Skip to content

Make cpanm install more secure via checksum #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 19, 2017
Merged

Make cpanm install more secure via checksum #41

merged 3 commits into from
Aug 19, 2017

Conversation

@zakame
Copy link
Member

@zakame zakame commented Aug 16, 2017

Embed a SHA256 checksum (taken from the CPAN author's CHECKSUMS file)
for a specific cpanm version (currently 1.7043) so that we can verify
upon download of the dist tarball. This effectively makes installing
cpanm in the same fashion as installing Perl itself.

Fixes #39.

@zakame
Copy link
Member Author

zakame commented Aug 16, 2017

This is probably a better alternate to #40 🐈

zakame added 3 commits August 19, 2017 19:23
@zakame
Embed cpanm SHA256 checksum for verifying in image build
a5b1e61 
Install cpanm in the same fashion as Perl: via source dist with SHA256
checksum.  Thanks @tianon for the idea!
@zakame
Regenerate Dockerfiles to fetch cpanm dist with checksum
800125b 
Now less ugly than copy a static fatpacked cpanm into our repo.
@zakame
Comment CHECKSUMS location for reference
d83cae4 
We might probably update this later when cpanm/Menlo gets bumped.
@zakame zakame force-pushed the secure-cpanminus-via-checksum branch from 14e868d to d83cae4 Compare August 19, 2017 11:24
@zakame zakame merged commit 8044d4b into Perl:master Aug 19, 2017
@zakame zakame deleted the secure-cpanminus-via-checksum branch August 19, 2017 11:25
@zakame zakame mentioned this pull request Aug 19, 2017
Closed
zakame added a commit to zakame/docker-library-official-images that referenced this pull request Aug 26, 2017
@zakame
Update perl image for various improvements
7149489 
- tagged buildpack-deps (Perl/docker-perl#35)
- more secure installation of cpanm (Perl/docker-perl#41)
- arm64v8 support (Perl/docker-perl#38)
@zakame zakame mentioned this pull request Aug 26, 2017
Merged
@tianon tianon mentioned this pull request Sep 11, 2017
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zakame