нУЁh& ,Ъ &й                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  	╧  	╨  	╩  	╪  	Ґ  	Ў  	©  	ю  	а  	б  	ц  	д  	е  	ф  	г  	х  	и  	й  	к  	л  	м  	н  	о  	п  	я  	р  	с  	т  	у  	ж  
в  
ь  
ы  
з  
ш  
э  
щ  
ч  
ъ  
Ю  
А  
Б  
Ц  
Д  
Е  
Ф  
Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  
▀  
▄  
█  
▌  
▐  
░  
▒  
▓  
⌠  
■  
∙  
√  
≈  
≤  
≥  
   
⌡  
°  
²  
·  
÷  
═  
║  
╒  
ё  
є  
╔  
і  
ї  
╗  
╘  
╙  
╚  
╛  
ґ  
ў  
╞  
╟  
╠  
╡  
Ё  
Є  
╣  
І  
Ї  
╦  
╧  
╨  
╩  
╪  
Ґ  
Ў  
©  
ю  
а  
б  
ц  
д  
е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  +         Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   й  ─йклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхи            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ·й hackage-securityCast from one type to anotherу By default (for language with type inference) we just compare the types
 returned by  кі; however, in languages in which terms can have more
 than one type this may not be the correct definition (indeed, for such
 languages we cannot give an instance of  л).л hackage-security&Embedded languages with type inferenceм hackage-security9Equality check that gives us a type-level equality proof.н hackage-securityType equality proofsЪ This is a direct copy of "type-equality:Data.Type.Equality"; if we don't
 mind the dependency we can use that package directly. 	йолкмпянр            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   Э  ст  с5т5         Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ░ hackage-securityProduce a human-readable string            Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   G hackage-securityType f satisfies 
SomeShow f if f a satisfies Show independent of a hackage-securityType f satisfies 
SomeShow f if f a satisfies Show independent of a hackage-securityType f satisfies SomeEq f if f a satisfies Eq independent of a  !"#$"# !$           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   s* hackage-security Abstract over a file system rootsee  D, hackage-security?A file system root can be interpreted as an (absolute) FilePath- hackage-securityя Convert a Path to an absolute FilePath (using native style directory separators).1 hackage-security!Type-level tag for unrooted paths:Unrooted paths need a root before they can be interpreted.2 hackage-securityPathsA  2 is simply a  І╘ with a type-level tag indicating where this
 path is rooted (relative to the current directory, absolute path, relative to
 a web domain, whatever). Most operations on  2? are just lifted versions
 of the operations on the underlying  І╟. The tag however allows us to
 give a lot of operations a more meaningful type. For instance, it does not
 make sense to append two absolute paths together; instead, we can only append
 an unrooted path to another path. It also means we avoid bugs where we use
 one kind of path where we expect another.4 hackage-securityReinterpret the root of a pathа This literally just changes the type-level tag; use with caution!; hackage-securityReinterpret an unrooted pathThis is an alias for  4; see comments there.< hackage-securityForget a path's rootThis is an alias for  4; see comments there.= hackage-securityы Convert a relative/unrooted Path to a FilePath (using POSIX style
 directory separators).	See also  -> hackage-securityт Convert from a relative/unrooted FilePath (using POSIX style directory
 separators).? hackage-security5A path fragment (like a single directory or filename)G hackage-securityWrapper around  GH hackage-securityWrapper around (openBinaryTempFileWithDefaultPermissionsц NOTE: The caller is responsible for cleaning up the temporary file.V hackage-security,Return the immediate children of a directoryFilters out "." and "..".W hackage-security(Recursive traverse a directory structureёReturns a set of paths relative to the directory specified. The list is
 lazily constructed, so that directories are only read when required.
 (This is also essential to ensure that this function does not build the
 entire result in memory before returning, potentially running out of heap.)X  hackage-securityOld hackage-securityNew[  hackage-securityPath of the .tar file hackage-securityBase directory hackage-security&Files to add, relative to the base dirй 
	()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_й 234567891:;<=>?@AB0/.,-*+CDEFGHIJKLMNOPQRSTUVWXY)Z[(\]^_
	           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э    Чу hackage-securityMonomorphic traversalж hackage-securityPolymorphic traversalв hackage-securityMonomorphic lensь hackage-securityPolymorphic lens ужвьызш            Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   $oэ hackage-security?Attempt to create a filesystem lock in the specified directory.3This will use OS-specific file locking primitives: GHC.IO.Handle.Lock  with
 #base-4.10" and later or a shim for base@ versions.&Blocks if the lock is already present.П The logger callback passed as first argument is invoked before and
 after acquiring a lock, and after unlocking.ю May fallback to locking via creating a directory:
 Given a file pathto4, we do this by attempting to create the directory
 /pathto/hackage-security-lockз, and deleting the directory again
 afterwards. Creating a directory that already exists will throw an exception
 on most OSs (certainly Linux, OSX and Windows) and is a reasonably common way
 to implement a lock file. щчъЮАБэЦ            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   &DД hackage-securityMultiple exit points#We can simulate the imperative codeз if (cond1)
  return exp1;
if (cond2)
  return exp2;
if (cond3)
  return exp3;
return exp4;as┌multipleExitPoints $ do
  when (cond1) $
    exit exp1
  when (cond2) $
    exit exp2
  when (cond3) $
    exit exp3
  return exp4Е hackage-securityFunction exit point (see  Д) ДЕ            Safe-Inferred %&'()*568<а б ц д е л м я т в ы з э   *ёФ hackage-security1Wrap an action that may throw a checked exceptionThis is used internally in  l6 to avoid impredicative
 instantiation of the type of  Г/unsafeCoerce.Х hackage-security7Wraps up an async exception as a synchronous exception.k hackage-securityChecked exceptionsИ hackage-security=Determine if an exception is asynchronous, based on its type.Й hackage-security Кф , but immediately rethrows asynchronous exceptions
 (as determined by  И).m hackage-securityThrow a checked exceptionn hackage-securityCatch a checked exceptiono hackage-security n with the arguments reversedp hackage-securityLike try, but for checked exceptionsq hackage-security+Rethrow IO exceptions as checked exceptionsr hackage-securityThrow an unchecked exceptionThis is just an alias for throwж , but makes it evident that this is a very
 intentional use of an unchecked exception.s hackage-securityVariation on  r for internal errors 	klmnopqrs	klmnopqrs           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   -Ёx hackage-securityThe cache directoryy hackage-security/Paths relative to the root of the index tarballz hackage-securityThe root of the index tarball{ hackage-security,Paths relative to the root of the repository| hackage-securityThe root of the repositoryф Repository roots can be anchored at a remote URL or a local directory. Note that even for remote repos  |" is (potentially) different from
  (& -- for a repository located at, say, http://hackage.haskell.org 4
 they happen to coincide, but for one location at
 $http://example.com/some/subdirectory  they do not. hackage-security0Anchor a cache path to the location of the cache 	wxyz{|}~            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   0Y
─ hackage-securityLayout of a repository┌ hackage-securityTUF root metadata┐ hackage-securityTUF timestamp└ hackage-securityTUF snapshot┘ hackage-securityTUF mirrors list├ hackage-securityCompressed index tarball┤ hackage-securityUncompressed index tarball┬ hackage-securityPath to the package tarball┴ hackage-securityThe layout used on Hackage┼ hackage-security/Layout used by cabal for ("legacy") local reposЖ Obviously, such repos do not normally contain any of the TUF files, so their
 location is more or less arbitrary here. ─│┌┐└┘├┤┬┴┼            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   58	▀ hackage-security&Location of the various files we cacheУAlthough the generic TUF algorithms do not care how we organize the cache,
 we nonetheless specify this here because as long as there are tools which
 access files in the cache directly we need to define the cache layout.
 See also comments for defaultCacheLayout.█ hackage-securityTUF root metadata▌ hackage-securityTUF timestamp▐ hackage-securityTUF snapshot░ hackage-securityTUF mirrors list▒ hackage-securityUncompressed index tarball▓ hackage-security'Index to the uncompressed index tarball⌠ hackage-securityCompressed index tarballтWe cache both the compressed and the uncompressed tarballs, because
 incremental updates happen through the compressed tarball, but reads
 happen through the uncompressed one (with the help of the tarball index).■ hackage-security#The cache layout cabal-install usesWe cache the index as cache /00-index.tarє; this is important because
 `cabal-install` expects to find it there (and does not currently go through
 the hackage-security library to get files from the index). 
▀▄█▌▐░▒▓⌠■            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ;·∙ hackage-securityVerification monad%The verification monad is similar to 	ResourceTу  in intent, in that we can
 register handlers to be run to release resources. Unlike 	ResourceTІ,
 however, we maintain _two_ handlers: a cleanup handler which is run  whether
 or not verification succeeds, and a finalisation handler which is run only if
 verification succeeds.&Cleanup handlers are registered using  ≈Г , and are guaranteed to run
   just before the computation terminates (after the finalisation handler).А The finalisation handlers are run only when verification succeeds, and can
   be registered with  ≤│. Finalisation can be used for instance to
   update the local cache (which should only happen if verification is
   successful).√ hackage-securityRun an action in the  ∙ monad≈ hackage-securityа Acquire a resource and register the corresponding cleanup handlerИNOTE: Resource acquisition happens with exceptions masked. If it is important
 that the resource acquistion can be timed out (or receive other kinds of
 asynchronous exceptions), you will need to use an interruptible operation.
 See ?http://www.well-typed.com/blog/2014/08/asynchronous-exceptions/  for
 details.≤ hackage-security:Register an action to be run only if verification succeeds≥ hackage-security#Create a short-lived temporary fileк Creates the directory where the temp file should live if it does not exist.≥  hackage-securityTemp directory hackage-securityTemplate∙√≈≤≥∙√≈≤≥           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   >÷· hackage-securityHasFormat fs f is a proof that f is a key in fs.See  ў and  ╞ for typical usage.║ hackage-securityAvailable formatsцRather than having a general list here, we enumerate all possibilities.
