• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6965: Insecure dependency (again) in tools/extender.pl when installing extension in configure

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine configure Normal Closed   patch 6.0.1

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

Item6534 seems to be back again:

I tried 2 plugins and 2 add-ons. Same error. However, plugins and add-ons were installed and function properly anyway!

Workaround: Likely none needed, message can be ignored.

Sample install session:

Fetching http://twiki.org/p/pub/Plugins/GeoLookupPlugin/GeoLookupPlugin.tgz...
Unpacking...
Archive::Tar is not installed; trying tar on the command-line
data/ data/TWiki/ data/TWiki/GeoLookupPlugin.txt data/TWiki/VarGEOLOOKUP.txt GeoLookupPlugin_installer lib/ lib/TWiki/ lib/TWiki/Plugins/ lib/TWiki/Plugins/GeoLookupPlugin.pm pub/ pub/TWiki/ pub/TWiki/GeoLookupPlugin/ pub/TWiki/GeoLookupPlugin/twiki-logo-80x40-t.gif GeoLookupPlugin_installer
data/
data/TWiki/
data/TWiki/VarGEOLOOKUP.txt
data/TWiki/GeoLookupPlugin.txt
lib/
lib/TWiki/
lib/TWiki/Plugins/
lib/TWiki/Plugins/GeoLookupPlugin.pm
pub/
pub/TWiki/
pub/TWiki/GeoLookupPlugin/
pub/TWiki/GeoLookupPlugin/twiki-logo-80x40-t.gif

Warning: CPAN is not available, some installer functions have been disabled

### GeoLookupPlugin Installer ###

This installer must be run from the root directory of your TWiki
installation.
    * You can abort the script at any point and re-run it later
    * If you answer 'no' to any questions you can always re-run
      the script again later
##########################################################
Checking dependency on Geo::IP....
*** GeoLookupPlugin depends on cpan package Geo::IP >=1.27
which is described as "Optional. Available from CPAN:Geo::IP."
But when I tried to find it I got this error:

Insecure dependency

##########################################################
Checking dependency on Geo::IP::PurePerl....
*** GeoLookupPlugin depends on cpan package Geo::IP::PurePerl >=1.21
which is described as "Optional. Available from CPAN:Geo::IP::PurePerl."
But when I tried to find it I got this error:

Insecure dependency

##########################################################
Checking dependency on TWiki::Plugins....
I will keep a backup of any files I overwrite.
Fetching the archive for TWiki::Plugins::GeoLookupPlugin.

Error: Installer returned errors:

Insecure dependency in require while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.8/LWP/UserAgent.pm line 416.
 at /usr/lib/perl5/vendor_perl/5.8.8/LWP/UserAgent.pm line 416
   LWP::UserAgent::get('LWP::UserAgent=HASH(0xa5065b4)', 'http://twiki.org/p/pub/Plugins/GeoLookupPlugin/GeoLookupPlugi...') called at tools/extender.pl line 535
   TWiki::Extender::getComponent('GeoLookupPlugin', 'ARRAY(0x9d93cb8)', 'archive') called at tools/extender.pl line 562
   TWiki::Extender::getArchive('GeoLookupPlugin') called at tools/extender.pl line 950
   TWiki::Extender::_install('ARRAY(0xa545e78)', 'GeoLookupPlugin') called at tools/extender.pl line 1054
   TWiki::Extender::install('http://twiki.org/p/pub/Plugins', 'GeoLookupPlugin', 'GeoLookupPlugin', 'MANIFEST', 'data/TWiki/GeoLookupPlugin.txt,0644,\x{a}data/TWiki/VarGEOLOOKUP....', 'DEPENDENCIES', 'Geo::IP,>=1.27,1,cpan,Optional. Available from CPAN:Geo::IP.\x{a}...') called at /var/www/twiki/test512/GeoLookupPlugin_installer line 104
   require /var/www/twiki/test512/GeoLookupPlugin_installer called at /var/www/twiki/test512/lib/TWiki/Configure/UIs/EXTEND.pm line 170
   eval {...} called at /var/www/twiki/test512/lib/TWiki/Configure/UIs/EXTEND.pm line 168
   TWiki::Configure::UIs::EXTEND::ui('TWiki::Configure::UIs::EXTEND=HASH(0x9a9e310)') called at /var/www/twiki/test512/bin/configure line 708
   TWiki::_actionInstallExtension() called at /var/www/twiki/test512/bin/configure line 478
 at /usr/lib/perl5/5.8.8/CGI/Carp.pm line 379
   CGI::Carp::realdie('Insecure dependency in require while running with -T switch a...') called at /usr/lib/perl5/5.8.8/CGI/Carp.pm line 468
   CGI::Carp::die('Insecure dependency in require while running with -T switch a...') called at /var/www/twiki/test512/lib/TWiki/Configure/UIs/EXTEND.pm line 172
   eval {...} called at /var/www/twiki/test512/lib/TWiki/Configure/UIs/EXTEND.pm line 168
   TWiki::Configure::UIs::EXTEND::ui('TWiki::Configure::UIs::EXTEND=HASH(0x9a9e310)') called at /var/www/twiki/test512/bin/configure line 708
   TWiki::_actionInstallExtension() called at /var/www/twiki/test512/bin/configure line 478

