Hello community,
here is the log from the commit of package ghc-hackage-security for
openSUSE:Factory checked in at 2020-09-27 11:49:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-hackage-security (Old)
and /work/SRC/openSUSE:Factory/.ghc-hackage-security.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-hackage-security"
Sun Sep 27 11:49:26 2020 rev:20 rq:837243 version:0.6.0.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/ghc-hackage-security/ghc-hackage-security.changes
2020-09-07 21:30:35.961249546 +0200
+++
/work/SRC/openSUSE:Factory/.ghc-hackage-security.new.4249/ghc-hackage-security.changes
2020-09-27 11:49:28.216023652 +0200
@@ -1,0 +2,6 @@
+Fri Sep 18 02:00:44 UTC 2020 - [email protected]
+
+- Update hackage-security to version 0.6.0.1 revision 4.
+ Upstream has revised the Cabal build instructions on Hackage.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-hackage-security.spec ++++++
--- /var/tmp/diff_new_pack.CoK8FG/_old 2020-09-27 11:49:28.768024246 +0200
+++ /var/tmp/diff_new_pack.CoK8FG/_new 2020-09-27 11:49:28.772024251 +0200
@@ -25,7 +25,7 @@
License: BSD-3-Clause
URL: https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
-Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/3.cabal#/%{pkg_name}.cabal
+Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/4.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-base16-bytestring-devel
BuildRequires: ghc-base64-bytestring-devel
++++++ hackage-security.cabal ++++++
--- /var/tmp/diff_new_pack.CoK8FG/_old 2020-09-27 11:49:28.832024316 +0200
+++ /var/tmp/diff_new_pack.CoK8FG/_new 2020-09-27 11:49:28.832024316 +0200
@@ -1,279 +1,279 @@
-cabal-version: 1.12
-name: hackage-security
-version: 0.6.0.1
-x-revision: 3
-
-synopsis: Hackage security library
-description: The hackage security library provides both server and
- client utilities for securing the Hackage package server
- (<http://hackage.haskell.org/>). It is based on The
Update
- Framework (<http://theupdateframework.com/>), a set of
- recommendations developed by security researchers at
- various universities in the US as well as developers on
the
- Tor project (<https://www.torproject.org/>).
- .
- The current implementation supports only index signing,
- thereby enabling untrusted mirrors. It does not yet
provide
- facilities for author package signing.
- .
- The library has two main entry points:
- "Hackage.Security.Client" is the main entry point for
- clients (the typical example being @cabal@), and
- "Hackage.Security.Server" is the main entry point for
- servers (the typical example being @hackage-server@).
-license: BSD3
-license-file: LICENSE
-author: Edsko de Vries
-maintainer: [email protected]
-copyright: Copyright 2015-2016 Well-Typed LLP
-category: Distribution
-homepage: https://github.com/haskell/hackage-security
-bug-reports: https://github.com/haskell/hackage-security/issues
-build-type: Simple
-tested-with: GHC==8.10.1, GHC==8.8.3, GHC==8.6.5, GHC==8.4.4,
GHC==8.2.2, GHC==8.0.2,
- GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2
-
-
-extra-source-files:
- ChangeLog.md
-
-source-repository head
- type: git
- location: https://github.com/haskell/hackage-security.git
-
-flag base48
- description: Are we using @base@ 4.8 or later?
- manual: False
-
-flag use-network-uri
- description: Are we using @network-uri@?
- manual: False
-
-flag old-directory
- description: Use @directory@ < 1.2 and @old-time@
- manual: False
- default: False
-
-flag mtl21
- description: Use @mtl@ < 2.2 and @mtl-compat@
- manual: False
- default: False
-
-flag lukko
- description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@
- manual: True
- default: True
-
-library
- -- Most functionality is exported through the top-level entry points .Client
- -- and .Server; the other exported modules are intended for qualified
imports.
- exposed-modules: Hackage.Security.Client
- Hackage.Security.Client.Formats
- Hackage.Security.Client.Repository
- Hackage.Security.Client.Repository.Cache
- Hackage.Security.Client.Repository.Local
- Hackage.Security.Client.Repository.Remote
- Hackage.Security.Client.Repository.HttpLib
- Hackage.Security.Client.Verify
- Hackage.Security.JSON
- Hackage.Security.Key.Env
- Hackage.Security.Server
- Hackage.Security.Trusted
- Hackage.Security.TUF.FileMap
- Hackage.Security.Util.Checked
- Hackage.Security.Util.Path
- Hackage.Security.Util.Pretty
- Hackage.Security.Util.Some
- Text.JSON.Canonical
- other-modules: Hackage.Security.Key
- Hackage.Security.Trusted.TCB
- Hackage.Security.TUF
- Hackage.Security.TUF.Common
- Hackage.Security.TUF.FileInfo
- Hackage.Security.TUF.Header
- Hackage.Security.TUF.Layout.Cache
- Hackage.Security.TUF.Layout.Index
- Hackage.Security.TUF.Layout.Repo
- Hackage.Security.TUF.Mirrors
- Hackage.Security.TUF.Paths
- Hackage.Security.TUF.Patterns
- Hackage.Security.TUF.Root
- Hackage.Security.TUF.Signed
- Hackage.Security.TUF.Snapshot
- Hackage.Security.TUF.Targets
- Hackage.Security.TUF.Timestamp
- Hackage.Security.Util.Base64
- Hackage.Security.Util.Exit
- Hackage.Security.Util.IO
- Hackage.Security.Util.JSON
- Hackage.Security.Util.Lens
- Hackage.Security.Util.Stack
- Hackage.Security.Util.TypedEmbedded
- Prelude
- -- We support ghc 7.4 (bundled with Cabal 1.14) and up
- build-depends: base >= 4.5 && < 4.15,
- base16-bytestring >= 0.1.1 && < 0.2,
- base64-bytestring >= 1.0 && < 1.3,
- bytestring >= 0.9 && < 0.11,
- Cabal >= 1.14 && < 1.26
- || >= 2.0 && < 2.6
- || >= 3.0 && < 3.6,
- containers >= 0.4 && < 0.7,
- ed25519 >= 0.0 && < 0.1,
- filepath >= 1.2 && < 1.5,
- parsec >= 3.1 && < 3.2,
- pretty >= 1.0 && < 1.2,
- cryptohash-sha256 >= 0.11 && < 0.12,
- -- 0.4.2 introduces TarIndex, 0.4.4 introduces more
- -- functionality, 0.5.0 changes type of serialise
- tar >= 0.5 && < 0.6,
- template-haskell >= 2.7 && < 2.17,
- time >= 1.2 && < 1.11,
- transformers >= 0.3 && < 0.6,
- zlib >= 0.5 && < 0.7,
- -- whatever versions are bundled with ghc:
- ghc-prim
- if flag(old-directory)
- build-depends: directory >= 1.1.0.2 && < 1.2,
- old-time >= 1 && < 1.2
- else
- build-depends: directory >= 1.2 && < 1.4
-
- if flag(mtl21)
- build-depends: mtl >= 2.1 && < 2.2,
- mtl-compat >= 0.2 && < 0.3
- else
- build-depends: mtl >= 2.2 && < 2.3
-
- if flag(lukko)
- build-depends: lukko >= 0.1 && < 0.2
- else
- build-depends: base >= 4.10
-
- hs-source-dirs: src
- default-language: Haskell2010
- default-extensions: DefaultSignatures
- DeriveDataTypeable
- DeriveFunctor
- FlexibleContexts
- FlexibleInstances
- GADTs
- GeneralizedNewtypeDeriving
- KindSignatures
- MultiParamTypeClasses
- NamedFieldPuns
- NoMonomorphismRestriction
- RankNTypes
- RecordWildCards
- ScopedTypeVariables
- StandaloneDeriving
- TupleSections
- TypeFamilies
- TypeOperators
- ViewPatterns
- other-extensions: BangPatterns
- CPP
- OverlappingInstances
- PackageImports
- UndecidableInstances
-
- -- use the new stage1/cross-compile-friendly DeriveLift extension for GHC
8.0+
- if impl(ghc >= 8.0)
- other-extensions: DeriveLift
- else
- other-extensions: TemplateHaskell
-
- ghc-options: -Wall
-
- if flag(base48)
- build-depends: base >= 4.8
- else
- build-depends: base < 4.8, old-locale == 1.0.*
-
- -- The URI type got split out off the network package after version 2.5, and
- -- moved to a separate network-uri package. Since we don't need the rest of
- -- network here, it would suffice to rely only on network-uri:
- --
- -- > if flag(use-network-uri)
- -- > build-depends: network-uri >= 2.6 && < 2.7
- -- > else
- -- > build-depends: network >= 2.5 && < 2.6
- --
- -- However, if we did the same in hackage-security-HTTP, Cabal would consider
- -- those two flag choices (hackage-security:use-network-uri and
- -- hackage-security-HTTP:use-network-uri) to be completely independent; but
- -- they aren't: if it links hackage-security against network-uri and
- -- hackage-security-HTTP against network, we will get type errors when
- -- hackage-security-HTTP tries to pass a URI to hackage-security.
- --
- -- It might seem we can solve this problem by re-exporting the URI type in
- -- hackage-security and avoid the dependency in hackage-security-HTTP
- -- altogether. However, this merely shifts the problem: hackage-security-HTTP
- -- relies on the HTTP library which--surprise!--makes the same choice between
- -- depending on network or network-uri. Cabal will not notice that we cannot
- -- build hackage-security and hackage-security-HTTP against network-uri but
- -- HTTP against network.
- --
- -- We solve the problem by explicitly relying on network-2.6 when choosing
- -- network-uri. This dependency is redundant, strictly speaking. However, it
- -- serves as a proxy for forcing flag choices: since all packages in a
- -- solution must be linked against the same version of network, having one
- -- version of network in one branch of the conditional and another version of
- -- network in the other branch forces the choice to be consistent throughout.
- -- (Note that the HTTP library does the same thing, though in this case the
- -- dependency in network is not redundant.)
- if flag(use-network-uri)
- build-depends: network-uri >= 2.6 && < 2.7,
- network >= 2.6 && < 2.9
- || >= 3.0 && < 3.2
- else
- build-depends: network >= 2.5 && < 2.6
-
- if impl(ghc >= 7.8)
- other-extensions: RoleAnnotations
-
- if impl(ghc >= 7.10)
- other-extensions: AllowAmbiguousTypes
- StaticPointers
-
-test-suite TestSuite
- type: exitcode-stdio-1.0
- main-is: TestSuite.hs
- other-modules: TestSuite.HttpMem
- TestSuite.InMemCache
- TestSuite.InMemRepo
- TestSuite.InMemRepository
- TestSuite.JSON
- TestSuite.PrivateKeys
- TestSuite.Util.StrictMVar
-
- -- inherited constraints from lib:hackage-security component
- build-depends: hackage-security,
- base,
- Cabal,
- containers,
- bytestring,
- network-uri,
- tar,
- time,
- zlib
-
- -- dependencies exclusive to test-suite
- build-depends: tasty == 1.2.* || == 1.3.*,
- tasty-hunit == 0.10.*,
- tasty-quickcheck == 0.10.*,
- QuickCheck >= 2.11 && <2.15,
- aeson == 1.4.* || == 1.5.*,
- vector == 0.12.*,
- unordered-containers >=0.2.8.0 && <0.3,
- temporary >= 1.2 && < 1.4
-
- hs-source-dirs: tests
- default-language: Haskell2010
- default-extensions: FlexibleContexts
- GADTs
- KindSignatures
- RankNTypes
- RecordWildCards
- ScopedTypeVariables
- ghc-options: -Wall
+cabal-version: 1.12
+name: hackage-security
+version: 0.6.0.1
+x-revision: 4
+
+synopsis: Hackage security library
+description: The hackage security library provides both server and
+ client utilities for securing the Hackage package server
+ (<http://hackage.haskell.org/>). It is based on The
Update
+ Framework (<http://theupdateframework.com/>), a set of
+ recommendations developed by security researchers at
+ various universities in the US as well as developers on
the
+ Tor project (<https://www.torproject.org/>).
+ .
+ The current implementation supports only index signing,
+ thereby enabling untrusted mirrors. It does not yet
provide
+ facilities for author package signing.
+ .
+ The library has two main entry points:
+ "Hackage.Security.Client" is the main entry point for
+ clients (the typical example being @cabal@), and
+ "Hackage.Security.Server" is the main entry point for
+ servers (the typical example being @hackage-server@).
+license: BSD3
+license-file: LICENSE
+author: Edsko de Vries
+maintainer: [email protected]
+copyright: Copyright 2015-2016 Well-Typed LLP
+category: Distribution
+homepage: https://github.com/haskell/hackage-security
+bug-reports: https://github.com/haskell/hackage-security/issues
+build-type: Simple
+tested-with: GHC==8.10.1, GHC==8.8.3, GHC==8.6.5, GHC==8.4.4,
GHC==8.2.2, GHC==8.0.2,
+ GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2
+
+
+extra-source-files:
+ ChangeLog.md
+
+source-repository head
+ type: git
+ location: https://github.com/haskell/hackage-security.git
+
+flag base48
+ description: Are we using @base@ 4.8 or later?
+ manual: False
+
+flag use-network-uri
+ description: Are we using @network-uri@?
+ manual: False
+
+flag old-directory
+ description: Use @directory@ < 1.2 and @old-time@
+ manual: False
+ default: False
+
+flag mtl21
+ description: Use @mtl@ < 2.2 and @mtl-compat@
+ manual: False
+ default: False
+
+flag lukko
+ description: Use @lukko@ for file-locking, otherwise use @GHC.IO.Handle.Lock@
+ manual: True
+ default: True
+
+library
+ -- Most functionality is exported through the top-level entry points .Client
+ -- and .Server; the other exported modules are intended for qualified
imports.
+ exposed-modules: Hackage.Security.Client
+ Hackage.Security.Client.Formats
+ Hackage.Security.Client.Repository
+ Hackage.Security.Client.Repository.Cache
+ Hackage.Security.Client.Repository.Local
+ Hackage.Security.Client.Repository.Remote
+ Hackage.Security.Client.Repository.HttpLib
+ Hackage.Security.Client.Verify
+ Hackage.Security.JSON
+ Hackage.Security.Key.Env
+ Hackage.Security.Server
+ Hackage.Security.Trusted
+ Hackage.Security.TUF.FileMap
+ Hackage.Security.Util.Checked
+ Hackage.Security.Util.Path
+ Hackage.Security.Util.Pretty
+ Hackage.Security.Util.Some
+ Text.JSON.Canonical
+ other-modules: Hackage.Security.Key
+ Hackage.Security.Trusted.TCB
+ Hackage.Security.TUF
+ Hackage.Security.TUF.Common
+ Hackage.Security.TUF.FileInfo
+ Hackage.Security.TUF.Header
+ Hackage.Security.TUF.Layout.Cache
+ Hackage.Security.TUF.Layout.Index
+ Hackage.Security.TUF.Layout.Repo
+ Hackage.Security.TUF.Mirrors
+ Hackage.Security.TUF.Paths
+ Hackage.Security.TUF.Patterns
+ Hackage.Security.TUF.Root
+ Hackage.Security.TUF.Signed
+ Hackage.Security.TUF.Snapshot
+ Hackage.Security.TUF.Targets
+ Hackage.Security.TUF.Timestamp
+ Hackage.Security.Util.Base64
+ Hackage.Security.Util.Exit
+ Hackage.Security.Util.IO
+ Hackage.Security.Util.JSON
+ Hackage.Security.Util.Lens
+ Hackage.Security.Util.Stack
+ Hackage.Security.Util.TypedEmbedded
+ Prelude
+ -- We support ghc 7.4 (bundled with Cabal 1.14) and up
+ build-depends: base >= 4.5 && < 4.15,
+ base16-bytestring >= 0.1.1 && < 1.1,
+ base64-bytestring >= 1.0 && < 1.3,
+ bytestring >= 0.9 && < 0.11,
+ Cabal >= 1.14 && < 1.26
+ || >= 2.0 && < 2.6
+ || >= 3.0 && < 3.6,
+ containers >= 0.4 && < 0.7,
+ ed25519 >= 0.0 && < 0.1,
+ filepath >= 1.2 && < 1.5,
+ parsec >= 3.1 && < 3.2,
+ pretty >= 1.0 && < 1.2,
+ cryptohash-sha256 >= 0.11 && < 0.12,
+ -- 0.4.2 introduces TarIndex, 0.4.4 introduces more
+ -- functionality, 0.5.0 changes type of serialise
+ tar >= 0.5 && < 0.6,
+ template-haskell >= 2.7 && < 2.17,
+ time >= 1.2 && < 1.11,
+ transformers >= 0.3 && < 0.6,
+ zlib >= 0.5 && < 0.7,
+ -- whatever versions are bundled with ghc:
+ ghc-prim
+ if flag(old-directory)
+ build-depends: directory >= 1.1.0.2 && < 1.2,
+ old-time >= 1 && < 1.2
+ else
+ build-depends: directory >= 1.2 && < 1.4
+
+ if flag(mtl21)
+ build-depends: mtl >= 2.1 && < 2.2,
+ mtl-compat >= 0.2 && < 0.3
+ else
+ build-depends: mtl >= 2.2 && < 2.3
+
+ if flag(lukko)
+ build-depends: lukko >= 0.1 && < 0.2
+ else
+ build-depends: base >= 4.10
+
+ hs-source-dirs: src
+ default-language: Haskell2010
+ default-extensions: DefaultSignatures
+ DeriveDataTypeable
+ DeriveFunctor
+ FlexibleContexts
+ FlexibleInstances
+ GADTs
+ GeneralizedNewtypeDeriving
+ KindSignatures
+ MultiParamTypeClasses
+ NamedFieldPuns
+ NoMonomorphismRestriction
+ RankNTypes
+ RecordWildCards
+ ScopedTypeVariables
+ StandaloneDeriving
+ TupleSections
+ TypeFamilies
+ TypeOperators
+ ViewPatterns
+ other-extensions: BangPatterns
+ CPP
+ OverlappingInstances
