hackage-security 0.6.2.3 → 0.6.2.4
raw patch · 4 files changed
+70/−64 lines, 4 filesdep −mtl-compatdep −old-localedep −old-timedep ~basedep ~directorydep ~mtlnew-uploaderPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependencies removed: mtl-compat, old-locale, old-time
Dependency ranges changed: base, directory, mtl, tar, zlib
API changes (from Hackage documentation)
- Hackage.Security.Client: VerificationErrorSignatures :: TargetPath -> VerificationError
+ Hackage.Security.Client: VerificationErrorSignatures :: TargetPath -> Integer -> [KeyId] -> [KeyId] -> VerificationError
- Hackage.Security.Trusted: VerificationErrorSignatures :: TargetPath -> VerificationError
+ Hackage.Security.Trusted: VerificationErrorSignatures :: TargetPath -> Integer -> [KeyId] -> [KeyId] -> VerificationError
Files
- ChangeLog.md +8/−0
- hackage-security.cabal +33/−53
- src/Hackage/Security/Client/Repository/Cache.hs +1/−1
- src/Hackage/Security/Trusted/TCB.hs +28/−10
ChangeLog.md view
@@ -1,5 +1,13 @@ See also http://pvp.haskell.org/faq +0.6.2.4+-------++* Allow `tar-0.6`+* Drop support for GHC < 7.8 in favor of `PatternSynonyms`+* Drop flags `base48`, `mtl21`, `old-directory` and support for GHC 7.8, `mtl < 2.2` and `directory < 1.2`+* Tested with GHC 7.10 - 9.8+ 0.6.2.3 -------
hackage-security.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.12 name: hackage-security-version: 0.6.2.3+version: 0.6.2.4 synopsis: Hackage security library description: The hackage security library provides both server and@@ -31,9 +31,18 @@ build-type: Simple tested-with:- GHC==9.4.1, GHC==9.2.4, GHC==9.0.2,- GHC==8.10.7, GHC==8.8.4, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,- GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2+ GHC == 9.8.1+ GHC == 9.6.3+ GHC == 9.4.8+ GHC == 9.2.8+ GHC == 9.0.2+ GHC == 8.10.7+ GHC == 8.8.4+ GHC == 8.6.5+ GHC == 8.4.4+ GHC == 8.2.2+ GHC == 8.0.2+ GHC == 7.10.3 extra-source-files: ChangeLog.md@@ -42,10 +51,6 @@ type: git location: https://github.com/haskell/hackage-security.git -flag base48- description: Are we using @base@ 4.8 or later?- manual: False- flag use-network-uri description: Are we using @network-uri@? manual: False@@ -55,16 +60,6 @@ manual: False default: False -flag old-directory- description: Use @directory@ < 1.2 and @old-time@- manual: False- default: False--flag mtl21- description: Use @mtl@ < 2.2 and @mtl-compat@- manual: False- default: False- flag lukko description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@ manual: True@@ -117,44 +112,36 @@ Hackage.Security.Util.TypedEmbedded MyPrelude -- We support ghc 7.4 (bundled with Cabal 1.14) and up- build-depends: base >= 4.5 && < 4.18,+ build-depends: base >= 4.8 && < 4.20,+ -- PatternSynonyms are only available since GHC 7.8 (base 4.7) base16-bytestring >= 0.1.1 && < 1.1, base64-bytestring >= 1.0 && < 1.3,- bytestring >= 0.9 && < 0.12,- containers >= 0.4 && < 0.7,+ bytestring >= 0.9 && < 0.13,+ containers >= 0.4 && < 0.8,+ cryptohash-sha256 >= 0.11 && < 0.12,+ directory >= 1.2 && < 1.4, ed25519 >= 0.0 && < 0.1, filepath >= 1.2 && < 1.5,+ mtl >= 2.2 && < 2.4, parsec >= 3.1 && < 3.2, pretty >= 1.0 && < 