy enough with the last part, namely installing CPAN modules more securely via cpanm's --verify option, which verifies the integrity of distribution files retrieved from CPAN using CHECKSUMS file and SIGNATURES file (if found in the distribution). Now here comes the bit I seek advice on, namely the best/most secure way to install cpanm itself. Please note that I have very limited knowledge of cpanm and how it works. In my first attempt, I simply installed cpanm via the cpan command:
Wondering if there's a better/more secure way to install cpanm, I browsed the App::cpanminus doco today, which advises you to install it via:
Now I don't understand exactly how that command works. Nor do I understand the security implications of installing it like this compared to my original installation of cpanm (and Module::Signature) via the cpan command. Hence this question. General tips/advice on good ways to securely install Perl and CPAN modules from source as a non-root user welcome. 👁️🍾👍🦟
Back to
Seekers of Perl Wisdom
|
|