Merge pull request #3840 from dcoutts/secure-by-default

Use security by default for central hackage repo

Merge pull request #3840 from dcoutts/secure-by-default
Use security by default for central hackage repo
8c400a40 · Edward Z. Yang · GitHub · c2dfc331 · 2e8b7df6 · 8c400a40
Commit 8c400a40 authored Sep 15, 2016 by Edward Z. Yang Committed by GitHub Sep 15, 2016
--- a/.travis.yml
+++ b/.travis.yml
@@ -92,6 +92,7 @@ cache:
 before_cache:
 - rm -fv $HOME/.cabal/packages/hackage.haskell.org/build-reports.log
 - rm -fv $HOME/.cabal/packages/hackage.haskell.org/00-index*
+ - rm -fv $HOME/.cabal/packages/hackage.haskell.org/*.json

 # Deploy Haddocks to the haskell/cabal-website repo.
 after_success:

--- a/appveyor.yml
+++ b/appveyor.yml
@@ -26,6 +26,8 @@ build_script:
  - echo "" | ..\cabal install --only-dependencies --enable-tests
  - ..\cabal configure --user --ghc-option=-Werror --enable-tests
  - ..\cabal build
+  # update package index again, this time for the cabal under test
+  - dist\build\cabal\cabal.exe update
  - ..\cabal test unit-tests --show-details=streaming --test-option=--pattern=!FileMonitor --test-option=--hide-successes
  - ..\cabal test integration-tests --show-details=streaming --test-option=--pattern=!exec --test-option=--hide-successes
  - ..\cabal test integration-tests2 --show-details=streaming --test-option=--hide-successes

--- a/cabal-install/Distribution/Client/Config.hs
+++ b/cabal-install/Distribution/Client/Config.hs
@@ -532,13 +532,9 @@ addInfoForKnownRepos repo
                  remoteRepoKeyThreshold = 0
                } | secure /= Just False
            = r {
-              --TODO: When we want to switch us from using opt-in to opt-out
-              -- security for the central hackage server, uncomment the
-              -- following line. That will cause the default (of unspecified)
-              -- to get interpreted as if it were "secure: True". For the
-              -- moment it means the keys get added but you have to manually
-              -- set "secure: True" to opt-in.
-              --remoteRepoSecure       = Just True,
+                -- Use hackage-security by default unless you opt-out with
+                -- secure: False
+                remoteRepoSecure       = Just True,
                remoteRepoRootKeys     = defaultHackageRemoteRepoKeys,
                remoteRepoKeyThreshold = defaultHackageRemoteRepoKeyThreshold
              }

--- a/cabal-install/Distribution/Client/HttpUtils.hs
+++ b/cabal-install/Distribution/Client/HttpUtils.hs
@@ -27,6 +27,10 @@ import Network.Browser
 import Control.Applicative
 #endif
 import qualified Control.Exception as Exception
+import Control.Exception
+         ( evaluate )
+import Control.DeepSeq
+         ( force )
 import Control.Monad
         ( when, guard )
 import qualified Data.ByteString.Lazy.Char8 as BS
@@ -56,6 +60,8 @@ import System.FilePath
         ( (<.>) )
 import System.Directory
         ( doesFileExist, renameFile )
+import System.IO
+         ( withFile, IOMode(ReadMode), hGetContents, hClose )
 import System.IO.Error
         ( isDoesNotExistError )
 import Distribution.Simple.Program
@@ -70,7 +76,6 @@ import Distribution.Simple.Program.Run
        ( IOEncoding(..), getEffectiveEnvironment )
 import Numeric (showHex)
 import System.Directory (canonicalizePath)
-import System.IO (hClose)
 import System.FilePath (takeFileName, takeDirectory)
 import System.Random (randomRIO)
 import System.Exit (ExitCode(..))
@@ -340,9 +345,10 @@ curlTransport prog =

          resp <- getProgramInvocationOutput verbosity
                    (programInvocation prog args)
-          headers <- readFile tmpFile
-          (code, _err, etag') <- parseResponse uri resp headers
-          return (code, etag')
+          withFile tmpFile ReadMode $ \hnd -> do
+            headers <- hGetContents hnd
+            (code, _err, etag') <- parseResponse uri resp headers
+            evaluate $ force (code, etag')

    posthttp = noPostYet

@@ -387,8 +393,9 @@ curlTransport prog =
        (code, err, _etag) <- parseResponse uri resp ""
        return (code, err)

-    -- on success these curl involcations produces an output like "200"
+    -- on success these curl invocations produces an output like "200"
    -- and on failure it has the server error response first
+    parseResponse :: URI -> String -> String -> IO (Int, String, Maybe ETag)
    parseResponse uri resp headers =
      let codeerr =
            case reverse (lines resp) of
@@ -450,8 +457,9 @@ wgetTransport prog =
                                              "boundary=" ++ boundary ]
          out <- runWGet verbosity (addUriAuth auth uri) args
          (code, _etag) <- parseOutput uri out
-          resp <- readFile responseFile
-          return (code, resp)
+          withFile responseFile ReadMode $ \hnd -> do
+            resp <- hGetContents hnd
+            evaluate $ force (code, resp)

    puthttpfile verbosity uri path auth headers =
        withTempFile (takeDirectory path) "response" $ \responseFile responseHandle -> do
@@ -466,8 +474,9 @@ wgetTransport prog =

            out <- runWGet verbosity (addUriAuth auth uri) args
            (code, _etag) <- parseOutput uri out
-            resp <- readFile responseFile
-            return (code, resp)
+            withFile responseFile ReadMode $ \hnd -> do
+              resp <- hGetContents hnd
+              evaluate $ force (code, resp)

    addUriAuth Nothing uri = uri
    addUriAuth (Just (user, pass)) uri = uri

--- a/cabal-install/cabal-install.cabal
+++ b/cabal-install/cabal-install.cabal
@@ -367,6 +367,7 @@ executable cabal
        Cabal      >= 1.25     && < 1.26,
        containers >= 0.4      && < 0.6,
        cryptohash-sha256 >= 0.11 && < 0.12,
+        deepseq    >= 1.3      && < 1.5,
        filepath   >= 1.3      && < 1.5,
        hashable   >= 1.0      && < 2,
        HTTP       >= 4000.1.5 && < 4000.4,
@@ -453,6 +454,7 @@ Test-Suite unit-tests
        bytestring,
        Cabal,
        containers,
+        deepseq,
        mtl,
        pretty,
        process,
@@ -613,6 +615,7 @@ test-suite integration-tests2
        Cabal,
        containers,
        cryptohash-sha256,
+        deepseq,
        directory,
        filepath,
        hackage-security,

--- a/travis-script.sh
+++ b/travis-script.sh
@@ -86,6 +86,11 @@ timed cabal new-build cabal-install:cabal \
                      cabal-install:unit-tests \
                      cabal-install:solver-quickcheck

+# The integration-tests2 need the hackage index, and need it in the secure
+# format, which is not necessarily the default format of the bootstrap cabal.
+# If the format does match then this will be very quick.
+timed ${CABAL_INSTALL_BDIR}/build/cabal/cabal update
+
 # Run tests
 (cd cabal-install && timed ${CABAL_INSTALL_BDIR}/build/unit-tests/unit-tests         $TEST_OPTIONS) || exit $?
 (cd cabal-install && timed ${CABAL_INSTALL_BDIR}/build/solver-quickcheck/solver-quickcheck  $TEST_OPTIONS --quickcheck-tests=1000) || exit $?