CPAN 2.29 stuck with Net::SSLeahy

Aldebaran has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I'm trying to work up my game on a raspberry pi, a verifiable neophyte. So far, I'm trying to keep it running with the software as it came out of the package, because I am finding it equal amounts incredible, entertaining, and challenging.

I found some syntax that got me unstuck with updating:

sudo apt-get update --allow-releaseinfo-change

followed by

sudo apt -y full-upgrade

I realize that you can paste those commands together with &&, but that's hubris for the likes of me. Along the way, I also did:

install CPAN reload CPAN

Trying to cover all the bases with necessary headers:

sudo apt-get install perl-doc build-essential

, and now I seem to be hung up on CPAN. This is not the first time recently that I've been hung up on CPAN, and I think some of it derives from the unusual measures that 2.29 addresses. I got stuck in what looks to be a similar mire with my droplet recently, and I ended up having to hit the reset button, which I do not want to do with this neato OS.

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Raspbian
Description:    Raspbian GNU/Linux 10 (buster)
Release:    10
Codename:    buster
$
[download]

When I'm directed to man apt-secure, I read:

       Notice that this is distinct from checking signatures on a per 
+package
       basis. It is designed to prevent two possible attacks:

       •   Network "man in the middle" attacks. Without signature chec
+king,
           malicious agents can introduce themselves into the package 
+download
           process and provide malicious software either by controllin
+g a
           network element (router, switch, etc.) or by redirecting tr
+affic to
           a rogue server (through ARP or DNS spoofing attacks).

       •   Mirror network compromise. Without signature checking, a ma
+licious
           agent can compromise a mirror host and modify the files in 
+it to
           propagate malicious software to all users downloading packa
+ges from
           that host.
[download]

It would seem that these are similar to the considerations that pushed 2.29. Right now, I can't download any perl modules, and I'm scratching my head as to why. I try to recreate the cpan info faithfully, which means that it will be verbose, so I'll put that part in readmore tags for the intrepid:

So, I thought that I walked through the new dialog for 2.29 correctly. I use an alias to invoke cpan:

$ alias sc
alias sc='sudo cpan'
$
[download]

$ sc
Loading internal logger. Log::Log4perl recommended for better logging

Starting with version 2.29 of the cpan shell, a new download mechanism
is the default which exclusively uses cpan.org as the host to download
from. The configuration variable pushy_https can be used to (de)select
the new mechanism. Please read more about it and make your choice
between the old and the new mechanism by running

    o conf init pushy_https

Once you have done that and stored the config variable this dialog
will disappear.
Terminal does not support AddHistory.

To fix that, maybe try>  install Term::ReadLine::Perl


cpan shell -- CPAN exploration and modules installation (v2.29)
Enter 'h' for help.

cpan[1]> o conf init pushy_https
Boolean. Defaults to true. If this option is true, the cpan shell will
use https://cpan.org/ to download stuff from the CPAN. It will fall
back to http://cpan.org/ if it can't handle https for some reason
(missing modules, missing programs). Whenever it falls back to the
http protocol, it will issue a warning.

If this option is true, the option C<urllist> will be ignored.
Consequently, if you want to work with local mirrors via your own
configured list of URLs, you will have to choose no below.

 <pushy_https>
Do you want to turn the pushy_https behaviour on? [yes] 


Please remember to call 'o conf commit' to make the config permanent!

cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

cpan[3]> q
Terminal does not support GetHistory.
Lockfile removed.
$ 
$ sudo grep pushy /root/.cpan/CPAN/MyConfig.pm
  'pushy_https' => q[1],
$
[download]

Then:

reload CPAN

I think that I've gotten it but then I find myself back in the same Charybdis:

cpan[1]> install Regexp::Pattern
Reading '/root/.cpan/Metadata'
  Database was generated on Mon, 28 Feb 2022 23:41:02 GMT
Running install for module 'Regexp::Pattern'
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/P/PE/PERLANCAR/Regexp-Pattern-0.2.14.tar.g
+z
HTTP::Tiny failed with an internal error: IO::Socket::SSL 1.42 must be
+ installed for https support
Net::SSLeay 1.49 must be installed for https support

Giving up on '/root/.cpan/sources/authors/id/P/PE/PERLANCAR/Regexp-Pat
+tern-0.2.14.tar.gz'
Note: Current database in memory was generated on Mon, 28 Feb 2022 23:
+41:02 GMT

cpan[2]> install Log::Log4perl
Running install for module 'Log::Log4perl'
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/E/ET/ETJ/Log-Log4perl-1.54.tar.gz
HTTP::Tiny failed with an internal error: IO::Socket::SSL 1.42 must be
+ installed for https support
Net::SSLeay 1.49 must be installed for https support

