I recently installed a perl module from CPAN that harmed my perl installation. I always always used the manual method of installing a module, which involves: I had an installation of perl5.6.0 with many modules installed. Perl5.6.1 was friendly enough to peacefully coexist with perl5.6.0, so I installed new modules with 5.6.1 but I could still use the old modules built under 5.6.0.

Then I needed an updated version of Test::Harness for a new module I wanted to try. When I built Test-Harness-2.26 and installed it, it caused the 5.6.1 installation to be overwritten with built-in modules from the 5.6.0 installation. This broke my 5.6.1 install, and I have not been able to repair it without resorting to backups.

The moral of the story is that now that 5.8.0 has been out for a while, updating modules in 5.6.1 has become risky. Make sure you make a backup of your perl tree before installing new modules!

This incident has triggered my migration to 5.8.0. So far 5.8.0 is working fairly well, except that several of the older, lesser maintained CPAN modules are now failing their tests.

My experience has left me with an uneasy feeling. My perception is that CPAN now has more cruft that won't work in 5.8.0, and that CPAN has at least one dangerous module that will kill a 5.6.0/5.6.1 install. Protecting myself would involve backing up 270MB of already-installed perl before each module install.

Email to the module author has gone unanswered for over a week, so I don't have much hope there.

It should work perfectly the first time! - toma

Replies are listed 'Best First'.
Re: Module installation can be harmful
by diotalevi (Canon) on Oct 09, 2002 at 10:02 UTC

    Upgrades have consequences. I can't speak for the 5.6.0 -> 5.6.1 Test::Harness problem but I do recall that you cannot just upgrade to 5.8.0 and expect compiled modules to work. Some binary APIs were changed or something - it's in the ChangeList or somewhere prominent that I know I read about it. All that means is that if you upgrade to 5.8 you can expect to have to somehow conspire for either all the compiled stuff to get recompiled or just install them over again.

    In addition to that - keep in mind that any fool can upload new things to CPAN. People can't overwrite each other's work but there's nothing to stop someone from sending /new/ things up. This means there's some inherant trust issues regarding modules from CPAN. You have to trust that the author is both cluefull and benign. I do place a lot of trust in the various authors who publish to CPAN. The only alternative is to either audit all the code I download or just not download it. Both are fairly poor alternatives.

    There is one mitigating factor: CPAN testers. There's already a great bunch of people out there downloading and trying new versions on their various machines. There's at least a chance that any problems will be at least noticed if not caught by these folks. If you follow the URL I just posted then you'll also notice an archived e-mail list of testing results. Those results are gathered back into CPAN proper and are visible when viewing the CPAN archive from search.cpan.org.

    This leaves with some options - you can either approach CPAN with the appropriate wariness and use the tools provided (CPAN tester's results, is it a common module, ChangeLog info on incompatible changes) or you can continue to operate in a fantasy land where every new change and tweak is backwards compatible and is bug free.

    __SIG__
printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B::
+svref_2object(sub{})->OUTSIDE

    [download]
[reply]
[d/l]
      This wasn't just any module, it is in the perl core.

      I didn't expect perl 5.8 to have binary compatibility with perl 5.6.X.

      One of the challenges with testing is trying things on the many different versions of systems. Imagine CPAN test results as a table, where the rows of the table are the modules, and the columns of the table are all the possible configurations of perl, I think that only a very small percentage of the table is filled in. It's a really great project and I hope that the table continues to become more filled-in.

      Yet I'm not sure that the cpan testers would have found this particular problem with an automated CPAN testing process. The module passed its tests. It just broke perl when I installed it. In a response to chromatic's node below, I have included more details about what happened.

      I don't expect every module to be backwards compatible. But if a pure perl module is in the core, and passes its tests, I don't expect it to break perl itself when it is installed. For the most part, my expectation has been met. I think that there is a big challenge to make a transition such as 5.6.0/1 to 5.6.8 work smoothly, and perhaps some modules have trouble with this.

      It should work perfectly the first time! - toma

[reply]
Re: Module installation can be harmful
by PodMaster (Abbot) on Oct 09, 2002 at 09:38 UTC
    That sounds fishy, are you sure that's what happened? (or in other words, have you been able to pin-point any code in the Test-Harness distro that's responsible)

    Have you talked to schwern (he maintains it) about this? (you should, i'd like to hear what he has to say about it, maybe it's inadvertent)

    I noticed that CGI.pm-2.81 cheerfully installs itself into the \perl\lib directory, overwriting whatever version of CGI came where, which was a bit unexpected.

    Bummer.