 This means we are very precise about what we expect, and we avoid any runtime
 errors about unexpected format definitions.з NOTE: If we add additional cases here (for dealing with additional formats)
 all calls to error "inaccessible" need to be reevaluated.і hackage-security:Format is a singleton type (reflection type to term level)=NOTE: In the future we might add further compression formats. ·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╙╘ії╗║╒ёє╔·÷═╚╛ґў╞    	  .(c) Galois, Inc. 2007-2009, Duncan Coutts 2015    Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   G$╦ hackage-security54-bit integer values5JavaScript can only safely represent numbers between -(2^53 - 1) and
 2^53 - 1.╔TODO: Although we introduce the type here, we don't actually do any bounds
 checking and just inherit all type class instance from Int64. We should
 probably define  ▒к  to do bounds checking, give different instances
 for type classes such as  ж and  Л, etc.ю hackage-securityХ Render a JSON value in canonical form. This rendered form is canonical
 and so allows repeatable hashes.-For pretty printing, see prettyCanonicalJSON.у NB: Canonical JSON's string escaping rules deviate from RFC 7159
 JSON which requiresЇ"All Unicode characters may be placed within the quotation
    marks, except for the characters that must be escaped: quotation
    mark, reverse solidus, and the control characters (U+0000
    through U+001F)."┼Whereas the current specification of Canonical JSON explicitly
 requires to violate this by only escaping the quotation mark and
 the reverse solidus. This, however, contradicts Canonical JSON's
 statement that "Canonical JSON is parsable with any full JSON
 parser"ю Consequently, Canonical JSON is not a proper subset of RFC 7159.а hackage-security■Parse a canonical JSON format string as a JSON value. The input string
 does not have to be in canonical form, just in the "canonical JSON"
 format.Use  ю  to convert into canonical form.М hackage-securityParse an intя TODO: Currently this allows for a maximum of 15 digits (i.e. a maximum value
 of 999,999,999,999,999") as a crude approximation of the  ╦ range.б hackage-securityп Render a JSON value in a reasonable human-readable form. This rendered
 form is not the canonical form" used for repeatable hashes, use
  ю
 for that.Н hackage-securityPunctuate in this style:[ foo, bar ]$if it fits, or vertically otherwise:[ foo
, bar
] ╦╧╨╩╪ҐЎ©юаб╧╨╩╪ҐЎ©╦аюб           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   H≈ь hackage-security+Monads in which we can report schema errorsз hackage-securityUsed in the  ч instance for  Оэ hackage-securityUsed in the  Ю instance for  ОД hackage-security"Extract a field from a JSON object ╦╧╨╩╪ҐЎ©жвьызшэщчъЮАБЦДЕФ            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   I▄П hackage-securityч Simple wrapper around bytestring with ToJSON and FromJSON instances that
 use base64 encoding. ПЯР            Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   KйГ hackage-securityCompute the key ID of a keyИ hackage-security≥The key ID of a key, by definition, is the hexdigest of the SHA-256 hash of
 the canonical JSON form of the key where the private object key is excluded.Г NOTE: The FromJSON and ToJSON instances for KeyId are intentionally omitted.
 Use writeKeyAsId instead.Э hackage-security*Sign a bytestring and return the signatureс TODO: It is unfortunate that we have to convert to a strict bytestring for
 ed25519 ГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩ            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   MQЧ hackage-securityф A key environment is a mapping from key IDs to the corresponding keys.я It should satisfy the invariant that these key IDs actually match the keys;
 see  С.С hackage-security7Verify that each key ID is mapped to a key with that ID 	ЧЪ─│┌┐└┘├	ЧЪ─│┌┐└┘├    
       Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   Pk▌ hackage-security7MonadReader-like monad, specialized to key environments▓ hackage-securityА Malformed JSON has syntax errors in the JSON itself
 (i.e., we cannot even parse it to a JSValue)⌠ hackage-security3Invalid JSON has valid syntax but invalid structure6The string gives a hint about what we expected instead■ hackage-security1The JSON file contains a key ID of an unknown key∙ hackage-securitySome verification step failed√ hackage-securityWrong file type"Records actual and expected types.ї hackage-securityRender to canonical JSON format╗ hackage-securityVariation on  ї- for files that don't require the repo layout ;╦╧©ЎҐ╪╨╩жвьызшэщчъЮАБЦДЕФ┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚;▒▓⌠■∙√≈≤▌▐░ ⌡°≥█▄▀²·÷═║╒ёє╔┼ії╗╘╙╚ЮАчъэщзшьывжБЦДЕФ╧╨╩╪ҐЎ©╦           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   \ е hackage-security5A signature with a key ID (rather than an actual key)д This corresponds precisely to the TUF representation of a signature.й hackage-security"File with uninterpreted signatures°Sometimes we want to be able to read a file without interpreting the
 signatures (that is, resolving the key IDs) or doing any kind of checks on
 them. One advantage of this is that this allows us to read many file types
 without any key environment at all, which is sometimes useful.р hackage-securityA list of signaturesУ Invariant: each signature must be made with a different key.
 We enforce this invariant for incoming untrusted data ( А:)
 but not for lists of signatures that we create in code.ь hackage-security,Create a new document without any signaturesы hackage-securitySign a documentз hackage-securityVariation on  ы" that doesn't need the repo layoutш hackage-security/Construct signatures for already rendered valueщ hackage-security.General FromJSON instance for signed datatypesсWe don't give a general FromJSON instance for Signed because for some
 datatypes we need to do something special (datatypes where we need to
 read key environments); for instance, see the "Signed Root" instance.ч hackage-securitySignature verification■NOTES:
 1. By definition, the signature must be verified against the canonical
    JSON format. This means we _must_ parse and then pretty print (as
    we do here) because the document as stored may or may not be in
    canonical format.
 2. However, it is important that we NOT translate from the JSValue
    to whatever internal datatype we are using and then back to JSValue,
    because that may not roundtrip: we must allow for additional fields
    in the JSValue that we ignore (and would therefore lose when we
    attempt to roundtrip).
 3. We verify that all signatures are valid, but we cannot verify (here)
    that these signatures are signed with the right key, or that we
    have a sufficient number of signatures. This will be the
    responsibility of the calling code.ъ hackage-security&Convert a pre-signature to a signature9Verifies that the key type matches the advertised method.Ю hackage-security"Convert signature to pre-signatureА hackage-securityConvert a list of  еs to a list of  нsМThis verifies the invariant that all signatures are made with different keys.
 We do this on the presignatures rather than the signatures so that we can do
 the check on key IDs, rather than keys (the latter don't have an Ord
 instance).Б hackage-security6Convert list of pre-signatures to a list of signatures ефгхийклмнопярстувжьызшэщчъЮАБ             Safe-Inferred %&'()*568<>а б ц д е л я т в ы з э   d╗Т hackage-security"Types for pattern and replacements1We intentially are not very precise here, saying String (instead of
 FileName, BaseName, or 	DirectoryИ , say) so that we can, for example,
 use a matched filename in a pattern as a directory in a replacement.Ц hackage-securityA delegation6A delegation is a pair of a pattern and a replacement.See match for an example.У hackage-securityReplacement patterns%These constructors match the ones in  ЖЄ: wildcards must be used
 in the same order as they appear in the pattern, but they don't all have to
 be used (that's why the base constructors are polymorphic in the stack tail).Ж hackage-securityStructured patterns over pathsЬ The type argument indicates what kind of function we expect when the
 pattern matches. For example, we have the pattern 	"*/*.txt":э PathPatternDirAny (PathPatternFileExt ".txt")
  :: PathPattern (Directory :- BaseName :- ())TODOs (see README.md):Update this to work with Path rather than  І/ ш Add different kinds of wildcardsAdd path rootsтCurrently this is a proof of concept more than anything else; the right
 structure is here, but it needs updating. However, until we add author
 signing (or out-of-tarball targets) we don't actually use this yet.л NOTE: Haddock lacks GADT support so constructors have only regular comments.В hackage-security?The identity replacement replaces a matched pattern with itselfЬ hackage-securityParse a patternЫ hackage-securityParse a replacementэ We cheat and use the parser for patterns and then translate using the
 identity replacement.З hackage-securityа Quasi-quoter for delegations to make them easier to write in code#This allows to write delegations as9$(qqd "targets/*/*/*.cabal" "targets/*/*/revisions.json")ъ (The alternative syntax which actually uses a quasi-quoter doesn't work very
 well because the /** bits confuse CPP: "unterminated comment") ЦДУШЭЩЧЪЖ─│┌┐└┘├┤┬В┴┼З     !       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   h╒Е hackage-security<Occasionally it is useful to read only a header from a file.
HeaderOnly intentionally only has a  ч instance (no  Ю).И hackage-securityFile expiry dateA  Бі value here means no expiry. That makes it possible to set some
 files to never expire. (Note that not having the Maybe in the type here still
 allows that, because you could set an expiry date 2000 years into the future.
 By having the Maybe here we avoid the _need_ for such encoding issues.)К hackage-securityFile versionш The file version is a flat integer which must monotonically increase on
 every file update. ╣ and  ⌡1 instance are defined in terms of the underlying  ъб 
 (this is used for example by Hackage during the backup process).Н hackage-securityFile expiry dateО hackage-security/File version (monotonically increasing counter) ЕФГХИЙКЛМНОПЯРСТ     "       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   kУЖ hackage-securityFull versus partial mirrors░The TUF spec explicitly allows for partial mirrors, with the mirrors file
 specifying (through patterns) what is available from partial mirrors.Б For now we only support full mirrors; if we wanted to add partial mirrors,
 we would add a second MirrorPartial9 constructor here with arguments
 corresponding to TUF's metacontent and targetscontent fields.Ь hackage-securityDefinition of a mirrorМ NOTE: Unlike the TUF specification, we require that all mirrors must have
 the same format. That is, we omit metapath and targetspath.│ hackage-security8Give a human-readable description of a particular mirror(for use in error messages) УЖВЬЫЗШЭЩЧЪ─│     #       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   mп┌ hackage-security	File hash└ hackage-securityKey thresholdЯ The key threshold is the minimum number of keys a document must be signed
 with. Key thresholds are specified in RoleSpec or DelegationsSpec.├ hackage-securityFile lengthГ Having verified file length information means we can protect against
 endless data attacks and similar. ┌┐└┘├┤┬     $       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   sV┴ hackage-securityFile information$This intentionally does not have an  Б instance; see  ⌠
 and verifyFileInfo	 instead.ш NOTE: Throughout we compute file information always over the raw bytes.
 For example, when timestamp.json lists the hash of snapshot.json), this
 hash is computed over the actual snapshot.json╙ file (as opposed to the
 canonical form of the embedded JSON). This brings it in line with the hash
 computed over target files, where that is the only choice available.░ hackage-securityCompute  ┴╦TODO: Currently this will load the entire input bytestring into memory.