Giving up on '/root/.cpan/sources/authors/id/E/ET/ETJ/Log-Log4perl-1.5
+4.tar.gz'
Note: Current database in memory was generated on Mon, 28 Feb 2022 23:
+41:02 GMT

cpan[3]> install Net::SSLeay
Running install for module 'Net::SSLeay'
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/C/CH/CHRISN/Net-SSLeay-1.92.tar.gz
HTTP::Tiny failed with an internal error: IO::Socket::SSL 1.42 must be
+ installed for https support
Net::SSLeay 1.49 must be installed for https support

Giving up on '/root/.cpan/sources/authors/id/C/CH/CHRISN/Net-SSLeay-1.
+92.tar.gz'
Note: Current database in memory was generated on Mon, 28 Feb 2022 23:
+41:02 GMT

cpan[4]>
[download]

So I need Net::SSLeahy to install it, and I'm at checkmate.

Nothing looks fishy or out of place with openssl:

$ openssl version -a
OpenSSL 1.1.1d  10 Sep 2019
built on: Wed Feb 23 16:50:26 2022 UTC
platform: debian-armhf
options:  bn(64,32) rc4(char) des(long) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -D__ARM_MAX_ARCH_
+_=7 -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-FuVaAp
+/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-se
+curity -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPE
+NSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA5
+12_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ
+256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/arm-linux-gnueabihf/engines-1.1"
Seeding source: os-specific
$ which openssl
/usr/bin/openssl
$
[download]

I think I've got the resources to make it work. Looking for any tips on how to get CPAN unstuck. Do I need headers?

Anyways, fishing for tips, tricks, and best policies. I hope this finds you all well, in particular those who are proximal to conflict.

