hackage-security: Hackage security library

[ bsd3, distribution, library ] [ Propose Tags ]

The hackage security library provides both server and client utilities for securing the Hackage package server (http://hackage.haskell.org/). It is based on The Update Framework (http://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/).

The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.

The library has two main entry points: Hackage.Security.Client is the main entry point for clients (the typical example being cabal), and Hackage.Security.Server is the main entry point for servers (the typical example being hackage-server).

This is a beta release.

Versions [faq] 0.1.0.0, 0.2.0.0, 0.3.0.0, 0.5.0.0, 0.5.0.1, 0.5.0.2, 0.5.1.0, 0.5.2.0, 0.5.2.1, 0.5.2.2, 0.5.3.0
Change log ChangeLog.md
Dependencies base (>=4.5 && <5), base64-bytestring (==1.0.*), bytestring (>=0.10.2 && <0.11), Cabal (>=1.14 && <1.25), containers (>=0.4 && <0.6), cryptohash (==0.11.*), directory (>=1.2.2.0 && <1.3), ed25519 (==0.0.*), filepath (>=1.2 && <1.5), ghc-prim, mtl (==2.2.*), network (>=2.5 && <2.7), network-uri (==2.6.*), old-locale (>=1.0), parsec (==3.1.*), tar (>=0.4.4 && <0.5), template-haskell, time (>=1.2 && <1.6), transformers (==0.4.*), zlib (>=0.5 && <0.7) [details]
License BSD-3-Clause
Copyright Copyright 2015 Well-Typed LLP
Author Edsko de Vries
Maintainer edsko@well-typed.com
Category Distribution
Home page https://github.com/well-typed/hackage-security
Bug tracker https://github.com/well-typed/hackage-security/issues
Source repo head: git clone https://github.com/well-typed/hackage-security.git
Uploaded by EdskoDeVries at Wed Jan 6 15:45:11 UTC 2016
Distributions Arch:0.5.3.0, Debian:0.5.3.0, Fedora:0.5.3.0, LTSHaskell:0.5.3.0, NixOS:0.5.3.0, Stackage:0.5.3.0, openSUSE:0.5.3.0
Downloads 27385 total (385 in the last 30 days)
Rating (no votes yet) [estimated by rule of succession]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs not available [build log]
Last success reported on 2016-01-06 [all 3 reports]

Modules

  • Hackage
    • Security
      • Hackage.Security.Client
        • Hackage.Security.Client.Formats
        • Hackage.Security.Client.Repository
          • Hackage.Security.Client.Repository.Cache
          • Hackage.Security.Client.Repository.HttpLib
          • Hackage.Security.Client.Repository.Local
          • Hackage.Security.Client.Repository.Remote
        • Hackage.Security.Client.Verify
      • Hackage.Security.JSON
      • Key
        • Hackage.Security.Key.Env
      • Hackage.Security.Server
      • TUF
        • Hackage.Security.TUF.FileMap
      • Hackage.Security.Trusted
      • Util
        • Hackage.Security.Util.Checked
        • Hackage.Security.Util.IO
        • Hackage.Security.Util.Lens
        • Hackage.Security.Util.Path
        • Hackage.Security.Util.Pretty
        • Hackage.Security.Util.Some
  • Text
    • JSON
      • Text.JSON.Canonical

Flags

NameDescriptionDefaultType
base48

Are we using base 4.8 or later?

EnabledAutomatic
use-network-uri

Are we using network-uri?

EnabledAutomatic

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

For package maintainers and hackage trustees