 We need to make this incremental, by computing the length and all hashes
 in a single traversal over the input.▒ hackage-securityCompute  ┴▓ hackage-securityж Compare the expected trusted file info against the actual file info of a
 target file."This should be used only when the  ┴0 is already known. If we want
 to compare known  ┴Б  against a file on disk we should delay until we
 have confirmed that the file lengths match (see downloadedVerify).■ hackage-securityExtract SHA256 hash from  ┴ (if present)▓  hackage-security!expected (from trusted TUF files) hackage-securityactual (from  ░ on target file)╦┌┐┴┼▀▄█▌▐░▒▓⌠■            Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   u{√ hackage-security7File got added or modified; we record the new file info≈ hackage-securityFile got deleted≤ hackage-securityEntries in  ⌡. either talk about the repository or the index⌡ hackage-securityMapping from paths to file infoЬ File maps are used in target files; the paths are relative to the location
 of the target files containing the file map.║  hackage-securityOld hackage-securityNew∙√≈≤≥ ⌡°²·÷═║⌡≤≥ °²·÷═∙√≈║    %       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   uШ  ╛ґў╞╟     &       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   xE╠ hackage-securityDelegation specification"NOTE: This is a close analogue of RoleSpec.І hackage-securityDelegationsєMuch like the Root datatype, this must have an invariant that ALL used keys
 (apart from the global keys, which are in the root key environment) must
 be listed in  ╦.╨ hackage-securityTarget metadata█Most target files do not need expiry dates because they are not subject to
 change (and hence attacks like freeze attacks are not a concern). ЦД╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©ю     '       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   {яа hackage-security*Files that we might request from the index├The type index tells us the type of the decoded file, if any. For files for
 which the library does not support decoding this will be ():.
 NOTE: Clients should NOT rely on this type index being ()ш , or they might
 break if we add support for parsing additional file formats in the future.╧TODO: If we wanted to support legacy Hackage, we should also have a case for
 the global preferred-versions file. But supporting legacy Hackage will
 probably require more work anyway..е hackage-security,Layout of the files within the index tarballг hackage-securityTranslate an  а
 to a pathх hackage-security	Parse an  Іи hackage-security0The layout of the index as maintained on Hackage абцдефгхийкл     (       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   }ъя hackage-securityFile info for the root metadata═We list this explicitly in the snapshot so that we can check if we need
 to update the root metadata without first having to download the entire
 index tarball.р hackage-security!File info for the mirror metadataс hackage-securityCompressed index tarballт hackage-securityUncompressed index tarball.Repositories are not required to provide this. мнопярст     )       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ─Eу hackage-securityRole specificationй The phantom type indicates what kind of type this role is meant to verify.Ю hackage-securityThe root metadataъ NOTE: We must have the invariant that ALL keys (apart from delegation keys)
 must be listed in  Д>. (Delegation keys satisfy a similar invariant,
 see Targets.)▀ hackage-security╔We give an instance for Signed Root rather than Root because the key
 environment from the root data is necessary to resolve the explicit sharing
 in the signatures. ужвьызшэщчъЮАБЦДЕ     *       Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ─Ё  ╠wxyz{|}~─┬┤├┘└┐│┌┴┼▀⌠▓▒░▐▌▄█■╦еихфгймклняопрстжувьызшэщчъЮАБЦДЕХФГИЙКЛМНОПЯРСТУЖВЬШЫЗЭ─ЪЩЧ│┌┐└┘├┤┬┴▄┼▀█▌▐░▒▓⌠■∙√≈≤≥ ⌡║╛╟╞ґў╠╣Є╡ЁІ╧Ї╦╨©ЎҐ╩╪юадбцехфгийклмтсряпноуьжвыъчщэзшЮЕДЦАБ     +       Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   ≥ЇГ hackage-security<Root metadata updated (as part of the normal update process)И hackage-security$Errors thrown during role validationЙ hackage-security6Not enough signatures signed with the appropriate keysК hackage-securityThe file is expiredЛ hackage-security2The file version is less than the previous versionМ hackage-securityFile information mismatchН hackage-securityУ We tried to lookup file information about a particular target file,
 but the information wasn't in the corresponding targets.json file.О hackage-security9The metadata for the specified target is missing a SHA256П hackage-security>Some verification errors materialize as deserialization errors░For example: if we try to deserialize a timestamp file but the timestamp
 key has been rolled over, deserialization of the file will fail with
  ■.Я hackage-security╨The spec stipulates that if a verification error occurs during
 the check for updates, we must download new root information and
 start over. However, we limit how often we attempt this.б We record all verification errors that occurred before we gave up.Т hackage-securityTrusted values*Trusted values originate in only two ways:.Anything that is statically known is trusted ( Ж)Д If we have "dynamic" data we can trust it once we have verified the
   the signatures (trustSigned).9NOTE: Trusted is NOT a functor. If it was we could defineз trustAnything :: a -> Trusted a
trustAnything a = fmap (const a) (trustStatic (static ()))Т Consequently, it is neither a monad nor a comonad. However, we _can_ apply
 trusted functions to trusted arguments ( Ь).The  ▄ю  constructor is exported, but any use of it should be
 verified.Ь hackage-securityEquivalent of  ЎЫ Trusted isn't quite applicative (no pure, not a functor), but it is
 somehow Applicative-like: we have the equivalent of  ЎЫ hackage-security:Trust all elements of some trusted (traversable) containerХ If we have, say, a trusted list of values, we should be able to get a list
 of trusted values out of it.(trustElems :: Trusted [a] -> [Trusted a]е NOTE. It might appear that the more natural primitive to offer is a
  я-like operator such as;trustSeq :: Applicative f => Trusted (f a) -> f (Trusted a)5However, this is unsound. To see this, consider that ((->) a) is
  ╩4 (it's the reader monad); hence, we can instantiate trustSeq
 at.trustSeq :: Trusted (a -> a) -> a -> Trusted aand by passing trustStatic (static id) make  Тц  a functor, which we
 certainly don't want to do (see comments for  Т).$So why is it okay when we insist on  м rather than  ╩а ?
 To see this, it's instructive to consider how we might make a ((->) a) an
 instance of  м0. If we define the domain of enumerable types as3class Eq a => Enumerable a where
  enumerate :: [a]then we can make ((->) r) traversable byчinstance Enumerable r => Traversable ((->) r) where
  sequenceA f = rebuild <$> sequenceA ((\r -> (r,) <$> f r) <$> enumerate)
    where
      rebuild :: [(r, a)] -> r -> a
      rebuild fun arg = fromJust (lookup arg fun)ЛThe idea is that if the domain of a function is enumerable, we can apply the
 function to each possible input, collect the outputs, and construct a new
 function by pairing the inputs with the outputs. I.e., if we had something of
 type	a -> IO band a  is enumerable, we just run the IO action on each possible a and
 collect all bs to get a pure function a -> b─. Of course, you probably
 don't want to be doing that, but the point is that as far as the type system
 is concerned you could.In the context of  Т, this means that we can derive*enumPure :: Enumerable a => a -> Trusted aН but in a way this this makes sense anyway. If a domain is enumerable, it
 would not be unreasonable to change 
Enumerable to=class Eq a => Enumerable a where
  enumerate :: [StaticPtr a]so we could define enumPure as└enumPure :: Enumerable a => a -> Trusted a
enumPure x = trustStatic
           $ fromJust (find ((== x) . deRefStaticPtr) enumerate)ёIn other words, we just enumerate the entire domain as trusted values
 (because we defined them locally) and then return the one that matched the
 untrusted value.ЁThe conclusion from all of this is that the types of untrusted input  (like
 the types of the TUF files we download from the server) should probably not
 be considered enumerable.З hackage-securityRole verificationіNOTE: We throw an error when the version number _decreases_, but allow it
 to be the same. This is sufficient: the file number is there so that
 attackers cannot replay old files. It cannot protect against freeze attacks
 (that's what the expiry date is for), so "replaying" the same file is not
 a problem. If an attacker changes the contents of the file but not the
 version number we have an inconsistent situation, but this is not something
 we need to worry about: in this case the attacker will need to resign the
 file or otherwise the signature won't match, and if the attacker has
 compromised the key then he might just as well increase the version number
 and resign.ёNOTE 2: We are not actually verifying the signatures _themselves_ here
 (we did that when we parsed the JSON). We are merely verifying the provenance
 of the keys.Ш hackage-securityVariation on 
verifyRole# that uses key IDs rather than keys*This is used during the bootstrap process.See 3http://en.wikipedia.org/wiki/Public_key_fingerprint .З  hackage-securityFor signature validation hackage-security File source (for error messages) hackage-securityPrevious version (if available) hackage-securityTime now (if checking expiry)Ш hackage-securityFor error messages ФГХИЙКЛМНОПЯРСТ▄УЖВЬЫЗШ            Safe-Inferred %&'()*568<а б ц д е л я т в ы з э Н   ⌡║Ч hackage-security-Apply a static function to a trusted argumentЪ hackage-securityVariation on  ⌠ for  Т  ┴Щ  hackage-security	Root data hackage-securitySource (for error messages) hackage-securityPrevious version (if available) hackage-securityTime now (if checking expiry) hackage-securityMirrors to verify ФГХИЯПОНМЛЙКРСТУЖВЬЫЗШЭЩЧЪ ФГХИЯПОНМЛЙКРСТУЖВЬЫЗШЧЭЩЪ           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   ╦-└ hackage-security#Is a particular remote file cached?┬ hackage-securityRepository-specific exceptions▐For instance, for repositories using HTTP this might correspond to a 404;
 for local repositories this might correspond to file-not-found, etc.▀ hackage-securityVerify a download file▄ hackage-security,Read the file we just downloaded into memory)We never read binary data, only metadata.█ hackage-security)Copy a downloaded file to its destination▌ hackage-security>Records why we are downloading a file rather than updating it.▐ hackage-security-Server does not support incremental downloads░ hackage-security0We don't have a local copy of the file to update▒ hackage-securityUpdate failed twiceМIf we attempt an incremental update the first time, and it fails,  we let
 it go round the loop, update local security information, and try again.
 But if an incremental update then fails _again_, we  instead attempt a
 regular download.▓ hackage-securityа Update failed (for example: perhaps the local file got corrupted)⌠ hackage-securityLog messages	We use a  Ё rather than a  {# here because we might not have
 a  {у for the file that we were trying to download (that is, for
 example if the server does not provide an uncompressed tarball, it doesn't
 make much sense to list the path to that non-existing uncompressed tarball).■ hackage-securityRoot information was updatedЮThis message is issued when the root information is updated as part of
 the normal check for updates procedure. If the root information is
 updated because of a verification error WarningVerificationError is
 issued instead.∙ hackage-securityA verification error╘Verification errors can be temporary, and may be resolved later; hence
 these are just warnings. (Verification errors that cannot be resolved
 are thrown as exceptions.)√ hackage-security!Download a file from a repository≈ hackage-security/Incrementally updating a file from a repository≤ hackage-securitySelected a particular mirror≥ hackage-security;Updating a file failed
 (we will instead download it whole)  hackage-securityХ We got an exception with a particular mirror
 (we will try with a different mirror if any are available)⌡  hackage-securityЄThis log event is triggered before invoking a filesystem lock
 operation that may block for a significant amount of time; once
 the possibly blocking call completes successfully,
  ° will be emitted.°  hackage-security7Denotes completion of the operation that advertised a
  ⌡ event²  hackage-security>Denotes the filesystem lock previously acquired (signaled by
  ⌡) has been released.· hackage-securityй Are we requesting this information because of a previous validation error?ф Clients can take advantage of this to tell caches to revalidate files.═ hackage-security
RepositoryЄThis is an abstract representation of a repository. It simply provides a way
 to download metafiles and target files, without specifying how this is done.
