Spot on. Thank you very much. I set check_sigs to 0 (ie false) in MyConfig.pm and modules are back to being installable again.

But... That doesn't feel like the most secure thing in the world to be doing. Anyone with suggestions I can try to get the CHECKSUMS working?

Cheers,

Brent

Anyone with suggestions I can try to get the CHECKSUMS working

I don't use the default CPAN client. But the two suggestions I have:

1. Don't override the mirror; per my understanding of the blog post, an extra layer of security can be added by the main cpan.org site that isn't available on the mirrors. (I am not a security expert; this is just what I've gathered.)
   Back in the 90s, with the much slower network backbone speeds available, and not many resources behind any individual machine name, it made sense to have a mirroring system and pick a nearby mirror. But in today's load-balanced systems, where the same machine name (www.cpan.org) can point to any number of physical machines that are serving out those results, possibly in geographically separate locations, there isn't as much need for the mirror. (I am not a networking expert; this is just what I've gathered.)
2. The warning said that your system didn't trust the PAUSE key; that is a GPG-related topic. If you believe me when I say that I believe PAUSE publishes their public key at https://pause.perl.org/pause/query?ACTION=pause_04about#pubkeybat and that the fingerprint that your warning printed out was the same as the fingerprint published there, and if you believe that the key shown there really is the PAUSE Batch Signing Key, then you might want to import that public key into your keyring -- I believe this will eliminate that error.

However, I don't know that I'm convinced either of those will solve your problem: the message you quoted originally says that the actual CHECKSUMS file signature was okay; the problem it seemed to have was with opening a temporary CHECKSUMS.77905 file that wasn't there; I do not know what that file is, as compared to the CHECKSUMS file that was downloaded when you tried to get the package. I don't know whether doing the two above things will allow that temporary file to be correctly generated/extracted and thus allow the process to move forward. But since you were asking for any suggestions for things to try, I think this qualifies, fruitful or not ;-).

Let me say I'm very happy with where I'm at. I can get work done and that's a good thing.

I did spend a little time with it this morning. I imported two keys thusly:

bshawadmin@NET3862:~/.cpan/CPAN$ sudo /bin/gpg --import /home/ad/bshaw
+admin/publickey01.key
gpg: key 450F89EC: "PAUSE Batch Signing Key 2022 <pause@pause.perl.org
+>" 8 new signatures
gpg: Total number processed: 1
gpg:         new signatures: 8
gpg: no ultimately trusted keys found
bshawadmin@NET3862:~/.cpan/CPAN$ sudo /bin/gpg --import /home/ad/bshaw
+admin/publickey02.key
gpg: key A317C15D: "Andreas J. Koenig <andreas.koenig.7os6VVqR@franz.a
+k.mind.de>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[download]

The keys are from https://pause.perl.org/pause/query?ACTION=pause_04about#pubkeybat as suggested by pryrt. I also did rm -rf /root/.cpan/CPAN/* to force new downloads of things (thank you Ken). Lastly I pointed my urllist to https://www.cpan.org/. (I previously had urllist pointed to an internal CPAN mirror on our network suggested to me by our networking / admin staff.)

Despite those changes, I'm still seeing the "key not certified with a trusted signature" problem:

cpan> get Data::Dumper
Running get for module 'Data::Dumper'
WARNING: This key is not certified with a trusted signature!
Primary key fingerprint: 2E66 557A B97C 19C7 91AF  8E20 328D A867 450F
+ 89EC
Signature for /root/.cpan/sources/authors/id/N/NW/NWCLARK/CHECKSUMS ok
Could not open /tmp/CHECKSUMS-3F6L/CHECKSUMS.64163: No such file or di
+rectory
[download]

And I agree the "could not open" error is problematic as well.

I'm more than happy to switch check_sigs back to 0 and declare victory. If anyone has any other suggestions, I'm willing to tinker to see if I can get things working as we all know they could be.

Thanks again.

Cheers,

Brent


-- Yup, I'm a Delt.