Hackage :: [Package]

hackage-security: Hackage security library

[ bsd3, distribution, library ] [ Propose Tags ] [ Report a vulnerability ]

The hackage security library provides both server and client utilities for securing the Hackage package server (https://hackage.haskell.org/). It is based on The Update Framework (https://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/).

The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.

The library has two main entry points: Hackage.Security.Client is the main entry point for clients (the typical example being cabal), and Hackage.Security.Server is the main entry point for servers (the typical example being hackage-server).

Modules

[Last Documentation]

  • Hackage
    • Security
      • Hackage.Security.Client
        • Hackage.Security.Client.Formats
        • Hackage.Security.Client.Repository
          • Hackage.Security.Client.Repository.Cache
          • Hackage.Security.Client.Repository.HttpLib
          • Hackage.Security.Client.Repository.Local
          • Hackage.Security.Client.Repository.Remote
        • Hackage.Security.Client.Verify
      • Hackage.Security.JSON
      • Key
        • Hackage.Security.Key.Env
      • Hackage.Security.Server
      • TUF
        • Hackage.Security.TUF.FileMap
      • Hackage.Security.Trusted
      • Util
        • Hackage.Security.Util.Checked
        • Hackage.Security.Util.Path
        • Hackage.Security.Util.Pretty
        • Hackage.Security.Util.Some
  • Text
    • JSON
      • Text.JSON.Canonical

Flags

Automatic Flags
NameDescriptionDefault
cabal-syntax

Are we using Cabal-syntax?

Disabled
lukko

Use lukko for file-locking, otherwise use GHC.IO.Handle.Lock

Disabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Versions [RSS] 0.1.0.0, 0.2.0.0, 0.3.0.0, 0.5.0.0, 0.5.0.1, 0.5.0.2, 0.5.1.0, 0.5.2.0, 0.5.2.1, 0.5.2.2, 0.5.3.0, 0.6.0.0, 0.6.0.1, 0.6.1.0, 0.6.2.0, 0.6.2.1, 0.6.2.2, 0.6.2.3, 0.6.2.4, 0.6.2.5, 0.6.2.6, 0.6.3.0
Change log ChangeLog.md
Dependencies base (>=4.11 && <4.22), base16-bytestring (>=0.1.1 && <1.1), base64-bytestring (>=1.0 && <1.3), bytestring (>=0.10.8.2 && <0.13), Cabal (>=2.2.0.1 && <2.6 || >=3.0 && <3.7), Cabal-syntax (<3.16), containers (>=0.5.11 && <0.8), cryptohash-sha256 (>=0.11 && <0.12), directory (>=1.3.1.5 && <1.4), ed25519 (>=0.0 && <0.1), filepath (>=1.4.2 && <1.6), ghc-prim (>=0.5.2 && <0.14), lukko (>=0.1 && <0.2), mtl (>=2.2.2 && <2.4), network (>=2.6 && <3.3), network-uri (>=2.6 && <2.7), parsec (>=3.1.13 && <3.2), pretty (>=1.0 && <1.2), tar (>=0.5 && <0.7), template-haskell (>=2.13 && <2.24), time (>=1.8.0.2 && <1.15), transformers (>=0.3 && <0.7), zlib (>=0.5 && <0.8) [details]
Tested with ghc ==9.12.2, ghc ==9.10.1, ghc ==9.8.4, ghc ==9.6.7, ghc ==9.4.8, ghc ==9.2.8, ghc ==9.0.2, ghc ==8.10.7, ghc ==8.8.4, ghc ==8.6.5, ghc ==8.4.4
License BSD-3-Clause
Copyright Copyright 2015-2022 Well-Typed LLP
Author Edsko de Vries
Maintainer [email protected]
Category Distribution
Home page https://github.com/haskell/hackage-security
Bug tracker https://github.com/haskell/hackage-security/issues
Source repo head: git clone https://github.com/haskell/hackage-security.git
Uploaded by AndreasAbel at 2025-05-05T13:10:11Z
Distributions Arch:0.6.2.6, Debian:0.6.0.1, Fedora:0.6.2.4, LTSHaskell:0.6.2.6, NixOS:0.6.2.4, Stackage:0.6.3.0, openSUSE:0.6.2.6
Reverse Dependencies 6 direct, 6 indirect [details]
Downloads 63588 total (40 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
All reported builds failed as of 2025-05-05 [all 2 reports]