 For instance, for a local repository this could just be doing a file read,
 whereas for remote repositories this could be using any kind of HTTP client.╒ hackage-securityGet a file from the serverResponsibilies of  ╒:ж Download the file from the repository and make it available at a
   temporary locationгUse the provided file length to protect against endless data attacks.
   (Repositories such as local repositories that are not susceptible to
   endless data attacks can safely ignore this argument.)Ю Move the file from its temporary location to its permanent location
   if verification succeeds.NOTE: Calls to  ╒% should _always_ be in the scope of
  ╘.ё hackage-security Get a cached file (if available)є hackage-securityGet the cached rootэ This is a separate method only because clients must ALWAYS have root
 information available.╔ hackage-securityClear all cached data─In particular, this should remove the snapshot and the timestamp.
 It would also be okay, but not required, to delete the index.і hackage-securityOpen the tarball for reading%This function has this shape so that:Д We can read multiple files from the tarball without having to open
   and close the handle each time.We can close the handle immediately when done.ї hackage-securityRead the index index╗ hackage-securityLock the cache (during updates)╘ hackage-securityMirror selectionThe purpose of  ╘; is to scope mirror selection. The idea
 is that if we have)repWithMirror mirrorList $
  someCallback5then the repository may pick a mirror before calling someCallback,
 catch exceptions thrown by someCallbackб , and potentially try the
 callback again with a different mirror.The list of mirrors may be Nothing√ if we haven't yet downloaded the
 list of mirrors from the repository, or when our cached list of mirrors
 is invalid. Of course, if we did download it, then the list of mirrors
 may still be empty. In this case the repository must fall back to its
 primary download mechanism.·Mirrors as currently defined (in terms of a "base URL") are inherently a
 HTTP (or related) concept, so in repository implementations such as the
 local-repo repWithMirrors/ is probably just an identity operation  (see
 ignoreMirrorsЎ).  Conversely, HTTP implementations of repositories may
 have other, out-of-band information (for example, coming from a cabal
 config file) that they may use to influence mirror selection.╙ hackage-securityLogging╚ hackage-securityLayout of this repository╛ hackage-securityLayout of the indexР Since the repository hosts the index, the layout of the index is
 not independent of the layout of the repository.ґ hackage-security9Description of the repository (used in the show instance)ў hackage-security0Files that we might request from the local cache╞ hackage-securityTimestamp metadata (timestamp.json)╟ hackage-securityRoot metadata (	root.json)╠ hackage-securitySnapshot metadata (snapshot.json)╡ hackage-securityMirrors list (mirrors.json)Ё hackage-security6Abstract definition of files we might have to download Ё╟ is parametrized by the type of the formats that we can accept
 from the remote repository, as well as with information on whether this file
 is metadata actual binary content.л NOTE: Haddock lacks GADT support so constructors have only regular comments.╪ hackage-security!Default format for each file type√For most file types we don't have a choice; for the index the repository
 is only required to offer the GZip-compressed format so that is the default.Ґ hackage-securityDefault file info (see also  ╪)Ў hackage-securityHelper function to implement repWithMirrors.а hackage-security+Which remote files should we cache locally? б абцд└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юаб ╩╨ЁЄ╣ІЇ╦╧ў╞╟╠╡абцд╪Ґ═║╒ёє╔ії╗╘╙╚╛ґ·÷⌠■∙√≈≤≥ ⌡°²▌▐░▒▓┬┴┼▀▄█Ў©ю└┘├┤а           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   фс hackage-securityAn IOй  action that represents an incoming response body coming from the
 server.Т The action gets a single chunk of data from the response body, or an empty
 bytestring if no more data is available.#This definition is copied from the http-client	 package.т hackage-securityProxy configurationБ Although actually setting the proxy is the purview of the initialization
 function for individual  Юп  implementations and therefore outside
 the scope of this module, we offer this ProxyConfiguration? type here as a
 way to uniformly configure proxies across all  Юs.у hackage-securityDon't use a proxyж hackage-securityUse this specific proxyд Individual HTTP backends use their own types for specifying proxies.в hackage-securityUse automatic proxy settings"What precisely automatic means is  Ю< specific, though
 typically it will involve looking at the 
HTTP_PROXY1 environment
 variable or the (Windows) registry.ь hackage-securityResponse headers▐Since different libraries represent headers differently, here we just
 abstract over the few response headers that we might want to know about.ы hackage-security$Server accepts byte-range requests (Accept-Ranges: bytes)з hackage-securityHTTP status codeш hackage-security200 OKэ hackage-security206 Partial Contentщ hackage-securityAdditional request headers├Since different libraries represent headers differently, here we just
 abstract over the few request headers that we might want to setч hackage-securitySet Cache-Control: max-age=0ъ hackage-securitySet Cache-Control: no-transformЮ hackage-securityAbstraction over HTTP clients■This avoids insisting on a particular implementation (such as the HTTP
 package) and allows for other implementations (such as a conduit based one).5NOTE: Library-specific exceptions MUST be wrapped in  ┬.Б hackage-securityDownload a fileЦ hackage-securityDownload a byte range6Range is starting and (exclusive) end offset in bytes.АHTTP servers are normally expected to respond to a range request with
 a "206 Partial Content" response. However, servers can respond with a
 "200 OK" response, sending the entire file instead (for instance, this
 may happen for servers that don't actually support range requests, but
 for which we optimistically assumed they did). Implementations of
  Ю+ may accept such a response and inform the hackage-securityФ 
 library that the whole file is being returned; the security library can
 then decide to execute the  см anyway (downloading the entire
 file) or abort the request and try something else. For this reason
 the security library must be informed whether the server returned the
 full file or the requested range.Д hackage-securityConstruct a Body reader from a lazy bytestringл This is appropriate if the lazy bytestring is constructed, say, by calling
 hGetContents─ on a network socket, and the chunks of the bytestring
 correspond to the chunks as they are returned from the OS network layer.л If the lazy bytestring needs to be re-chunked this function is NOT suitable. стужвьызшэщчъЮАБЦДЮАБЦщчъьызшэтужвсД           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   к
К hackage-security&Location and layout of the local cacheО hackage-security)Cache a previously downloaded remote file█ hackage-securityRebuild the tarball index5Attempts to add to the existing index, if one exists.с TODO: Use throwChecked rather than throwUnchecked, and deal with the fallout.
 See 8https://github.com/well-typed/hackage-security/issues/84 .П hackage-security Get a cached file (if available)Я hackage-security#Get the cached index (if available)Р hackage-securityGet the cached rootCalling  РЦ  without root info available is a programmer error
 and will result in an unchecked exception. See requiresBootstrap.У hackage-security*Delete a previously downloaded remote fileЖ hackage-securityLock the cacheЛ This avoids two concurrent processes updating the cache at the same time,
 provided they both take the lock.В  hackage-securityVariant of  Ж which emits  ⌠ю s before and after
 a possibly blocking file-locking system call▌ hackage-securityVariation on  ▐ that takes in the initial  ░ КЛМНОПЯРСТУЖВКЛМНПРЯУТСОЖВ           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э   ЦО▒ hackage-security%How much of the existing file to keep▓ hackage-securityRemote repository configuration(This is purely for internal convenience.⌠ hackage-securityъ The file we requested from the server was larger than expected
 (potential endless data attack)■ hackage-security)Download method (downloading or updating)∙ hackage-securityWe select a mirror in  √ (the implementation of  ╘).
 Outside the scope of  √' no mirror is selected, and a call to
  ≈п  will throw an exception. If this exception is ever thrown its
 a bug: calls to  ≈ ( ╒&) should _always_ be in the
 scope of  ╘.Ы hackage-security,Repository options with a reasonable defaultClients should use defaultRepositoryOpts  and override required settings.Ш hackage-securityAllow additional mirrors?═If this is set to True (default), in addition to the (out-of-band)
 specified mirrors we will also use mirrors reported by those
 out-of-band mirrors (that is, mirrors.json).Щ hackage-security┌For most files we download we know the exact size beforehand
 (because this information comes from the snapshot or delegated info)Ч hackage-securityЭ For some files we might not know the size beforehand, but we might
 be able to provide an upper bound (timestamp, root info)≤ hackage-securityб Internal type recording the various server capabilities we support≥ hackage-security'Does the server support range requests?  hackage-securityServer capabilitiesхAs the library interacts with the server and receives replies, we may
 discover more information about the server's capabilities; for instance,
 we may discover that it supports incremental downloads.─ hackage-securityDefault repository options│ hackage-security<Initialize the repository (and cleanup resources afterwards)╟We allow to specify multiple mirrors to initialize the repository. These
 are mirrors that can be found "out of band" (out of the scope of the TUF
 protocol), for example in a cabal.configс  file. The TUF protocol itself
 will specify that any of these mirrors can serve a mirrors.jsonЯ  file
 that itself contains mirrors; we consider these as _additional_ mirrors
 to the ones that are passed here.А NOTE: The list of mirrors should be non-empty (and should typically include
 the primary server).╪TODO: In the future we could allow finer control over precisely which
 mirrors we use (which combination of the mirrors that are passed as arguments
 here and the mirrors that we get from mirrors.json,) as well as indicating
 mirror preferences.⌡ hackage-securityGet the selected mirrorь Throws an exception if no mirror was selected (this would be a bug in the
 client code).NOTE: Cannot use  °Л  here, because the callback would be inside the
 scope of the withMVar, and there might be further calls to 
withRemote# made
 by the callback argument to 
withRemote, leading to deadlock.≈ hackage-securityGet a file from the server² hackage-securityHTTP options·We want to make sure caches don't transform files in any way (as this will
 mess things up with respect to hashes etc). Additionally, after a validation
 error we want to make sure caches get files upstream in case the validation
 error was because the cache updated files out of order.√ hackage-securityMirror selection· hackage-security;Download the specified file using the given download method÷ hackage-securityExecute a body reader&TODO: Deal with minimum download rate.═ hackage-security#Extracting or estimating file sizes║ hackage-security"Bound on the size of the timestamp9This is intended as a permissive rather than tight bound.▄The timestamp signed with a single key is 420 bytes; the signature makes up
 just under 200 bytes of that. So even if the timestamp is signed with 10
 keys it would still only be 2420 bytes. Doubling this amount, an upper bound
 of 4kB should definitely be sufficient.╒ hackage-securityBound on the size of the root9This is intended as a permissive rather than tight bound.+The variable parts of the root metadata are-Signatures, each of which are about 200 bytesД A key environment (mapping from key IDs to public keys), each is of
   which is also about 200 bytes─Mirrors, root, snapshot, targets, and timestamp role specifications.
   These contains key IDs, each of which is about 80 bytes.9A skeleton root metadata is about 580 bytes. Allowing for100 signaturesш 100 mirror keys, 1000 root keys, 100 snapshot keys, 1000 target keys,
   100 timestamp keys5the corresponding 2300 entries in the key environmentЭ We end up with a bound of about 665,000 bytes. Doubling this amount, an
 upper bound of 2MB should definitely be sufficient.ё hackage-security7Template for the local file we use to download a URI toє hackage-security3Verify a file downloaded from the remote repositoryАTODO: This currently still computes the hash for the whole file. If we cached
 the state of the hash generator we could compute the hash incrementally.
 However, profiling suggests that this would only be a minor improvement.│  hackage-security#Implementation of the HTTP protocol hackage-security"Out of band" list of mirrors hackage-securityRepository options hackage-securityLocation of local cache hackage-securityRepository layout hackage-securityIndex layout hackage-securityLogger hackage-securityCallback√  hackage-securityHTTP client hackage-security MVar indicating currently mirror hackage-securityLogger hackage-securityOut-of-band mirrors hackage-securityRepository options hackage-securityTUF mirrors hackage-securityCallback·  hackage-securityInternal configuration hackage-security%Did a security check previously fail? hackage-securityFile to get hackage-securitySelected format÷  hackage-security!File source (for error msgs only) hackage-securityMaximum file size hackage-securityHandle to write data too hackage-security*The action to give us blocks from the file
ЬЫЗШЭЩЧЪ─│
│ЫЗШ─ЬЭЩЧЪ           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   Г░┴ hackage-securityLocation of the repositoryО Note that we regard the local repository as immutable; we cache files just
 like we do for remote repositories.┼ hackage-security<Initialize the repository (and cleanup resources afterwards)чLike a remote repository, a local repository takes a RepoLayout as argument;
 but where the remote repository interprets this RepoLayout relative to a URL,
 the local repository interprets it relative to a local directory.0It uses the same cache as the remote repository.╔ hackage-securityGet a file from the server┼  hackage-securityLocation of local repository hackage-securityLocation of local cache hackage-securityRepository layout hackage-securityIndex layout hackage-securityLogger hackage-securityCallback┬┴┼┴┬┼           Safe-Inferred%&'()*568<а б ц д е л я т в ы з э   ГГ  Юwxyz{|}~─┬┤├┘└┐│┌┴┼▀⌠▓▒░▐▌▄█■╦чъЮАГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩ┼▀▄█▒√∙■▓⌠═║╒ёє╔ї╗╘╙еихфгймклняопрстжувьызшэщчъЮАБЦДЕХФГИЙКЛМНОПЯРСТУЖВЬШЫЗЭ─ЪЩЧ│┌┐└┘├┤┬┴▄┼▀█▌▐░▒▓⌠■∙√≈≤≥ ⌡║╛╟╞ґў╠╣Є╡ЁІ╧Ї╦╨©ЎҐ╩╪юадбцехфгийклмтсряпноуьжвыъчщэзшЮЕДЦАББчъЮА┼▀▄█▒√∙■▓⌠═║╒ёє╔ї╗╘╙ТРСПЯНОЛМВЬЫУЖЗШИЙКГХЭЩ├┤┬┌┐└┘┴┼▀▄█▌▐┌┐░▒▓⌠■╦∙√≈≤≥ ⌡║МНОКЛИЙЕФГХЯПРСТ▀▄█▌▐░▒▓⌠■ефгхабцдийкл─│┌┐└┘├┤┬┴┼ЭЩЧЪ─ЬЫЗШЖВУ│|{}~zyxwЮАБЦДЕызшэщчъужвьтувжрснопяьызшэщчйклмефгхиъАЮБмнопярст╨╩╪ҐЎ©ІЇ╦╧╠╡ЁЄ╣ЦДю╛ґў╞╟           Safe-Inferred %&'()*568<а б ц д е л я т в ы з э Н  р#∙ hackage-securityа Various operations that we can perform on the index once its open
Note that  ÷Я  contains a fields both for the raw file contents and
 the parsed file contents; clients can choose which to use.╨In principle these callbacks will do verification (once we have implemented
 author signing). Right now they don't need to do that, because the index as a
 whole will have been verified.≈ hackage-securityLook up an entry by  іSince these  і/s must come from somewhere (probably from the
  ╘Ю ), it is assumed that they are valid; if they are not, an
 (unchecked) exception will be thrown.This function also returns the  і of the nextЦ  file in the
 index (if any) for the benefit of clients who wish to walk through the
 entire index.≤ hackage-securityLook up an entry by  аReturns  Б if the  а$ does not refer to an existing file.≥ hackage-securityVariation if both the  і	 and the  а
 are known1You might use this when scanning the index using  ў.  hackage-security%Get (raw) cabal file (wrapper around  ≤)⌡ hackage-security(Lookup package metadata (wrapper around  ≤)0This will throw an (unchecked) exception if the targets.json file
 could not be parsed.° hackage-security/Get file info (including hash) (wrapper around  ≤)² hackage-security2Get the SHA256 hash for a package (wrapper around indexLookupInfo)(In addition to the exceptions thrown by indexLookupInfoх , this will also
 throw an exception if the SHA256 is not listed in the  ⌡а  (again,
 this will not happen with a well-formed Hackage index.)· hackage-securityThe  ╘ for the indexWe provide this here because  І will have read this anyway.÷ hackage-security"Entry from the Hackage index; see  І.║ hackage-securityThe raw path in the tarfile╒ hackage-securityThe parsed file (if recognised)ё hackage-securityThe raw contents Although this is a lazy bytestring, this is actually read into memory
 strictly (i.e., it can safely be used outside the scope of withIndex and
 friends).є hackage-securityThe parsed contentsА This field is lazily constructed; the parser is not unless you do a
 pattern match on this value.╔ hackage-security%The time of the entry in the tarfile.і hackage-securityEntry into the Hackage index.╗ hackage-security/(Low-level) block number of the tar index entry0Exposed for the benefit of clients who read the .tar* file directly.
 For this reason also the  ╣ and  ⌡ instances for  і&
 just print and parse the underlying TarEntryOffset.╘ hackage-securityIndex directory╚ hackage-security!The first entry in the dictionary╛ hackage-security9The next available (i.e., one after last) directory entryґ hackage-security!Lookup an entry in the dictionaryThis is an efficient operation.ў hackage-securityAn enumeration of all entriesТ This field is lazily constructed, so if you don't need it, it does not
 incur a performance overhead. Moreover, the  а5 is also created
 lazily so if you only need the raw  y there is no parsing
 overhead.The entries are ordered by  і: so that the entries can
 efficiently be read in sequence.У NOTE: This means that there are two ways to enumerate all entries in the
 tar file, since when lookup an entry using  ≈ the
  іь  of the next entry is also returned. However, this
 involves reading through the entire tar! file. If you only need to read
 someо  files, it is significantly more efficient to enumerate the tar
 entries using  ў instead and only call  ≈
 when required.╡ hackage-security/Generic logic for checking if there are updates╚This implements the logic described in Section 5.1, "The client application",
 of the TUF spec. It checks which of the server metadata has changed, and
 downloads all changed metadata to the local cache. (Metadata here refers
 both to the TUF security metadata as well as the Hackage package index.)You should pass Nothing╘ for the UTCTime _only_ under exceptional
 circumstances (such as when the main server is down for longer than the
 expiry dates used in the timestamp files on mirrors).і hackage-securityUpdate the root metadataЮ Note that the new root metadata is verified using the old root metadata,
 and only then trusted. We don't always have root file information available. If we notice during
 the normal update process that the root information has changed then the
 snapshot will give us the new file information; but if we need to update
 the root information due to a verification error we do not.Д We additionally delete the cached cached snapshot and timestamp. This is
 necessary for two reasons:	Ф If during the normal update process we notice that the root info was
    updated (because the hash of 	root.json═ in the new snapshot is different
    from the old snapshot) we download new root info and start over, without
    (yet) downloading a (potential) new index. This means it is important that
    we not overwrite our local cached snapshot, because if we did we would
    then on the next iteration conclude there were no updates and we would
    fail to notice that we should have updated the index. However, unless we
    do something, this means that we would conclude on the next iteration once
    again that the root info has changed (because the hash in the new shapshot
    still doesn't match the hash in the cached snapshot), and we would loop
    until we throw a  Ящ exception. By deleting the local
    snapshot we basically reset the client to its initial state, and we will
    not try to download the root info once again. The only downside of this is
    that we will also re-download the index after every root info change.
    However, this should be infrequent enough that this isn't an issue.
    See also 4https://github.com/theupdateframework/tuf/issues/285 .║Additionally, deleting the local timestamp and snapshot protects against
    an attack where an attacker has set the file version of the snapshot or
    timestamp to MAX_INT, thereby making further updates impossible.
    (Such an attack would require a timestamp/snapshot key compromise.)ЁHowever, we _ONLY_ do this when the root information has actually changed.
 If we did this unconditionally it would mean that we delete the locally
 cached timestamp whenever the version on the remote timestamp is invalid,
 thereby rendering the file version on the timestamp and the snapshot useless.
 See к https://github.com/theupdateframework/tuf/issues/283#issuecomment-115739521 ї hackage-securityGet all cached info (if any)Ё hackage-securityDownload a packageЄ hackage-securityVariation on  Ё that takes a FilePath instead.╣ hackage-security Read the Hackage index directoryShould only be called after  ╡.І hackage-security$Look up entries in the Hackage indexThis is in  Gн  style so that clients can efficiently look up multiple
 files from the index.Should only be called after  ╡.Ї hackage-security:Check if we need to bootstrap (i.e., if we have root info)╦ hackage-securityBootstrap the chain of trust≥New clients might need to obtain a copy of the root metadata. This however
 represents a chicken-and-egg problem: how can we verify the root metadata
 we downloaded? The only possibility is to be provided with a set of an
 out-of-band set of root keys and an appropriate threshold.Н Clients who provide a threshold of 0 can do an initial "unsafe" update
 of the root information, if they wish.юThe downloaded root information will _only_ be verified against the
 provided keys, and _not_ against previously downloaded root info (if any).