+ PackageImports
+ UndecidableInstances
+
+ -- use the new stage1/cross-compile-friendly DeriveLift extension for GHC
8.0+
+ if impl(ghc >= 8.0)
+ other-extensions: DeriveLift
+ else
+ other-extensions: TemplateHaskell
+
+ ghc-options: -Wall
+
+ if flag(base48)
+ build-depends: base >= 4.8
+ else
+ build-depends: base < 4.8, old-locale == 1.0.*
+
+ -- The URI type got split out off the network package after version 2.5, and
+ -- moved to a separate network-uri package. Since we don't need the rest of
+ -- network here, it would suffice to rely only on network-uri:
+ --
+ -- > if flag(use-network-uri)
+ -- > build-depends: network-uri >= 2.6 && < 2.7
+ -- > else
+ -- > build-depends: network >= 2.5 && < 2.6
+ --
+ -- However, if we did the same in hackage-security-HTTP, Cabal would consider
+ -- those two flag choices (hackage-security:use-network-uri and
+ -- hackage-security-HTTP:use-network-uri) to be completely independent; but
+ -- they aren't: if it links hackage-security against network-uri and
+ -- hackage-security-HTTP against network, we will get type errors when
+ -- hackage-security-HTTP tries to pass a URI to hackage-security.
+ --
+ -- It might seem we can solve this problem by re-exporting the URI type in
+ -- hackage-security and avoid the dependency in hackage-security-HTTP
+ -- altogether. However, this merely shifts the problem: hackage-security-HTTP
+ -- relies on the HTTP library which--surprise!--makes the same choice between
+ -- depending on network or network-uri. Cabal will not notice that we cannot
+ -- build hackage-security and hackage-security-HTTP against network-uri but
+ -- HTTP against network.
+ --
+ -- We solve the problem by explicitly relying on network-2.6 when choosing
+ -- network-uri. This dependency is redundant, strictly speaking. However, it
+ -- serves as a proxy for forcing flag choices: since all packages in a
+ -- solution must be linked against the same version of network, having one
+ -- version of network in one branch of the conditional and another version of
+ -- network in the other branch forces the choice to be consistent throughout.
+ -- (Note that the HTTP library does the same thing, though in this case the
+ -- dependency in network is not redundant.)
+ if flag(use-network-uri)
+ build-depends: network-uri >= 2.6 && < 2.7,
+ network >= 2.6 && < 2.9
+ || >= 3.0 && < 3.2
+ else
+ build-depends: network >= 2.5 && < 2.6
+
+ if impl(ghc >= 7.8)
+ other-extensions: RoleAnnotations
+
+ if impl(ghc >= 7.10)
+ other-extensions: AllowAmbiguousTypes
+ StaticPointers
+
+test-suite TestSuite
+ type: exitcode-stdio-1.0
+ main-is: TestSuite.hs
+ other-modules: TestSuite.HttpMem
+ TestSuite.InMemCache
+ TestSuite.InMemRepo
+ TestSuite.InMemRepository
+ TestSuite.JSON
+ TestSuite.PrivateKeys
+ TestSuite.Util.StrictMVar
+
+ -- inherited constraints from lib:hackage-security component
+ build-depends: hackage-security,
+ base,
+ Cabal,
+ containers,
+ bytestring,
+ network-uri,
+ tar,
+ time,
+ zlib
+
+ -- dependencies exclusive to test-suite
+ build-depends: tasty == 1.2.* || == 1.3.*,
+ tasty-hunit == 0.10.*,
+ tasty-quickcheck == 0.10.*,
+ QuickCheck >= 2.11 && <2.15,
+ aeson == 1.4.* || == 1.5.*,
+ vector == 0.12.*,
+ unordered-containers >=0.2.8.0 && <0.3,
+ temporary >= 1.2 && < 1.4
+
+ hs-source-dirs: tests
+ default-language: Haskell2010
+ default-extensions: FlexibleContexts
+ GADTs
+ KindSignatures
+ RankNTypes
+ RecordWildCards
+ ScopedTypeVariables
+ ghc-options: -Wall
