cabal-install-3.8.1.0: The command-line interface for Cabal and Hackage.
Safe HaskellNone
LanguageHaskell2010

Distribution.Client.Security.DNS

Synopsis

Documentation

queryBootstrapMirrors :: Verbosity -> URI -> IO [URI] Source #

Try to lookup RFC1464-encoded mirror urls for a Hackage repository url by performing a DNS TXT lookup on the _mirrors.-prefixed URL hostname.

Example: for http://hackage.haskell.org/ perform a DNS TXT query for the hostname _mirrors.hackage.haskell.org which may look like e.g.

_mirrors.hackage.haskell.org. 300 IN TXT
   "0.urlbase=http://hackage.fpcomplete.com/"
   "1.urlbase=http://objects-us-west-1.dream.io/hackage-mirror/"

NB: hackage-security doesn't require DNS lookups being trustworthy, as the trust is established via the cryptographically signed TUF meta-data that is retrieved from the resolved Hackage repository. Moreover, we already have to protect against a compromised hackage.haskell.org DNS entry, so an the additional _mirrors.hackage.haskell.org DNS entry in the same SOA doesn't constitute a significant new attack vector anyway.