[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Utility to install a perl module via apt with cpan fallback


This looks like a pretty good idea. However, I have some concerns
about the implementation of it, particularly since the script is
likely to be run with root privileges (to install site-wide CPAN

I've got a few recommendations, but I'm no expert in Debian packaging
yet, or Debian policy, so perhaps somebody else will correct me here.

1. The script should be run with the -T flag, turning on taintmode.
Then the passed module name should be validated too.
2. If possible, apt-file should be processed using a Perl module, if
one is available. I personally prefer not to try to execute anything
if I don't have to. You may wish to set up a more restrictive local
PATH for the script, to make sure you don't accidentally execute
anything else as root (if you have a tampered PATH variable).
3. Using apt-file to find the filename works, in theory, but I think
it might be better to do a transform on the module name itself. So if
you have a module name like Some::Module::Name, it seems to me that
the convention is to lowercase the entire thing first and replace the
:: double colon combination with hyphens -- some-module-name, and then
prefixing 'lib' and suffixing '-perl'. So Some::Module::Name becomes
libsome-module-name-perl. Searching for that one in the APT package
list might be just as effective, or possibly a second strategy for
finding the package (with fallback to your apt-file search method).

Also, a possible feature addition you might want to look into is a way
to search the most recently available CPAN module and the latest
Debian module edition. If the CPAN module is newer than the currently
available Debian package, then perhaps give the user an option of
installing the newer CPAN module or installing the
Debianized/better-tested Debian package. I'm not sure how the PET
works, but it'd be a similar principle.

All in all, great work, I hope to see a utility like this pop up in
the Debian package repository in the near future.



On Thu, Jan 8, 2009 at 1:18 PM, Brian Cassidy <brian.cassidy@gmail.com> wrote:
> Hey All,
> I was recently asked if I was aware of a utility that would allow a
> user to attempt to install module by first checking the apt
> repository, then falling back to a regular CPAN install if that
> failed.
> A few minutes of hacking gave me this:
> #!/usr/bin/perl
> use strict;
> use warnings;
> my( $mod ) = shift;
> ( my $file = "perl5/${mod}.pm" ) =~ s{::}{/}g;
> my $r = `apt-file search $file`;
> if( $r ) {
>    my( $p ) = split( /:/, $r, 2 );
>    exec "apt-get install $p";
> }
> else {
>    exec "cpan $mod";
> }
> That's a pretty simplistic start. It was suggested to me that I should
> post it to the list and see if anyone can improve on what I have so
> far.
> I think many people would want a utility like this, I'll be interested
> to see what you all can come up with.
> -Brian
> --
> To UNSUBSCRIBE, email to debian-perl-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: