Slashdot Mirror

← Back to Stories (view on slashdot.org)

Helping Perl Packagers Package Perl

Posted by samzenpus on from the dress-it-up dept.

jamie writes "chromatic has a great post today on the conflict between OS distributions and CPAN's installations of perl modules, along with some suggestions for how to start resolving this maddening problem: '[Though Debian has] made plenty of CPAN distributions available as .debs, I have to configure my CPAN client myself, and it does not work with the system package manager. There's no reason it couldn't. Imagine that the system Perl 5 included in the default package... had a CPAN client configured appropriately. It has selected an appropriate mirror (or uses the redirector). It knows about installation paths. It understands how to use LWP...' The idea of providing guidelines to distros for how to safely package modules is a great one. Could modules request (a modified?) test suite be run after distro-installation? Could Module::Build help module authors and distro maintainers establish the rules somehow?"

5 of 130 comments (clear)

  1. Re:May I Be the First To Say This by MadMartigan2001 · · Score: 5, Funny

    Fuck perl.

    ... is one of the coolest languages ever! There, fixed that for ya.

  2. And Santa will bring me peace in the Middle East!! by Anonymous Coward · · Score: 5, Insightful

    Could a /. reader get laid? Could I go to bed before 4 AM? Could someone get me a real job?

    No.

    More seriously, not as CPAN works now. There is no "snapshotting" or "consistent distribution level" mechanism, so there is no mechanism to write consistent component compatibility lists, and no way for the existing CPAN to look back *out* into the operating systems available components. Even component naming is too inconsistent among distributions. And when different packagers fold specific packages into their basic Perl package, or components that are required for new modules move into the basic Perl package itself, you have dependency madness just waiting to bite you, very, very hard indeed if you let your local Perl integrator replace all the dependencies. This way lies Gentoo madness, and it's hideously unstable in the real world.

    There are steps you can use, but they're dependent on Perl authors actually following packaging "best practices". Building RPM's from many perl components is fairly easy, especially with components like 'cpan2rpm' available, but then you have the crack-monkeys who prodoce component 1.00, 1.20, 1.201, 1.202, 1.2437, and then 1.30 and expect 1.30 to be considered "the most recent", and no way to flush the funky numbered ones from CPAN lest development continue and you get to 1.201 the hard way. And then there are idiots who can't be bothered to write actual Makefiles or Make::MakeMaker configurations, but each invent their own replacement for "make". And now that Perl 5.10 is out, too many "latest release" components form CPAN are going to simply demand updates to that new Perl release. What a wonderful crapshoot to upgrade your Perl, *on the fly* to a new major release simply because you want to print dates a certain way?

    Then there's the continuing use of Apache 1.3 and the matching mod_perl by Debian setups, and the utter nuttiness of rolling *BACK* Perl components to be compatible with that. What a wonderful way to *completely* fuck up your existing deployed codebase as rolling back your Perl to perl-5.6 to revert the incompatible components for that one.

    Oh, and don't forget the "site-lib" versus "vendor-lib" settings. God forbids most Perl authors be bothered to actually *CARE* about it, but it does make a different in whether a component will be loaded and actually used in place of a separately installed one deployed as part of the operating system's other dependencies or package management system.

  3. Re:How much by Anonymous Coward · · Score: 5, Funny

    I don't know, but I do know that Peter Python packaged a peck of CPickled peppers.

  4. Responding as a CPAN admin... by adamkennedy · · Score: 5, Informative

    Is the parent a bad post, or a good troll?

    Some responses if I may...

    Perl dependencies are specified by class name, not by distribution package name. So (theoretically) as long as there's a way to resolve a class to a file (which is standard) and thence to an operating system package ("which package contains file X" shouldn't be that hard) then there's no reason that Perl package dependencies can't be mapped down into distro package space.

    As for the versions, 1.30 is more correctly more recent than 1.2437, because the CPAN turns multi-part versions 1.23.1 into decimals using an admittedly icky triplet system where each part of the multi-part is normalised into three digits.

    1.2437 is a normalised version of 1.243.7. Downstream distos have implementations of this logic available to them in places like CPAN::Version. But yes, it is a bit weird for the newcomer. It's the price of 5-10 year back-compatibility, alas.

    As for Perl 5.10, almost nothing on the CPAN will depend on it. The current recommended back-compatibility targets are Perl 5.6.2 for low-level or toolchainy stuff that needs a decade of back-compatibility, or Perl 5.8.5ish (around 5 years) for regular things (which is the first version where Unicode became bug free and universally usable).

    So Perl 5.10 is having almost no impact on compatibility, and won't for at least another couple of years.

  5. Re:At least the Perl crowd is trying, by mwa · · Score: 5, Insightful

    easy_install works just like CPAN. Download and install stuff so the standard distribution software management tools are now worthless for:

      1. Knowing what is installed on which production machines (basic software inventory)
      2. Reporting packages with dependencies on a package with a newly reported security issue
      3. Automatically upgrading to new releases
      4. Easily rebuilding and deploying to multiple hosts on different architectures and different releases of distros (possibly different distros)
      5. Managing dependency conflicts between different packages

    and more that escape me right now because I haven't finished my coffee yet.

    CPAN, easy_install and their ilk are wonderful for the developer that needs a bunch of stuff to get their application working. They are evil incarnate for the administrator that needs that application to work reliably and consistently on more that a couple of machines.

    There is a huge difference between "easily installing stuff" and managing systems. The second you add anything that "works around" the standard way of doing things, whatever standard you've adopted, you've abandoned all hope of having standard operating procedures and consistent production management.

    This is why systems administrators get so edgy... Every developer, user, language community, or whatever, thinks their little exception makes life easier. Exceptions don't scale.

    Ok, they do scale. They evolve into chaos.