7

I thought it would be a good idea in general to update all software on my computer regularly. Since CPAN modules are not managed by my package manager I figured I should do cpan -u every once in a while. It was only after executing this that I read the man page note on this:

-u  Upgrade all installed modules. Blindly doing this can really break
   things, so keep a backup.
  1. Why should this break anything? And how should I keep my CPAN modules up to date otherwise; do I need to keep track of all manually installed modules (cpan doesn't seem to do this) and only update those regularly? How about the dependencies of my manually installed modules?
  2. Why did cpan -u upgrade stuff for ~15min even though I haven't installed a single CPAN module?
  3. Can I revert the cpan -u? Is it enough to delete ~/.cpan for this?
brian d foy
  • 129,424
  • 31
  • 207
  • 592
J. Doe
  • 326
  • 2
  • 12
  • 1
    It updates **all** outdated modules, not just those installed by a cpan client. That includes core ones and ones installed by your OS's package manager. – Shawn Oct 04 '18 at 15:13
  • Another common tool for this task is [cpan-outdated](https://metacpan.org/pod/cpan-outdated) which can be used with either cpan or cpanm. Unfortunately there is no way to rollback updating CPAN modules in place without a package manager except by reinstalling the old versions again. – Grinnz Oct 04 '18 at 15:51
  • 2
    Of course there's a way to rollback changes. Use source control :) – brian d foy Oct 04 '18 at 16:38

2 Answers2

14

Why should this break anything?

It shouldn't, but complex systems are complex and sometimes things do break (e.g. if a module is updated with a non-backwards compatible change, or depends on a C library which has bugs which only show up in combination with specific dependencies).

And how should I keep my CPAN modules up to date otherwise;

Just keep backups in case things break.

Why did cpan -u upgrade stuff for ~15min even though I haven't installed a single CPAN module?

Perl is distributed with a large collection of modules, and other modules may have been installed by your distribution.

Can I revert the cpan -u?

You can overwrite it with the backup that the documentation recommended you take.

Is it enough to delete ~/.cpan for this?

No. That directory is used by the installer tool to cache data about available modules, to store source code, and to hold build artefacts. The installed files are written to your lib like any other library.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Thanks for the answer! Unfortunately I didn't make a backup (we are talking about `cpan -a`, right?). Guess I'll roll back to a system-backup if anything broke. I still wonder why `cpan -u` updated modules, even though I had updated the systems software via the package manager shortly before. Shouldn't that include updates for the installed distribution? – J. Doe Oct 04 '18 at 14:27
  • 1
    The repositories the system package managers point to often don't have the most current versions of perl modules and this is especially true on RedHat systems. The cpan tool will pull the latest version available. – Ron Bergin Oct 04 '18 at 15:16
  • If you update the CPAN JSON lib to 2.27, `print(0 ne JSON::true());` yields `"Operation "ne": no method found."`, but previously it yielded `"1"`. Just wanted to throw in an actual example, good answer, upvoted. – HoldOffHunger Oct 04 '18 at 16:45
2

  1. New or update code is new or updated bugs. I have the opposite view of Quentin: why would changing a bunch of stuff keep not break things? That's what I expect with most updates. However, the Perl 5 porters take great pains to test perl distributions against as much of CPAN as they can. That doesn't mean that your particular use of a module (and how you've worked around existing bugs) is stable.

  2. Some modules that come with perl are also on CPAN. These are "dual-lived" modules and they might update from CPAN.

  3. The cpan tool doesn't revert anything for you, but you can do what I do sometimes. Make your installation a git repo. Branch when you change it. Try the branch with your code. If anything goes wrong you can always switch back to master. You don't even need to commit the changes! Tools such as Pinto help you manage sets of Perl modules.

There are some other things to consider.

First, I recommend that you don't mess with the system perl. Let the system do that. If you want a fresher perl that you manage yourself, install a different one. You might like perlbrew for that (I don't, but that's no big deal).

You can screw up that one as much as you like and the system won't start doing weird things. Consider major changes like removing . from @INC and Deprecating unescaped left braces in regexes. Those were changes in perl but they broke some important things.

Second, you can configure cpan to install somewhere besides the system directories. The -I switch will use local::lib for you. Besides that, you can configure it manually.

brian d foy
  • 129,424
  • 31
  • 207
  • 592
  • Tools like cpanm and Carton also make it easy to install modules to a localized local::lib on the fly, which may make it easier to test updates in a more isolated way. – Grinnz Oct 04 '18 at 16:44
  • Thanks for the response! I don't really want a "fresher" perl (not 100% sure what that means), all I want is a way to keep the CPAN modules I use in projects secure and up to date. I find the idea of using git cool, but am not sure which directory I'll have to look for. Is it `~/perl5`? And could I revert my `cpan -u` by deleting this directory? – J. Doe Oct 04 '18 at 17:06