[Git][haskell-team/package-plan][master] Use metadata rev0 for hackage-security-0.5.3.0

Ilias Tsitsimpis gitlab at salsa.debian.org
Fri Jun 22 12:24:46 BST 2018


Ilias Tsitsimpis pushed to branch master at Debian Haskell Group / package-plan


Commits:
ccb83674 by Ilias Tsitsimpis at 2018-06-22T14:10:22+03:00
Use metadata rev0 for hackage-security-0.5.3.0

- - - - -


1 changed file:

- + additional-cabals/hackage-security-0.5.3.0.cabal


Changes:

=====================================
additional-cabals/hackage-security-0.5.3.0.cabal
=====================================
--- /dev/null
+++ b/additional-cabals/hackage-security-0.5.3.0.cabal
@@ -0,0 +1,251 @@
+cabal-version:       1.12
+name:                hackage-security
+version:             0.5.3.0
+
+synopsis:            Hackage security library
+description:         The hackage security library provides both server and
+                     client utilities for securing the Hackage package server
+                     (<http://hackage.haskell.org/>).  It is based on The Update
+                     Framework (<http://theupdateframework.com/>), a set of
+                     recommendations developed by security researchers at
+                     various universities in the US as well as developers on the
+                     Tor project (<https://www.torproject.org/>).
+                     .
+                     The current implementation supports only index signing,
+                     thereby enabling untrusted mirrors. It does not yet provide
+                     facilities for author package signing.
+                     .
+                     The library has two main entry points:
+                     "Hackage.Security.Client" is the main entry point for
+                     clients (the typical example being @cabal@), and
+                     "Hackage.Security.Server" is the main entry point for
+                     servers (the typical example being @hackage-server@).
+license:             BSD3
+license-file:        LICENSE
+author:              Edsko de Vries
+maintainer:          cabal-devel at haskell.org
+copyright:           Copyright 2015-2016 Well-Typed LLP
+category:            Distribution
+homepage:            https://github.com/haskell/hackage-security
+bug-reports:         https://github.com/haskell/hackage-security/issues
+build-type:          Simple
+
+extra-source-files:
+  ChangeLog.md
+
+source-repository head
+  type: git
+  location: https://github.com/haskell/hackage-security.git
+
+flag base48
+  description: Are we using @base@ 4.8 or later?
+  manual: False
+
+flag use-network-uri
+  description: Are we using @network-uri@?
+  manual: False
+
+flag old-directory
+  description: Use @directory@ < 1.2 and @old-time@
+  manual:      False
+  default:     False
+
+library
+  -- Most functionality is exported through the top-level entry points .Client
+  -- and .Server; the other exported modules are intended for qualified imports.
+  exposed-modules:     Hackage.Security.Client
+                       Hackage.Security.Client.Formats
+                       Hackage.Security.Client.Repository
+                       Hackage.Security.Client.Repository.Cache
+                       Hackage.Security.Client.Repository.Local
+                       Hackage.Security.Client.Repository.Remote
+                       Hackage.Security.Client.Repository.HttpLib
+                       Hackage.Security.Client.Verify
+                       Hackage.Security.JSON
+                       Hackage.Security.Key.Env
+                       Hackage.Security.Server
+                       Hackage.Security.Trusted
+                       Hackage.Security.TUF.FileMap
+                       Hackage.Security.Util.Checked
+                       Hackage.Security.Util.IO
+                       Hackage.Security.Util.Lens
+                       Hackage.Security.Util.Path
+                       Hackage.Security.Util.Pretty
+                       Hackage.Security.Util.Some
+                       Text.JSON.Canonical
+  other-modules:       Hackage.Security.Key
+                       Hackage.Security.Trusted.TCB
+                       Hackage.Security.TUF
+                       Hackage.Security.TUF.Common
+                       Hackage.Security.TUF.FileInfo
+                       Hackage.Security.TUF.Header
+                       Hackage.Security.TUF.Layout.Cache
+                       Hackage.Security.TUF.Layout.Index
+                       Hackage.Security.TUF.Layout.Repo
+                       Hackage.Security.TUF.Mirrors
+                       Hackage.Security.TUF.Paths
+                       Hackage.Security.TUF.Patterns
+                       Hackage.Security.TUF.Root
+                       Hackage.Security.TUF.Signed
+                       Hackage.Security.TUF.Snapshot
+                       Hackage.Security.TUF.Targets
+                       Hackage.Security.TUF.Timestamp
+                       Hackage.Security.Util.Base64
+                       Hackage.Security.Util.Exit
+                       Hackage.Security.Util.FileLock
+                       Hackage.Security.Util.JSON
+                       Hackage.Security.Util.Stack
+                       Hackage.Security.Util.TypedEmbedded
+                       Prelude
+  -- We support ghc 7.4 (bundled with Cabal 1.14) and up
+  build-depends:       base              >= 4.5     && < 4.12,
+                       base16-bytestring >= 0.1.1   && < 0.2,
+                       base64-bytestring >= 1.0     && < 1.1,
+                       bytestring        >= 0.9     && < 0.11,
+                       Cabal             >= 1.14    && < 2.4,
+                       containers        >= 0.4     && < 0.6,
+                       ed25519           >= 0.0     && < 0.1,
+                       filepath          >= 1.2     && < 1.5,
+                       mtl               >= 2.2     && < 2.3,
+                       parsec            >= 3.1     && < 3.2,
+                       pretty            >= 1.0     && < 1.2,
+                       cryptohash-sha256 >= 0.11    && < 0.12,
+                       -- 0.4.2 introduces TarIndex, 0.4.4 introduces more
