Lack of TLS support

[tmiklas]

Issue:
perl:<version>-slim image used here "only contains the minimal packages needed to run perl", meaning for example lack of TLS support, which is rather important in case of functions.

Proposed Fix:
This can be resolved in one of two ways:

1. Add required Debian modules to the Dockerfile and keep using 5.28.2-slim image (112MB)
2. Switch to full image 5.28.2 image (891MB)

For obvious reasons, first approach is preferred - it will increase the image size but not as much as switching to full version.

[alexellis]

Hi thank you for raising this issue. Please can you show how TLS is not available and what you mean by that? Do you mean that the ca certificates bundle is not present?

[tmiklas]

It means that perl:<version>-slim base image does not include required libraries to connect to HTTPS endpoints from the Perl code.

The image actually is missing most HTTP(s) client libraries, hence minimal tag. If our function is to call any HTTP/HTTPS endpoint it will need suitable modules installed. This can be done directly via cpanfile and cpanm as done in the template, or by installing them from Debian repo, which is much more space efficient and saves us from time expensive compilation.

Recreating the scenario requires a bit of work, but for completeness... first I will install Debian's build-essential package to make it possible to build modules with cpanm, then install LWP::UserAgent to visit HTTP and HTTPS website. Once we add LWP::UserAgent it will complain it needs LWP::Protocol::https which has further dependencies, etc.

To demonstrate the issue I will use the following perl script:

root@dd78a48da8df:~# cat get.pl
#!/usr/bin/perl

# Create a user agent object
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;

# Create a request
my $req = HTTP::Request->new(GET => $ARGV[0]);

# Pass request to the user agent and get a response back
my $res = $ua->request($req);

# Check the outcome of the response
print "HTTP response code is ", $res->status_line, "\n";

Here's the evidence of issue existing:

$ docker run -it --rm --entrypoint bash perl:5.28.2-slim
root@61e97748b998:~# perl get.pl http://google.com
Can't locate LWP/UserAgent.pm in @INC (you may need to install the LWP::UserAgent module) (@INC contains: /usr/local/lib/perl5/site_perl/5.28.2/x86_64-linux-gnu /usr/local/lib/perl5/site_perl/5.28.2 /usr/local/lib/perl5/vendor_perl/5.28.2/x86_64-linux-gnu /usr/local/lib/perl5/vendor_perl/5.28.2 /usr/local/lib/perl5/5.28.2/x86_64-linux-gnu /usr/local/lib/perl5/5.28.2) at get.pl line 4.
BEGIN failed--compilation aborted at get.pl line 4.

root@61e97748b998:~# apt-get update && apt-get install -y build-essential > /dev/null
[...]
root@dd78a48da8df:~# cpanm LWP::UserAgent
[...]
Building and testing libwww-perl-6.39 ... OK
Successfully installed libwww-perl-6.39
23 distributions installed

root@dd78a48da8df:~# perl get.pl http://google.co.uk
HTTP response code is 200 OK
root@dd78a48da8df:~# perl get.pl https://google.co.uk
HTTP response code is 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)

Now we will need libssl-dev, openssl and few other bits to build dependencies, all adding to the image size.

Luckily, Perl base image is built on Debian, so this should be easy to mitigate by adding Debian packages before running cpanm to install user defined requirements.

I'm looking at which exact packages to add - noticed some libraries added in that way may be landing outside of the search path. If you give me a bit of time, I will provide a suitable combination and fix for this template.