Re: [SP-pm] perlbrew e distribuições Linux antigas

Alceu Rodrigues de Freitas Junior Tue, 17 Jun 2014 10:14:21 -0700

Bem, fiz exatamente como você sugeriu... e o resultado foi o mesmo.


[alceu@localhost ~]$ perl -MCPAN -e shell

cpan shell -- CPAN exploration and modules installation (v2.05)
Enter 'h' for help.

cpan[1]> get IO::Socket::SSL
Database was generated on Mon, 16 Jun 2014 21:43:51 GMT

Running get for module 'IO::Socket::SSL'

Checksum for/home/alceu/.cpan/sources/authors/id/S/SU/SULLR/IO-Socket-SSL-1.993.tar.gzok

Scanning cache /home/alceu/.cpan/build for sizes
............................................................................DONE

cpan[2]> look IO::Socket::SSL
Running look for module 'IO::Socket::SSL'

Trying to open a subshell in the build directory...
Working directory is /home/alceu/.cpan/build/IO-Socket-SSL-1.993-dxTGbQ

[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$ exportOPENSSL_INCLUDE=/home/alceu/openssl/include[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$ exportOPENSSL_LIB=/home/alceu/openssl/lib

[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$ perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.   [Y/n] [y]
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json
[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$ make
cp lib/IO/Socket/SSL/PublicSuffix.pm blib/lib/IO/Socket/SSL/PublicSuffix.pm
cp lib/IO/Socket/SSL.pod blib/lib/IO/Socket/SSL.pod
cp lib/IO/Socket/SSL.pm blib/lib/IO/Socket/SSL.pm
cp lib/IO/Socket/SSL/Utils.pm blib/lib/IO/Socket/SSL/Utils.pm
cp lib/IO/Socket/SSL/Intercept.pm blib/lib/IO/Socket/SSL/Intercept.pm
Manifying blib/man3/IO::Socket::SSL.3
Manifying blib/man3/IO::Socket::SSL::Intercept.3
Manifying blib/man3/IO::Socket::SSL::PublicSuffix.3
Manifying blib/man3/IO::Socket::SSL::Utils.3
[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$ make test

PERL_DL_NONLAZY=1 /home/alceu/perl5/perlbrew/perls/perl-5.16.3/bin/perl"-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef*Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')"t/*.t t/external/*.t

t/01loadmodule.t .................. 1/3 # openssl version=0x90802f
# Net::SSLeay::VERSION=1.64
t/01loadmodule.t .................. ok
t/acceptSSL-timeout.t ............. ok
t/auto_verify_hostname.t .......... ok
t/cert_formats.t .................. ok
t/cert_no_file.t .................. ok
t/compatibility.t ................. ok
t/connectSSL-timeout.t ............ ok
t/core.t .......................... ok
t/dhe.t ........................... ok

t/ecdhe.t ......................... skipped: no support for ecdh withthis openssl/Net::SSLeay

t/external/ocsp.t ................. skipped: no OCSP support
t/external/usable_ca.t ............ # found 148 CA certs
t/external/usable_ca.t ............ ok
t/io-socket-inet6.t ............... skipped: no IO::Socket::INET6 available

t/io-socket-ip.t .................. skipped: no IO::Socket::IP 0.20available

t/memleak_bad_handshake.t ......... ok
t/mitm.t .......................... ok
t/nonblock.t ...................... ok

t/npn.t ........................... skipped: NPN not available inNet::SSLeay

t/public_suffix_lib_encode_idn.t .. ok
t/public_suffix_lib_libidn.t ...... ok
t/public_suffix_lib_uri.t ......... ok
t/public_suffix_ssl.t ............. ok
t/readline.t ...................... ok
t/sessions.t ...................... ok
t/signal-readline.t ............... ok

t/sni.t ........................... skipped: because no server side SNIsupport - openssl/Net::SSleay too old

t/start-stopssl.t ................. ok
t/startssl-failed.t ............... ok
t/startssl.t ...................... ok
t/sysread_write.t ................. ok
t/verify_fingerprint.t ............ 1/11
#   Failed test 'accept fp1 for saddr1'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp2 for saddr2'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp1|fp2 for saddr1'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp1|fp2 for saddr2'
#   at t/verify_fingerprint.t line 49.
# Looks like you failed 4 tests of 11.

t/verify_fingerprint.t ............ Dubious, test returned 4 (wstat1024, 0x400)

Failed 4/11 subtests
t/verify_hostname.t ............... ok
t/verify_hostname_standalone.t .... ok

Test Summary Report
-------------------
t/verify_fingerprint.t          (Wstat: 1024 Tests: 11 Failed: 4)
  Failed tests:  1-2, 5-6
  Non-zero exit status: 4

Files=33, Tests=700, 44 wallclock secs ( 0.14 usr 0.14 sys + 5.28cusr 1.80 csys = 7.36 CPU)

Result: FAIL
Failed 1/33 test programs. 4/700 subtests failed.
make: *** [test_dynamic] Error 255
[alceu@localhost IO-Socket-SSL-1.993-dxTGbQ]$

Acredito que o problema está no IO::Socket::SSL usar o Net::SSLeayinternamente... e eu não consigo reinstalar o Net::SSLeay apontando parao openssl atualizado.