    ____________________________________________________
    ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]
      Known problem.

      It was a bug in CPAN in 5.005_03. The bug was not discovered until after 5.6.0 was out and people were being forcibly upgraded. It was fixed in the 5.6.1 release.

      Upgrading CPAN.pm first would have solved it.

[reply]
        Except that toma is not using CPAN.pm to install the module from CPAN. Why would you use CPAN on Windows? (it's waaaay too buggy to do anything useful ~ CPANPLUS is nice, but it's currently lacking PPM support ~ can't wait for the next release)

        ____________________________________________________
        ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: Module installation can be harmful
by chromatic (Archbishop) on Oct 09, 2002 at 18:02 UTC

    This does sound extremely fishy. Were you sharing module directories between your 5.6.0 and 5.6.1 installations? I'd recommend reporting this to perl-qa@perl.org, with as much relevant information as you can provide.

[reply]
      I set up perl5.6.1 to share modules with a perl5.6.0 installation. This is a great feature, since I had installed something like 100 modules into perl-5.6.0. Since switching to perl-5.6.1, I have installed another 80 or so modules.

      I installed Test::Harness because it seemed to need to be updated in order to install another module that merlyn recommended to me in the CB.

      I was able to reproduce this problem by going to a backup and running the module install again. Here is a transcript of what I did and what happened:

