On Mon, Sep 22, 2025 at 3:35 PM Jacob Champion
<jacob.champion@enterprisedb.com> wrote:
> On Mon, Sep 22, 2025 at 1:27 PM Andres Freund <andres@anarazel.de> wrote:
> > I think your position has merit. However, I'd like to have at least one of the
> > tasks continue to use the non-built-in IPC::Run.
> >
> > I'll review patches installing a newer IPC::Run.
>
> I will work on that, then. Thanks both!
I got stuck on this a few weeks back and had to put it down. Of all
things, I couldn't figure out how to download a Perl module in a
secure manner across _all_ of our supported platforms. I tried to get
--verify mode working with cpanm and found that it would simply
continue downloading and running code without verification if the
prerequisites weren't installed. (I am now reevaluating my own
personal use of cpanm.) The state of the world there looks horrifying
[1, 2].
I even considered pulling the tarball straight from Github and
hardcoding the shasum for it, but I haven't been able to figure out
how to Just Install That Thing I Downloaded via a blessed Perl
utility. (CPAN itself appears to _require_ interactive use at first
run, making it very difficult to use in a CI...)
Anyone have a recipe for doing this?
--Jacob
[1] https://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
[2] https://github.com/miyagawa/cpanminus/pull/674
