Dependency Discovery and Management
One of the more common complaints about deploying software written in Perl is the occasionally tangled nest of dependencies one must install from CPAN. Given the complexity of the system and the incredibly tenuous level of collaboration between various CPAN module authors, the system works astonishingly well.
That being said, I want to be able to ship software to clients and other users without worrying about an author uploading a new, untested version of a module next week or a user having to recurse through dependencies 10 deep to be able to get my software installed.
I really want to be able to ship one big tarball with a single install command which I know will do the right thing. To that end, we've built Shipwright. I've talked about Shipwright before, but I've spent a big chunk of the past week working with Sunnavy to smooth out many rough edges and to deal with all sorts of fun edge and corner cases in the code we use to ensure isolated, reproducible builds.
Once you untangle the dependency graph, you'll discover SD currently has 123 dependencies which weren't core in Perl 5.8.5. They clock in as 8 MB of gzipped distribution files including source code, tests and documentation. Shipwright knows the exact order they need to be installed in, how to build them and how to wrap them so that the compiled package can be installed in any directory the user wants. The Shipwright "vessel" is built from a script a script on OSX and builds and passes all of SD's tests, as well as the tests for each of those 123 dependencies on an older version on Debian Linux.
123 dependencies is too many, even if it's relatively straight forward to install them with a single command. Over the past few days, I've poked at the vessel's order files to try to see what I might be able to pare away with a bit of coding or tweaking. It...wasn't easy or pleasant work. I made some progress, but only because I know far too much about many of the libraries we depend on and made some good guesses.
I spent a bit of this afternoon hacking up Shipwright to output a graph of all dependencies in a format that GraphViz understands. Now I have pretty pictures.
I now understand SD's dependency tree much better and have some good ideas about how to dramatically reduce its dependency graph.
Just for kicks, I ran Shipwright against MojoMojo. The graph is a bit bigger. ;)