While the title of this post is meant to be provocative, it’s also meant to underscore the fact that local build environments are now a choice, rather than a necessity. And given the amount of set up and work they entail (from sourcing packagers to verifying build scripts to resolving conflicts and compile issues) they may not even be the best choice.
That leaves you with two options:
- Install binaries, or
- Leverage a cloud-based Perl build system
Given the current trend toward installing binaries, building from source is quickly becoming something of a lost art. But installing binaries may not always be appropriate if:
- Exploits, such as similarly named dependencies or hacked author accounts lead to installing compromised binaries from a language ecosystem’s official repository.
- The latest version of a dependency is only available as source code, or requires patching to eliminate a critical vulnerability.
- Corporate policies require all language artifacts to be built from source for security, provenance, or compliance reasons.
When it comes to cloud-based Perl build systems, ActiveState was one of the first to provide a non-local build experience for Perl when we released the Perl Package Manager (PPM) in 2006. Since then, we’ve launched the ActiveState Platform to help automate the creation of our ActivePerl (and ActivePython and ActiveTcl) distributions.
Today, the ActiveState Platform features a catalog of dependencies imported from CPAN that you can use for free to automatically build far more dependencies (including dependencies with linked C libraries) than PPM ever could. In addition, the ActiveState Platform will:
- Automatically resolve all your dependencies so you don’t waste time building ones that don’t work together.
- Allow you to define versions of dependencies using operators like <, <=, !=, == and more, so you can specify the exact set of dependencies required by your project.
- Build all your dependencies from source code, ensuring code provenance and better security.
If these benefits are of interest to you, you’ll want to try out the ActiveState Platform to automatically build the Perl environment you need for your next project. You can use the cpanfile or meta.json file that defines your project to create a Perl environment in just a few minutes, as shown in the following video:
Keep in mind that while not every version of every dependency can always be built for every OS, you can always ask for help in our community forums.
Indemnified Perl Builds
The ActiveState Platform also provides the ability to create indemnified Perl environments that can help protect your organization from IP lawsuits. While only available as an option at our Enterprise tier, indemnification provides protection against IP infringement lawsuits that can result when open source code is used in a way that contravenes its license.
As a busy developer, you don’t always have the time to review the licenses for all the third-party Perl modules you use. Typically, either someone in your organization or an external auditor is responsible for ensuring license compliance, which can be tricky due to embedded licenses (code bases that call code bases) and license conflicts (components with licenses that are at odds with your overall product’s license).
In the past, ActiveState has manually created indemnified builds for customers — builds which include all of the dependencies required by all of their projects, and whose licenses had been approved by their legal teams. But this is a lengthy process entailing quite a bit of upfront work only to arrive at a limited solution since:
- Developers that want to build for production are locked into a predefined set of dependencies.
- One-size-fits-all Perl distributions always seem to include both too much (i.e., dependencies you’ll never use) and too little (ie., the exact dependency/version you actually require).
- Adding a new dependency to the build (or even a new version of a dependency) takes time, both for the lawyers to review the license and for ActiveState to update the indemnified build.
With the ActiveState Platform, however, you can now “self-serve” your own indemnified build from our catalog of vetted dependencies for each project you work on. The following short video shows you how:
Next Steps
Ready to give it a try? As the videos show, utilizing our cloud-based build farm to automatically create a Perl environment is quite often far simpler than creating one manually using a local build environment. The ActiveState Platform also offers a number of benefits you can’t get from a local build, including:
- Automated dependency resolution, as well as automatically generated suggestions about how to resolve dependency conflicts when they arise
- Greater control over dependency version definition
- A single toolchain to manage your builds for both Linux and Windows
And if required, indemnification, as well. To get started, all you need to do is create a free account on the ActiveState Platform.
ActiveState introduced a new version of our Perl ecosystem with the release of Perl 5.32, which provides a new way to install, work with and even consume Perl from ActiveState. You can learn more and download your own version of ActiveState’s new Perl ecosystem for free from our Perl 5.32 page.
Recent Posts
Automating Vulnerability Management
Automating vul’n remediation is still limited by code coverage & breaking changes, but ActiveState closes some gaps to remediating at scale.
Regulatory Compliance & Open Source Software
Open source is rarely built with regulatory compliance in mind. Learn how to create & enforce compliance for OSS during software development.
Software Supply Chain Security for FinServ
Learn how financial services can secure their software supply chain with best practices and key insights.