CPAN install weirdness

dhosek has asked for the wisdom of the Perl Monks concerning the following question:

I've had occasionally recurring problems with cpan installs. OS X 10.4.9, base install of Perl from the OS. As an example, sudo cpan install CPAN I get (among other things,

Signature invalid for distribution file. Please investigate.

Distribution id = A/AN/ANDK/CPAN-1.9102.tar.gz
    CPAN_USERID  ANDK (Andreas J. Koenig <andreas.koenig@anima.de>)
    CALLED_FOR   CPAN
    CHECKSUM_STATUS OK
    CONTAINSMODS CPAN CPAN::Admin CPAN::Debug CPAN::FirstTime CPAN::Ha
+ndleConfig CPAN::Kwalify CPAN::Nox CPAN::Queue CPAN::Tarzip CPAN::Ver
+sion
    SIG_STATUS   OK
    UPLOAD_DATE  2007-05-08
    archived     tar
    build_dir    /Users/dhosek/.cpan/build/CPAN-1.9102
    incommandcolor 1
    localfile    /Users/dhosek/.cpan/sources/authors/id/A/AN/ANDK/CPAN
+-1.9102.tar.gz
    unwrapped    YES

I'd recommend removing
/Users/dhosek/.cpan/sources/authors/id/A/AN/ANDK/CPAN-1.9102.tar.gz. I
+ts
signature
is invalid. Maybe you have configured your 'urllist' with
a bad URL. Please check this array with 'o conf urllist', and
retry. For more information, try opening a subshell with
  look ANDK/CPAN-1.9102.tar.gz
and there run
  cpansign -v
[download]

Any thoughts on what's going wrong and how to fix it?

Comment on CPAN install weirdness Download Code

Replies are listed 'Best First'.
Re: CPAN install weirdness by jettero (Monsignor) on May 12, 2007 at 17:37 UTC
It's definitely saying that the signature from Andreas doesn't match the distribution as it should. It's somewhat unlikely that someone messed with the distribution, so it most likely has to do with the download itself. I find this all very unusual. In fact, I find it so unusual that it's more likely you have no way to check the sig — no gnupg? — and it's failing silently than it is that the signature or distribution are corrupted. Although, there certainly could have been a problem downloading... -Paul	[reply]
Re: CPAN install weirdness by shmem (Chancellor) on May 12, 2007 at 19:13 UTC
sudo cpan install CPAN Don't do that, unless you want to install the infamous junoscript stuff which is called 'install' on CPAN (it really should be banned, then renamed). Say rather 'sudo cpan CPAN'. As for the wrong signature, have you tried removing the file and running cpan again? Download errors do happen sometimes. Update - if you have a `.gnupg` directory and your 'sudo' isn't performing a 'su -' behind your back, the tests will likely fail, since the `.gnupg` in `$HOME` isn't owned by the effective UID of the process doing the tests. --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply] [d/l] [select]
Re^2: CPAN install weirdness by dhosek (Beadle) on May 15, 2007 at 04:08 UTC
Update - if you have a .gnupg directory and your 'sudo' isn't performing a 'su -' behind your back, the tests will likely fail, since the .gnupg in $HOME isn't owned by the effective UID of the process doing the tests. I think that's it since I am getting an improper ownership/protection warning... I'll see if chowning it to root helps.	[reply]
Re^2: CPAN install weirdness by dhosek (Beadle) on May 15, 2007 at 04:44 UTC
Just to follow up one more time, that was it. I did a chown -R root .gnupg and it worked. Now to install the stuff that I was actually trying to install...	[reply]
Re: CPAN install weirdness by betterworld (Curate) on May 12, 2007 at 19:38 UTC
Have you tried switching to another CPAN mirror? You should also try looking into the .tar.gz file itself, maybe it's a 404 or 403 html page or something like that.	[reply]