Em 17-06-2014 12:39, Daniel de Oliveira Mantovani escreveu:

Porque voce fez errado,

cpan>look  IO::Socket::SSL
$export OPENSSL_INCLUDE=/home/foo/header/
$export OPENSSL_LIB=/home/foo/lib/
$make

On 17 June 2014 12:30, Alceu Rodrigues de Freitas Junior
<glasswal...@yahoo.com.br> wrote:

Tentei isso, mas ainda não foi:

[alceu@localhost ~]$ cd /home/alceu/.cpan/build/IO-Socket-SSL-1.993-Z5EY98
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ make clean
rm -f \
           SSL.bso SSL.def \
           SSL.exp SSL.x \
            blib/arch/auto/IO/Socket/SSL/extralibs.all \
           blib/arch/auto/IO/Socket/SSL/extralibs.ld Makefile.aperl \
           *.a *.o \
           *perl.core MYMETA.json \
           MYMETA.yml blibdirs.ts \
           core core.*perl.*.? \
           core.[0-9] core.[0-9][0-9] \
           core.[0-9][0-9][0-9] core.[0-9][0-9][0-9][0-9] \
           core.[0-9][0-9][0-9][0-9][0-9] libSSL.def \
           mon.out perl \
           perl perl.exe \
           perlmain.c pm_to_blib \
           pm_to_blib.ts so_locations \
           tmon.out
rm -rf \
           blib
mv Makefile Makefile.old > /dev/null 2>&1
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ env | grep -i ssl
PWD=/home/alceu/.cpan/build/IO-Socket-SSL-1.993-Z5EY98
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ export
OPENSSL_LIB="$HOME/openssl/lib"
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ export
OPENSSL_INCLUDE="$HOME/openssl/include"
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ env | grep -i ssl
PWD=/home/alceu/.cpan/build/IO-Socket-SSL-1.993-Z5EY98
OPENSSL_INCLUDE=/home/alceu/openssl/include
OPENSSL_LIB=/home/alceu/openssl/lib
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ perl Makefile.PL
Should I do external tests?
These test will detect if there are network problems and fail soft,
so please disable them only if you definitely don't want to have any
network traffic to external sites.   [Y/n] [y]
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for IO::Socket::SSL
Writing MYMETA.yml and MYMETA.json
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ make
cp lib/IO/Socket/SSL/PublicSuffix.pm blib/lib/IO/Socket/SSL/PublicSuffix.pm
cp lib/IO/Socket/SSL.pod blib/lib/IO/Socket/SSL.pod
cp lib/IO/Socket/SSL.pm blib/lib/IO/Socket/SSL.pm
cp lib/IO/Socket/SSL/Utils.pm blib/lib/IO/Socket/SSL/Utils.pm
cp lib/IO/Socket/SSL/Intercept.pm blib/lib/IO/Socket/SSL/Intercept.pm
Manifying blib/man3/IO::Socket::SSL.3
Manifying blib/man3/IO::Socket::SSL::Intercept.3
Manifying blib/man3/IO::Socket::SSL::PublicSuffix.3
Manifying blib/man3/IO::Socket::SSL::Utils.3
[alceu@localhost IO-Socket-SSL-1.993-Z5EY98]$ make test
PERL_DL_NONLAZY=1 /home/alceu/perl5/perlbrew/perls/perl-5.16.3/bin/perl
"-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef
*Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/external/*.t

t/01loadmodule.t .................. 1/3 # openssl version=0x90802f
# Net::SSLeay::VERSION=1.64
t/01loadmodule.t .................. ok
t/acceptSSL-timeout.t ............. 1/15 ^Cmake: *** [test_dynamic]
Interrupt

Repare que a versão encontrada do OpenSSL foi 0x90802f.

Vou tentar instalar o Crypt::SSLeay apontando para o openSSL atualizado.