1.2,- cryptohash-sha256 >= 0.11 && < 0.12, -- 0.4.2 introduces TarIndex, 0.4.4 introduces more -- functionality, 0.5.0 changes type of serialise- tar >= 0.5 && < 0.6,- template-haskell >= 2.7 && < 2.20,+ tar >= 0.5 && < 0.7,+ template-haskell >= 2.7 && < 2.22, time >= 1.2 && < 1.13, transformers >= 0.3 && < 0.7, zlib >= 0.5 && < 0.7, -- whatever versions are bundled with ghc: ghc-prim- if flag(old-directory)- build-depends: directory >= 1.1.0.2 && < 1.2,- old-time >= 1 && < 1.2- else- build-depends: directory >= 1.2 && < 1.4 - if flag(mtl21)- build-depends: mtl >= 2.1 && < 2.2,- mtl-compat >= 0.2 && < 0.3- else- build-depends: mtl >= 2.2 && < 2.4- if flag(lukko) build-depends: lukko >= 0.1 && < 0.2 else build-depends: base >= 4.10 if flag(Cabal-syntax) && impl(ghc >= 8.2)- build-depends: Cabal-syntax >= 3.7 && < 3.10+ build-depends: Cabal-syntax >= 3.7 && < 3.12 else build-depends: Cabal >= 1.14 && < 1.26 || >= 2.0 && < 2.6@@ -175,6 +162,7 @@ NamedFieldPuns NoImplicitPrelude NoMonomorphismRestriction+ PatternSynonyms RankNTypes RecordWildCards ScopedTypeVariables@@ -183,10 +171,14 @@ TypeFamilies TypeOperators ViewPatterns- other-extensions: BangPatterns+ other-extensions:+ AllowAmbiguousTypes+ BangPatterns CPP OverlappingInstances PackageImports+ RoleAnnotations+ StaticPointers UndecidableInstances -- use the new stage1/cross-compile-friendly DeriveLift extension for GHC 8.0+@@ -197,11 +189,6 @@ ghc-options: -Wall - if flag(base48)- build-depends: base >= 4.8- else- build-depends: base < 4.8, old-locale == 1.0.*- -- The URI type got split out off the network package after version 2.5, and -- moved to a separate network-uri package. Since we don't need the rest of -- network here, it would suffice to rely only on network-uri:@@ -241,13 +228,6 @@ else build-depends: network >= 2.5 && < 2.6 - if impl(ghc >= 7.8)- other-extensions: RoleAnnotations-- if impl(ghc >= 7.10)- other-extensions: AllowAmbiguousTypes- StaticPointers- test-suite TestSuite type: exitcode-stdio-1.0 main-is: TestSuite.hs@@ -271,8 +251,8 @@ zlib if flag(Cabal-syntax) && impl(ghc >= 8.2)- build-depends: Cabal >= 3.7 && < 3.10,- Cabal-syntax >= 3.7 && < 3.10+ build-depends: Cabal >= 3.7 && < 3.12,+ Cabal-syntax >= 3.7 && < 3.12 else build-depends: Cabal >= 1.14 && < 1.26 || >= 2.0 && < 2.6@@ -280,11 +260,11 @@ Cabal-syntax < 3.7 -- dependencies exclusive to test-suite- build-depends: tasty >= 1.2 && < 1.5,+ build-depends: tasty >= 1.2 && < 1.6, tasty-hunit == 0.10.*, tasty-quickcheck == 0.10.*, QuickCheck >= 2.11 && <2.15,- aeson == 1.4.* || == 1.5.* || == 2.0.* || == 2.1.*,+ aeson >= 1.4 && < 1.6 || >= 2.0 && < 2.3, vector >= 0.12 && <0.14, unordered-containers >=0.2.8.0 && <0.3, temporary >= 1.2 && < 1.4
src/Hackage/Security/Client/Repository/Cache.hs view
@@ -20,7 +20,7 @@ import Control.Monad import Control.Monad.IO.Class import Data.Maybe-import Codec.Archive.Tar (Entries(..))+import Codec.Archive.Tar (Entries, pattern Done, pattern Fail, pattern Next) import Codec.Archive.Tar.Index (TarIndex, IndexBuilder, TarEntryOffset) import qualified Codec.Archive.Tar as Tar import qualified Codec.Archive.Tar.Index as TarIndex
src/Hackage/Security/Trusted/TCB.hs view
@@ -167,7 +167,10 @@ -- | Errors thrown during role validation data VerificationError = -- | Not enough signatures signed with the appropriate keys- VerificationErrorSignatures TargetPath+ VerificationErrorSignatures TargetPath -- what were we verifying?+ Integer -- threshold+ [KeyId] -- trusted keys+ [KeyId] -- found signing keys -- | The file is expired | VerificationErrorExpired TargetPath@@ -218,9 +221,16 @@ instance Exception RootUpdated #endif +indentedLines :: [String] -> String+indentedLines = unlines . map (" " ++)+ instance Pretty VerificationError where- pretty (VerificationErrorSignatures file) =- pretty file ++ " does not have enough signatures signed with the appropriate keys"+ pretty (VerificationErrorSignatures file threshold trusted sigs) =+ pretty file ++ " does not have enough signatures signed with the appropriate keys\n"+ ++ "Expected at least " ++ show threshold ++ " signatures from:\n"+ ++ indentedLines (map keyIdString trusted)+ ++ "Found signatures from:\n"+ ++ indentedLines (map keyIdString sigs) pretty (VerificationErrorExpired file) = pretty file ++ " is expired" pretty (VerificationErrorVersion file) =@@ -235,7 +245,7 @@ "Could not deserialize " ++ pretty file ++ ": " ++ pretty err pretty (VerificationErrorLoop es) = "Verification loop. Errors in order:\n"- ++ unlines (map ((" " ++) . either pretty pretty) es)+ ++ indentedLines (map (either pretty pretty) es) instance Pretty RootUpdated where pretty RootUpdated = "Root information updated"@@ -291,8 +301,9 @@ -- was invalid we would already have thrown an error constructing Signed. -- (Similarly, if two signatures were made by the same key, the FromJSON -- instance for Signatures would have thrown an error.)- unless (length (filter isRoleSpecKey sigs) >= fromIntegral threshold) $- throwError $ VerificationErrorSignatures targetPath+ let nSigs = length (filter isRoleSpecKey sigs)+ unless (nSigs >= fromIntegral threshold) $+ throwError $ VerificationErrorSignatures targetPath (fromIntegral threshold) trustedKeys signingKeys -- Everything is A-OK! return $ SignaturesVerified signed@@ -300,6 +311,10 @@ isRoleSpecKey :: Signature -> Bool isRoleSpecKey Signature{..} = signatureKey `elem` roleSpecKeys + trustedKeys, signingKeys :: [KeyId]+ trustedKeys = map someKeyId roleSpecKeys+ signingKeys = map (someKeyId . signatureKey) sigs+ -- | Variation on 'verifyRole' that uses key IDs rather than keys -- -- This is used during the bootstrap process.@@ -314,9 +329,12 @@ (KeyThreshold threshold) targetPath Signed{signatures = Signatures sigs, ..} =- if length (filter isTrustedKey sigs) >= fromIntegral threshold+ if length (filter isTrustedKey signingKeys) >= fromIntegral threshold then Right $ SignaturesVerified signed- else Left $ VerificationErrorSignatures targetPath+ else Left $ VerificationErrorSignatures targetPath (fromIntegral threshold) fingerprints signingKeys where- isTrustedKey :: Signature -> Bool- isTrustedKey Signature{..} = someKeyId signatureKey `elem` fingerprints+ signingKeys :: [KeyId]+ signingKeys = map (someKeyId . signatureKey) sigs++ isTrustedKey :: KeyId -> Bool+ isTrustedKey key = key `elem` fingerprints