develooper Front page | perl.cpan.workers | Postings from March 2022

Unable to install via 'cpan' due to 'cpan_path' missing fromCHECKSUMS

Thread Next
From:
James E Keenan
Date:
March 1, 2022 15:23
Subject:
Unable to install via 'cpan' due to 'cpan_path' missing fromCHECKSUMS
Message ID:
5f743bdf-2add-557e-dc58-ef2f5278ff5d@pobox.com
On a machine where I have root privileges, I wish to test (then later 
install) Carp::Assert using the `cpan` client.  I encounter this failure:

#####
$ sudo cpan -t Carp::Assert
Password:
Loading internal logger. Log::Log4perl recommended for better logging
Reading '/root/.cpan/Metadata'
   Database was generated on Tue, 01 Mar 2022 13:17:03 GMT
Running test for module 'Carp::Assert'
CPAN: Digest::SHA loaded ok (v6.02)

Warning: checksum file 
'/root/.cpan/sources/authors/id/N/NE/NEILB/CHECKSUMS' not conforming.

The cksum does not contain the key 'cpan_path' for 
'Carp-Assert-0.21.tar.gz'.
Proceed nonetheless? [no] no
Aborted.
#####

When I examine the CHECKSUMS files beneath 
/root/.cpan/sources/authors/id, I see that only a handful of them have 
the string 'cpan_path' in them.

#####
$ find /root/.cpan/sources/authors/id -type f -name 'CHECKSUMS' | xargs 
grep -l cpan_path |sort | xargs ls -l
-rw-r--r--  1 root  wheel   33696 Nov 23 20:30 
/root/.cpan/sources/authors/id/A/AN/ANDK/CHECKSUMS
-rw-r--r--  1 root  wheel   29147 Mar  1 14:48 
/root/.cpan/sources/authors/id/A/AR/ARC/CHECKSUMS
-rw-r--r--  1 root  wheel   22123 Mar  1 14:48 
/root/.cpan/sources/authors/id/A/AS/ASB/CHECKSUMS
-rw-r--r--  1 root  wheel   57924 Feb 20 23:08 
/root/.cpan/sources/authors/id/E/EX/EXODIST/CHECKSUMS
-rw-r--r--  1 root  wheel    9931 Mar  1 14:48 
/root/.cpan/sources/authors/id/M/MI/MICKEY/CHECKSUMS
-rw-r--r--  1 root  wheel   38818 Feb 20 23:08 
/root/.cpan/sources/authors/id/N/NE/NEZUMI/CHECKSUMS
-rw-r--r--  1 root  wheel  310938 Mar  1 14:48 
/root/.cpan/sources/authors/id/O/OA/OALDERS/CHECKSUMS
-rw-r--r--  1 root  wheel  154626 Dec  1 18:12 
/root/.cpan/sources/authors/id/R/RU/RURBAN/CHECKSUMS
-rw-r--r--  1 root  wheel  200948 Dec  1 18:07 
/root/.cpan/sources/authors/id/Y/YV/YVES/CHECKSUMS
#####

This means that I would be unable to install even my own CPAN modules!

I believe I have followed all the guidance provided by Neil Bowers in 
his blog post 
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html. 
  So I would like to know how to update these CHECKSUMS files or 
otherwise cope with this problem.

Thank you very much.
Jim Keenan

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About