Em 17-06-2014 12:16, Daniel de Oliveira Mantovani escreveu:

Consegue sim,

Makefile.PL accepts the following command line arguments:

incpath

Path to OpenSSL headers. Can also be specified via
$ENV{OPENSSL_INCLUDE}. If the command line argument is provided, it
overrides any value specified via the environment variable. Of course,
you can ignore both the command line argument and the environment
variable, and just add the path to your compiler specific environment
variable such as CPATH or INCLUDE etc.

libpath

Path to OpenSSL libraries. Can also be specified via
$ENV{OPENSSL_LIB}. If the command line argument is provided, it
overrides any value specified by the environment variable. Of course,
you can ignore both the command line argument and the environment
variable and just add the path to your compiler specific environment
variable such as LIBRARY_PATH or LIB etc.



OPENSSL_INCLUDE=/home/foo/header/
OPENSSL_LIB=/home/foo/lib/

2014-06-17 12:11 GMT-03:00 Alceu Rodrigues de Freitas Junior
<glasswal...@yahoo.com.br>:

Obrigado Daniel,

Instalar o OpenSSL no home do meu usuário foi bem tranquilo, mas
aparentemente o IO::Socket::SSL não tem opções para eu apontar quais
headers
e bibliotecas do openssl ele deve usar, algo que o Crypt::SSLeay tem
(http://search.cpan.org/dist/Crypt-SSLeay/SSLeay.pm#INSTALL).
Aparentemente
o Crypt::SSLeay está sendo substituído aos poucos pelo IO::Socket::SSL.

Eu tentei instalar o Crypt::SSLeay para ver que acontecia. As
dependências
entre os módulos também é meio confusa:

Running make test
Running Mkbootstrap for Crypt::SSLeay ()
chmod 644 SSLeay.bs

PERL_DL_NONLAZY=1 /home/alceu/perl5/perlbrew/perls/perl-5.16.3/bin/perl

"-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef
*Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/00-basic.t ..... ok
t/01-connect.t ... ok
t/02-live.t ...... # Reading configuration from 'test.config' on linux
# network_tests : 0
t/02-live.t ...... skipped: Network tests disabled
t/03-version.t ... ok
t/boilerplate.t .. ok
t/manifest.t ..... skipped: Author tests not required for installation
All tests successful.
Files=6, Tests=43,  0 wallclock secs ( 0.01 usr  0.04 sys +  0.25 cusr
0.08
csys =  0.38 CPU)
Result: PASS
    NANIS/Crypt-SSLeay-0.72.tar.gz
Tests succeeded but one dependency not OK (LWP::Protocol::https)
    NANIS/Crypt-SSLeay-0.72.tar.gz
    [dependencies] -- NA

Failed during this command:
   SULLR/IO-Socket-SSL-1.993.tar.gz             : make_test NO
   GAAS/LWP-Protocol-https-6.04.tar.gz          : make_test NO one
dependency
not OK (IO::Socket::SSL); additionally test harness failed
   NANIS/Crypt-SSLeay-0.72.tar.gz               : make_test NO one
dependency
not OK (LWP::Protocol::https)

Isto está parecendo a história do ovo e da galinha. :-)

Eu não achei nada no Makefile.PL do IO::Socket::SSL que me permitisse
especificar onde está o openSSL para ele usar. Tenho que fazer isso via
manipulação da $LD_LIBRARY_PATH ou algo assim?


Em 17-06-2014 11:02, Daniel de Oliveira Mantovani escreveu:

Bom dia Alceu,

Baixa manualmente o OpenSSL
(https://www.openssl.org/source/openssl-1.0.1h.tar.gz), compila e
instala num diretório separado. Depois na hora de instalar o
IO::Socket::SSL você aponta para o diretório separado que você
instalou o OpenSSL.

2014-06-17 10:56 GMT-03:00 Alceu Rodrigues de Freitas Junior
<glasswal...@yahoo.com.br>:

Bom dia pessoal,

Estou com um problema que talvez algum de vocês já tenha tido
experiência.

Preciso instalar alguns scripts de monitoração em um servidor Linux mas
cuja
distribuição já é um pouco velha. Para não mexer no perl "global", eu
resolvi usar o Perlbrew para instalar no diretório home de um usuário
específico e manter os módulos que preciso ali. Não preciso de
permissões
de
acesso maiores do que este usuário já possui também.

