[Git][haskell-team/package-plan][master] Use metadata rev0 for hackage-security-0.5.3.0
Ilias Tsitsimpis
gitlab at salsa.debian.org
Fri Jun 22 12:24:46 BST 2018
Ilias Tsitsimpis pushed to branch master at Debian Haskell Group / package-plan
Commits:
ccb83674 by Ilias Tsitsimpis at 2018-06-22T14:10:22+03:00
Use metadata rev0 for hackage-security-0.5.3.0
- - - - -
1 changed file:
- + additional-cabals/hackage-security-0.5.3.0.cabal
Changes:
=====================================
additional-cabals/hackage-security-0.5.3.0.cabal
=====================================
--- /dev/null
+++ b/additional-cabals/hackage-security-0.5.3.0.cabal
@@ -0,0 +1,251 @@
+cabal-version: 1.12
+name: hackage-security
+version: 0.5.3.0
+
+synopsis: Hackage security library
+description: The hackage security library provides both server and
+ client utilities for securing the Hackage package server
+ (<http://hackage.haskell.org/>). It is based on The Update
+ Framework (<http://theupdateframework.com/>), a set of
+ recommendations developed by security researchers at
+ various universities in the US as well as developers on the
+ Tor project (<https://www.torproject.org/>).
+ .
+ The current implementation supports only index signing,
+ thereby enabling untrusted mirrors. It does not yet provide
+ facilities for author package signing.
+ .
+ The library has two main entry points:
+ "Hackage.Security.Client" is the main entry point for
+ clients (the typical example being @cabal@), and
+ "Hackage.Security.Server" is the main entry point for
+ servers (the typical example being @hackage-server@).
+license: BSD3
+license-file: LICENSE
+author: Edsko de Vries
+maintainer: cabal-devel at haskell.org
+copyright: Copyright 2015-2016 Well-Typed LLP
+category: Distribution
+homepage: https://github.com/haskell/hackage-security
+bug-reports: https://github.com/haskell/hackage-security/issues
+build-type: Simple
+
+extra-source-files:
+ ChangeLog.md
+
+source-repository head
+ type: git
+ location: https://github.com/haskell/hackage-security.git
+
+flag base48
+ description: Are we using @base@ 4.8 or later?
+ manual: False
+
+flag use-network-uri
+ description: Are we using @network-uri@?
+ manual: False
+
+flag old-directory
+ description: Use @directory@ < 1.2 and @old-time@
+ manual: False
+ default: False
+
+library
+ -- Most functionality is exported through the top-level entry points .Client
+ -- and .Server; the other exported modules are intended for qualified imports.
+ exposed-modules: Hackage.Security.Client
+ Hackage.Security.Client.Formats
+ Hackage.Security.Client.Repository
+ Hackage.Security.Client.Repository.Cache
+ Hackage.Security.Client.Repository.Local
+ Hackage.Security.Client.Repository.Remote
+ Hackage.Security.Client.Repository.HttpLib
+ Hackage.Security.Client.Verify
+ Hackage.Security.JSON
+ Hackage.Security.Key.Env
+ Hackage.Security.Server
+ Hackage.Security.Trusted
+ Hackage.Security.TUF.FileMap
+ Hackage.Security.Util.Checked
+ Hackage.Security.Util.IO
+ Hackage.Security.Util.Lens
+ Hackage.Security.Util.Path
+ Hackage.Security.Util.Pretty
+ Hackage.Security.Util.Some
+ Text.JSON.Canonical
+ other-modules: Hackage.Security.Key
+ Hackage.Security.Trusted.TCB
+ Hackage.Security.TUF
+ Hackage.Security.TUF.Common
+ Hackage.Security.TUF.FileInfo
+ Hackage.Security.TUF.Header
+ Hackage.Security.TUF.Layout.Cache
+ Hackage.Security.TUF.Layout.Index
+ Hackage.Security.TUF.Layout.Repo
+ Hackage.Security.TUF.Mirrors
+ Hackage.Security.TUF.Paths
+ Hackage.Security.TUF.Patterns
+ Hackage.Security.TUF.Root
+ Hackage.Security.TUF.Signed
+ Hackage.Security.TUF.Snapshot
+ Hackage.Security.TUF.Targets
+ Hackage.Security.TUF.Timestamp
+ Hackage.Security.Util.Base64
+ Hackage.Security.Util.Exit
+ Hackage.Security.Util.FileLock
+ Hackage.Security.Util.JSON
+ Hackage.Security.Util.Stack
+ Hackage.Security.Util.TypedEmbedded
+ Prelude
+ -- We support ghc 7.4 (bundled with Cabal 1.14) and up
+ build-depends: base >= 4.5 && < 4.12,
+ base16-bytestring >= 0.1.1 && < 0.2,
+ base64-bytestring >= 1.0 && < 1.1,
+ bytestring >= 0.9 && < 0.11,
+ Cabal >= 1.14 && < 2.4,
+ containers >= 0.4 && < 0.6,
+ ed25519 >= 0.0 && < 0.1,
+ filepath >= 1.2 && < 1.5,
+ mtl >= 2.2 && < 2.3,
+ parsec >= 3.1 && < 3.2,
+ pretty >= 1.0 && < 1.2,
+ cryptohash-sha256 >= 0.11 && < 0.12,
+ -- 0.4.2 introduces TarIndex, 0.4.4 introduces more
+ -- functionality, 0.5.0 changes type of serialise
+ tar >= 0.5 && < 0.6,
+ time >= 1.2 && < 1.9,
+ transformers >= 0.4 && < 0.6,
+ zlib >= 0.5 && < 0.7,
