Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

fetching asset files from github during installation of module from CPAN

by tmaly (Monk)
on Mar 15, 2016 at 21:29 UTC ( [id://1157852]=perlquestion: print w/replies, xml ) Need Help??

tmaly has asked for the wisdom of the Perl Monks concerning the following question:

What would be the best portable way to fetch some asset files (.css .js) from a github repo during installation of a module from CPAN?

Replies are listed 'Best First'.
Re: fetching asset files from github during installation of module from CPAN
by choroba (Cardinal) on Mar 15, 2016 at 22:01 UTC
    The best way would be to include the files in the distribution itself - someone could install it from their own local CPAN mirror with no access to the internet. You can always try to fetch a newer version from github during the installation - File::Fetch is a core module that should do that. P5P might remove it from the core, though, so you could use HTTP::Tiny as a replacement.

    ($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord }map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,
      I was thinking of including the most recent version as of the date I publish the module to CPAN. Then I would want to attempt to try to fetch a newer version at installation time. I will give File::Fetch a shot. Thanks

        I'd go the route choroba stated, and wrap it into an early test in the test suite (eval to fetch).

        Perform a significant number of tests against the version that is bundled with the module, and then perform the same extensive tests against the new version before installing it, as to ensure you don't break functionality of the module with a new version of the updated files during your install.

        This way, by not doing it in Makefile.PL or something, if the fetch fails, or your unit tests don't pass on the new version of files, you can lean back on the existing bundled versions.

        From a code review standpoint, I would reject the use of any installation that went outside of the code provided in the package at installation time, as this would provide a mechanism to

        • identify users of the package
        • inject some unknown, unreviewed chunk of code into the dev (prod - hopefully not) environment
        • other creative attacks on an environment

        Not saying that this is your intent, but use of that would be shot down in a heartbeat under any cursory review here.

        --MidLifeXis

Re: fetching asset files from github during installation of module from CPAN
by Corion (Patriarch) on Mar 16, 2016 at 07:56 UTC

    Don't do that.

    Module installation from CPAN should not access the network, preferrably not even while testing the module. If you need outside resources either provide a separate script to fetch them or bundle the resources with your distribution.

    If you want to automate the bundling of outside resources with your distribution, consider having that step in Makefile.PL and only execute it when the hostname is your release machine or when some appropriate environment variable is set.

      I was looking to do the update if possible when a stable version of the code is released. At this point the assets I am looking to fetch are in a state of flux.


      I agree it is probably better to just bundle a stable version and not try to update on installation.


      When a new stable version is released, update the module on CPAN with the latest version.

Re: fetching asset files from github during installation of module from CPAN
by 1nickt (Canon) on Mar 15, 2016 at 21:59 UTC

    Manually, since you will only be doing it once?

    Or are you talking about making it part of an installation process for a distribution that you are building?

    The way forward always starts with a minimal test.
Re: fetching asset files from github during installation of module from CPAN
by Anonymous Monk on Mar 16, 2016 at 16:01 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1157852]
Approved by Old_Gray_Bear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (7)
As of 2024-03-28 11:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found