Comment on CPAN 2.29 stuck with Net::SSLeahy Select or Download Code

Replies are listed 'Best First'.
Re: CPAN 2.29 stuck with Net::SSLeay by haukex (Archbishop) on Mar 04, 2022 at 06:56 UTC
On Raspberry Pis, I personally like to use the system Perl and the system package manager to install Perl modules. This may not always give you the latest versions, but things install much faster because nothing needs to be compiled and tested. (Update: In other words, try `sudo apt-get install libnet-ssleay-perl`.) It's also usually not recommended to use `sudo cpan` to install modules to the system Perl - use the system's package manager to install packages to the system Perl, or build your own copy of Perl (e.g. perlbrew) to install modules using a CPAN client there. Or, if using the system Perl, use something like local::lib to install modules to your home directory, so the system Perl's libraries are not affected. On Raspberry Pis, one of the first things I do is `sudo apt-get install build-essential cpanminus liblocal-lib-perl perl-doc` and `perl -Mlocal::lib >>~/.profile` - see my notes on setting up RPis. (Update: I use local::lib on RPis for those few modules that aren't available in the package repositories or where the version in the system repositories is too old.) If you still want to try installing Net::SSLeay yourself, you can also use the `apt` command to get most programs' build dependencies; in this case, try `sudo apt-get build-dep libnet-ssleay-perl`. In general, I would recommend cpanm over the default CPAN client. Its `--verbose` option will show you the whole build process, giving you the exact error messages when stuff fails.	[reply] [d/l] [select]
Re^2: CPAN 2.29 stuck with Net::SSLeay by Aldebaran (Curate) on Mar 14, 2022 at 00:36 UTC
On Raspberry Pis, I personally like to use the system Perl and the system package manager to install Perl modules. This may not always give you the latest versions, but things install much faster because nothing needs to be compiled and tested. (Update: In other words, try sudo apt-get install libnet-ssleay-perl.) Thanks for your response, haukex. I'm not quite sure what you mean with reference to the "system package manager." I find no GUI equivalent of Ubuntu's "synaptic package manager." I prefer to get things done on the command line with nix. (My windows preference is the opposite, but I prefer not to use Windows.) I wonder if you mean something like `dpkg`. As it is, I used `sudo apt-get install libnet-ssleay-perl` , and then I was unstuck. Would this be an instance of using the "system package manager," as you mean it? Update:* After fighting with the same install on my droplet, I realize there were other headers that needed to be installed by the system: `sudo apt install zlib1g zlib1g-dev` [download] The droplet had the former but not the latter, and it seems to make a difference. It's also usually not recommended to use sudo cpan to install modules to the system Perl - use the system's package manager to install packages to the system Perl, or build your own copy of Perl (e.g. perlbrew) to install modules using a CPAN client there. Or, if using the system Perl, use something like local::lib to install modules to your home directory, so the system Perl's libraries are not affected. On Raspberry Pis, one of the first things I do is sudo apt-get install build-essential cpanminus liblocal-lib-perl perl-doc and perl -Mlocal::lib >>~/.profile - see my notes on setting up RPis. (Update: I use local::lib on RPis for those few modules that aren't available in the package repositories or where the version in the system repositories is too old.) I think that's really solid advise for an rpi. I proceeded as you outline, forsaking `sudo cpan`, and with the addition of this command: `cpanm --local-lib=~/perl5 local::lib && eval $(perl -I ~/perl5/lib/perl5/ -Mlocal::lib)` cpanm has generally worked very well for my needs. I do have a sticky wicket, where I can't get cpanm to find dependencies: $ ls requires1.pm $ cpanm --verbose --installdeps . cpanm (App::cpanminus) 1.7044 on perl 5.028001 built for arm-linux-gnu +eabihf-thread-multi-64int ... --> Working on . Entering /home/pi/Documents/curate/req Configuring /home/pi/Documents/curate/req ... N/A ! Configuring . failed. See /home/pi/.cpanm/work/1647208802.16932/buil +d.log for details. Expiring 16 work directories. $ cat requires1.pm package requires1.pm; requires 'AnyEvent::AIO' => '1.1'; requires 'Async::Interrupt' => '1.24'; requires 'Cookie::Baker::XS' => '0.09'; requires 'Device::Firmata' => '0.65'; requires 'Device::SerialPort' => '1.04'; requires 'Device::WebIO' => '0.022'; requires 'Device::WebIO::Dancer' => '0.004'; requires 'Device::WebIO::Firmata' => '0.002'; requires 'Device::WebIO::RaspberryPi' => '0.900'; requires 'DBD::SQLite' => '1.58'; requires 'DBI' => '1.641'; requires 'Guard' => '1.023'; requires 'GPS::NMEA' => '0.17'; requires 'Math::Round' => '0.07'; requires 'RPi::WiringPi' => '2.3628'; requires 'RPi::Pin' => '2.3606'; requires 'Plack::Handler::Twiggy' => '0.1025'; requires 'Starman' => '0.4014'; requires 'Time::HiRes' => '1.9758'; requires 'WWW::Form::UrlEncoded::XS' => '0.25'; 1; $ [download] I couldn't get cpanm to find modules in typical perl .pl scripts, so I herded the requires into a barebones module in its own directory. I don't know how to serve it up any better than that.