Tudo ia bem até eu precisar instalar módulos relacionados com SSL. Como
o
openssl da distribuição é muito velha, eu não consigo instalar coisas
mais
recentes:

cpan[2]> install IO::Socket::SSL
Running install for module 'IO::Socket::SSL'
     SULLR/IO-Socket-SSL-1.993.tar.gz
     Has already been unwrapped into directory
/home/alceu/.cpan/build/IO-Socket-SSL-1.993-FevB1C

     SULLR/IO-Socket-SSL-1.993.tar.gz
     Has already been prepared
     SULLR/IO-Socket-SSL-1.993.tar.gz
     Has already been made
Running make test
PERL_DL_NONLAZY=1
/home/alceu/perl5/perlbrew/perls/perl-5.16.3/bin/perl

"-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef
*Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')"
t/*.t
t/external/*.t
t/01loadmodule.t .................. 1/3 # openssl version=0x90802f
# Net::SSLeay::VERSION=1.64
t/01loadmodule.t .................. ok
t/acceptSSL-timeout.t ............. ok
t/auto_verify_hostname.t .......... ok
t/cert_formats.t .................. ok
t/cert_no_file.t .................. ok
t/compatibility.t ................. ok
t/connectSSL-timeout.t ............ ok
t/core.t .......................... ok
t/dhe.t ........................... ok
t/ecdhe.t ......................... skipped: no support for ecdh with
this
openssl/Net::SSLeay
t/external/ocsp.t ................. skipped: no OCSP support
t/external/usable_ca.t ............ # found 148 CA certs
t/external/usable_ca.t ............ ok
t/io-socket-inet6.t ............... skipped: no IO::Socket::INET6
available
t/io-socket-ip.t .................. skipped: no IO::Socket::IP 0.20
available
t/memleak_bad_handshake.t ......... ok
t/mitm.t .......................... ok
t/nonblock.t ...................... ok
t/npn.t ........................... skipped: NPN not available in
Net::SSLeay
t/public_suffix_lib_encode_idn.t .. ok
t/public_suffix_lib_libidn.t ...... ok
t/public_suffix_lib_uri.t ......... ok
t/public_suffix_ssl.t ............. ok
t/readline.t ...................... ok
t/sessions.t ...................... ok
t/signal-readline.t ............... ok
t/sni.t ........................... skipped: because no server side SNI
support - openssl/Net::SSleay too old
t/start-stopssl.t ................. ok
t/startssl-failed.t ............... ok
t/startssl.t ...................... ok
t/sysread_write.t ................. ok
t/verify_fingerprint.t ............ 1/11
#   Failed test 'accept fp1 for saddr1'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp2 for saddr2'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp1|fp2 for saddr1'
#   at t/verify_fingerprint.t line 49.

#   Failed test 'accept fp1|fp2 for saddr2'
#   at t/verify_fingerprint.t line 49.
t/verify_fingerprint.t ............ 8/11 # Looks like you failed 4
tests
of
11.
t/verify_fingerprint.t ............ Dubious, test returned 4 (wstat
1024,
0x400)
Failed 4/11 subtests
t/verify_hostname.t ............... ok
t/verify_hostname_standalone.t .... ok

Test Summary Report
-------------------
t/verify_fingerprint.t          (Wstat: 1024 Tests: 11 Failed: 4)
     Failed tests:  1-2, 5-6
     Non-zero exit status: 4
Files=33, Tests=700, 45 wallclock secs ( 0.15 usr  0.13 sys +  5.35
cusr
1.64 csys =  7.27 CPU)
Result: FAIL
Failed 1/33 test programs. 4/700 subtests failed.
make: *** [test_dynamic] Error 255
     SULLR/IO-Socket-SSL-1.993.tar.gz
     /usr/bin/make test -- NOT OK
//hint// to see the cpan-testers results for installing this module,
try:
     reports SULLR/IO-Socket-SSL-1.993.tar.gz
Failed during this command:
    SULLR/IO-Socket-SSL-1.993.tar.gz             : make_test NO

Eu consigo ver duas opções:

1 - forçar a instalação dos módulos e correr o risco de
incompatibilidades
de versões
2 - atualizar a distribuição na tentativa de então conseguir instalar
os
módulos Perl

Como eu não tenho acesso à internet pelo servidor, tenho instalado e
configurado o Perlbrew em uma VM com as mesmas versões do servidor,
então
eu
poderia atualizar a VM. Mexer no servidor é algo que eu não tenho
acesso,
e
devido a questão de homologação, vai demorar uma vida até que eu
consiga
que
os responsáveis atualizem.

Quão "isolada" é uma instalação do Perlbrew? Quando compilo algo em C,
os
módulos vão usar bibliotecas compartilhadas? Ou tudo fica auto-contido?

Obrigado,
Alceu
=begin disclaimer
     Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
SaoPaulo-pm mailing list: SaoPaulo-pm@pm.org
L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
=end disclaimer

=begin disclaimer
    Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
SaoPaulo-pm mailing list: SaoPaulo-pm@pm.org
L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
=end disclaimer

=begin disclaimer
   Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
SaoPaulo-pm mailing list: SaoPaulo-pm@pm.org
L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
=end disclaimer


=begin disclaimer
  Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
SaoPaulo-pm mailing list: SaoPaulo-pm@pm.org
L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
=end disclaimer

Re: [SP-pm] perlbrew e distribuições Linux antigas

Responder a