Commit 68c0dc70 authored by Charles Ferguson's avatar Charles Ferguson
Browse files

Update perl-env-setup to search modules manually. Use perl -f.

The module search used to use a 'use' statement to find the modules
and then read the '$VERSION' variable. This would allow code to be
executed (which would be a bad thing), and means that we're at the
whim of what the module does to '$VERSION'. In this case, the issue
lies with DBI, which calls 'eval' on the version number, turning
1.630 into 1.63, which isn't the same thing.

Now, we try to locate the file and extract the version number
from it as assigned to a variable. If we can do this then all is
well and we use that. If we cannot, then we fall back to using
'require', which will then do the code execution, but should at
least find the file.

The -f option disables the reading of the site customisations,
which could affect the operation of the code.
parent 7f35d750
......@@ -113,11 +113,39 @@ function check_module() {
debug "Checking for '$module' @ '$version'"
if ! perl -e "use ${module};
if ! perl -f -e "# Find the module
my \$leaf = '${module}.pm';
\$leaf =~ s/::/\\//g;
my \$filename;
# Try to find the file by name first - this has less
# risk in executing code, and may be faster.
for my \$dir (@INC) {
if (-r \"\$dir/\$leaf\") {
\$filename = \"\$dir/\$leaf\";
last;
}
}
my \$modversion;
if (defined \$filename) {
if (open(my \$fh, '<', \$filename)) {
my \$nlines = 0;
while (<\$fh>) {
if (/\\\$VERSION *= *(?:[\"']([0-9\\.]+)[\"']|([0-9]+))/) {
\$modversion = \$1 // \$2;
last;
}
last if (\$nlines++ > 100);
}
}
}
if (!defined \$modversion) {
require ${module};
\$modversion = \$${module}::VERSION;
}
if ('${version}' ne '' &&
\$${module}::VERSION ne '${version}') {
die \"Version should be ${version}, not \$${module}::VERSION\\n\";
}" > /dev/null 2>&1 ; then
\"\$modversion\" ne '${version}') {
die \"Version should be ${version}, not \$modversion\\n\";
}" > /dev/null ; then
return 1
fi
......@@ -243,7 +271,7 @@ function install_requirements() {
echo $'\nChecking installation...\n' >> output_cpan.txt
failed=false
for module in "${required_defs[@]}" ; do
if ! check_module "${module}" ; then
if ! check_module "${module}" 2>> output_cpan.txt; then
echo " $module was not installed properly" >> output_cpan.txt
echo "ERROR: $module was not installed properly" >&2
failed=true
......@@ -315,7 +343,7 @@ sed -E "s/^#.*//; /^ *$/d;" "${tmpinput}" \
# Ensure that our environment is set up properly
mkdir -p "${environment}"
eval "$(perl -M"local::lib=${environment}")"
eval "$(perl -f -M"local::lib=${environment}")"
if [ $? != 0 ] ; then
echo "Failed to create local::lib environment"
exit 1
......@@ -335,15 +363,15 @@ done
echo "CPAN output" > output_cpan.txt
# Ensure that we have a version of CPAN
if ! check_module App::cpanminus ; then
if ! check_module App::cpanminus 2>> output_cpan.txt ; then
echo "==== cpanminus install ====" >> output_cpan.txt
cpan -T App::cpanminus >> output_cpan.txt 2>&1
fi
if ! check_module ExtUtils::MakeMaker@7.10 ; then
if ! check_module ExtUtils::MakeMaker@7.10 2>> output_cpan.txt ; then
echo "==== ExtUtils::MakeMaker install ====" >> output_cpan.txt
cpanm -n ExtUtils::MakeMaker@7.10 >> output_cpan.txt 2>&1
fi
if ! check_module Module::Build@0.4222 ; then
if ! check_module Module::Build@0.4222 2>> output_cpan.txt ; then
echo "==== Module::Build install ====" >> output_cpan.txt
cpanm -n Module::Build@0.4222 >> output_cpan.txt 2>&1
fi
......@@ -424,7 +452,7 @@ function _perllib_setup() {
local oldval
local tmpfile="$(mktemp -t perllib.XXXXXXXX)"
SHELL=/bin/bash perl -Mlocal::lib="$PERLLIB_ENV" > "${tmpfile}"
SHELL=/bin/bash perl -f -Mlocal::lib="$PERLLIB_ENV" > "${tmpfile}"
for var in "${PERLLIB_ENVVARS[@]}" ; do
oldvar="_OLD_PERLLIB_$var"
......@@ -513,7 +541,7 @@ function _perllib_setup
set -l oldval
set -l tmpfile (mktemp -t perllib.XXXXXXXX)
env SHELL=/bin/bash perl -Mlocal::lib="$PERLLIB_ENV" > "$tmpfile"
env SHELL=/bin/bash perl -f -Mlocal::lib="$PERLLIB_ENV" > "$tmpfile"
for var in $PERLLIB_ENVVARS
set oldvar "_OLD_PERLLIB_$var"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment