Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Glasgow Haskell Compiler
Packages
Cabal
Commits
8c400a40
Commit
8c400a40
authored
Sep 15, 2016
by
Edward Z. Yang
Committed by
GitHub
Sep 15, 2016
Browse files
Merge pull request #3840 from dcoutts/secure-by-default
Use security by default for central hackage repo
parents
c2dfc331
2e8b7df6
Changes
6
Hide whitespace changes
Inline
Side-by-side
.travis.yml
View file @
8c400a40
...
...
@@ -92,6 +92,7 @@ cache:
before_cache
:
-
rm -fv $HOME/.cabal/packages/hackage.haskell.org/build-reports.log
-
rm -fv $HOME/.cabal/packages/hackage.haskell.org/00-index*
-
rm -fv $HOME/.cabal/packages/hackage.haskell.org/*.json
# Deploy Haddocks to the haskell/cabal-website repo.
after_success
:
...
...
appveyor.yml
View file @
8c400a40
...
...
@@ -26,6 +26,8 @@ build_script:
-
echo "" | ..\cabal install --only-dependencies --enable-tests
-
..\cabal configure --user --ghc-option=-Werror --enable-tests
-
..\cabal build
# update package index again, this time for the cabal under test
-
dist\build\cabal\cabal.exe update
-
..\cabal test unit-tests --show-details=streaming --test-option=--pattern=!FileMonitor --test-option=--hide-successes
-
..\cabal test integration-tests --show-details=streaming --test-option=--pattern=!exec --test-option=--hide-successes
-
..\cabal test integration-tests2 --show-details=streaming --test-option=--hide-successes
...
...
cabal-install/Distribution/Client/Config.hs
View file @
8c400a40
...
...
@@ -532,13 +532,9 @@ addInfoForKnownRepos repo
remoteRepoKeyThreshold
=
0
}
|
secure
/=
Just
False
=
r
{
--TODO: When we want to switch us from using opt-in to opt-out
-- security for the central hackage server, uncomment the
-- following line. That will cause the default (of unspecified)
-- to get interpreted as if it were "secure: True". For the
-- moment it means the keys get added but you have to manually
-- set "secure: True" to opt-in.
--remoteRepoSecure = Just True,
-- Use hackage-security by default unless you opt-out with
-- secure: False
remoteRepoSecure
=
Just
True
,
remoteRepoRootKeys
=
defaultHackageRemoteRepoKeys
,
remoteRepoKeyThreshold
=
defaultHackageRemoteRepoKeyThreshold
}
...
...
cabal-install/Distribution/Client/HttpUtils.hs
View file @
8c400a40
...
...
@@ -27,6 +27,10 @@ import Network.Browser
import
Control.Applicative
#
endif
import
qualified
Control.Exception
as
Exception
import
Control.Exception
(
evaluate
)
import
Control.DeepSeq
(
force
)
import
Control.Monad
(
when
,
guard
)
import
qualified
Data.ByteString.Lazy.Char8
as
BS
...
...
@@ -56,6 +60,8 @@ import System.FilePath
(
(
<.>
)
)
import
System.Directory
(
doesFileExist
,
renameFile
)
import
System.IO
(
withFile
,
IOMode
(
ReadMode
),
hGetContents
,
hClose
)
import
System.IO.Error
(
isDoesNotExistError
)
import
Distribution.Simple.Program
...
...
@@ -70,7 +76,6 @@ import Distribution.Simple.Program.Run
(
IOEncoding
(
..
),
getEffectiveEnvironment
)
import
Numeric
(
showHex
)
import
System.Directory
(
canonicalizePath
)
import
System.IO
(
hClose
)
import
System.FilePath
(
takeFileName
,
takeDirectory
)
import
System.Random
(
randomRIO
)
import
System.Exit
(
ExitCode
(
..
))
...
...