+ -- whatever versions are bundled with ghc:
+ template-haskell,
+ ghc-prim
+ if flag(old-directory)
+ build-depends: directory >= 1.1.0.2 && < 1.2,
+ old-time >= 1 && < 1.2
+ else
+ build-depends: directory >= 1.2 && < 1.4
+ build-tool-depends: hsc2hs:hsc2hs >= 0.67 && <0.69
+
+ hs-source-dirs: src
+ default-language: Haskell2010
+ default-extensions: DefaultSignatures
+ DeriveDataTypeable
+ DeriveFunctor
+ FlexibleContexts
+ FlexibleInstances
+ GADTs
+ GeneralizedNewtypeDeriving
+ KindSignatures
+ MultiParamTypeClasses
+ NamedFieldPuns
+ NoMonomorphismRestriction
+ RankNTypes
+ RecordWildCards
+ ScopedTypeVariables
+ StandaloneDeriving
+ TupleSections
+ TypeFamilies
+ TypeOperators
+ ViewPatterns
+ other-extensions: BangPatterns
+ CPP
+ OverlappingInstances
+ PackageImports
+ UndecidableInstances
+
+ -- use the new stage1/cross-compile-friendly Quotes subset of TH for new GHCs
+ if impl(ghc >= 8.0)
+ other-extensions: TemplateHaskellQuotes
+ else
+ other-extensions: TemplateHaskell
+
+ ghc-options: -Wall
+
+ if flag(base48)
+ build-depends: base >= 4.8
+ else
+ build-depends: base < 4.8, old-locale == 1.0.*
+
+ -- The URI type got split out off the network package after version 2.5, and
+ -- moved to a separate network-uri package. Since we don't need the rest of
+ -- network here, it would suffice to rely only on network-uri:
+ --
+ -- > if flag(use-network-uri)
+ -- > build-depends: network-uri >= 2.6 && < 2.7
+ -- > else
+ -- > build-depends: network >= 2.5 && < 2.6
+ --
+ -- However, if we did the same in hackage-security-HTTP, Cabal would consider
+ -- those two flag choices (hackage-security:use-network-uri and
+ -- hackage-security-HTTP:use-network-uri) to be completely independent; but
+ -- they aren't: if it links hackage-security against network-uri and
+ -- hackage-security-HTTP against network, we will get type errors when
+ -- hackage-security-HTTP tries to pass a URI to hackage-security.
+ --
+ -- It might seem we can solve this problem by re-exporting the URI type in
+ -- hackage-security and avoid the dependency in hackage-security-HTTP
+ -- altogether. However, this merely shifts the problem: hackage-security-HTTP
+ -- relies on the HTTP library which--surprise!--makes the same choice between
+ -- depending on network or network-uri. Cabal will not notice that we cannot
+ -- build hackage-security and hackage-security-HTTP against network-uri but
+ -- HTTP against network.
+ --
+ -- We solve the problem by explicitly relying on network-2.6 when choosing
+ -- network-uri. This dependency is redundant, strictly speaking. However, it
+ -- serves as a proxy for forcing flag choices: since all packages in a
+ -- solution must be linked against the same version of network, having one
+ -- version of network in one branch of the conditional and another version of
+ -- network in the other branch forces the choice to be consistent throughout.
+ -- (Note that the HTTP library does the same thing, though in this case the
+ -- dependency in network is not redundant.)
+ if flag(use-network-uri)
+ build-depends: network-uri >= 2.6 && < 2.7,
+ network >= 2.6 && < 2.7
+ else
+ build-depends: network >= 2.5 && < 2.6
+
+ if impl(ghc >= 7.8)
+ other-extensions: RoleAnnotations
+
+ if impl(ghc >= 7.10)
+ other-extensions: AllowAmbiguousTypes
+ StaticPointers
+
+test-suite TestSuite
+ type: exitcode-stdio-1.0
+ main-is: TestSuite.hs
+ other-modules: TestSuite.HttpMem
+ TestSuite.InMemCache
+ TestSuite.InMemRepo
+ TestSuite.InMemRepository
+ TestSuite.JSON
+ TestSuite.PrivateKeys
+ TestSuite.Util.StrictMVar
+
+ -- inherited constraints from lib:hackage-security component
+ build-depends: hackage-security,
+ base,
+ Cabal,
+ containers,
+ bytestring,
+ network-uri,
+ tar,
+ time,
+ zlib
+
+ -- dependencies exclusive to test-suite
+ build-depends: tasty == 1.0.*,
+ tasty-hunit == 0.10.*,
+ tasty-quickcheck == 0.10.*,
+ QuickCheck == 2.9.*,
+ temporary == 1.2.*
+
+ hs-source-dirs: tests
+ default-language: Haskell2010
+ default-extensions: FlexibleContexts
+ GADTs
+ KindSignatures
+ RankNTypes
+ RecordWildCards
+ ScopedTypeVariables
+ ghc-options: -Wall
View it on GitLab: https://salsa.debian.org/haskell-team/package-plan/commit/ccb83674a312cc3672c9bc6c5502eabf70583589
--
View it on GitLab: https://salsa.debian.org/haskell-team/package-plan/commit/ccb83674a312cc3672c9bc6c5502eabf70583589
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-commits/attachments/20180622/dccb7051/attachment-0001.html>
More information about the Pkg-haskell-commits
mailing list