Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Unable to install via 'cpan' due to 'cpan_path' missing from CHECKSUMS
834 views
Skip to first unread message
James E Keenan
Mar 1, 2022, 10:30:03 AM3/1/22
to cpan-w...@perl.org
On a machine where I have root privileges, I wish to test (then later
install) Carp::Assert using the `cpan` client. I encounter this failure:
#####
$ sudo cpan -t Carp::Assert
Password:
Loading internal logger. Log::Log4perl recommended for better logging
Reading '/root/.cpan/Metadata'
Database was generated on Tue, 01 Mar 2022 13:17:03 GMT
Running test for module 'Carp::Assert'
CPAN: Digest::SHA loaded ok (v6.02)
Warning: checksum file
'/root/.cpan/sources/authors/id/N/NE/NEILB/CHECKSUMS' not conforming.
The cksum does not contain the key 'cpan_path' for
'Carp-Assert-0.21.tar.gz'.
Proceed nonetheless? [no] no
Aborted.
#####
When I examine the CHECKSUMS files beneath
/root/.cpan/sources/authors/id, I see that only a handful of them have
the string 'cpan_path' in them.
#####
$ find /root/.cpan/sources/authors/id -type f -name 'CHECKSUMS' | xargs
grep -l cpan_path |sort | xargs ls -l
-rw-r--r-- 1 root wheel 33696 Nov 23 20:30
/root/.cpan/sources/authors/id/A/AN/ANDK/CHECKSUMS
-rw-r--r-- 1 root wheel 29147 Mar 1 14:48
/root/.cpan/sources/authors/id/A/AR/ARC/CHECKSUMS
-rw-r--r-- 1 root wheel 22123 Mar 1 14:48
/root/.cpan/sources/authors/id/A/AS/ASB/CHECKSUMS
-rw-r--r-- 1 root wheel 57924 Feb 20 23:08
/root/.cpan/sources/authors/id/E/EX/EXODIST/CHECKSUMS
-rw-r--r-- 1 root wheel 9931 Mar 1 14:48
/root/.cpan/sources/authors/id/M/MI/MICKEY/CHECKSUMS
-rw-r--r-- 1 root wheel 38818 Feb 20 23:08
/root/.cpan/sources/authors/id/N/NE/NEZUMI/CHECKSUMS
-rw-r--r-- 1 root wheel 310938 Mar 1 14:48
/root/.cpan/sources/authors/id/O/OA/OALDERS/CHECKSUMS
-rw-r--r-- 1 root wheel 154626 Dec 1 18:12
/root/.cpan/sources/authors/id/R/RU/RURBAN/CHECKSUMS
-rw-r--r-- 1 root wheel 200948 Dec 1 18:07
/root/.cpan/sources/authors/id/Y/YV/YVES/CHECKSUMS
#####
This means that I would be unable to install even my own CPAN modules!
I believe I have followed all the guidance provided by Neil Bowers in
his blog post
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html.
So I would like to know how to update these CHECKSUMS files or
otherwise cope with this problem.
Thank you very much.
Jim Keenan
install) Carp::Assert using the `cpan` client. I encounter this failure:
#####
$ sudo cpan -t Carp::Assert
Password:
Loading internal logger. Log::Log4perl recommended for better logging
Reading '/root/.cpan/Metadata'
Database was generated on Tue, 01 Mar 2022 13:17:03 GMT
Running test for module 'Carp::Assert'
CPAN: Digest::SHA loaded ok (v6.02)
Warning: checksum file
'/root/.cpan/sources/authors/id/N/NE/NEILB/CHECKSUMS' not conforming.
The cksum does not contain the key 'cpan_path' for
'Carp-Assert-0.21.tar.gz'.
Proceed nonetheless? [no] no
Aborted.
#####
When I examine the CHECKSUMS files beneath
/root/.cpan/sources/authors/id, I see that only a handful of them have
the string 'cpan_path' in them.
#####
$ find /root/.cpan/sources/authors/id -type f -name 'CHECKSUMS' | xargs
grep -l cpan_path |sort | xargs ls -l
-rw-r--r-- 1 root wheel 33696 Nov 23 20:30
/root/.cpan/sources/authors/id/A/AN/ANDK/CHECKSUMS
-rw-r--r-- 1 root wheel 29147 Mar 1 14:48
/root/.cpan/sources/authors/id/A/AR/ARC/CHECKSUMS
-rw-r--r-- 1 root wheel 22123 Mar 1 14:48
/root/.cpan/sources/authors/id/A/AS/ASB/CHECKSUMS
-rw-r--r-- 1 root wheel 57924 Feb 20 23:08
/root/.cpan/sources/authors/id/E/EX/EXODIST/CHECKSUMS
-rw-r--r-- 1 root wheel 9931 Mar 1 14:48
/root/.cpan/sources/authors/id/M/MI/MICKEY/CHECKSUMS
-rw-r--r-- 1 root wheel 38818 Feb 20 23:08
/root/.cpan/sources/authors/id/N/NE/NEZUMI/CHECKSUMS
-rw-r--r-- 1 root wheel 310938 Mar 1 14:48
/root/.cpan/sources/authors/id/O/OA/OALDERS/CHECKSUMS
-rw-r--r-- 1 root wheel 154626 Dec 1 18:12
/root/.cpan/sources/authors/id/R/RU/RURBAN/CHECKSUMS
-rw-r--r-- 1 root wheel 200948 Dec 1 18:07
/root/.cpan/sources/authors/id/Y/YV/YVES/CHECKSUMS
#####
This means that I would be unable to install even my own CPAN modules!
I believe I have followed all the guidance provided by Neil Bowers in
his blog post
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html.
So I would like to know how to update these CHECKSUMS files or
otherwise cope with this problem.
Thank you very much.
Jim Keenan
Andreas Koenig
Mar 1, 2022, 2:00:03 PM3/1/22
to James E Keenan, cpan-w...@perl.org
>>>>> On Tue, 1 Mar 2022 10:23:12 -0500, James E Keenan <jke...@pobox.com> said:
> Warning: checksum file
> '/root/.cpan/sources/authors/id/N/NE/NEILB/CHECKSUMS' not conforming.
Please upgrade to CPAN-2.33-TRIAL.tar.gz which you find on CPAN in my
> Warning: checksum file
> '/root/.cpan/sources/authors/id/N/NE/NEILB/CHECKSUMS' not conforming.
directory https://www.cpan.org/authors/id/A/AN/ANDK/
--
andreas
James E Keenan
Mar 1, 2022, 3:30:03 PM3/1/22
to Andreas Koenig, cpan-w...@perl.org
been synched into Perl 5 blead. Do you have a timeline for a separate
release of 2.33 to CPAN?
0 new messages