      [toma@rabbit Test-Harness-2.26]$ echo $PATH
/home/toma/perl58i/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/us
+r/games:/home/toma/bin
[toma@rabbit Test-Harness-2.26]$ PATH=/home/toma/perl5i/bin:$PATH
[toma@rabbit Test-Harness-2.26]$ export PATH
[toma@rabbit Test-Harness-2.26]$ which perl
/home/toma/perl5i/bin/perl
[toma@rabbit Test-Harness-2.26]$ perl -V
Summary of my perl5 (revision 5.0 version 6 subversion 1) configuratio
+n:
  Platform:
    osname=linux, osvers=2.2.12-20, archname=i586-linux
    uname='linux turtle 2.2.12-20 #1 mon sep 27 10:25:54 edt 1999 i586
+ unknown '
    config_args=''
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultipl
+icity=undef
    useperlio=undef d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LA
+RGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',     optimize='-O2',
    cppflags='-fno-strict-aliasing -I/usr/local/include'
    ccversion='', gccversion='egcs-2.91.66 19990314/Linux (egcs-1.1.2 
+release)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=1
+2
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
+ lseeksize=8
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
    perllibs=-lnsl -ldl -lm -lc -lposix -lcrypt -lutil
    libc=/lib/libc-2.1.2.so, so=so, useshrplib=false, libperl=libperl.
+a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynami
+c'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl):
  Compile-time options: USE_LARGE_FILES
  Built under linux
  Compiled at Jun 23 2001 18:47:36
  @INC:
    /home/toma/perl5i/lib/5.6.1/i586-linux
    /home/toma/perl5i/lib/5.6.1
    /home/toma/perl5i/lib/site_perl/5.6.1/i586-linux
    /home/toma/perl5i/lib/site_perl/5.6.1
    /home/toma/perl5i/lib/site_perl/5.6.0/i586-linux
    /home/toma/perl5i/lib/site_perl/5.6.0
    /home/toma/perl5i/lib/site_perl
    .
[toma@rabbit Test-Harness-2.26]$ ls
Changes  examples  lib  Makefile.PL  MANIFEST  NOTES  t  TODO
[toma@rabbit Test-Harness-2.26]$ pwd
/home/toma/perl-5.6.0/modules/Test-Harness-2.26
[toma@rabbit Test-Harness-2.26]$ perl Makefile.PL
Test::Harness likes to have Devel::CoreStack, but doesn't require it.
Checking if your kit is complete...
Looks good
Writing Makefile for Test::Harness
[toma@rabbit Test-Harness-2.26]$ make
mkdir ../../lib/auto/Test
mkdir ../../lib/auto/Test/Harness
mkdir blib
mkdir blib/man3
cp lib/Test/Harness.pm ../../lib/Test/Harness.pm
cp lib/Test/Harness/Assert.pm ../../lib/Test/Harness/Assert.pm
cp lib/Test/Harness/Iterator.pm ../../lib/Test/Harness/Iterator.pm
cp lib/Test/Harness/Straps.pm ../../lib/Test/Harness/Straps.pm
Manifying blib/man3/Test::Harness.3
Manifying blib/man3/Test::Harness::Assert.3
Manifying blib/man3/Test::Harness::Iterator.3
Manifying blib/man3/Test::Harness::Straps.3
[toma@rabbit Test-Harness-2.26]$ make test
PERL_DL_NONLAZY=1 ../../perl -I../../lib -I../../lib   -e 'use Test::H
+arness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t
t/00compile........ok
t/assert...........ok
t/base.............ok
t/callback.........ok
t/nonumbers........ok
t/ok...............ok
t/strap-analyze....ok
t/strap............ok
t/test-harness.....ok
        48/177 skipped: various reasons
All tests successful, 48 subtests skipped.
Files=9, Tests=447,  6 wallclock secs ( 4.71 cusr +  0.68 csys =  5.39
+ CPU)
[toma@rabbit Test-Harness-2.26]$ make install
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/AutoLoader.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/AutoSplit.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Benchmark.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CGI.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CPAN.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Cwd.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/English.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/FileHandle.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/SelfLoader.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Shell.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Symbol.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Test.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/base.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/bigint.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/bytes.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/charnames.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/diagnostics.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/fields.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ftp.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/getopts.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/integer.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/lib.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/overload.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/perl5db.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/strict.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/syslog.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/termcap.pl
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/utf8.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/vars.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/warnings.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Config.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/XSLoader.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/DynaLoader.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/O.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ByteLoader.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/DB_File.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/GDBM_File.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Opcode.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/POSIX.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/POSIX.pod
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/SDBM_File.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Socket.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Errno.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Sys/Syslog.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Select.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Socket.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Poll.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Handle.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Seekable.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Socket/INET.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/IO/Socket/UNIX.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Data/Dumper.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Debug.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Assembler.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/C.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/CC.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Bytecode.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Terse.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Deparse.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Disassembler.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Stash.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Showlex.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Lint.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/B/Asmdata.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/re/re.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/attrs/attrs.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Sys/Syslog/Sysl
+og.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Sys/Hostname/Ho
+stname.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Socket/Socket.s
+o
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/SDBM_File/SDBM_
+File.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/POSIX/fstat.al
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/POSIX/load_impo
+rts.al
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/POSIX/POSIX.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Opcode/Opcode.s
+o
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/IPC/SysV/SysV.s
+o
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/IO/IO.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/GDBM_File/GDBM_
+File.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/File/Glob/Glob.
+so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Fcntl/Fcntl.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Devel/Peek/Peek
+.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Devel/DProf/DPr
+of.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Data/Dumper/Dum
+per.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/DB_File/DB_File
+.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/ByteLoader/Byte
+Loader.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/B/B.so
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/DynaLoader/dl_f
+indfile.al
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/unicode/To/Lower.pl
...
  LOTS more lines that look a lot like the above "Installing..." lines
...
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MM_Cygwin.p
+m
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MM_OS2.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MM_Unix.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MM_VMS.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MM_Win32.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/MakeMaker.p
+m
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/Manifest.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/Mksymlists.
+pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/typemap
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/xsubpp
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/ExtUtils/Miniperl.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Devel/Peek.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Class/Struct.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/Carp/Heavy.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CPAN/FirstTime.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CGI/Carp.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CGI/Cookie.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CGI/Pretty.pm
Installing /home/toma/perl5i/lib/5.6.1/i586-linux/CGI/Push.pm
Installing /home/toma/perl5i/man/man3/Test::Harness.3
Installing /home/toma/perl5i/man/man3/Test::Harness::Assert.3
Installing /home/toma/perl5i/man/man3/Test::Harness::Iterator.3
Installing /home/toma/perl5i/man/man3/Test::Harness::Straps.3
Writing /home/toma/perl5i/lib/5.6.1/i586-linux/auto/Test/Harness/.pack
+list
Appending installation info to /home/toma/perl5i/lib/5.6.1/i586-linux/
+perllocal.pod
[toma@rabbit Test-Harness-2.26]$ perl -V
Perl lib version (v5.6.0) doesn't match executable version (v5.6.1) at
+ /home/toma/perl5i/lib/5.6.1/i586-linux/Config.pm line 21.
Compilation failed in require.
BEGIN failed--compilation aborted.
[toma@rabbit Test-Harness-2.26]$

      [download]
      It should work perfectly the first time! - toma
[reply]
[d/l]
Re: Module installation can be harmful
by John M. Dlugosz (Monsignor) on Oct 11, 2002 at 18:34 UTC
    Instead of doing a backup of your 270 MB before trying an install, do it after you complete your install. You don't have to wait around for it to finish, and it will be handy against accidental damage. You'll be ready to install something without waiting for a backup first.
[reply]

Back to Meditations