The hackage security library provides both server and
client utilities for securing the Hackage package server
(https://hackage.haskell.org/). It is based on The Update
Framework (https://theupdateframework.com/), a set of
recommendations developed by security researchers at
various universities in the US as well as developers on the
Tor project (https://www.torproject.org/).
The current implementation supports only index signing,
thereby enabling untrusted mirrors. It does not yet provide
facilities for author package signing.
The library has two main entry points:
Hackage.Security.Client is the main entry point for
clients (the typical example being cabal), and
Hackage.Security.Server is the main entry point for
servers (the typical example being hackage-server).
Code maintenance: address warning star-is-type, unused-record-wildcards etc.
(PR #306).
Tested with GHC 8.4 - 9.8.
0.6.2.4
Allow tar-0.6
Drop support for GHC < 7.8 in favor of PatternSynonyms
Drop flags base48, mtl21, old-directory and support for GHC 7.8, mtl < 2.2 and directory < 1.2
Tested with GHC 7.10 - 9.8
0.6.2.3
Bump base for GHC 9.4 comp
Fix code to really support mtl-2.3
0.6.2.2
Fix broken compilation of test-suite with Cabal-syntax-3.8.1.0 on Hackage
Huge README updates
0.6.2.1
Allow GHC-9.0 (base-4.15) (#265)
Fix running cabal repl hackage-security (#263)
0.6.2.0
Safely prepare for when cabal factors out Cabal-syntax
0.6.1.0
Support basic auth in package-indices (#252)
Fix tests due to new aeson handling of unescaped control sequences (#256)
Bump a lot of bounds on packages we depend on
0.6.0.1
Fix bug in non-default -lukko build-configuration (#242)
Add support for template-haskell-2.16.0.0 (#240)
0.6.0.0
Remove Hackage.Security.TUF.FileMap.lookupM
Don’t expose Hackage.Security.Util.IO module
Don’t expose Hackage.Security.Util.Lens module
Report missing keys in .meta objects more appropriately as
ReportSchemaErrors(expected) instead of via Monad(fail)
Add support for GHC 8.8 / base-4.13
Use lukko for file-locking
Extend LogMessage to signal events for cache lock acquiring and release
New lockCacheWithLogger operation
0.5.3.0
Use flock(2)-based locking where available
(compat-shim taken from cabal-install’s code-base) (#207)
Improve handling of async exceptions (#187)
Detect & recover from local corruption of uncompressed index tarball (#196)
Support base-4.11
0.5.2.2
Fix client in case where server provides MD5 hashes
(ignore them, use only SHA256)
Fix warnings with GHC 8
0.5.2.1
Fix accidental breakage with GHC 8
0.5.2.0
Change path handling to work on Windows (#162).
Add new MD5 hash type (#163). This is not for security (only SHA256 is
used for verification) but to provide as metadata to help with other
services like mirroring (e.g. HTTP & S3 use MD5 checksum headers).
Adjust reading of JSON maps to ignore unknown keys. This allows adding
e.g. new hash types in future without breaking existing clients.
Fix build warnings on GHC 8
0.5.1.0
Fix for other local programs corrputing the 00-index.tar. Detect it
and do a full rewrite rather than incremental append.
New JSON pretty-printer (not canonical rendering)
Round-trip tests for Canonical JSON parser and printers
Minor fix for Canonical JSON parser
Switch from cryptohash to cryptohash-sha256 to avoid new dependencies
0.5.0.2
Use tar 0.5.0
Relax lower bound on directory
0.5.0.1
Relaxed dependency bounds
0.5.0.0
Treat deserialization errors as verification errors (#108, #75)
Avoid Content-Length: 0 in GET requests (#103)
Fix bug in Trusted
Build tar-index incrementally (#22)
Generalize ‘Repository’ over the representation of downloaded remote files.
Update index incrementally by downloading delta of .tar.gz and writing only
tail of local .tar file (#101). Content compression no longer used.
Take a lock on the cache directory before updating it, and no longer use
atomic file ops (pointless since we now update some files incrementally)
Code refactoring/simplification.
Support for ed25519 >= 0.0.4
downloadPackage no longer takes a callback.
API for accessing the Hackage index contents changed; it should now be
easier for clients to do their own incremental updates should they wish
to do so.
Relies on tar >= 0.4.4
Removed obsolete option for downloading the compressed index (we now always
download the compressed index)
Path module now works on Windows (#118)
Dropped support for ghc 7.2
Replaced uses of Int with Int54, to make sure canonical JSON really is
canonical (#141).
0.4.0.0
Allow clients to pass in their own time for expiry verification
(this is an API change hence the major version bump)
Export .Client.Formats (necessary to define new Repositories)
Start work on basic test framework
0.3.0.0
Don’t use compression for range requests (#101)
Download index.tar.gz, not index.tar, if range request fails (#99)
Minor change in the LogMessage type (hence the API version bumb)
Include ChangeLog.md in the tarball (#98)
0.2.0.0
Allow for network-2.5 (rather than network-uri-2.6)
Use cryptohash rather than SHA
Various bugfixes
API change: introduce RepoOpts in the Remote repository