1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
cabal-version: 1.18
name: hackage-security
version: 0.6.3.2
synopsis: Hackage security library
description: The hackage security library provides both server and
client utilities for securing the Hackage package server
(<https://hackage.haskell.org/>). It is based on The Update
Framework (<https://theupdateframework.com/>), a set of
recommendations developed by security researchers at
various universities in the US as well as developers on the
Tor project (<https://www.torproject.org/>).
.
The current implementation supports only index signing,
thereby enabling untrusted mirrors. It does not yet provide
facilities for author package signing.
.
The library has two main entry points:
"Hackage.Security.Client" is the main entry point for
clients (the typical example being @cabal@), and
"Hackage.Security.Server" is the main entry point for
servers (the typical example being @hackage-server@).
license: BSD3
license-file: LICENSE
author: Edsko de Vries
maintainer: cabal-devel@haskell.org
copyright: Copyright 2015-2022 Well-Typed LLP
category: Distribution
homepage: https://github.com/haskell/hackage-security
bug-reports: https://github.com/haskell/hackage-security/issues
build-type: Simple
tested-with:
GHC == 9.14.1
GHC == 9.12.2
GHC == 9.10.2
GHC == 9.8.4
GHC == 9.6.7
GHC == 9.4.8
GHC == 9.2.8
GHC == 9.0.2
GHC == 8.10.7
GHC == 8.8.4
GHC == 8.6.5
GHC == 8.4.4
extra-doc-files:
ChangeLog.md
source-repository head
type: git
location: https://github.com/haskell/hackage-security.git
flag Cabal-syntax
description: Are we using Cabal-syntax?
manual: False
default: False
flag lukko
description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@
manual: False
default: False
library
-- Most functionality is exported through the top-level entry points .Client
-- and .Server; the other exported modules are intended for qualified imports.
exposed-modules: Hackage.Security.Client
Hackage.Security.Client.Formats
Hackage.Security.Client.Repository
Hackage.Security.Client.Repository.Cache
Hackage.Security.Client.Repository.Local
Hackage.Security.Client.Repository.Remote
Hackage.Security.Client.Repository.HttpLib
Hackage.Security.Client.Verify
Hackage.Security.JSON
Hackage.Security.Key.Env
Hackage.Security.Server
Hackage.Security.Trusted
Hackage.Security.TUF.FileMap
Hackage.Security.Util.Checked
Hackage.Security.Util.Path
Hackage.Security.Util.Pretty
Hackage.Security.Util.Some
Text.JSON.Canonical
other-modules: Hackage.Security.Key
Hackage.Security.Trusted.TCB
Hackage.Security.TUF
Hackage.Security.TUF.Common
Hackage.Security.TUF.FileInfo
Hackage.Security.TUF.Header
Hackage.Security.TUF.Layout.Cache
Hackage.Security.TUF.Layout.Index
Hackage.Security.TUF.Layout.Repo
Hackage.Security.TUF.Mirrors
Hackage.Security.TUF.Paths
Hackage.Security.TUF.Patterns
Hackage.Security.TUF.Root
Hackage.Security.TUF.Signed
Hackage.Security.TUF.Snapshot
Hackage.Security.TUF.Targets
Hackage.Security.TUF.Timestamp
Hackage.Security.Util.Base64
Hackage.Security.Util.Exit
Hackage.Security.Util.IO
Hackage.Security.Util.JSON
Hackage.Security.Util.Lens
Hackage.Security.Util.Stack
Hackage.Security.Util.TypedEmbedded
build-depends: base >= 4.11 && < 4.23,
base16-bytestring >= 0.1.1 && < 1.1,
base64-bytestring >= 1.0 && < 1.3,
bytestring >= 0.10.8.2 && < 0.13,
containers >= 0.5.11 && < 0.9,
cryptohash-sha256 >= 0.11 && < 0.12,
directory >= 1.3.1.5 && < 1.4,
ed25519 >= 0.0 && < 0.1,
filepath >= 1.4.2 && < 1.6,
mtl >= 2.2.2 && < 2.4,
network-uri >= 2.6 && < 2.7,
network >= 2.6 && < 3.3,
parsec >= 3.1.13 && < 3.2,
pretty >= 1.0 && < 1.2,
-- 0.4.2 introduces TarIndex, 0.4.4 introduces more
-- functionality, 0.5.0 changes type of serialise
tar >= 0.5 && < 0.8,
template-haskell >= 2.13 && < 2.25,
time >= 1.8.0.2 && < 1.16,
transformers >= 0.3 && < 0.7,
zlib >= 0.5 && < 0.8,
-- whatever versions are bundled with ghc:
ghc-prim >= 0.5.2 && < 0.14
if flag(lukko)
build-depends: lukko >= 0.1 && < 0.2
else
build-depends: base >= 4.11
if flag(Cabal-syntax)
build-depends: Cabal-syntax >= 3.7 && < 3.18
else
build-depends: Cabal >= 2.2.0.1 && < 2.6
|| >= 3.0 && < 3.7,
Cabal-syntax < 3.7
hs-source-dirs: src
default-language: Haskell2010
default-extensions: DefaultSignatures
DeriveDataTypeable
DeriveFunctor
FlexibleContexts
FlexibleInstances
GADTs
GeneralizedNewtypeDeriving
KindSignatures
MultiParamTypeClasses
NamedFieldPuns
NoImplicitPrelude
NoMonomorphismRestriction
PatternSynonyms
RankNTypes
RecordWildCards
ScopedTypeVariables
StandaloneDeriving
TupleSections
TypeFamilies
TypeOperators
ViewPatterns
other-extensions:
AllowAmbiguousTypes
BangPatterns
CPP
DeriveLift
OverlappingInstances
PackageImports
RoleAnnotations
StaticPointers
UndecidableInstances
ghc-options: -Wall
test-suite TestSuite
type: exitcode-stdio-1.0
main-is: TestSuite.hs
other-modules: TestSuite.HttpMem
TestSuite.InMemCache
TestSuite.InMemRepo
TestSuite.InMemRepository
TestSuite.JSON
TestSuite.PrivateKeys
TestSuite.Util.StrictMVar
-- inherited constraints from lib:hackage-security component
build-depends: hackage-security,
base,
containers,
bytestring,
network-uri,
tar,
text,
time,
zlib
if flag(Cabal-syntax)
build-depends: Cabal >= 3.7 && < 3.18,
Cabal-syntax >= 3.7 && < 3.18
else
build-depends: Cabal >= 2.2.0.1 && < 2.6
|| >= 3.0 && < 3.7,
Cabal-syntax < 3.7
-- dependencies exclusive to test-suite
build-depends: tasty >= 1.1.0.4 && < 1.6,
-- tasty-1.1.0.4 is the version in Stackage LTS 12.26 (GHC 8.4)
tasty-hunit == 0.10.*,
tasty-quickcheck >= 0.10 && < 1,
QuickCheck >= 2.11 && < 2.17,
aeson >= 1.4 && < 1.6 || >= 2.0 && < 2.3,
vector >= 0.12 && < 0.14,
unordered-containers >= 0.2.8.0 && < 0.3,
temporary >= 1.2 && < 1.4
hs-source-dirs: tests
default-language: Haskell2010
default-extensions: FlexibleContexts
GADTs
KindSignatures
RankNTypes
RecordWildCards
ScopedTypeVariables
ghc-options: -Wall
|