 It is the responsibility of the client to call  ╦* only when this
 is the desired behaviour.╗ hackage-security>Variation on getRemote where we only expect one type of result╧ hackage-securityх Re-throw all exceptions thrown by the client API as unchecked exceptions╘ hackage-securityLocal files are assumed trustedЄThere is no point tracking chain of trust for local files because that chain
 would necessarily have to start at an implicitly trusted (though unverified)
 file: the root metadata.╙ hackage-securityJust a simple wrapper around verifyFileInfo2Throws a VerificationError if verification failed.╡ hackage-security(To check expiry times against (if using)Ё  hackage-security
Repository hackage-securityPackage to download hackage-securityDestination (see also  Є)Є  hackage-security
Repository hackage-securityPackage to download hackage-securityDestination╙ hackage-securityFor error messages hackage-securityFile to verify∙wxyz{|}~─┬┤├┘└┐│┌┴┼▀⌠▓▒░▐▌▄█■╦ГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩеихфгймклняопрстжувьызшэщчъЮАБЦДЕХФГИЙКЛМНОПЯРСТУЖВЬШЫЗЭ─ЪЩЧ│┌┐└┘├┤┬┴▄┼▀█▌▐░▒▓⌠■∙√≈≤≥ ⌡║╛╟╞ґў╠╣Є╡ЁІ╧Ї╦╨©ЎҐ╩╪юабцдехфгийклмтсряпноуьжвыъчщэзшЮЕДЦАБФГХИЙКЛМНОПЯУ┬┴┼▀▄█⌠■∙√≈≤≥ ⌡°²═▄█▌▐░▒▓⌠■∙√°≈≤≥ ⌡²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧⌡╡╞╟╠ЁЄ╘╙╚╛ґўії╗╣абцд÷═║╒ёє╔∙√°≈≤≥ ⌡²·ІЇ╦├┤┬┌┐└┘┴┼▀▄█▌▐┌┐░▒▓⌠■╦∙√≈≤≥ ⌡║МНОКЛИЙЕФГХЯПРСТ▀▄█▌▐░▒▓⌠■ефгхабцдийкл─│┌┐└┘├┤┬┴┼ЭЩЧЪ─ЬЫЗШЖВУ│|{}~zyxwЮАБЦДЕызшэщчъужвьтувжрснопяьызшэщчйклмефгхиъАЮБмнопярст╨╩╪ҐЎ©ІЇ╦╧╠╡ЁЄ╣ЦДю╛ґў╞╟ТРСПЯНОЛМВЬЫУЖЗШИЙКГХЭЩУ═┼▀▄█┬┴⌠■∙√≈≤≥ ⌡°²╧ИЙКЛМНОПЯФГХ⌠■▄█▌▐░▒▓  ╚ ,-. ,/0 ,1 2 ,3 4 ,3 5 ,3 6 ,3 7 ,/8 ,/9 ,/: ,/; ,<= ,<> ,<? ,<@ ,AB ,AC ,AD ,AE ,AF  G   H  I   J  K  K  L   M  N  N  O   P  Q  Q  R  R   S   T   U   V  W  X  Y  Y  Z   [  \  ]  ^  _  `  `   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z   {   |   }   ~      ─   │   ┌   ┐   └   ┘   ├   ┤   ┬   ┴   ┼   ▀   ▄   █   ▌   ▐   ░   ▒   ▓   ⌠   ■   ∙   √   ≈  ≤   ≥       ⌡   °   ²   ·   ÷   ═   ║   ╒   ё  є  ╔  і  ї  ╗  ╘   ╙   ╚   ╛  ґ  ґ   ў   ╞   ╟   ╠   ╡   Ё   Є   ╣   І  Ї  Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©  ю   а   б   ц   д   е   ф   г   х  и  й  к  л  м  н  о  п  я  р  с  т  у   ж   в   ь   ы   з   ш   э   щ   ч   ъ   Ю   А   Б  	Ц  	Д  	Е  	Ф  	Г  	Х  	И  	Й  	 К  	 Л  	 М  	 Н  	 О  	 П  	 Я  	 Р  	 С  	 Т  	 У  	 Ж  	 В  	 Ь  	 Ы  	 З  	 Ш  	 Э  	 Щ  	 Ч  	 Ъ  	 ─  │  ┌  ┐   └  ┘   ├  ┤   ┬  ┴   ┼  ▀   ▄   █   ▌   ▐   ░   ▒  ▓   ⌠  ■  ■   ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·   ÷   ═   ║   ╒   ё   є   ╔   і   ї  ╗   ╘   ╙   ╚   ╛   ґ   ў   ╞   ╟   ╠   ╡   Ё  
Є  
╣  
І  
Ї  
╦  
 ╧  
 ╨  
╩  
╪  
Ґ  
Ў  
©  
ю  
 а  
 б  
 ц  
 д  
 е  
 ф  
 г  
 х  
 и  
 й  
 к  
 л  
 м  
 н  
 о  
 п  
 я  
 р  
 с  
 т  
 у  
 ж  
 в  
 ь  
 ы  
 з  
 ш  
 э  
 щ  
 ч  
 ъ  
 Ю  
 А  
 Б  
 Ц  
 Д  
 Е  
 Ф  
 Г  
 Х  
 И  
 Й  
 К  
 Л  
 М  
 Н  О  О   П   Я   Р  С  С   Т   У  Ж  Ж   В   Ь  Ы  Ы  З  З   Ш   Э   Щ   Ч   Ъ   ─   │   ┌   ┐   └   ┘   ├   ┤   ┬   ┬  !┴  !┴  ! ┼  ! ▀  !▄  !▄  !█  !█  !▌  ! ▐  ! ░  ! ▒  ! ▓  ! ⌠  ! ■  ! ∙  "√  "≈  "≤  "≥  "≥  "    " ⌡  "°  "°  " ²  " ·  " ÷  " ═  #║  #║  #╒  #╒  #ё  #ё  # є  $╔  $╔  $ і  $ ї  $╗  $╘  $╙  $ ╚  $ ╛  $ ґ  $ ў  $ ╞  ╟  ╠  ╡  Ё  Є  ╣  І   ╛   ╞   Ї   ў   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©   ю   а   б   ц  %д  %д  % е  % ф  % г  &х  &х  & и  & й  & к  &л  &л  & м  & н  &о  &о  & п  & я  & р  & с  & т  'у  'ж  'в  'ь  'ы  'ы  ' з  ' ш  ' э  ' щ  ' ч  ' ъ  (Ю  (Ю  ( А  ( Б  ( Ц  ( Д  ( Е  ( Ф  )Г  )Г  ) Х  ) И  )Й  )Й  ) К  ) Л  ) М  ) Н  ) О  )П  )П  ) Я  ) Р  ) С  ) Т  +У  +Ж  +Ж  +В  +Ь  +Ы  +З  +Ш  +Э  +Щ  +Ч  +Ъ  +─  + │  +┌  + ┐  + └  + ┘  + ├  + ┤  + ┬  + ┴  ┼   ▀   ▄   █   ▌   ▐   ░   ▒  ▓  ⌠  ■  ∙  √  √  ≈   ≤   ≥      ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╚  ╛  ╛   ґ   ў   ╞   ╟   ╠   ╡   Ё   Є   ╣   І   Ї   ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф   г   х   и   й   к   л   м   н   о   п   я   р   с   т   у   ж   в   ь   ы   з   ш   э   щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  К   Л   М   Н   О   П   Я   Р   С   Т  У  У   Ж   В   Ь   Ы   З   Ш   Э   Щ   Ч   Ъ   ─  │  ┌  ┌   ┐  └  ┘  ├   ┤   ┬   ┴   ┼   ▀   ▄   █   ▌   ▐  ░  ▒   ┴   ▓  ⌠  ⌠   ■   ∙   √  ≈  ≈  ≤  ≤  ≥  ≥       ⌡   °   ²   ·   ÷   ═   ║  ╒  ╒   ё   є   ╔   і   ї  ╗  ╗   ╘  ╙  ╙   ╚   ╛   ґ   ў  ╞  ╞  ╟   ╠   ╡   Ё   Є   Щ   ╣   І   Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©   ю   а   б   ц   д   е   ф   г ,х и йк л ,м н ,м о ,п я ,р с ,р т ,х у ,х ж ,х в ,ь ы ,ь з ,шэ ,ш щ ,ш ч ,шъ ,ш Ю ,ш А ,ш Б ,ш Ц ,ш Д ,ш Е ,ш Ф ,ш Г йХИ йХ Й йХ К ,ЛМ ,Л Н ,Л О ,Л П ,Л Я ,Л Р ,Л С ,Л Т ,Л У ,Л Ж ,Л В ,Л Ь ,Л Ы ,Л З ,Л Ш ,Л Э ,Л Щ ,Л Ч ,Л Ъ ,ь─ ,ь │ ,ь ┌ ,ь ┐ ,ь└ ,ь ┘ ,ь ├ ,ь ┤ ,ь ┬ ,ь ┴ ,ь ┼ ,ь ▀ ,х▄ ,х █ ,х ▌ ,х ▐ ,х░ ,х ▒ ,х ▓ ,⌠■ ,⌠ ∙ ,⌠ √ ,⌠ ≈ ,⌠ ≤ ,⌠ ≥ ,⌠   ,⌠ ⌡ йХ° йХ ² йХ · йХ ÷ йХ ═ йХ ║ йХ ╒ йХ ё ,є╔ ,є і ,є ї ,ь╗ ,ь ╘ ,Л╙ ,Л ╚ ,Л ╛ ,Л ґ ,Л ў ,Л ╞ ,Л ╟ ,Л ╠ ,Л ╡ ,Л Ё ,Л Є ,Л ╣ ,Л І ,Л Ї ,Л ╦ ,ь╧ ,ь ╨ ,ь ╩ ,ь ╪ ,ь Ґ ,ь Ў ,©ю ,© а ,© б ,© ц ,де ,д ф ,хг ,х х ,х и ,х й ,х к ,лм ,л н ,л о ,л п ,л я ,л р ,л с ,л т ,л у ,л ж ,л ґ ,л в ,л ь ,ыз ,ы ш ,ы э ,ы щ ,ы ч ,хъ ,х Ю ,хА ,х Б ,х Ц ,х Д йЕФ йЕГ йЕХ ,хИ йЕЙ йЕК йЕЛ йЕМ НОП ,ЯР ,ЯС ,ЯТ йЕУ йЕЖ йЕВ йЕЬ ,ьЫ йЕЗ йЕШ ,ЭЩ ,ЭЧ ,ЭЪ йХ ─ йХ │ йХ ┌ ,┐ └ ,┐ ┘ ,┐ ├ ,х ┤ ,х ┬ ,х ┴ ,х ┼ ,х ▀ ,х ▄ ,х █ ,х ▌ ,⌠ ▐ ,р ░ ,р ▒ ,▓ ⌠ ,■ ∙ ,м √ ,м ≈ ,м ≤ ,м ≥ ,м   ,м ⌡ ,м ╞ ,м ° ,м ² ,м · ,м ÷ ,м ═ ,м ║ ,м ╒ ,м ё ,м є ,м ╔ ,м і ,м ї ,м ╗ ,м ╘ ,м ╙ ,м ╚ ,© ╛ ,© ґ ,© ў ,© ╞ ,©╟ ,ь ╠ ,ь ╡ ,ь Ё ,ь Є ,ь ╣ ,ь І ,Ї╦ ,є ╧ ,є ╨ ,Э ╩ ,╪ Ґ ,Ў © ,Ў ю ,Ў а ,Ў б ,л ц ,л д ,л е ,л ф ,л г ,л х ,л и ,л й ,к л ,км ,но ,к п ,п я ,п р ,п с ,п т ,п у ,п ж ,п в ,п ь ,п ы ,п з ,п ш ,п э ,л щ ,╪ ч ,м ъ ,м Ю ,м А ,м Б  Ц   Д  Е  Ф  Г   Х   И  Й  К  Л  Л  М  Н  О  П   Я   Р   С   Т  У  Ж  В  Ь   Ы   З   Ш   Э   Щ  Ч йк Ъ  ─   │   ┌ ,н ┐ ,└┘  	 ├  	 ┤ ┬┴┼  ▀   ▄   █   ▌   ▐   ░   ▒    ▓    ⌠    ■    ∙   √   ≈   ≤   ≥       ⌡   °   ²   ·   ÷   ═   ║   ╙   ╒    ё    є  ) ╔  +і   ї   ╗ ╘╙ ╚ ╘╙╛   ґ  ў  ╞  ╟  ╠   ╡   Ё  Є   ╣  І   Ї ,╦ ╧   ╨   ╩   ╪   Ґ   Ў   ©   ю   а   Ё   б   ц   д   е   фг/hackage-security-0.6.2.3-KZFpmk1iqCdKoyTKr7eMpfHackage.Security.TrustedHackage.Security.Util.PathHackage.Security.Client.VerifyHackage.Security.Util.PrettyHackage.Security.Util.SomeHackage.Security.Util.CheckedHackage.Security.ServerHackage.Security.Client.FormatsText.JSON.CanonicalHackage.Security.JSONHackage.Security.Key.EnvHackage.Security.TUF.FileMap"Hackage.Security.Client.Repository*Hackage.Security.Client.Repository.HttpLib(Hackage.Security.Client.Repository.Cache)Hackage.Security.Client.Repository.Remote(Hackage.Security.Client.Repository.LocalHackage.Security.Client	MyPrelude#Hackage.Security.Util.TypedEmbeddedHackage.Security.Util.StackHackage.Security.Util.LensHackage.Security.Util.IOHackage.Security.Util.ExitHackage.Security.TUF.Paths Hackage.Security.TUF.Layout.Repo!Hackage.Security.TUF.Layout.CacheHackage.Security.Util.JSONHackage.Security.Util.Base64Hackage.Security.KeyHackage.Security.TUF.SignedHackage.Security.TUF.PatternsHackage.Security.TUF.HeaderHackage.Security.TUF.MirrorsHackage.Security.TUF.CommonHackage.Security.TUF.FileInfoHackage.Security.TUF.TimestampHackage.Security.TUF.Targets!Hackage.Security.TUF.Layout.IndexHackage.Security.TUF.SnapshotHackage.Security.TUF.RootHackage.Security.TUFHackage.Security.Trusted.TCBbaseGHC.StaticPtr	StaticPtrGHC.IO.Handle.TypesHandleControl.Monad.IO.ClassliftIOGHC.IO.HandlehSetBufferinghSeek	hFileSizehCloseNoBufferingLineBufferingBlockBuffering
BufferModeGHC.IO.DeviceSeekFromEndRelativeSeekAbsoluteSeekSeekModeGHC.IO.IOMode	WriteModeReadWriteModeReadMode
AppendModeIOModePrettypretty
SomePretty
somePretty
DictPrettySomeShowsomeShowDictShowSomeEqsomeEqDictEqSometypecheckSome$fEqSome
$fShowSome$fPrettySomeWebTarFsPathFsRoottoAbsoluteFilePathHomeDirAbsoluteRelativeUnrootedPathcastRoottakeDirectorytakeFileName<.>splitExtensiontakeExtension</>rootPath
unrootPathtoUnrootedFilePathfromUnrootedFilePathfragmentjoinFragmentssplitFragmentsisPathPrefixOf
toFilePathfromFilePathmakeAbsolutefromAbsoluteFilePathwithFileopenTempFile'readLazyByteStringreadStrictByteStringwriteLazyByteStringwriteStrictByteStringcopyFilecreateDirectorycreateDirectoryIfMissingremoveDirectorydoesFileExistdoesDirectoryExistgetModificationTime
removeFilegetTemporaryDirectorygetDirectoryContentsgetRecursiveContents
renameFilegetCurrentDirectorytarIndexLookup	tarAppend	toURIPathfromURIPathuriPathmodifyUriPath$fPrettyPath$fPrettyPath0$fPrettyPath1$fPrettyPath2$fFsRootHomeDir$fFsRootAbsolute$fFsRootRelative$fPrettyPath3
$fShowPath$fEqPath	$fOrdPathThrowsunthrowthrowCheckedcatchCheckedhandleChecked
tryCheckedcheckIOthrowUncheckedinternalError$fExceptionSyncException$fThrowsCatch$fShowSyncException	CachePath	CacheRoot	IndexPath	IndexRootRepoPathRepoRootanchorRepoPathLocallyanchorRepoPathRemotelyanchorCachePath
RepoLayoutrepoLayoutRootrepoLayoutTimestamprepoLayoutSnapshotrepoLayoutMirrorsrepoLayoutIndexTarGzrepoLayoutIndexTarrepoLayoutPkgTarGzhackageRepoLayoutcabalLocalRepoLayoutCacheLayoutcacheLayoutRootcacheLayoutTimestampcacheLayoutSnapshotcacheLayoutMirrorscacheLayoutIndexTarcacheLayoutIndexIdxcacheLayoutIndexTarGzcabalCacheLayoutVerify	runVerifyacquire
ifVerifiedopenTempFile$fFunctorVerify$fApplicativeVerify$fMonadVerify$fMonadIOVerify	HasFormatHFZHFSFormatsFsNoneFsUnFsGzFsUnGzFormatFUnFGzFormatGzFormatUnhasFormatAbsurdhasFormatGet
formatsMapformatsMemberformatsLookup$fUnifyFormat$fFunctorFormats$fShowHasFormat$fEqHasFormat$fShowFormats$fEqFormats
$fEqFormat$fShowFormatInt54JSValueJSNullJSBoolJSNumJSStringJSArrayJSObjectrenderCanonicalJSONparseCanonicalJSONprettyCanonicalJSON$fReadInt54$fShowInt54$fBoundedInt54$fShowJSValue$fReadJSValue$fEqJSValue$fOrdJSValue$fEnumInt54	$fEqInt54$fIntegralInt54$fDataInt54
$fNumInt54
$fOrdInt54$fRealInt54	$fIxInt54$fFiniteBitsInt54$fBitsInt54$fStorableInt54$fPrintfArgInt54GotExpectedReportSchemaErrorsexpectedFromObjectKeyfromObjectKeyToObjectKeytoObjectKeyFromJSONfromJSONToJSONtoJSON	expected'fromJSObjectfromJSFieldfromJSOptFieldmkObjectHasKeyIdkeyIdKeyIdkeyIdStringKeyTypeKeyTypeEd25519
PrivateKeyPrivateKeyEd25519	PublicKeyPublicKeyEd25519Key
KeyEd25519Ed25519	publicKey
privateKeysomePublicKeysomePublicKeyType	someKeyId	createKey
createKey'signverifyKeyEnv	keyEnvMapfromPublicKeysfromKeysemptynullinsertlookupunion$fFromJSONmKeyEnv$fToJSONmKeyEnv$fShowKeyEnv	WriteJSONReadJSON_NoKeys_NoLayoutReadJSON_Keys_NoLayoutReadJSON_Keys_Layout	MonadKeys	localKeysaskKeysDeserializationErrorDeserializationErrorMalformedDeserializationErrorSchemaDeserializationErrorUnknownKeyDeserializationErrorValidationDeserializationErrorFileTypevalidate
verifyTypereadKeyAsIdaddKeyswithKeys	lookupKeyrunReadJSON_Keys_LayoutrunReadJSON_Keys_NoLayoutrunReadJSON_NoKeys_NoLayoutparseJSON_Keys_LayoutparseJSON_Keys_NoLayoutparseJSON_NoKeys_NoLayoutreadJSON_Keys_LayoutreadJSON_Keys_NoLayoutreadJSON_NoKeys_NoLayoutrunWriteJSON
renderJSONrenderJSON_NoLayout	writeJSONwriteJSON_NoLayoutwriteKeyAsId$fPrettyDeserializationError$fExceptionDeserializationError$fMonadKeysReadJSON_Keys_Layout+$fMonadReaderRepoLayoutReadJSON_Keys_Layout($fReportSchemaErrorsReadJSON_Keys_Layout!$fMonadKeysReadJSON_Keys_NoLayout*$fReportSchemaErrorsReadJSON_Keys_NoLayout,$fReportSchemaErrorsReadJSON_NoKeys_NoLayout$fFunctorWriteJSON$fApplicativeWriteJSON$fMonadWriteJSON $fMonadReaderRepoLayoutWriteJSON!$fFunctorReadJSON_NoKeys_NoLayout%$fApplicativeReadJSON_NoKeys_NoLayout$fMonadReadJSON_NoKeys_NoLayout8$fMonadErrorDeserializationErrorReadJSON_NoKeys_NoLayout$fFunctorReadJSON_Keys_NoLayout#$fApplicativeReadJSON_Keys_NoLayout$fMonadReadJSON_Keys_NoLayout6$fMonadErrorDeserializationErrorReadJSON_Keys_NoLayout$fFunctorReadJSON_Keys_Layout!$fApplicativeReadJSON_Keys_Layout$fMonadReadJSON_Keys_Layout4$fMonadErrorDeserializationErrorReadJSON_Keys_Layout$fShowDeserializationErrorPreSignaturepresignaturepresigMethodpresigKeyIdUninterpretedSignaturesuninterpretedSigneduninterpretedSignatures	Signature	signaturesignatureKey
SignaturesSignedsigned
signaturesunsignedwithSignatureswithSignatures'signRenderedverifySignaturesignedFromJSONverifySignaturesfromPreSignaturetoPreSignaturefromPreSignaturestoPreSignatures
DelegationHeaderheaderExpiresheaderVersionFileExpiresFileVersion	HasHeaderfileExpiresfileVersionexpiresNeverexpiresInDays	isExpiredversionInitialversionIncrementMirrorDescriptionMirrorContent
MirrorFullMirrormirrorUrlBasemirrorContentMirrorsmirrorsVersionmirrorsExpiresmirrorsMirrorsdescribeMirrorHashKeyThreshold
FileLength
fileLengthFileInfofileInfoLengthfileInfoHashesHashFnHashFnSHA256	HashFnMD5fileInfocomputeFileInfocompareTrustedFileInfoknownFileInfoEqualfileInfoSHA256
FileChangeFileChangedFileDeleted
TargetPathTargetPathRepoTargetPathIndexFileMap!fromListfileMapChanges$fFromObjectKeymTargetPath$fToObjectKeymTargetPath$fPrettyTargetPath$fFromJSONmFileMap$fToJSONmFileMap$fShowFileChange$fShowFileMap$fShowTargetPath$fEqTargetPath$fOrdTargetPath	TimestamptimestampVersiontimestampExpirestimestampInfoSnapshotDelegationSpecdelegationSpecKeysdelegationSpecThreshold
delegationDelegationsdelegationsKeysdelegationsRolesTargetstargetsVersiontargetsExpirestargetsTargetstargetsDelegationstargetsLookup	IndexFileIndexPkgMetadataIndexPkgCabalIndexPkgPrefsIndexLayoutindexFileToPathindexFileFromPathhackageIndexLayoutindexLayoutPkgMetadataindexLayoutPkgCabalindexLayoutPkgPrefsSnapshotsnapshotVersionsnapshotExpiressnapshotInfoRootsnapshotInfoMirrorssnapshotInfoTarGzsnapshotInfoTarRoleSpecroleSpecKeysroleSpecThreshold	RootRolesrootRolesRootrootRolesSnapshotrootRolesTargetsrootRolesTimestamprootRolesMirrorsRootrootVersionrootExpiresrootKeys	rootRolesVerificationHistoryRootUpdatedVerificationErrorVerificationErrorSignaturesVerificationErrorExpiredVerificationErrorVersionVerificationErrorFileInfoVerificationErrorUnknownTargetVerificationErrorMissingSHA256 VerificationErrorDeserializationVerificationErrorLoopSignaturesVerifiedsignaturesVerifiedTrustedtrustedtrustStatictrustVerified
trustApply
trustElemsverifyRole'verifyFingerprints
VerifyRole
verifyRole<$$>trustedFileInfoEqual$fVerifyRoleMirrors$fVerifyRoleSnapshot$fVerifyRoleTimestamp$fVerifyRoleRootIsCachedCacheAs	DontCache
CacheIndexSomeRemoteErrorDownloadedFiledownloadedVerifydownloadedReaddownloadedCopyToUpdateFailureUpdateImpossibleUnsupportedUpdateImpossibleNoLocalCopyUpdateFailedTwiceUpdateFailed
LogMessageLogRootUpdatedLogVerificationErrorLogDownloadingLogUpdatingLogSelectedMirrorLogCannotUpdateLogMirrorFailedLogLockWaitLogLockWaitDone	LogUnlock	AttemptNr
RepositoryrepGetRemoterepGetCachedrepGetCachedRootrepClearCacherepWithIndexrepGetIndexIdxrepLockCacherepWithMirrorrepLog	repLayoutrepIndexLayoutrepDescription
CachedFileCachedTimestamp
CachedRootCachedSnapshotCachedMirrors
RemoteFileRemoteTimestamp
RemoteRootRemoteSnapshotRemoteMirrorsRemoteIndexRemotePkgTarGzBinaryMetadataremoteFileDefaultFormatremoteFileDefaultInfomirrorsUnsupportedremoteRepoPathremoteRepoPath'	mustCache$fPrettyRemoteFile$fPrettyCachedFile$fPrettyUpdateFailure$fPrettyLogMessage$fPrettySomeRemoteError$fExceptionSomeRemoteError$fShowRepository$fEqAttemptNr$fOrdAttemptNr$fNumAttemptNr$fEqCachedFile$fOrdCachedFile$fShowCachedFile$fShowIsCached$fEqIsCached$fShowSomeRemoteError$fShowRemoteFile
BodyReaderProxyConfigProxyConfigNoneProxyConfigUseProxyConfigAutoHttpResponseHeaderHttpResponseAcceptRangesBytes
HttpStatusHttpStatus200OKHttpStatus206PartialContentHttpRequestHeaderHttpRequestMaxAge0HttpRequestNoTransformHttpLibhttpGethttpGetRangebodyReaderFromBS$fEqHttpResponseHeader$fOrdHttpResponseHeader$fShowHttpResponseHeader$fEqHttpRequestHeader$fOrdHttpRequestHeader$fShowHttpRequestHeaderCache	cacheRootcacheLayoutcacheRemoteFile	getCachedgetCachedIndexgetCachedRootgetIndexIdx	withIndex
clearCache	lockCachelockCacheWithLogger
RemoteTempRepoOptsrepoAllowAdditionalMirrorsFileSizeFileSizeExactFileSizeBoundfileSizeWithinBoundsdefaultRepoOptswithRepository$fExceptionFileTooLarge$fPrettyFileTooLarge$fDownloadedFileRemoteTemp$fPrettyRemoteTemp$fShowFileSize$fShowFileTooLarge	LocalFile	LocalRepo$fDownloadedFileLocalFileInvalidFileInIndexinvalidFileInIndexinvalidFileInIndexRawinvalidFileInIndexErrorLocalFileCorruptedInvalidPackageExceptionIndexCallbacksindexLookupEntryindexLookupFileindexLookupFileEntryindexLookupCabalindexLookupMetadataindexLookupFileInfoindexLookupHashindexDirectory
IndexEntryindexEntryPathindexEntryPathParsedindexEntryContentindexEntryContentParsedindexEntryTimeDirectoryEntrydirectoryEntryBlockNo	DirectorydirectoryFirstdirectoryNextdirectoryLookupdirectoryEntries
HasUpdates	NoUpdatescheckForUpdatesdownloadPackagedownloadPackage'getDirectoryrequiresBootstrap	bootstrapuncheckClientErrors$fReadDirectoryEntry$fShowDirectoryEntry$fPrettyInvalidPackageException"$fExceptionInvalidPackageException$fPrettyLocalFileCorrupted$fExceptionLocalFileCorrupted$fPrettyInvalidFileInIndex$fExceptionInvalidFileInIndex$fEqDirectoryEntry$fOrdDirectoryEntry$fShowHasUpdates$fEqHasUpdates$fOrdHasUpdates$fShowInvalidFileInIndex$fShowLocalFileCorrupted$fShowInvalidPackageExceptionGHC.Base++ghc-primGHC.PrimseqGHC.Listfilterzip	System.IOprint
Data.Tuplefstsnd	otherwisemap$GHC.RealfromIntegral
realToFracGHC.EnumBoundedminBoundmaxBoundEnumfromEnumpredsucctoEnumenumFromThenTo
enumFromToenumFromenumFromThenGHC.ClassesEq==/=	GHC.FloatFloating**acosacoshasinasinhatanatanhcoscoshexploglogBasepisinsinhsqrttanhtan
Fractional/fromRationalrecipIntegraldivdivModmodquotquotRem	toIntegerremMonadreturn>>=>>Functorfmap<$GHC.NumNum*+abssignumnegatefromInteger-Ordminmaxcompare><=>=<GHC.ReadRead	readsPrecreadListReal
toRational	RealFloatatan2decodeFloatencodeFloatexponentfloatDigits
floatRadix
floatRangeisDenormalizedisIEEE
isInfiniteisNaNisNegativeZerosignificand
scaleFloatRealFracceilingfloorproperFractiontruncateroundGHC.ShowShowshow	showsPrecshowListControl.Monad.Fail	MonadFailfailApplicative<**><*>pureData.FoldableFoldablefoldl1foldr1elemfoldMapfoldlfoldrlengthmaximumminimumsumproductData.TraversableTraversablesequencemapMtraverse	sequenceA	Semigroup<>Monoidmconcatmemptymappend	GHC.TypesBoolFalseTrueStringCharDoubleFloatInt
ghc-bignumGHC.Num.IntegerInteger	GHC.MaybeMaybeNothingJustOrderingGTLTEQRationalIOWordData.EitherEitherLeftRight||not&&GHC.ErrerrorerrorWithoutStackTrace	undefined$!.=<<asTypeOfconstflipiduntilsubtractcurryuncurryData.Functor<$>
Data.Maybemaybe!!breakcycledrop	dropWhileiteraterepeat	replicatereversescanlscanl1scanrscanr1spansplitAttake	takeWhileunzipunzip3zip3zipWithzipWith3showChar	showParen
showStringshowsShowS^^^evengcdlcmoddText.ParserCombinators.ReadPReadSlex	readPareneither	Text.ReadreadsData.OldListlinesunlinesunwordswordsallandanyconcat	concatMapnotElemor	sequence_GHC.IO.Exception	userErrorIOErrorGHC.IOFilePathioError
appendFilegetChargetContentsgetLineinteractputCharputStrputStrLnreadFilereadIOreadLn	writeFilemapM_readtaillastinitheadAsTypetypeOfTypedUnify:=:asTypeunifyTypeOfRefl:-
Traversal'	TraversalLens'LensgetoversetwithDirLockWithDirLockEventWithDirLockEventPreWithDirLockEventPostWithDirLockEventUnlockgetFileSizehandleDoesNotExisttimedIOmultipleExitPointsexitWrapcoerceSyncExceptionisAsync	catchSynccatchGHC.Bits
FiniteBitsp_number
punctuate'containers-0.6.5.1Data.Map.InternalMapBase64fromByteStringtoByteStringcheckKeyEnvInvariantPatternTypeReplacementPatternidentityReplacementparsePatternparseReplacementqqdRepFileConst
RepFileExt
RepFileAnyRepDirConst	RepDirAnyPatFileConst
PatFileExt
PatFileAnyPatDirConst	PatDirAnyBaseName	ExtensionFileNamematchDelegationparseDelegation$fFromJSONmSignedDeclareTrustedrebuildTarIndex
addEntries"tar-0.5.1.1-1hFLSnQnFT3Fhn8GEZhmOiCodec.Archive.Tar.IndexbuildIndexBuilder	deltaSeekRemoteConfigFileTooLargeDownloadMethodSelectedMirror
withMirror	getRemoteServerCapabilities_serverAcceptRangesBytesServerCapabilitiesgetSelectedMirrorControl.Concurrent.MVarwithMVarhttpRequestHeadersgetFileexecBodyReaderremoteFileSizefileSizeBoundTimestampfileSizeBoundRooturiTemplateverifyRemoteFile
updateRootgetCachedInfo
getRemote'trustLocalFileverifyFileInfo'