(?) On Raspberry Pis, one of the first things I do is sudo apt-get install build-essential cpanminus liblocal-lib-perl perl-doc and perl -Mlocal::lib >>~/.profile - see my notes on setting up RPis. (Update: I use local::lib on RPis for those few modules that aren't available in the package repositories or where the version in the system repositories is too old.) Your link for setting up rpi's has proved very useful indeed, giving me much more on my plate to come up to speed on. I'm happy to report that I think I have my first fail2ban implementation: $ sudo fail2ban-client status sshd Status for the jail: sshd \|- Filter \| \|- Currently failed: 0 \| \|- Total failed: 0 \| `- File list: /var/log/auth.log `- Actions \|- Currently banned: 0 \|- Total banned: 0 `- Banned IP list: $ [download] Regarding section 5, `Crontab to broadcast RPi's address and name` [download] What is the purpose of doing this? Would this cause you to be indexed by search engines, or is it all within 50 yards (meters for bliako)? `crontab -e @reboot hostname \| socat -s - UDP-DATAGRAM:255.255.255.255:12340,broad +cast 2>/dev/null * * * hostname \| socat -s - UDP-DATAGRAM:255.255.255 +.255:12340,broadcast 2>/dev/null` [download] Can you break this up into parts? I've used crontab once, so that syntax with all the asterisks is familiar. I read that `socat -s` runs it in sloppy mode, and I understand the syntax for sending stderr to the bitbucket. `2>/dev/null` I haven't cottoned onto it yet, even fiddling with `udplisten.pl` I have run: $ sudo ufw allow in 12340/udp Rule added Rule added (v6) $ [download] , and was astonished to get somewhere in the debugger with it: $ pwd /home/pi/Documents/curate/req $ ls 1.udplisten.pl requires1.pm $ perl -d 1.udplisten.pl -e '/HELLO xyZ129/' Loading DB routines from perl5db.pl version 1.53 Editor support available. Enter h or 'h h' for help, or 'man perldebug' for more help. main::(1.udplisten.pl:77): $Getopt::Std::STANDARD_HELP_VERSION = 1; DB<1> b 86 + DB<2> c + main::(1.udplisten.pl:86): my $RXSZ = $opts{b}//1024; DB<2> p $EXPR + /HELLO xyZ129/ DB<3> c + 192.168.red.acted Debugged program terminated. Use q to quit or R to restart, use o inhibit_exit to avoid stopping after program termination, h q, h R or h o to get additional info. DB<3> + DB<3> save 1.udp.txt + commands saved in 1.udp.txt DB<4> q + $ [download] , with another terminal, doing: `echo "HELLO xyZ129" \| socat - UDP-DATAGRAM:255.255.255.255:12340,broad +cast` [download] If you still want to try installing Net::SSLeay yourself, you can also use the apt command to get most programs' build dependencies; in this case, try sudo apt-get build-dep libnet-ssleay-perl. `sudo apt-get build-dep libnet-ssleay-perl` [download] I used this with my droplet in the cloud. In general, I would recommend cpanm over the default CPAN client. Its --verbose option will show you the whole build process, giving you the exact error messages when stuff fails. I sure like cpanm too when I finally get the thing kickstarted. `cpanm Term::ReadKey` I always need to do this, too. Again, thanks for your comments. Gruss aus Amiland,	[reply] [d/l] [select]
Re^3: CPAN 2.29 stuck with Net::SSLeay (updated) by haukex (Archbishop) on Mar 14, 2022 at 07:32 UTC
I'm not quite sure what you mean with reference to the "system package manager." I find no GUI equivalent of Ubuntu's "synaptic package manager." I prefer to get things done on the command line with nix. ... I wonder if you mean something like dpkg. ... `sudo apt-get install libnet-ssleay-perl` ... Would this be an instance of using the "system package manager," as you mean it? The system package manager is the Advanced Package Tool on Debian-based systems like Ubuntu and Raspbian, and the RPM Package Manager on RedHat-based systems. Synaptic is just a frontend for APT and `dpkg` is one of the lower-level tools used by APT. Using APT from the commandline is done with the `apt` commands, so yes, the `apt-get` command is what I meant. I personally often use the `aptitude` frontend for package management from the command line. I do have a sticky wicket, where I can't get cpanm to find dependencies: ... `Configuring . failed. See /home/pi/.cpanm/work/1647208802.16932/build.log for details.` You'd have to look into that file for the actual error message and let us know what it is. I might suspect a missing dependency on a lower level than Perl modules, e.g. a C library. I herded the requires into a barebones module in its own directory. I don't know how to serve it up any better than that.(?) Your `requires1.pm` would typically be called `cpanfile` and not start with a `package` statement. See cpanfile and the corresponding discussion in your thread Using Cartons to automate module installs. I couldn't get cpanm to find modules in typical perl .pl scripts You might be interested in lazy, though as the name implies, this shouldn't be your package management solution of choice. Regarding section 5, Crontab to broadcast RPi's address and name, What is the purpose of doing this? Would this cause you to be indexed by search engines, or is it all within 50 yards UDP broadcasts are usually not forwarded by routers, especially not to the Internet, so this should stay within the local network. On some (nowadays many) local networks, the router is smart enough to add a local DNS entry so the RPi can be reached by its hostname. On other networks, this may not be available, so there, this UDP broadcast simply serves for me to discover the IP that the RPi has been assigned. I broadcast the hostname so that I can keep multiple RPi apart (which is why it's a good idea to change the default hostname). Update: The background for this is that I prefer a headless setup of my RPis, purely over the network, which is why my notes include instructions on how to enable WiFi and the ssh server. There is a small security risk in not changing the password from the default before the first boot, perhaps I will update my notes in that regard. Update 2: Done. Also, BitBucket wasn't rendering some of the Markdown correctly, which should now be fixed, so those crontab lines you quoted should be readable on the site now (when in doubt, refer to the source). /Update Can you break this up into parts I'm basicially just sending the hostname in a UDP broadcast packet, where the `socat` commandline is what I looked up for that purpose, I'm not an `socat` expert `:-)` The crontab entries cause that to happen every minute, plus one extra time at boot, and I do `2>/dev/null` so I don't get tons of emails from the cron daemon.	[reply] [d/l] [select]
Re^4: CPAN 2.29 stuck with Net::SSLeay (updated) by Aldebaran (Curate) on Apr 21, 2022 at 01:18 UTC
Re^5: CPAN 2.29 stuck with Net::SSLeay (updated) by hippo (Bishop) on Apr 21, 2022 at 08:38 UTC
Re^4: cpanm stuck with Plack::Handler::Twiggy by Aldebaran (Curate) on Apr 02, 2022 at 23:40 UTC
Re^5: cpanm stuck with Plack::Handler::Twiggy by haukex (Archbishop) on Apr 03, 2022 at 06:34 UTC
Some notes below your chosen depth have not been shown here
Re^5: cpanm stuck with Plack::Handler::Twiggy by Anonymous Monk on Apr 03, 2022 at 02:44 UTC
Some notes below your chosen depth have not been shown here


P is for Practical
	PerlMonks