The hackage security library provides both server and client utilities for securing the Hackage package server (http://hackage.haskell.org/). It is based on The Update Framework (http://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/).
The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.
The library has two main entry points:
Hackage.Security.Client is the main entry point for
clients (the typical example being
Hackage.Security.Server is the main entry point for
servers (the typical example being
flock(2)-based locking where available (compat-shim taken from
cabal-install’s code-base) (#207)
- Improve handling of async exceptions (#187)
- Detect & recover from local corruption of uncompressed index tarball (#196)
- Fix client in case where server provides MD5 hashes (ignore them, use only SHA256)
- Fix warnings with GHC 8
- Fix accidental breakage with GHC 8
- Change path handling to work on Windows (#162).
- Add new MD5 hash type (#163). This is not for security (only SHA256 is used for verification) but to provide as metadata to help with other services like mirroring (e.g. HTTP & S3 use MD5 checksum headers).
- Adjust reading of JSON maps to ignore unknown keys. This allows adding e.g. new hash types in future without breaking existing clients.
- Fix build warnings on GHC 8
- Fix for other local programs corrputing the 00-index.tar. Detect it and do a full rewrite rather than incremental append.
- New JSON pretty-printer (not canonical rendering)
- Round-trip tests for Canonical JSON parser and printers
- Minor fix for Canonical JSON parser
- Switch from cryptohash to cryptohash-sha256 to avoid new dependencies
- Use tar 0.5.0
- Relax lower bound on directory
- Relaxed dependency bounds
- Treat deserialization errors as verification errors (#108, #75)
Content-Length: 0in GET requests (#103)
- Fix bug in Trusted
- Build tar-index incrementally (#22)
- Generalize ‘Repository’ over the representation of downloaded remote files.
- Update index incrementally by downloading delta of
.tar.gzand writing only tail of local
.tarfile (#101). Content compression no longer used.
- Take a lock on the cache directory before updating it, and no longer use atomic file ops (pointless since we now update some files incrementally)
- Code refactoring/simplification.
- Support for ed25519 >= 0.0.4
downloadPackageno longer takes a callback.
- API for accessing the Hackage index contents changed; it should now be easier for clients to do their own incremental updates should they wish to do so.
- Relies on tar >= 0.4.4
- Removed obsolete option for downloading the compressed index (we now always download the compressed index)
- Path module now works on Windows (#118)
- Dropped support for ghc 7.2
- Replaced uses of Int with Int54, to make sure canonical JSON really is canonical (#141).
- Allow clients to pass in their own time for expiry verification (this is an API change hence the major version bump)
- Export .Client.Formats (necessary to define new Repositories)
- Start work on basic test framework
- Don’t use compression for range requests (#101)
- Download index.tar.gz, not index.tar, if range request fails (#99)
- Minor change in the LogMessage type (hence the API version bumb)
- Include ChangeLog.md in the tarball (#98)
- Allow for network-2.5 (rather than network-uri-2.6)
- Use cryptohash rather than SHA
- Various bugfixes
- API change: introduce RepoOpts in the Remote repository
- Initial beta release