You may be able to resolve these errors and complete the installation from the command line, so I will leave the installed files where they are.
Installation finished.

-- TWiki:Main/PeterThoeny - 2012-10-07

Well, I tried to install ExternalLinkTrackerPlugin into TWiki 5.1.4 using the provided installer, I get the above message. When I then attempt to run my TWiki, I get a warning message that the ExternalLinkTrackerPlugin could not be loaded because ExternalLinkTrackerPlugin.pm couldn't be located in @INC.

-- TWiki:Main.DavidSteininger - 2013-07-15

I am getting the same error on TWiki 6.0.0, Ubuntu 13.10, with Perl v5.14.2; that is I get this error after patching for Item7482.

-- TWiki:Main.DavidDAllen - 2014-04-08

In testing on my platform, CPAN is failing to load in extender.pl due to a "Insecure dependency in require while running with -T switch". This directly results in the warning message that we see above, but it somehow also is causing the insecure dependency error with UserAgent.pm as well.

To verify, replace "&$check_perl_module( 'CPAN' );" with "$available{'CPAN'} = 0;" at the end of the BEGIN block in tools/extender.pl. This will avoid the attempt to load CPAN and installations should work again.

-- TWiki:Main.DavidDAllen - 2014-04-16

The current known workaround for this problem is to remove the -T flag from the bin/configure script.

Another way to workaround this problem on my platform is to add "use CPAN;" to bin/configure; this appears to allow "&$check_perl_module( 'CPAN' );" to succeed in tools/extender.pl.

I also note that if I add a "require CPAN;" at the top of bin/configure then installs work correctly, but if I add a "require CPAN;" within sub _actionInstallExtension then I get the CPAN.pm Insecure dependency error. There seems to be a difference in execution context between these locations.

-- TWiki:Main.DavidDAllen - 2014-04-16

I have identified the problem and a fix.

On my platform importing the CPAN module will produce an Insecure dependency error if the . (current) directory is in @INC, and taint mode in enabled (-T flag). I don't know why this occurs and I have not found any other references to this problem.

This problem can be avoided by removing . from @INC before CPAN is imported in tools/extender.pl. For example by adding a "eval 'no lib qw(.);';" just before "&$check_perl_module( 'CPAN' );" at the end of the BEGIN block in tools/extender.pl.

I'll attach a patch. This patch will also include the fix for Item7482 since I require that fix as well for tools/extender.pl to work on my platform.

-- TWiki:Main.DavidDAllen - 2014-04-16

Thank you David! This is now in SVN trunk and 6.0 branch, ready for TWiki-6.0.1 release.

-- TWiki:Main.PeterThoeny - 2014-10-04

The check-in is done under Item7482.

-- TWiki:Main.PeterThoeny - 2014-10-04

ItemTemplate
Summary Insecure dependency (again) in tools/extender.pl when installing extension in configure
ReportedBy TWiki:Main.PeterThoeny
Codebase ~twiki4, 6.0.0, 5.1.2
SVN Range TWiki-5.1.1-trunk, Sat, 06 Oct 2012, build 23534
AppliesTo Engine
Component configure
Priority Normal
CurrentState Closed
WaitingFor

Checkins

TargetRelease patch
ReleasedIn 6.0.1
Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatdiff cpan-error-fix.diff r1 manage 1.2 K 2014-04-16 - 21:30 UnknownUser Patch for this issue.
Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r10 - 2014-10-06 - PeterThoeny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback