PrePAN

Sign in to PrePAN

Profile

User's Modules

Mozilla::CA::Debian Replace Mozilla::CA using certificates from /etc/ssl/certs

Doc

Root certificates are a major component of TLS security. Many CPAN modules rely on Mozilla::CA as a default, portable, list of root certificates.

But when relying on Mozilla::CA, we rely on:

  • the maintainer to release often to keep Mozilla::CA in sync with the Mozilla certificates list
  • the maintainer of the module to be trustable (no compromised certificates introduced)
  • yourself or your sysadmin to keep your local copy of Mozilla::CA up to date with the latest CPAN release
  • the CPAN mirror from not being compromised to serve an altered version of Mozilla::CA
  • you can't use additional root certificates installed on your system that are not in Mozilla list (unless the application allow to use multiple certificate databases)
  • you can't filter the Mozilla list to exclude some certificates

This is many risks while on a Debian system you already have a list of certificates that:

  • you already trust for all tasks on your system
  • is updated with other system packages

So Mozilla::CA::Debian replaces Mozilla::CA, providing the same interface (including hijacking the package name) but while using the certificates from /etc/ssl/certs.

Implementation

The implementation uses lazy loading to build the certificates file (Mozilla::CA exposes the certificate database while Debian exposes a directory of files) only when the VERSION is requested or when SSL_ca_file function is called.

It also allows both Mozilla::CA and Mozilla::CA::Debian to be installed in @INC. Mozilla::CA::Debian will only be used if it is loaded first.

$Mozilla::CA::VERSION reported will be the timestamp of the most recent file in /etc/ssl/certs.

Status

The code is working. POD has to be written (probably will be copied from the block above).

Questions

  • I'm not sure about the features. What other system use a directory of PEM files?
  • I'm not sure about the name, as my implementation may work on other systems than Debian.
  • Is hijacking the Mozilla::CA package the right way?

dolmen@github 2 comments

Devel::JSON Easy JSON output for one-liners

This module is designed for usage with one-liners. The last value of your one-liner (-e) code will be serialized as JSON data. The expression is evaluated in scalar context.

The output will be either UTF-x (UTF-8, UTF-16...) or just ASCII, depending on your locale (check LC_CTYPE on Unix or GNU).

As a convenience (because you may want to deal with non-ASCII content in your -e source), your code is converted from bytes using the current locale.

dolmen@github 2 comments

AnyEvent::Handle::Mock Helper for testing AnyEvent::Handle-based code

This class provides a filehandle that you can give to the AnyEvent::Handle constructor and methods to feed and pump from the handle.

Methods:

  • new: Constructor. No arguments.
  • fh: Returns the file handle to give to the AnyEvent::Handle constructor.
  • feed: Send data. Arguments are the same as "AnyEvent::Handle->push_read".
  • pump: Wait for data, synchronously: the event loop will run due to "->recv" on a condvar. Arguments are the same as "AnyEvent::Handle->push_write" (which means you can use any "anyevent_read_type"), except the callback is optional. If it is missing, the received data will be the return value of the method.

dolmen@github 0 comments

App::PerlInfoJSON Information about perl from command-line or CGI, in JSON

Check some output about Perl at SourceForge: http://dolmen.users.sourceforge.net/cgi-bin/perlinfo.json

perlinfo.json is both a command-line and CGI script (I also plan to make it a PSGI app) that extracts information about the running perl (first perl from $ENV{PATH}) using Config::Perl::V. The output is in JSON for easy cross-language parsing.

I expect that others will build client tools (either web tools in JavaScript, or command-line tools) that will parse that information.

Questions

I'm not sure about the name. So far the script is named perlinfo.json.pl. The distribution will be called App-PerlInfoJSON, but I'm not satisfied with that distribution name, so suggestions are welcome.

dolmen@github 2 comments

ExtUtils::PerlLocal A parser for perllocal.pod

This module parses perllocal.pod and exposes its content using an OO interface. The distribution also includes the perllocal-installed script that show the list of the modules of that list that are still installed.

It is much faster to load perllocal.pod than to run instmodsh (but also not as complete, I know). This module should help to build other tools that inspect locally installed modules and ones that have been installed and removed/upgraded.

I wrote this module to help me rebuild my local module directory after the migration from Ubuntu 11.04 to Ubuntu 11.10 and so the system Perl upgrade from 5.10.1 to 5.12.4: the script/perllocal-installed gives me a list of modules that I can send to xargs cpan to reinstall them. When looking for 'perllocal' on metacpan.org, I found no relevant results.

The early (but working) code is at GitHub (the repo name will change if I rename the module). Doc, tests, and packaging still to write.

I'm not sure about the naming of the module and would also appreciate comments on the interface.

dolmen@github 3 comments