@@ -340,9 +345,10 @@ curlTransport prog =
resp
<-
getProgramInvocationOutput
verbosity
(
programInvocation
prog
args
)
headers
<-
readFile
tmpFile
(
code
,
_err
,
etag'
)
<-
parseResponse
uri
resp
headers
return
(
code
,
etag'
)
withFile
tmpFile
ReadMode
$
\
hnd
->
do
headers
<-
hGetContents
hnd
(
code
,
_err
,
etag'
)
<-
parseResponse
uri
resp
headers
evaluate
$
force
(
code
,
etag'
)
posthttp
=
noPostYet
...
...
@@ -387,8 +393,9 @@ curlTransport prog =
(
code
,
err
,
_etag
)
<-
parseResponse
uri
resp
""
return
(
code
,
err
)
-- on success these curl invo
l
cations produces an output like "200"
-- on success these curl invocations produces an output like "200"
-- and on failure it has the server error response first
parseResponse
::
URI
->
String
->
String
->
IO
(
Int
,
String
,
Maybe
ETag
)
parseResponse
uri
resp
headers
=
let
codeerr
=
case
reverse
(
lines
resp
)
of
...
...
@@ -450,8 +457,9 @@ wgetTransport prog =
"boundary="
++
boundary
]
out
<-
runWGet
verbosity
(
addUriAuth
auth
uri
)
args
(
code
,
_etag
)
<-
parseOutput
uri
out
resp
<-
readFile
responseFile
return
(
code
,
resp
)
withFile
responseFile
ReadMode
$
\
hnd
->
do
resp
<-
hGetContents
hnd
evaluate
$
force
(
code
,
resp
)
puthttpfile
verbosity
uri
path
auth
headers
=
withTempFile
(
takeDirectory
path
)
"response"
$
\
responseFile
responseHandle
->
do
...
...
@@ -466,8 +474,9 @@ wgetTransport prog =
out
<-
runWGet
verbosity
(
addUriAuth
auth
uri
)
args
(
code
,
_etag
)
<-
parseOutput
uri
out
resp
<-
readFile
responseFile
return
(
code
,
resp
)
withFile
responseFile
ReadMode
$
\
hnd
->
do
resp
<-
hGetContents
hnd
evaluate
$
force
(
code
,
resp
)
addUriAuth
Nothing
uri
=
uri
addUriAuth
(
Just
(
user
,
pass
))
uri
=
uri
...
...
cabal-install/cabal-install.cabal
View file @
8c400a40
...
...
@@ -367,6 +367,7 @@ executable cabal
Cabal >= 1.25 && < 1.26,
containers >= 0.4 && < 0.6,
cryptohash-sha256 >= 0.11 && < 0.12,
deepseq >= 1.3 && < 1.5,
filepath >= 1.3 && < 1.5,
hashable >= 1.0 && < 2,
HTTP >= 4000.1.5 && < 4000.4,
...
...
@@ -453,6 +454,7 @@ Test-Suite unit-tests
bytestring,
Cabal,
containers,
deepseq,
mtl,
pretty,
process,
...
...
@@ -613,6 +615,7 @@ test-suite integration-tests2
Cabal,
containers,
cryptohash-sha256,
deepseq,
directory,
filepath,
hackage-security,
...
...
travis-script.sh
View file @
8c400a40
...
...
@@ -86,6 +86,11 @@ timed cabal new-build cabal-install:cabal \
cabal-install:unit-tests
\
cabal-install:solver-quickcheck
# The integration-tests2 need the hackage index, and need it in the secure
# format, which is not necessarily the default format of the bootstrap cabal.
# If the format does match then this will be very quick.
timed
${
CABAL_INSTALL_BDIR
}
/build/cabal/cabal update
# Run tests
(
cd
cabal-install
&&
timed
${
CABAL_INSTALL_BDIR
}
/build/unit-tests/unit-tests
$TEST_OPTIONS
)
||
exit
$?
(
cd
cabal-install
&&
timed
${
CABAL_INSTALL_BDIR
}
/build/solver-quickcheck/solver-quickcheck
$TEST_OPTIONS
--quickcheck-tests
=
1000
)
||
exit
$?
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment