Cabal revisions of hackage-security-0.6.2.5
Hackage metadata revisions edit the .cabal file after upload; each diff below is one revision.
revision 1
-cabal-version: 1.12-name: hackage-security-version: 0.6.2.5--synopsis: Hackage security library-description: The hackage security library provides both server and- client utilities for securing the Hackage package server- (<https://hackage.haskell.org/>). It is based on The Update- Framework (<https://theupdateframework.com/>), a set of- recommendations developed by security researchers at- various universities in the US as well as developers on the- Tor project (<https://www.torproject.org/>).- .- The current implementation supports only index signing,- thereby enabling untrusted mirrors. It does not yet provide- facilities for author package signing.- .- The library has two main entry points:- "Hackage.Security.Client" is the main entry point for- clients (the typical example being @cabal@), and- "Hackage.Security.Server" is the main entry point for- servers (the typical example being @hackage-server@).-license: BSD3-license-file: LICENSE-author: Edsko de Vries-maintainer: cabal-devel@haskell.org-copyright: Copyright 2015-2022 Well-Typed LLP-category: Distribution-homepage: https://github.com/haskell/hackage-security-bug-reports: https://github.com/haskell/hackage-security/issues-build-type: Simple--tested-with:- GHC == 9.8.2- GHC == 9.6.4- GHC == 9.4.8- GHC == 9.2.8- GHC == 9.0.2- GHC == 8.10.7- GHC == 8.8.4- GHC == 8.6.5- GHC == 8.4.4--extra-source-files:- ChangeLog.md--source-repository head- type: git- location: https://github.com/haskell/hackage-security.git--flag use-network-uri- description: Are we using @network-uri@?- manual: False--flag Cabal-syntax- description: Are we using Cabal-syntax?- manual: False- default: False--flag lukko- description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@- manual: True- default: True--library- -- Most functionality is exported through the top-level entry points .Client- -- and .Server; the other exported modules are intended for qualified imports.- exposed-modules: Hackage.Security.Client- Hackage.Security.Client.Formats- Hackage.Security.Client.Repository- Hackage.Security.Client.Repository.Cache- Hackage.Security.Client.Repository.Local- Hackage.Security.Client.Repository.Remote- Hackage.Security.Client.Repository.HttpLib- Hackage.Security.Client.Verify- Hackage.Security.JSON- Hackage.Security.Key.Env- Hackage.Security.Server- Hackage.Security.Trusted- Hackage.Security.TUF.FileMap- Hackage.Security.Util.Checked- Hackage.Security.Util.Path- Hackage.Security.Util.Pretty- Hackage.Security.Util.Some- Text.JSON.Canonical- other-modules: Hackage.Security.Key- Hackage.Security.Trusted.TCB- Hackage.Security.TUF- Hackage.Security.TUF.Common- Hackage.Security.TUF.FileInfo- Hackage.Security.TUF.Header- Hackage.Security.TUF.Layout.Cache- Hackage.Security.TUF.Layout.Index- Hackage.Security.TUF.Layout.Repo- Hackage.Security.TUF.Mirrors- Hackage.Security.TUF.Paths- Hackage.Security.TUF.Patterns- Hackage.Security.TUF.Root- Hackage.Security.TUF.Signed- Hackage.Security.TUF.Snapshot- Hackage.Security.TUF.Targets- Hackage.Security.TUF.Timestamp- Hackage.Security.Util.Base64- Hackage.Security.Util.Exit- Hackage.Security.Util.IO- Hackage.Security.Util.JSON- Hackage.Security.Util.Lens- Hackage.Security.Util.Stack- Hackage.Security.Util.TypedEmbedded-- build-depends: base >= 4.11 && < 4.20,- base16-bytestring >= 0.1.1 && < 1.1,- base64-bytestring >= 1.0 && < 1.3,- bytestring >= 0.10.8.2 && < 0.13,- containers >= 0.5.11 && < 0.8,- cryptohash-sha256 >= 0.11 && < 0.12,- directory >= 1.3.1.5 && < 1.4,- ed25519 >= 0.0 && < 0.1,- filepath >= 1.4.2 && < 1.5,- mtl >= 2.2.2 && < 2.4,- parsec >= 3.1.13 && < 3.2,- pretty >= 1.0 && < 1.2,- -- 0.4.2 introduces TarIndex, 0.4.4 introduces more- -- functionality, 0.5.0 changes type of serialise- tar >= 0.5 && < 0.7,- template-haskell >= 2.13 && < 2.22,- time >= 1.8.0.2 && < 1.13,- transformers >= 0.3 && < 0.7,- zlib >= 0.5 && < 0.8,- -- whatever versions are bundled with ghc:- ghc-prim >= 0.5.2 && < 0.12-- if flag(lukko)- build-depends: lukko >= 0.1 && < 0.2- else- build-depends: base >= 4.11-- if flag(Cabal-syntax)- build-depends: Cabal-syntax >= 3.7 && < 3.14- else- build-depends: Cabal >= 2.2.0.1 && < 2.6- || >= 3.0 && < 3.7,- Cabal-syntax < 3.7-- hs-source-dirs: src- default-language: Haskell2010- default-extensions: DefaultSignatures- DeriveDataTypeable- DeriveFunctor- FlexibleContexts- FlexibleInstances- GADTs- GeneralizedNewtypeDeriving- KindSignatures- MultiParamTypeClasses- NamedFieldPuns- NoImplicitPrelude- NoMonomorphismRestriction- PatternSynonyms- RankNTypes- RecordWildCards- ScopedTypeVariables- StandaloneDeriving- TupleSections- TypeFamilies- TypeOperators- ViewPatterns- other-extensions:- AllowAmbiguousTypes- BangPatterns- CPP- DeriveLift- OverlappingInstances- PackageImports- RoleAnnotations- StaticPointers- UndecidableInstances-- ghc-options: -Wall-- -- The URI type got split out off the network package after version 2.5, and- -- moved to a separate network-uri package. Since we don't need the rest of- -- network here, it would suffice to rely only on network-uri:- --- -- > if flag(use-network-uri)- -- > build-depends: network-uri >= 2.6 && < 2.7- -- > else- -- > build-depends: network >= 2.5 && < 2.6- --- -- However, if we did the same in hackage-security-HTTP, Cabal would consider- -- those two flag choices (hackage-security:use-network-uri and- -- hackage-security-HTTP:use-network-uri) to be completely independent; but- -- they aren't: if it links hackage-security against network-uri and- -- hackage-security-HTTP against network, we will get type errors when- -- hackage-security-HTTP tries to pass a URI to hackage-security.- --- -- It might seem we can solve this problem by re-exporting the URI type in- -- hackage-security and avoid the dependency in hackage-security-HTTP- -- altogether. However, this merely shifts the problem: hackage-security-HTTP- -- relies on the HTTP library which--surprise!--makes the same choice between- -- depending on network or network-uri. Cabal will not notice that we cannot- -- build hackage-security and hackage-security-HTTP against network-uri but- -- HTTP against network.- --- -- We solve the problem by explicitly relying on network-2.6 when choosing- -- network-uri. This dependency is redundant, strictly speaking. However, it- -- serves as a proxy for forcing flag choices: since all packages in a- -- solution must be linked against the same version of network, having one- -- version of network in one branch of the conditional and another version of- -- network in the other branch forces the choice to be consistent throughout.- -- (Note that the HTTP library does the same thing, though in this case the- -- dependency in network is not redundant.)- if flag(use-network-uri)- build-depends: network-uri >= 2.6 && < 2.7,- network >= 2.6 && < 2.9- || >= 3.0 && < 3.2- else- build-depends: network >= 2.5 && < 2.6--test-suite TestSuite- type: exitcode-stdio-1.0- main-is: TestSuite.hs- other-modules: TestSuite.HttpMem- TestSuite.InMemCache- TestSuite.InMemRepo- TestSuite.InMemRepository- TestSuite.JSON- TestSuite.PrivateKeys- TestSuite.Util.StrictMVar-- -- inherited constraints from lib:hackage-security component- build-depends: hackage-security,- base,- containers,- bytestring,- network-uri,- tar,- text,- time,- zlib-- if flag(Cabal-syntax)- build-depends: Cabal >= 3.7 && < 3.14,- Cabal-syntax >= 3.7 && < 3.14- else- build-depends: Cabal >= 2.2.0.1 && < 2.6- || >= 3.0 && < 3.7,- Cabal-syntax < 3.7-- -- dependencies exclusive to test-suite- build-depends: tasty >= 1.2 && < 1.6,- tasty-hunit == 0.10.*,- tasty-quickcheck == 0.10.*,- QuickCheck >= 2.11 && <2.15,- aeson >= 1.4 && < 1.6 || >= 2.0 && < 2.3,- vector >= 0.12 && <0.14,- unordered-containers >=0.2.8.0 && <0.3,- temporary >= 1.2 && < 1.4-- hs-source-dirs: tests- default-language: Haskell2010- default-extensions: FlexibleContexts- GADTs- KindSignatures- RankNTypes- RecordWildCards- ScopedTypeVariables- ghc-options: -Wall+cabal-version: 1.12 +name: hackage-security +version: 0.6.2.5 +x-revision: 1 + +synopsis: Hackage security library +description: The hackage security library provides both server and + client utilities for securing the Hackage package server + (<https://hackage.haskell.org/>). It is based on The Update + Framework (<https://theupdateframework.com/>), a set of + recommendations developed by security researchers at + various universities in the US as well as developers on the + Tor project (<https://www.torproject.org/>). + . + The current implementation supports only index signing, + thereby enabling untrusted mirrors. It does not yet provide + facilities for author package signing. + . + The library has two main entry points: + "Hackage.Security.Client" is the main entry point for + clients (the typical example being @cabal@), and + "Hackage.Security.Server" is the main entry point for + servers (the typical example being @hackage-server@). +license: BSD3 +license-file: LICENSE +author: Edsko de Vries +maintainer: cabal-devel@haskell.org +copyright: Copyright 2015-2022 Well-Typed LLP +category: Distribution +homepage: https://github.com/haskell/hackage-security +bug-reports: https://github.com/haskell/hackage-security/issues +build-type: Simple + +tested-with: + GHC == 9.8.2 + GHC == 9.6.4 + GHC == 9.4.8 + GHC == 9.2.8 + GHC == 9.0.2 + GHC == 8.10.7 + GHC == 8.8.4 + GHC == 8.6.5 + GHC == 8.4.4 + +extra-source-files: + ChangeLog.md + +source-repository head + type: git + location: https://github.com/haskell/hackage-security.git + +flag use-network-uri + description: Are we using @network-uri@? + manual: False + +flag Cabal-syntax + description: Are we using Cabal-syntax? + manual: False + default: False + +flag lukko + description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@ + manual: True + default: True + +library + -- Most functionality is exported through the top-level entry points .Client + -- and .Server; the other exported modules are intended for qualified imports. + exposed-modules: Hackage.Security.Client + Hackage.Security.Client.Formats + Hackage.Security.Client.Repository + Hackage.Security.Client.Repository.Cache + Hackage.Security.Client.Repository.Local + Hackage.Security.Client.Repository.Remote + Hackage.Security.Client.Repository.HttpLib + Hackage.Security.Client.Verify + Hackage.Security.JSON + Hackage.Security.Key.Env + Hackage.Security.Server + Hackage.Security.Trusted + Hackage.Security.TUF.FileMap + Hackage.Security.Util.Checked + Hackage.Security.Util.Path + Hackage.Security.Util.Pretty + Hackage.Security.Util.Some + Text.JSON.Canonical + other-modules: Hackage.Security.Key + Hackage.Security.Trusted.TCB + Hackage.Security.TUF + Hackage.Security.TUF.Common + Hackage.Security.TUF.FileInfo + Hackage.Security.TUF.Header + Hackage.Security.TUF.Layout.Cache + Hackage.Security.TUF.Layout.Index + Hackage.Security.TUF.Layout.Repo + Hackage.Security.TUF.Mirrors + Hackage.Security.TUF.Paths + Hackage.Security.TUF.Patterns + Hackage.Security.TUF.Root + Hackage.Security.TUF.Signed + Hackage.Security.TUF.Snapshot + Hackage.Security.TUF.Targets + Hackage.Security.TUF.Timestamp + Hackage.Security.Util.Base64 + Hackage.Security.Util.Exit + Hackage.Security.Util.IO + Hackage.Security.Util.JSON + Hackage.Security.Util.Lens + Hackage.Security.Util.Stack + Hackage.Security.Util.TypedEmbedded + + build-depends: base >= 4.11 && < 4.20, + base16-bytestring >= 0.1.1 && < 1.1, + base64-bytestring >= 1.0 && < 1.3, + bytestring >= 0.10.8.2 && < 0.13, + containers >= 0.5.11 && < 0.8, + cryptohash-sha256 >= 0.11 && < 0.12, + directory >= 1.3.1.5 && < 1.4, + ed25519 >= 0.0 && < 0.1, + filepath >= 1.4.2 && < 1.5, + mtl >= 2.2.2 && < 2.4, + parsec >= 3.1.13 && < 3.2, + pretty >= 1.0 && < 1.2, + -- 0.4.2 introduces TarIndex, 0.4.4 introduces more + -- functionality, 0.5.0 changes type of serialise + tar >= 0.5 && < 0.7, + template-haskell >= 2.13 && < 2.22, + time >= 1.8.0.2 && < 1.13, + transformers >= 0.3 && < 0.7, + zlib >= 0.5 && < 0.8, + -- whatever versions are bundled with ghc: + ghc-prim >= 0.5.2 && < 0.12 + + if flag(lukko) + build-depends: lukko >= 0.1 && < 0.2 + else + build-depends: base >= 4.11 + + if flag(Cabal-syntax) + build-depends: Cabal-syntax >= 3.7 && < 3.14 + else + build-depends: Cabal >= 2.2.0.1 && < 2.6 + || >= 3.0 && < 3.7, + Cabal-syntax < 3.7 + + hs-source-dirs: src + default-language: Haskell2010 + default-extensions: DefaultSignatures + DeriveDataTypeable + DeriveFunctor + FlexibleContexts + FlexibleInstances + GADTs + GeneralizedNewtypeDeriving + KindSignatures + MultiParamTypeClasses + NamedFieldPuns + NoImplicitPrelude + NoMonomorphismRestriction + PatternSynonyms + RankNTypes + RecordWildCards + ScopedTypeVariables + StandaloneDeriving + TupleSections + TypeFamilies + TypeOperators + ViewPatterns + other-extensions: + AllowAmbiguousTypes + BangPatterns + CPP + DeriveLift + OverlappingInstances + PackageImports + RoleAnnotations + StaticPointers + UndecidableInstances + + ghc-options: -Wall + + -- The URI type got split out off the network package after version 2.5, and + -- moved to a separate network-uri package. Since we don't need the rest of + -- network here, it would suffice to rely only on network-uri: + -- + -- > if flag(use-network-uri) + -- > build-depends: network-uri >= 2.6 && < 2.7 + -- > else + -- > build-depends: network >= 2.5 && < 2.6 + -- + -- However, if we did the same in hackage-security-HTTP, Cabal would consider + -- those two flag choices (hackage-security:use-network-uri and + -- hackage-security-HTTP:use-network-uri) to be completely independent; but + -- they aren't: if it links hackage-security against network-uri and + -- hackage-security-HTTP against network, we will get type errors when + -- hackage-security-HTTP tries to pass a URI to hackage-security. + -- + -- It might seem we can solve this problem by re-exporting the URI type in + -- hackage-security and avoid the dependency in hackage-security-HTTP + -- altogether. However, this merely shifts the problem: hackage-security-HTTP + -- relies on the HTTP library which--surprise!--makes the same choice between + -- depending on network or network-uri. Cabal will not notice that we cannot + -- build hackage-security and hackage-security-HTTP against network-uri but + -- HTTP against network. + -- + -- We solve the problem by explicitly relying on network-2.6 when choosing + -- network-uri. This dependency is redundant, strictly speaking. However, it + -- serves as a proxy for forcing flag choices: since all packages in a + -- solution must be linked against the same version of network, having one + -- version of network in one branch of the conditional and another version of + -- network in the other branch forces the choice to be consistent throughout. + -- (Note that the HTTP library does the same thing, though in this case the + -- dependency in network is not redundant.) + if flag(use-network-uri) + build-depends: network-uri >= 2.6 && < 2.7, + network >= 2.6 && < 2.9 + || >= 3.0 && < 3.2 + else + build-depends: network >= 2.5 && < 2.6 + +test-suite TestSuite + type: exitcode-stdio-1.0 + main-is: TestSuite.hs + other-modules: TestSuite.HttpMem + TestSuite.InMemCache + TestSuite.InMemRepo + TestSuite.InMemRepository + TestSuite.JSON + TestSuite.PrivateKeys + TestSuite.Util.StrictMVar + + -- inherited constraints from lib:hackage-security component + build-depends: hackage-security, + base, + containers, + bytestring, + network-uri, + tar >= 0.6, + text, + time, + zlib + + if flag(Cabal-syntax) + build-depends: Cabal >= 3.7 && < 3.14, + Cabal-syntax >= 3.7 && < 3.14 + else + build-depends: Cabal >= 2.2.0.1 && < 2.6 + || >= 3.0 && < 3.7, + Cabal-syntax < 3.7 + + -- dependencies exclusive to test-suite + build-depends: tasty >= 1.2 && < 1.6, + tasty-hunit == 0.10.*, + tasty-quickcheck == 0.10.*, + QuickCheck >= 2.11 && <2.15, + aeson >= 1.4 && < 1.6 || >= 2.0 && < 2.3, + vector >= 0.12 && <0.14, + unordered-containers >=0.2.8.0 && <0.3, + temporary >= 1.2 && < 1.4 + + hs-source-dirs: tests + default-language: Haskell2010 + default-extensions: FlexibleContexts + GADTs + KindSignatures + RankNTypes + RecordWildCards + ScopedTypeVariables + ghc-options: -Wall