+                       -- functionality, 0.5.0 changes type of serialise
+                       tar               >= 0.5     && < 0.6,
+                       time              >= 1.2     && < 1.9,
+                       transformers      >= 0.4     && < 0.6,
+                       zlib              >= 0.5     && < 0.7,
+                       -- whatever versions are bundled with ghc:
+                       template-haskell,
+                       ghc-prim
+  if flag(old-directory)
+    build-depends:     directory >= 1.1.0.2 && < 1.2,
+                       old-time  >= 1 &&       < 1.2
+  else
+    build-depends:     directory >= 1.2 && < 1.4
+  build-tool-depends:  hsc2hs:hsc2hs >= 0.67 && <0.69
+
+  hs-source-dirs:      src
+  default-language:    Haskell2010
+  default-extensions:  DefaultSignatures
+                       DeriveDataTypeable
+                       DeriveFunctor
+                       FlexibleContexts
+                       FlexibleInstances
+                       GADTs
+                       GeneralizedNewtypeDeriving
+                       KindSignatures
+                       MultiParamTypeClasses
+                       NamedFieldPuns
+                       NoMonomorphismRestriction
+                       RankNTypes
+                       RecordWildCards
+                       ScopedTypeVariables
+                       StandaloneDeriving
+                       TupleSections
+                       TypeFamilies
+                       TypeOperators
+                       ViewPatterns
+  other-extensions:    BangPatterns
+                       CPP
+                       OverlappingInstances
+                       PackageImports
+                       UndecidableInstances
+
+  -- use the new stage1/cross-compile-friendly Quotes subset of TH for new GHCs
+  if impl(ghc >= 8.0)
+    other-extensions: TemplateHaskellQuotes
+  else
+    other-extensions: TemplateHaskell
+
+  ghc-options:         -Wall
+
+  if flag(base48)
+    build-depends: base >= 4.8
+  else
+    build-depends: base < 4.8, old-locale == 1.0.*
+
+  -- The URI type got split out off the network package after version 2.5, and
+  -- moved to a separate network-uri package. Since we don't need the rest of
+  -- network here, it would suffice to rely only on network-uri:
+  --
+  -- > if flag(use-network-uri)
+  -- >   build-depends: network-uri >= 2.6 && < 2.7
+  -- > else
+  -- >   build-depends: network     >= 2.5 && < 2.6
+  --
+  -- However, if we did the same in hackage-security-HTTP, Cabal would consider
+  -- those two flag choices (hackage-security:use-network-uri and
+  -- hackage-security-HTTP:use-network-uri) to be completely independent; but
+  -- they aren't: if it links hackage-security against network-uri and
+  -- hackage-security-HTTP against network, we will get type errors when
+  -- hackage-security-HTTP tries to pass a URI to hackage-security.
+  --
+  -- It might seem we can solve this problem by re-exporting the URI type in
+  -- hackage-security and avoid the dependency in hackage-security-HTTP
+  -- altogether. However, this merely shifts the problem: hackage-security-HTTP
+  -- relies on the HTTP library which--surprise!--makes the same choice between
+  -- depending on network or network-uri. Cabal will not notice that we cannot
+  -- build hackage-security and hackage-security-HTTP against network-uri but
+  -- HTTP against network.
+  --
+  -- We solve the problem by explicitly relying on network-2.6 when choosing
+  -- network-uri. This dependency is redundant, strictly speaking. However, it
+  -- serves as a proxy for forcing flag choices: since all packages in a
+  -- solution must be linked against the same version of network, having one
+  -- version of network in one branch of the conditional and another version of
+  -- network in the other branch forces the choice to be consistent throughout.
+  -- (Note that the HTTP library does the same thing, though in this case the
+  -- dependency in network is not redundant.)
+  if flag(use-network-uri)
+    build-depends: network-uri >= 2.6 && < 2.7,
+                   network     >= 2.6 && < 2.7
+  else
+    build-depends: network     >= 2.5 && < 2.6
+
+  if impl(ghc >= 7.8)
+     other-extensions: RoleAnnotations
+
+  if impl(ghc >= 7.10)
+     other-extensions: AllowAmbiguousTypes
+                       StaticPointers
+
+test-suite TestSuite
+  type:                exitcode-stdio-1.0
+  main-is:             TestSuite.hs
+  other-modules:       TestSuite.HttpMem
+                       TestSuite.InMemCache
+                       TestSuite.InMemRepo
+                       TestSuite.InMemRepository
+                       TestSuite.JSON
+                       TestSuite.PrivateKeys
+                       TestSuite.Util.StrictMVar
+
+  -- inherited constraints from lib:hackage-security component
+  build-depends:       hackage-security,
+                       base,
+                       Cabal,
+                       containers,
+                       bytestring,
+                       network-uri,
+                       tar,
+                       time,
+                       zlib
+
+  -- dependencies exclusive to test-suite
+  build-depends:       tasty            == 1.0.*,
+                       tasty-hunit      == 0.10.*,
+                       tasty-quickcheck == 0.10.*,
+                       QuickCheck       == 2.9.*,
+                       temporary        == 1.2.*
+
+  hs-source-dirs:      tests
+  default-language:    Haskell2010
+  default-extensions:  FlexibleContexts
+                       GADTs
+                       KindSignatures
+                       RankNTypes
+                       RecordWildCards
+                       ScopedTypeVariables
+  ghc-options:         -Wall



View it on GitLab: https://salsa.debian.org/haskell-team/package-plan/commit/ccb83674a312cc3672c9bc6c5502eabf70583589

-- 
View it on GitLab: https://salsa.debian.org/haskell-team/package-plan/commit/ccb83674a312cc3672c9bc6c5502eabf70583589
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-commits/attachments/20180622/dccb7051/attachment-0001.html>


More information about the Pkg-haskell-commits mailing list