BSD-3-Clause licensed by Edsko de Vries
Maintained by

Module documentation for

There are no documented modules for this package.

The hackage security library provides both server and client utilities for securing the Hackage package server ( It is based on The Update Framework (, a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (

The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.

The library has two main entry points: Hackage.Security.Client is the main entry point for clients (the typical example being cabal), and Hackage.Security.Server is the main entry point for servers (the typical example being hackage-server).


  • Use flock(2)-based locking where available (compat-shim taken from cabal-install’s code-base) (#207)
  • Improve handling of async exceptions (#187)
  • Detect & recover from local corruption of uncompressed index tarball (#196)
  • Support base-4.11

  • Fix client in case where server provides MD5 hashes (ignore them, use only SHA256)
  • Fix warnings with GHC 8

  • Fix accidental breakage with GHC 8

  • Change path handling to work on Windows (#162).
  • Add new MD5 hash type (#163). This is not for security (only SHA256 is used for verification) but to provide as metadata to help with other services like mirroring (e.g. HTTP & S3 use MD5 checksum headers).
  • Adjust reading of JSON maps to ignore unknown keys. This allows adding e.g. new hash types in future without breaking existing clients.
  • Fix build warnings on GHC 8

  • Fix for other local programs corrputing the 00-index.tar. Detect it and do a full rewrite rather than incremental append.
  • New JSON pretty-printer (not canonical rendering)
  • Round-trip tests for Canonical JSON parser and printers
  • Minor fix for Canonical JSON parser
  • Switch from cryptohash to cryptohash-sha256 to avoid new dependencies

  • Use tar 0.5.0
  • Relax lower bound on directory

  • Relaxed dependency bounds

  • Treat deserialization errors as verification errors (#108, #75)
  • Avoid Content-Length: 0 in GET requests (#103)
  • Fix bug in Trusted
  • Build tar-index incrementally (#22)
  • Generalize ‘Repository’ over the representation of downloaded remote files.
  • Update index incrementally by downloading delta of .tar.gz and writing only tail of local .tar file (#101). Content compression no longer used.
  • Take a lock on the cache directory before updating it, and no longer use atomic file ops (pointless since we now update some files incrementally)
  • Code refactoring/simplification.
  • Support for ed25519 >= 0.0.4
  • downloadPackage no longer takes a callback.
  • API for accessing the Hackage index contents changed; it should now be easier for clients to do their own incremental updates should they wish to do so.
  • Relies on tar >= 0.4.4
  • Removed obsolete option for downloading the compressed index (we now always download the compressed index)
  • Path module now works on Windows (#118)
  • Dropped support for ghc 7.2
  • Replaced uses of Int with Int54, to make sure canonical JSON really is canonical (#141).

  • Allow clients to pass in their own time for expiry verification (this is an API change hence the major version bump)
  • Export .Client.Formats (necessary to define new Repositories)
  • Start work on basic test framework

  • Don’t use compression for range requests (#101)
  • Download index.tar.gz, not index.tar, if range request fails (#99)
  • Minor change in the LogMessage type (hence the API version bumb)
  • Include in the tarball (#98)

  • Allow for network-2.5 (rather than network-uri-2.6)
  • Use cryptohash rather than SHA
  • Various bugfixes
  • API change: introduce RepoOpts in the Remote repository

  • Initial beta release
comments powered byDisqus