[Novalug] CPAN methodology et.al. [was: use of "make" in "industry"]

Zachary Zebrowski zak.zebrowski@gmail.com
Mon Jun 8 20:09:13 EDT 2015


If you want to do that, use PAR.
https://metacpan.org/pod/PAR

Similar to a Java jar, it's a perk archive of all included libraries.
There is also the pp module, which makes a perl script an executable, so
you can just send that.

You may have some external dependencies, which can't be readily solved,
because of some obscure library differences which are not readily
available.  You may need to manually install those, but it would be the
same for any other app that has dependencies.

Also, if you want to have an internal cpan library on server x, there are
multiple libraries that allow you to build local copy of a cpan mirror...
Or just use a large enough disk and rsync it on occasion.  I have one hdd
that I update monthly so I am not reliant on an external server.

Anyways, just my $0.02 on the matter, as I am using the iPad keyboard and
it's not easy to touch type...

Zak

On Monday, June 8, 2015, Rich Kulawiec via Novalug <novalug@firemountain.net>
wrote:

> On Thu, Jun 04, 2015 at 10:12:33AM -0400, Zachary Zebrowski via Novalug
> wrote:
> > cpan is a shell client where you can do things like:
> > cpan> install Acme::Dice    # which installs and tests a module.
>
> I'm just using this as an example, I don't mean to focus on CPAN or
> Perl or even this particular method.
>
> One of the unfortunate habits that we as a community seem to have fallen
> into is presuming that systems on which software is being installed have
> unfettered outbound connectivity to the Internet.  That's not always true,
> and in many cases, it really shouldn't be true.  The same capabilities
> that facilitate making that command (above) work also facilitate data
> exfiltration.
>
> I think that everyone crafting software, packaging it, distributing it,
> etc., need to think about that possibility and to make it possible
> to install software (without excess pain) presuming that it will be
> downloaded to system A, written to portable media, transferred to system B
> (which effectively has no Internet access) and installed there.
>
> One of the things that this implies is that it needs to be possible
> -- on a system other than the final target, B in the example above --
> to work out the dependencies without actually installing the software.
> In other words, we need a way to say "I wish to download Perl module X on
> system A but NOT install it there; I wish to install it elsewhere on B.
> However, if X depends on Y and Z, then tell me/automagically download
> those as well, so that I have everything I need when I start dragging
> things over to B".  If there's a way to do that with CPAN, I don't
> know it.  (And I'd welcome enlightenment.)
>
> This methodology needs to include software updates/patches.  There needs
> to be a way to update B using A as an intermediary *and* it has to work
> even if A isn't running the same OS/architecture/etc. as B.  (Why?
> Because if I have B1, B2, B3, B4, etc. all running different things,
> I don't want to require A1, A2, A3, A4 matching them.  One A should
> suffice.)
>
> There are all kinds of solutions to this problem set, and I've used
> some of them.  But what we're missing is a generalized solution that
> obviates the need for people to handcraft their own.  And we need that
> because it will help (I hope) encourage people to start isolating
> their systems from the public Internet to the maximum degree possible.
>
> ---rsk
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug
>



More information about the Novalug mailing list